How to become a hacker, many friends will change careers in the middle of learning security. Here I have sorted out the knowledge content and system. After a month of liver work, I have sorted out the most suitable network security learning route for zero-based learning, and decisively bookmark and learn the next route. This article is very detailed, and interested students can refer to it.
First of all, let's talk about what problems usually arise when learning the direction of network security
1. It takes too long to lay the foundation
It takes a long time to learn the basics, and there are several languages. Some people will fall on the way to learn the linux system and commands, and more people will fall on learning the language;
2. The level of knowledge points is not clear
For the basic content of network security, many people don't know how much they need to learn, and they swallow it all, resulting in spending too much time on the basics; I saw many friends who bought books on HTML, PHP, databases, computer networks, etc., and each book is still very expensive. It is thick, and many of them are written in depth. I find that the more I learn, the less confident I am. Others can find a job if they learn PHP or database, but network security needs to learn so much, and I am more and more suspicious of whether I have chosen the wrong direction;
3. Knowledge points can’t distinguish the key points
Many people have spent a lot of energy to learn the basic content, but found that a lot of knowledge has little to do with subsequent network security, did not distinguish the key points, and wasted a lot of time;
4. The learning of knowledge points is not systematic
I saw a lot of friends looking for a lot of videos on station b, and bought some small lessons on other platforms. There are also 1-2T learning materials and video content on Baidu cloud disk, but it takes a lot of money to finish each class Time, and a lot of content is repetitive. After learning SQL injection, I saw another company talking about SQL injection later. It was not bad. I will study it again and find that after learning all the principles of web vulnerabilities, I am still not sure about myself. Have you learned nothing about web vulnerabilities?
5. It is difficult to solve problems by yourself
For beginners, many will build some shooting ranges by themselves, but due to the configuration environment and other reasons, there will be a lot of time delay, especially when beginners encounter three consecutive problems that cannot be solved, it is easy to give up; for some people with poor hands-on ability Classmates, this may directly affect the confidence to continue learning;
6. The level of actual combat is not enough
For learning network security and penetration testing technology, in fact, to a large extent, what you learn is "hacking" technology. By learning how to attack and intrude, you can better understand how to defend systems and applications; and this is precisely network security. If you only have theory and little practical experience, it will be more difficult to get a job; in normal study, in addition to building some open source shooting ranges for practice, it is best to have a shooting range composed of real loopholes for learning. You can go to the SRC platform to penetration test some real websites (you must obtain authorization to penetrate real websites), but it is relatively difficult to find out, and many beginners will lose confidence and doubt themselves;
7. Intranet learning is more difficult
The information about Web penetration is everywhere on the Internet, and it is relatively easy to learn. However, there are relatively few materials on the intranet on the Internet, and there are not many materials that can be used for reference. Technical improvement and accumulation; learning will be more difficult.
Understand the problem, and at the same time adjust the learning direction based on some of your own characteristics, you will get twice the result with half the effort. The following is the learning route, which is suitable for people who want to learn network security!
The first step to getting started is to learn some current mainstream security tool courses and supporting books on basic principles. Generally speaking, this process takes about 1 month.
At this stage, you already have a basic understanding of cybersecurity. If you have finished the first step, I believe you have theoretically understood the above is sql injection, what is xss attack, and you have also mastered the basic operations of security tools such as burp, msf, and cs. The most important thing at this time is to start laying the foundation!
The so-called "foundation" is actually a systematic study of basic computer knowledge. If you want to learn network security well, you must first have 5 basic knowledge modules:
1. Operating system
2. Protocol/Network
3. Database
4. Development language
5. Principles of Common Vulnerabilities
What is the use of learning these basics?
The level of knowledge in various fields of computer determines the upper limit of your penetration level.
[1] For example: if you have a high level of programming, you will be better than others in code auditing, and the exploit tools you write will be easier to use than others;
[2] For example: if you have a high level of database knowledge, then when you are conducting SQL injection attacks, you can write more and better SQL injection statements, which can bypass WAF that others cannot bypass;
【3】For example: if your network level is high, then you can understand the network structure of the target more easily than others when you infiltrate the internal network. You can get a network topology to know where you are, and get the configuration of a router. file, you will know what routes they have made;
【4】For another example, if your operating system is good, your privilege will be enhanced, your information collection efficiency will be higher, and you can efficiently filter out the information you want.
The second stage: practical operation
1. Mining SRC
The purpose of digging SRC is mainly to put the skills into practice. The biggest illusion of learning network security is to feel that you know everything, but when it comes to digging holes, you can’t do anything. SRC is a very good opportunity to apply skills.
2. Learn from technical sharing posts (vulnerability mining type)
Watch and study all the 0day mining posts in the past ten years, and then build an environment to reproduce the loopholes, think and learn the author's digging thinking, and cultivate your own penetrating thinking
3. Range practice
Build a shooting range by yourself or go to a free shooting range website to practice. If you have the conditions, you can buy it or apply to a reliable training institution. Generally, there are supporting shooting range exercises.
Phase 3: Participate in CTF competitions or HVV operations
Recommended: CTF Competition
CTF has three points:
【1】A chance close to actual combat. Now the network security law is very strict, unlike before, everyone can mess around
[2] Topics keep up with the frontiers of technology, but many books lag behind
【3】If you are a college student, it will be very helpful for finding a job in the future
If you want to play a CTF competition, go directly to the competition questions, if you don’t understand the competition questions, go to the information according to what you don’t understand
Recommended: HVV (network protection)
HVV has four points:
[1] It can also greatly exercise you and improve your own skills. It is best to participate in the HVV action held every year
【2】Be able to meet many bigwigs in the circle and expand your network
【3】The salary of HVV is also very high, so you can earn a lot of money if you participate
[4] Like the CTF competition, if you are a college student, it will also be very helpful for finding a job in the future
I have also compiled some network security information for you below. If you don’t want to find them one by one, you can refer to these information.
video tutorial
SRC&Hacking Technical Documentation
Hacking Tools Collection
If you want to get involved in hacking & network security, the author has prepared a copy for everyone: 282G the most complete network security data package on the entire network for free! Leave a message in the comment area to deduct 1 or pay attention to it (automatically sent in the background)
epilogue
The network security industry is like a river and lake, where people of all colors gather. Compared with many decent families with solid foundations in European and American countries (understand encryption, know how to protect, can dig holes, and are good at engineering), our talents are more heretics (many white hats may not be convinced), so in the future Talent training and In terms of construction, it is necessary to adjust the structure and encourage more people to do "positive" "system and construction" that combines "business" and "data" and "automation" in order to quench the thirst for talents and truly serve the society in an all-round way. Internet provides security.