Network Security (Hacker) 4D Self-study Notes

This tutorial is purely technical sharing! The purpose of this tutorial is in no way to provide and technical support for those with bad motives! Nor does it assume joint and several liability arising from the misuse of technology! The purpose of this tutorial is to maximize everyone's attention to network security and take corresponding security measures to reduce economic losses caused by network security. ! ! !

I. Introduction

Cybersecurity is a critical issue in today's society. With the rapid development of science and technology, the network has penetrated into every aspect of our lives, bringing us great convenience and opportunities. However, there are also various risks and threats in the network, such as hacker attacks, data leakage, etc. Therefore, learning network security knowledge has become a problem that everyone should pay attention to and pay attention to.

2. Definition

Hackers refer to those who have professional knowledge of computer technology and can break through system security in creative ways, explore and discover loopholes and weaknesses in computer systems. Hackers have a wide range of skills, and they can be computer security experts, network programmers, or information technology enthusiasts.

3. Classification

Depending on how they behave and their motives, hackers can be divided into the following categories:

1. White Hat Hacker

White hat hackers are a group of hackers with a high moral concept. They improve network security by discovering system vulnerabilities and reporting them to relevant parties. Their goal is to protect network systems from attacks and help fix vulnerabilities to ensure that users' data is not lost.

2. Black Hat Hacker

Black hat hackers are those who engage in illegal activities, they use their technical ability to cause damage, steal other people's information or seek improper benefits. They are threats to network security and should be punished by law.

3. Gray Hat Hacker

Gray hat hackers fall in between white hat hackers and black hat hackers, they may find system vulnerabilities and report, or exploit these vulnerabilities for personal gain, but usually do not cause serious damage.

4. Hacker Culture

Hacker culture is a special and scattered cultural group, some hackers advocate the spirit of openness, sharing and exploration. They usually pursue technological innovation and breakthroughs, advocate free access and use of information, and also pay high attention to privacy protection.

V. Ethical Issues

The ethical issues involved in hacking are highly debated. In their behavior, a contradiction exists between legality and morality. It's worth noting that hacker culture is not necessarily associated with crime, although hacking is sometimes viewed as a crime.

6. The role of hackers

Hackers play an important role in the field of information security. By discovering and disclosing system vulnerabilities, they advance the development of software and network security, helping to protect personal privacy and corporate secrets from unauthorized access. In addition, some hackers have made outstanding contributions to technical communities, open source software, and Internet services.

The more familiar one is the Chinese Hongke that everyone calls! It was spontaneously organized by a group of predecessors who were the first to contact with network security in my country!

7. Tips for Hackers

Suggestion 1: Seven Levels of Hackers

Hackers are full of temptation for many people. Many people can find that this field is like any other field. The deeper you go, the more you will be in awe. Knowledge is like an ocean, and hackers also have some levels. Please refer to the sharing of Zhichuangyu CEO ic (a member of the world's top hacker team 0x557) as follows:

Level 1 Lengtouqing [millions of people]: Can use security tools, can only scan and decipher passwords

Level 2 system administrators [tens of thousands]: make good use of security tools, especially familiar with systems and networks

Developers of Level 3 major companies or core security companies Da Niu [thousands of people]: very familiar with the operating system, started to develop codes, and wrote their own scanners

Level 4 can find and exploit vulnerabilities [hundreds of people]: who can find vulnerabilities by themselves, find 0DAY by themselves and write Exp to exploit vulnerabilities, and conduct protocol testing for system mining vulnerabilities

Level 5 high level [less than a hundred people]: people who defend and build systems

Level 6 elite level [dozens to a dozen people]: Deep understanding of the operating system

Level 7 Big Niu Niu [Few]: Mark Zuckerberg, Albert Einstein and other people who changed the world

You can see, what level are you at now? You may be wondering which level I am at, my level is not high, and I am on the way to seek a breakthrough. However, I have also practiced the other two skills, which may allow me to make a more interesting breakthrough. As for what it is, I am sorry, how dare I be presumptuous before I succeed.

Suggestion 2: learn to observe

I often say that the Internet is full of treasures, and observation is the first necessary skill. If you are good at observing and summarizing, you will discover some ways faster, which will make your life easier than others.

Suggestion 3: circle

In the above process, you will definitely become familiar with some IDs. Do you want to make some friends? Show your strengths, sharing is important, no one likes to reach out or troll.

It is especially recommended to understand the classic attributes of all groups in the next circle, and recommend the books "The Selfish Gene" and "The Crowd".

Tip Four: Creativity

I mentioned before that to be creative enough, there are two key points, one is "vision" and the other is "focus". Vision is horizontal, and concentration is vertical. The two need to be balanced, because human energy is limited (the law of energy conservation). As long as either one is out of balance, neither will exist.

For most people, focusing is the most difficult. After all, this is an immediate process of entropy reduction, a process of self-organization of information. Seriously, you accelerated the end of the universe because of your focus. As for why, it will not be expanded here. In short, it is really difficult to focus, and you have to force yourself a lot of times.

Because of selfish genes, human beings are always bursting out their creativity consciously or unconsciously. Some creativity can change the world, some creativity can change the family, and some creativity can change yourself. These are all creativity. How much creativity you need depends on your genes, on who you want to be.

After all, there are "very few" people who can change the world...

Suggestion 5: Some good resources

Open your browser and search for:

i Chunqiu, Wuyun, Zhichuangyu R&D skill table v3.0, FreeBuf, enough!

If these few clues don't open up your hacker world view and make you creative enough, then it's useless to ask more. I suggest that you really savor some of the knowledge they give, follow the vines, and gradually extend your tentacles to the world. As I said earlier, learn to observe

super hacker

This part of the content is still relatively far away for students with zero foundation, so I won’t go into details, and attach the learning route.

If the picture is too large and compressed by the platform, you can’t see it clearly, you can leave a message in the comment area 111 or private message me in the background after paying attention! Send everyone the HD version!

8. Misunderstandings and pitfalls of self-study network security learning

1. Don’t try to become a programmer first and then start learning

In my previous answers, I have repeatedly emphasized not to start learning network security based on programming. Generally speaking, learning programming is not only a long learning cycle, but also there are not many key knowledge available after the actual transition to security

If ordinary people want to learn programming well and start learning network security, it often takes a long time, and it is easy to give up halfway. And learning programming is just a tool, not an end. Our goal is not to become a programmer. It is suggested that in the process of learning network security, what will not be filled, which is more purposeful and less time-consuming

2. Don’t take deep learning as the first lesson

Many people are aiming to learn network security well and solidly, so it is easy to use too much force and fall into a misunderstanding: it is to learn all the content in depth, but it is not a good idea to use deep learning as the first lesson of network security. The reasons are as follows:

[1] The black-box nature of deep learning is more obvious, and it is easy to learn and swallow

【2】Deep learning has high requirements on itself, it is not suitable for self-study, and it is easy to enter a dead end

3. Don’t Collect Too Much Data

There are a lot of learning materials about network security on the Internet, and there are several gigabytes of materials that can be downloaded or watched at every turn. And many friends have "collection addiction", buying more than a dozen books at once, or collecting dozens of videos

Many online learning materials are extremely repetitive and most of the content has not been updated a few years ago. During the introductory period, it is recommended to choose "small but refined" materials. Below I will recommend some learning resources that I think are good for Xiaobai. Read on patiently.

9. Some preliminary preparations for learning network security

1. Hardware selection

I am often asked, "Do I need a computer with a high configuration to learn network security?" The answer is no. The computer used by hackers does not need any high configuration, as long as it is stable. Because some programs used by hackers can run well on low-end CPUs, and do not occupy much memory. Another thing is that hackers are executed under DOS commands, so the computer can be used in the best condition! Therefore, do not repurchase the machine in the name of learning...

2. Software selection

Many people will be entangled in learning hackers whether to use Linux, Windows or Mac system. Although Linux looks cool, it is not friendly to newbies. The Windows system can also use the virtual machine to install the target machine for learning

As for the programming language, Python is the most recommended because of its good expansion support. Of course, many websites on the market are developed by PHP, so it is also possible to choose PHP. Other languages include C++, Java...

Many friends will ask if they want to learn all languages? the answer is negative! To quote my sentence above: Learning programming is just a tool, not an end, our goal is not to become a programmer

(An extra thing to mention here is that although learning programming cannot get you started, it can determine how far you can go on the road of network security, so I recommend you to learn some basic programming knowledge by yourself)

3. Language ability

We know that computers were first invented in the West, and many nouns or codes are in English, and even some existing tutorials were originally translated from English, and it usually takes a week for a bug to be discovered and translated into Chinese, and the bug may be patched within this time gap. And if you don’t understand some professional terms, you will have obstacles when communicating technology or experience with other hackers, so you need a certain amount of English and hacker professional terms (you don’t need to be particularly proficient, but you must be able to understand the basics)

For example: broiler, hanging horse, shell, WebShell, etc.

The first stage: getting started with basic operations and learning basic knowledge

The first step to getting started is to learn some current mainstream security tool courses and supporting books on basic principles. Generally speaking, this process takes about 1 month.

At this stage, you already have a basic understanding of cybersecurity. If you have finished the first step, I believe you have theoretically understood the above is sql injection, what is xss attack, and you have also mastered the basic operations of security tools such as burp, msf, and cs. The most important thing at this time is to start laying the foundation!

The so-called "foundation" is actually a systematic study of basic computer knowledge. If you want to learn network security well, you must first have 5 basic knowledge modules:

1. Operating system

2. Protocol/Network

3. Database

4. Development language

5. Principles of Common Vulnerabilities

What is the use of learning these basics?

The level of knowledge in various fields of computer determines the upper limit of your penetration level.

[1] For example: if you have a high level of programming, you will be better than others in code auditing, and the exploit tools you write will be easier to use than others;

[2] For example: if you have a high level of database knowledge, then when you are conducting SQL injection attacks, you can write more and better SQL injection statements, which can bypass WAF that others cannot bypass;

[3] For example: if your network level is high, then you can understand the network structure of the target more easily than others when you infiltrate the internal network. You can get a network topology to know where you are, and get a router configuration file to know what routes they have made;

【4】For another example, if your operating system is good, your privilege will be enhanced, your information collection efficiency will be higher, and you can efficiently filter out the information you want.

The second stage: practical operation

1. Mining SRC

The purpose of digging SRC is mainly to put the skills into practice. The biggest illusion of learning network security is to feel that you know everything, but when it comes to digging holes, you can’t do anything. SRC is a very good opportunity to apply skills.

2. Learn from technical sharing posts (vulnerability mining type)

Watch and study all the 0day mining posts in the past ten years, and then build an environment to reproduce the loopholes, think and learn the author's digging thinking, and cultivate your own penetrating thinking

3. Range practice

Build a shooting range by yourself or go to a free shooting range website to practice. If you have the conditions, you can buy it or apply to a reliable training institution.

Phase 3: Participate in CTF competitions or HVV operations

Recommended: CTF competition

CTF has three points:

【1】A chance close to actual combat. Now the network security law is very strict, unlike before, everyone can mess around

[2] Topics keep up with the frontiers of technology, but many books lag behind

【3】If you are a college student, it will be very helpful for finding a job in the future

If you want to play a CTF competition, go directly to the competition questions. If you don’t understand the competition questions, find a place according to what you don’t understand and then read the information

Recommended: HVV (network protection)

HVV has four points:

[1] It can also greatly exercise you and improve your own skills. It is best to participate in the HVV action held every year

【2】Be able to meet many bigwigs in the circle and expand your network

【3】The salary of HVV is also very high, so you can earn a lot of money if you participate

[4] Like the CTF competition, if you are a college student, it will also be very helpful for finding a job in the future

10. Learning materials sharing

Video supporting materials & domestic and foreign network security books, documents & tools

Of course, in addition to supporting videos, various documents, books, materials & tools have been sorted out for you, and they have been classified into categories for you.

Some video tutorials that the author bought by himself, but which are not available on other platforms for free.

SRC&Hacking Technical Documentation

Hacking Tools Collection

If you want to get involved in hacking & network security, the author has prepared a copy for everyone: 282G The most complete network security data package on the entire network to share for free!

If you have a related major or want to engage in this line of work, you can pay attention to it, leave a message in the comment area for sharing , or kick me in the background to share it for everyone to learn for free! I hope to be helpful!

epilogue

Special statement:

This tutorial is purely technical sharing! The purpose of this tutorial is in no way to provide and technical support for those with bad motives! Nor does it assume joint and several liability arising from the misuse of technology! The purpose of this tutorial is to maximize everyone's attention to network security and take corresponding security measures to reduce economic losses caused by network security. ! ! !