foreword
A few days ago, I published an article on network security (hacker) self-study. I did not expect to receive many private messages from people wanting to learn network security hacking techniques!
But don't know where to start learning! how to learn How to learn?
Today I would like to share with you that many people come up and say they want to learn hacking, but they start learning without even knowing the direction, and in the end they just end up with nothing! Hacking is a big concept, which contains many directions, and different directions require different learning content.
I have been on the road of network security for 10 years, including my studies in school. Whether I used to do security research in school, or engaged in kernel security products and binary vulnerability attack and defense in Baidu and 360 after graduation, I know all about it. The importance of learning methods. Without a good learning path and a good learning method, it will often only get twice the result with half the effort.
Network security can be further subdivided, and can also be divided into: network penetration, reverse analysis, vulnerability attack, kernel security, mobile security, cracking PWN and many other sub-directions. Today's article mainly focuses on the direction of network penetration, which is the main technology of "hackers" that everyone knows. Other directions are for reference only. The learning routes are not exactly the same. If I have a chance, I will sort it out separately.
Preschool speech
- 1. This is a persistent path, and you can give up after three minutes of enthusiasm. Read on
- 2. Practice more and think more, don't leave the tutorial without knowing anything. It is best to complete the technical development independently after reading the tutorial.
- 3. Sometimes we google, baidu, we often can't meet kind masters, who will give you answers every day in boredom.
- 4. When you encounter something that you really don’t understand, you can let it go first and solve it later
Network Security Zero-Basic Introductory Learning Route & Planning
Elementary
1. Theoretical knowledge of network security (2 days)
①Understand the relevant background and prospects of the industry, and determine the development direction.
②Learn laws and regulations related to network security.
③The concept of network security operation.
④Multiple guarantee introduction, guarantee regulations, procedures and norms. (Very important)
2. Penetration testing basics (one week)
①Penetration testing process, classification, standards
②Information collection technology: active/passive information collection, Nmap tools, Google Hacking
③Vulnerability scanning, vulnerability utilization, principles, utilization methods, tools (MSF), Bypass IDS and anti-virus reconnaissance
④ Host attack and defense drill: MS17-010, MS08-067, MS10-046, MS12-20, etc.
3. Operating system basics (one week)
①Common functions and commands of Windows system
②Common functions and commands of Kali Linux system
③Operating system security (system intrusion troubleshooting/system reinforcement basis)
4. Computer network foundation (one week)
①Computer network foundation, protocol and architecture
②Network communication principle, OSI model, data forwarding process
③Common protocol analysis (HTTP, TCP/IP, ARP, etc.)
④Network attack technology and network security defense technology
⑤Web vulnerability principle and defense: active/passive attack, DDOS attack, CVE vulnerability recurrence
5. Basic database operations (2 days)
①Database basics
②SQL language basics
③Database security reinforcement
6. Web penetration (1 week)
①Introduction to HTML, CSS and JavaScript
②OWASP Top10
③Web vulnerability scanning tools
④Web penetration tools: Nmap, BurpSuite, SQLMap, others (chopper, missing scan, etc.)
Congratulations, if you learn this, you can basically work in a network security-related job, such as penetration testing, web penetration, security services, security analysis and other positions; if you learn the security module well, you can also work as a security engineer. Salary range 6k-15k
So far, about a month. You've become a "script kiddie"
7. Script programming (beginner/intermediate/advanced)
in the field of network security. Programming ability is the essential difference between "script kiddies" and real hackers. In the actual penetration testing process, in the face of a complex and changeable network environment, when the common tools cannot meet the actual needs, it is often necessary to expand the existing tools, or write tools and automated scripts that meet our requirements. Some programming ability is required. In the CTF competition where every second counts, if you want to efficiently use self-made scripting tools to achieve various purposes, you need to have programming skills.
For a zero-based entry, it is recommended to choose one of the scripting languages Python/PHP/Go/Java, and learn programming for common libraries; build a development environment and choose an IDE, Wamp and XAMPP are recommended for the PHP environment, and Sublime is strongly recommended for the IDE; Python programming learning , the learning content includes: common libraries such as grammar, regularization, files, network, multi-threading, etc., "Python Core Programming" is recommended, do not read it; ·Use Python to write vulnerability exploits, and then write a simple web crawler; ·PHP basic syntax Learn and write a simple blog system; Familiar with MVC architecture, and try to learn a PHP framework or Python framework (optional); Understand Bootstrap layout or CSS.
8. Super hackers
This part of the content is still relatively far away for students with zero foundation, so I won’t go into details, and post a general route. Interested children's shoes can be studied.
If the picture is too large and compressed by the platform, it is difficult to see clearly, what if you want this detailed learning roadmap?
You can follow me and the background will automatically send it to everyone! After paying attention, everyone pays attention to the background news!
As well as the video supporting materials I compiled & domestic and foreign cybersecurity books, documents & tools, etc.
If you want to get involved in hacking & network security, the author has prepared a copy for everyone: 282G the most complete network security data package on the entire network for free ! After following me, it will be automatically sent to everyone! After everyone pays attention, just pay attention to the background news~
epilogue
Cybersecurity is a critical issue in today's society. With the rapid development of science and technology, the network has penetrated into every aspect of our lives, bringing us great convenience and opportunities. However, there are also various risks and threats in the network, such as hacker attacks, data leakage, etc. Therefore, learning network security knowledge has become a problem that everyone should pay attention to and pay attention to.
Special statement:
This tutorial is purely technical sharing! The purpose of this tutorial is in no way to provide and technical support for those with bad motives! Nor does it assume joint and several liability arising from the misuse of technology! The purpose of this tutorial is to maximize everyone's attention to network security and take corresponding security measures to reduce economic losses caused by network security. ! ! !