foreword
Recently, I have received a lot of private messages and messages from friends who follow me. Most of them are beginners with zero foundation in network security and need relevant resources to learn. In fact, all fans who have read it know that it has been recommended in previous articles. Newcomers may not be very clear about it, so I will describe it systematically here.
01. A brief understanding of network security
To put it bluntly, network security means that the data in the network system is protected from being destroyed. And our security engineers engaged in network information security work, of course, the main job is to design programs to maintain network security.
Network security engineer is a general term that also includes many positions, such as security product engineer, security analyst, data recovery engineer, network architecture engineer, network integration engineer, security programming engineer and so on.
All work includes vulnerability mining, code programming, security services, traffic analysis, intrusion detection, cloud protection, system attack and defense, code auditing, etc.
Of course, these positions have nothing to do with you at this stage, I just want to let you know that the industry of network security is also a great place. What you have to do now is to learn the basic knowledge well, and one day in the future, maybe you will be able to get in touch.
If you want to become a master in network penetration, you need to master the full-stack capabilities of computers, networks, and programming. Operating systems, log analysis, traffic analysis, vulnerability attacks, security audits, web security, network protocols, programming languages, etc. need to be learned of.
So you can start from this aspect, you can watch some tutorials
Network Security Learning Route & Learning Resources
There is a lot of knowledge about network security, how to arrange it scientifically and reasonably?
primary
1. Theoretical knowledge of network security (2 days)
① Understand the relevant background and prospects of the industry, and determine the development direction.
②Learn laws and regulations related to network security.
③The concept of network security operation.
④Multiple guarantee introduction, guarantee regulations, procedures and norms. (Very important)
2. Penetration testing basics (one week)
①Penetration testing process, classification, standard
②Information collection technology: active/passive information collection, Nmap tool, Google Hacking
③Vulnerability scanning, vulnerability utilization, principle, utilization method, tool (MSF), bypassing IDS and anti-virus
reconnaissance④ Host attack and defense drills: MS17-010, MS08-067, MS10-046, MS12-20, etc.
3. Basic operating system (one week)
① Common functions and commands of Windows system
② Common functions and commands of Kali Linux system
③ Operating system security (system intrusion troubleshooting/system reinforcement basis)
4. Basics of computer network (one week)
①Computer network foundation, protocol and architecture
②Network communication principle, OSI model, data forwarding process
③Common protocol analysis (HTTP, TCP/IP, ARP, etc.)
④Network attack technology and network security defense technology
⑤Web vulnerability principle and defense: active/ Passive attack, DDOS attack, CVE vulnerability recurrence
5. Basic database operations (2 days)
①Database foundation
②SQL language foundation
③Database security reinforcement
6. Web penetration (1 week)
①Introduction to HTML, CSS and JavaScript
②OWASP Top10
③Web vulnerability scanning tools
④Web penetration tools: Nmap, BurpSuite, SQLMap, others (chopper, missed scan, etc.)
Congratulations, if you learn this, you can basically work in a network security-related job, such as penetration testing, web penetration, security services, security analysis and other positions; if you learn the security module well, you can also work as a security engineer. Salary range 6k-15k
So far, about a month. You've become a "script kiddie". So do you still want to explore further?
7. Script programming (beginner/intermediate/advanced)
In the field of network security. Programming ability is the essential difference between "script kiddies" and real hackers . In the actual penetration testing process, in the face of a complex and changeable network environment, when the common tools cannot meet the actual needs, it is often necessary to expand the existing tools, or write tools and automated scripts that meet our requirements. Some programming ability is required. In the CTF competition where every second counts, if you want to efficiently use self-made scripting tools to achieve various purposes, you need to have programming skills.
For a zero-based entry, it is recommended to choose one of the scripting languages Python/PHP/Go/Java, and learn programming for common libraries; build a development environment and choose an IDE, Wamp and XAMPP are recommended for the PHP environment, and Sublime is strongly recommended for the IDE; Python programming learning , the learning content includes: common libraries such as grammar, regularization, files, network, multi-threading, etc., "Python Core Programming" is recommended, do not read it; ·Use Python to write vulnerability exploits, and then write a simple web crawler; ·PHP basic syntax Learn and write a simple blog system; Familiar with MVC architecture, and try to learn a PHP framework or Python framework (optional); Understand Bootstrap layout or CSS.
8. Super Hacker
This part of the content is still relatively far away for students with zero foundation, so I won’t go into details, and post a general route. Interested children's shoes can be studied, and if you don't know where to go, you can [click here] add me to fuel consumption, and learn and communicate with me.
Network security engineer enterprise-level learning route
If the picture is too large and cannot be seen clearly due to the compression of the platform, you can [click here] add me to send it to you, and everyone can learn and communicate together.
study tutorial
The first stage: zero-based introductory series of tutorials
Phase Two: Studying the Books
The third stage: practical documents
The fourth stage: actual combat training
The fifth stage: interview questions
Epilogue
In the end, I actually want to pour cold water on some people, because to be honest, there is no threshold for obtaining the information package mentioned above.
However, I think many people get it but don't learn it.
Most people's question seems to be "how to act", but in fact it is "can't start".
This is true in almost any field. The so-called "everything is difficult at the beginning", the vast majority of people are stuck at the first step, and they have eliminated themselves before they even started.
If you really believe that you like cyber security/hacking, do it now, more than anything else .
Special statement:
This tutorial is purely technical sharing! The purpose of this book is by no means to provide and technical support for those with bad motives! Nor does it assume joint and several liability arising from the misuse of technology! The purpose of this book is to maximize everyone's attention to network security and take corresponding security measures to reduce economic losses caused by network security. ! ! !
