Many people say that if you want to learn hacking well, you must first really love it .
Love, how passionate it sounds, and even tears come to my eyes.
But it's a pity that the word "love" doesn't work for Xiaobai who hasn't started yet .
If a person says he loves you before he knows you, he is either cheating money or sex.
If a technical novice doesn't even understand what information security is, and talks about love as soon as he comes up, isn't that nonsense?
First of all, I have to tell many friends about the trouble, every time you enter the forum, it is difficult to read or search for a rookie article, and even a few lines are not confident to read it, because of what? Because I can't read it. The original curiosity was gone. Finally, he gave up hacking due to the difficulty of continuing to learn.
I have had a deep experience. It's like a narrow path. When you choose a tool, you have to consider whether it's a bike or a road, and choose a good shortcut. Now, I want to tell you a common rookie road, which is also a shortcut I have taken from west to east in the past few years, I hope it can help you. But remember, if you don't work hard, you won't have legs to complete even a one-meter walk. You have to be ready to study hard, don't say you're doing some QB to show you're a hacker, the joy in your heart can awaken interest in hacking techniques based on animations other people have done. Still worth it. Anyway, I want you to step down.
To learn hacking techniques, you must have a plan of your own.
You can't learn how to hack in the morning and be interested in games in the afternoon. Acquired knowledge is very different from learned knowledge. I plan to learn anything every day. How many days are expected to be proficient. You have to think twice. We advocate a taxonomy of learning hacking techniques. Let me talk about the basics of classification learning. A few days ago, I saw the classification learning route of network ANN. I would like to add something here.
1. Hacking Terminology
Basics: Clear some common hacker terms, such as webshell so-called injection, what is innocent, and the functions of some common tools, such as NC, SC, etc. When you encounter a hacker term that you don't understand, you first have to figure out the meaning of the word, first of all, Baidu or Google to find its meaning. While learning hacking techniques, we can't get in touch with knowledge we don't know in obscurity. Let me be clear first. (study for a week)
2. Gray pigeon
Configuration and use: Through learning, the correct configuration of Pigeon can be realized, and it can be online normally. function of training. (Two days of research) It goes without saying that junior hackers are the most heard of pigeons.
3. Home page Trojan horse production and promotion (one week)
4. Website hacking (nearly a month)
5. Trojan horse signature modification (four or five days)
Of course, the division of knowledge blocks and the time of learning can be properly selected according to your own situation.
Today, I compiled a batch of must-read books for entry-level hackers. Most of them are familiar books. The rankings are in no particular order and are for reference only.
1. Web security 
attack and defense
This book has a total of 537 pages and 7 chapters. The authors who participated in the editing have also worked in large factories (Tianrongxin, NSFOCUS), and the popularity of the book is not low.
The book is very practical, and it is more detailed in the early stage of stepping up, the later stage of power escalation, and intranet penetration; secondly, it is relatively advanced, and all kinds of technical and subtle knowledge points are summarized very well, which is very suitable for entry-level advanced learning; Some infiltration techniques, experience and tools are also introduced later, which are very informative.
2. White hats talk about web 
security
This book has a total of 499 pages, 4 chapters, and 18 chapters. It is the work of Wu Hanqing, the youngest senior technical expert in Alibaba.
This book is the author's actual work experience, and it is also a collection of core knowledge points of web security. It is relatively practical and practically referenced. At the end of some chapters, blog posts written by the author are also attached, which can be used for extended reading.
3. In-depth 
analysis
The book has 362 pages and 16 chapters, authored by Zhang Bingshuai, suitable for penetration testers, web developers, security consultants and other personnel to read.
Like "Web Security Attack and Defense", it is biased towards actual combat. The difference is that this book mainly explains various classic methods, schemes, and core technologies of Web attacks.
4. Hacking Attack and Defense Technology Collection (Web Actual Combat 
)
This book is a foreign work, with a total of 644 pages and 21 chapters. It is a part of the Turing Programming Series - Network Security Series. 7 volumes including "Hacking Attack and Defense Technology Collection · Browser Combat", "Hacking Attack and Defense Technology Collection · Anti-Virus".
Many foreign industry insiders have given high praise to this book. It is the crystallization of the experience of experts in the field of web security. It is very clear and rich in content. Relatively speaking, the threshold for reading is relatively high. In addition, it is a foreign book. There may be some errors in the translation, and the reading difficulty is also relatively high.
5. Actual hacker attack and defense from entry to 
proficiency
The book has 476 pages in total and is written by Wu Xinhua and Sun Zhenhui.
This book focuses on the two angles of offense and defense, and uses illustrations, illustrations, and annotations to teach you how to prevent server intrusion, LAN attack, bank account cracking, and sensitive data theft. The combination of graphics and text makes it easier to read, and beginners can also read through it, which can improve practical skills.
6. Authoritative 
Guide
The book has a total of 337 pages and is written by a world-class log management and analysis expert.
It is inevitable for IT workers to write logs, and security practitioners will also have security logs. Its writing is still very important. At present, there are not many books on logs, and this is one of the highly recommended ones. The book introduces the practice of logs with a large number of examples, as well as log analysis techniques and tools in cloud computing and big data environments, and the explanations are more detailed.
7. Kali Linux Advanced Penetration 
Testing
For security practitioners, there is no need to repeat how important and common Kali Linux is. This book is written by an Indian author, with a total of 419 pages.
Examine the network framework from the perspective of an attacker, including a large number of examples, source code, penetration testing tools, methods and practices. The second edition is based on the first edition, adding some content, more comprehensive, and more technically referential. .
8. Hacker social engineering offensive and defensive 
drills
Social engineering technology maximizes hacking, and it is also a science that security practitioners need to master.
The book has a total of 336 pages. It introduces the methods of protecting against hacker attacks with pictures, illustrations, and guiding lines, which is conducive to mastering anti-criminal knowledge, tools and repair skills. In addition to security practitioners, it is also suitable for network enthusiasts as a quick reference manual, and the reading threshold is relatively low.
Nine, XSS cross-site scripting attack analysis and 
defense
This book is the first domestic book dedicated to XSS. The author is Qiu Yonghua. The book has 274 pages and 8 chapters.
This book fully explains the knowledge related to cross-site scripting, and runs through many case studies. Readers can refer to security testing in the actual environment. It is suitable for practitioners related to network security, teachers related to Web security technology, and interested people.
10. SQL injection attack and 
defense
A total of 440 pages and 11 chapters, the book is dedicated to in-depth discussion of the problem of SQL injection, and the second edition incorporates some of the latest research results.
The book is relatively clear, and the knowledge of all aspects of SQL injection is also very comprehensive, including the basic principles of SQL injection and how to protect emerging technologies from SQL injection attacks. Both attack and defense are involved. Many people feel that after reading it Very good, you can refer to study.
There are many series of books in the cyber security industry, among which there are some excellent books, most of which are of great learning value.