Foreword:
Taking advantage of getting off work today, I spent a few hours sorting it out. It was very difficult. I hope you can like it, collect it, and support it. Thank you.
My experience:
I graduated in 2019, majoring in Internet of Things Engineering. I believe that many people are very confused in the ivory tower. Only when they are in the third or fourth year of junior high school do they start to worry about what kind of work they should do to cultivate their skills, or follow the big team to take the postgraduate entrance examination and continue to escape. Society, I chose the latter. Since I got my graduation certificate in July 2019, my job has not been smooth because I don't have any skills. Cities change and change, jobs change all the time. He never stabilized, and was beaten by the society in a daze.
Because I am a computer-related major, there are quite a lot of students around me who are in this field.
In March last year, I chatted with my university roommate and learned that he had already received a 12k offer for a security post in Hangzhou, with weekends and weekends off.
There are also two girls in the same class in Shenzhen, one got 13k and the other got 12k. (Updated here, they switched jobs at the end of April, the salary... always remind me that I am fw)
At that time, it really had a huge impact on my heart, and I fell into a moment of confusion. I was thinking about whether I still have to dawdle like this every day? Are you willing? Definitely not reconciled~
So the idea of self-learning Internet security sprouted at this time.
But germination is germination, and life continues to be muddled. After all, we ordinary people usually wait a long time before we start to do something.
And I also need to work in my daily life. Sometimes I feel tired and don’t want to study, and sometimes I feel like playing.
So, it was like this until November 20. What really made me make up my mind was a few of my friends, who gave me a lot of advice:
First, I majored in computer science, and it was relatively easy to learn IT knowledge;
second, they were doing this kind of work and could help me avoid detours in my studies;
third, the work at that time really made me see no hope. So resolutely resigned and started the road of self-study in Internet security.
At the same time, I also consulted a lot of training, and gave me some suggestions that I must learn about network security. In addition to my own reasons, I also gave me a lot of suggestions.
This can be regarded as a booster, coupled with some special reasons, I decided to learn Internet security!
The tutorials I use are all videos I found at Station B. . .
I didn’t resign when I first started studying. Before I resigned, I learned a little bit of HTML and CSS, and I also learned some code programming.
It was November when I officially started studying, and I resigned directly.
At that time, a group was also built, but yes. . .
My original intention of building the group was to exchange learning experience and solve learning problems, but the performance in the group is really the same as the expression pack:
My process and learning experience
All the tutorials I found are from station B. They are more basic and suitable for beginners. This part must be practiced more. If you have more knowledge, you should practice and look back. I dare say that you have studied this part for a week, etc. Looking back on Saturday and Sunday, you find that some things are not easy to write, so you have to look back on Saturday and Sunday, and make a summary on the basis of what you have practiced.
But it's just that there are too few of these, and we still need to learn more
It was already the end of February after I finished my studies, because I didn't want to miss the gold medals, three silver medals and four silver medals, so I went directly south to Shenzhen to bite the bullet and interview.
However, I have no experience and just came to Shenzhen to seek stability, so I chose an IoT company, 6.5K~, there are also high-paying ones, but they are not on weekends, and the benefits are not very good. I still seek stability and learn more in the early stage, so I chose It's a weekend.
The above is my experience, but I hope everyone will not misunderstand, don’t think that you can just come out to find a job after four months of self-study, if you think so and do it like this, you will die miserably! Very miserable! I just happened to be lucky and have
a more complete learning route:
The first stage: getting started with basic operations and learning basic knowledge
The first step to getting started is to learn some current mainstream security tool courses and supporting books on basic principles. Generally speaking, this process takes about 1 month.
At this stage, you already have a basic understanding of cybersecurity. If you have finished the first step, I believe you have theoretically understood the above is sql injection, what is xss attack, and you have also mastered the basic operations of security tools such as burp, msf, and cs. The most important thing at this time is to start laying the foundation!
The so-called "foundation" is actually a systematic study of basic computer knowledge. If you want to learn network security well, you must first have 5 basic knowledge modules:
1. Operating system
2. Protocol/Network
3. Database
4. Development language
5. Principles of Common Vulnerabilities
What is the use of learning these basics?
The level of knowledge in various fields of computer determines the upper limit of your penetration level.
[1] For example: if you have a high level of programming, you will be better than others in code auditing, and the exploit tools you write will be easier to use than others;
[2] For example: if you have a high level of database knowledge, then when you are conducting SQL injection attacks, you can write more and better SQL injection statements, which can bypass WAF that others cannot bypass;
【3】For example: if your network level is high, then you can understand the network structure of the target more easily than others when you infiltrate the internal network. You can get a network topology to know where you are, and get the configuration of a router. file, you will know what routes they have made;
【4】For another example, if your operating system is good, your privilege will be enhanced, your information collection efficiency will be higher, and you can efficiently filter out the information you want.
The second stage: practical operation
1. Mining SRC
The purpose of digging SRC is mainly to put the skills into practice. The biggest illusion of learning network security is to feel that you know everything, but when it comes to digging holes, you can’t do anything. SRC is a very good opportunity to apply skills.
2. Learn from technical sharing posts (vulnerability mining type)
Watch and study all the 0day mining posts in the past ten years, and then build an environment to reproduce the loopholes, think and learn the author's digging thinking, and cultivate your own penetrating thinking
3. Range practice
Build a shooting range by yourself or go to a free shooting range website to practice. If you have the conditions, you can buy it or apply to a reliable training institution. Generally, there are supporting shooting range exercises.
Phase 3: Participate in CTF competitions or HVV operations
Recommended: CTF Competition
CTF has three points:
【1】A chance close to actual combat. Now the network security law is very strict, unlike before, everyone can mess around
[2] Topics keep up with the frontiers of technology, but many books lag behind
【3】If you are a college student, it will be very helpful for finding a job in the future
If you want to play a CTF competition, go directly to the competition questions, if you don’t understand the competition questions, go to the information according to what you don’t understand
Recommended: HVV (network protection)
HVV has four points:
[1] It can also greatly exercise you and improve your own skills. It is best to participate in the HVV action held every year
【2】Be able to meet many bigwigs in the circle and expand your network
【3】The salary of HVV is also very high, so you can earn a lot of money if you participate
[4] Like the CTF competition, if you are a college student, it will also be very helpful for finding a job in the future
Fourth, the recommendation of learning materials
Book list recommendation:
Computer operating system:
[1] Coding: the language hidden behind computer software and hardware
【2】In-depth understanding of the operating system
【3】In-depth understanding of windows operating system
【4】Linux kernel and implementation
Programming development class:
【1】windows programming
【2】windwos core becomes
【3】Linux programming
【4】Unix environment advanced into
【5】IOS becomes
[6] The first line of code Android
【7】C programming language design
【8】C primer plus
[9] C and pointers
[10] C expert programming
[11] C traps and defects
[12] Assembly language (Wang Shuang)
【13】java core technology
【14】java programming ideas
【15】Python core programming
[16] Linux shell script strategy
[17] Introduction to Algorithms
[18] Compilation principle
[19] Compilation and decompilation technology practice
[20] The way to clean code
[21] Code Encyclopedia
[22] TCP/IP Detailed Explanation
【23】Rootkit: Lurkers in the gray area of the system
【24】Hacking Attack and Defense Technology Collection
【25】Encryption and decryption
【26】C++ Disassembly and Reverse Analysis Technique Revealed
[27] web security testing
【28】White hat talks about web security
【29】Proficient in script hacking
【30】Web front-end hacking technology secret
[31] Programmer's application
【32】English Writing Handbook: Elements of Style
Common Internet Security and Forums
Kanxue Forum
Safety Class
Safety Niu
Safety Internal Reference
Green League
Prophet Community
XCTF Alliance
I have also compiled some network security information for you below. If you don’t want to find them one by one, you can refer to these information.
video tutorial
SRC&Hacking Technical Documentation
Hacking Tools Collection
As soon as you step into the network security world, Anwen is a passerby.
Have you considered?
Life is endless learning.