Cyber Security/Hacking - Self-Study Experience

News 2023-08-07 01:32:40 views: null

1. Why choose Network Security?

In recent years, with the continuous implementation of a series of policies/regulations/standards such as "National Cyberspace Security Strategy", "Cyber ​​Security Law" and "Network Security Level Protection 2.0", the status and salary of the cyber security industry have risen accordingly.

The next 3-5 years will be the golden development period of the security industry. If you enter the industry in advance, you can enjoy the development dividend of the industry.

2. Why is it said that the network security industry is the last dividend of the IT industry?

According to the "Internet Security Report" released by Tencent Security, the supply of network security talents in China is currently severely lacking. Every year, only more than 30,000 security professionals are trained in colleges and universities, and the gap in network security positions has reached 700,000, which is as high as 95%.
 

image.png

Moreover, we go to the recruitment website and search for job titles such as [Network Security], [Web Security Engineer], [Penetration Testing], and we can see that security positions have good salaries. Condition.

image.png

 

Choosing the security industry has the following three major advantages:

01 There is no age limit

In many positions in the IT industry, there are 35-year-olds who are anxious and worry about whether the company is willing to take on the problem, while network security depends on the ability to solve problems. The more years of employment, the richer the experience, the more valuable.

02 The educational threshold is relatively loose

At present, there are very few cyber security colleges with majors. First, there are very few schools that offer cyber security majors. Second, even if they offer cyber security majors, there are very few students trained due to the shortage of teachers. And the requirements for age, major, and education are not so strict, and the job market is relatively tolerant.

03 The overall salary level is high

The salary of network security is higher than that of other IT industries. The starting salary is usually more than 7k, and the annual salary can reach up to one million. There is also the opportunity to earn a lot of part-time income.
 

The first stage: 4~6 weeks of basic preparation

This stage is a must-learn part for all those preparing to enter the security industry. As the saying goes: the ground is shaken without labor 

Stage Two: Web Penetration

Basic learning time: (1 week to 2 weeks)

① Understand the basic concepts: (SQL injection, XSS, upload, CSRF, one-sentence Trojan horse, etc.) to lay the foundation for subsequent WEB penetration testing.
② Check some web penetrations in some forums, and learn the idea of ​​a case study. Every site is different, so the idea is the main one.
③ Learn the art of asking questions, and be good at asking questions if you don’t understand.

Time to configure the penetration environment: (3 weeks to 4 weeks)

① Understand the commonly used tools for penetration testing, such as (AWVS, SQLMAP, NMAP, BURP, Chinese kitchen knife, etc.).
② Download the backdoor-free versions of these tools and install them on your computer.
③ Understand the usage scenarios of these tools and know the basic usage. It is recommended to search on Google.

Infiltration actual operation time: (about 6 weeks)

① Search for actual penetration cases on the Internet, and gain an in-depth understanding of the use of SQL injection, file upload, and parsing vulnerabilities in actual combat.
② Build a vulnerability environment test by yourself, recommend DWVA, SQLi-labs, Upload-labs, bWAPP.
③ Understand the stages of penetration testing, and what actions need to be done in each stage: such as PTES penetration testing implementation standards.
④ In-depth study of manual SQL injection, find ways to bypass waf, and make your own scripts.
⑤ Study the principle of file upload, how to truncate, double suffix spoofing (IIS, PHP), parsing exploits (IIS, Nignix, Apache), etc., refer to: upload attack framework.
⑥ Understand the principles and types of XSS formation, practice in DWVA, use a cms with XSS vulnerabilities, install security dogs, etc. for testing.
⑦ Understand a sentence Trojan horse, and try to write a dog sentence.
⑧ Research on privilege escalation under Windows and Linux, Google keywords: privilege escalation
 

Stage Three: Advanced

How can I advance after I have already started and found a job?
I have compiled a detailed learning route and tutorial video notes for you.
 

Suggestions for beginners:

web security books for beginners

  • "CCNA Study Guide"
  • "TCP/IP Detailed Explanation Volume 1"
  • "LAN Switch Security"
  • "Cisco Firewall"
  • "Network Security Principles and Practice"
  • "Network Security Technology and Solutions"
  • "Huawei Firewall Technology Talk"
  • "Cisco Network Hacker Exposure"
  • "Wireshark Network Analysis Actual Combat"
  • "Wireshark Packet Analysis Actual Combat"
  • "DDoS Attack and Defense Depth Analysis"
  • "Cisco VPN Complete Configuration Guide"
  • "Cisco Security Intrusion Detection System"

Web Security/Penetration Testing Recommended Book List

  • "White Hats Talk about Web Security"
  • "Deep Analysis of Web Security"
  • "Metaspolit Penetration Testing Demon Training Camp"
  • "Web front-end security secret"
  • "Web penetration testing using Kali Linux"
  • "Hacking Attack and Defense Technology Collection Web Actual Combat"
  • "BurpSuite Practical Guide"
  • "SQL Injection Attack and Defense"
  • "XSS cross-site scripting attack analysis and defense"
  • "Advanced Guide to Internet Enterprise Security"

epilogue

The network security industry is like a river and lake, where people of all colors gather. Compared with many decent families with solid foundations in European and American countries (understand encryption, know how to protect, can dig holes, and are good at engineering), our talents are more heretics (many white hats may not be convinced), so in the future Talent training and In terms of construction, it is necessary to adjust the structure and encourage more people to do "positive" "system and construction" that combines "business" and "data" and "automation" in order to quench the thirst for talents and truly serve the society in an all-round way. Internet provides security.

Friends who want to get involved in hacking & network security, I have prepared a copy for everyone: the most complete network security information package on the entire network in 2023 for free! Pay attention to it (automatically sent in the background)

Guess you like

Origin blog.csdn.net/2301_77162959/article/details/132118728
Recommended
TIOBE May list: Fortran “resurrected” into Top 10
GCC 14.1 released
Ranking
B. Little Girl and Game【1300 / 回文字符串 博弈论】
CIKERS Shane 20190613
"Javascript advanced programming" study notes - the constructor and prototype
beeline hiveserver2 start
springboot - Automatically backup mysql data every day
Data Storage Full Solution--Detailed Persistence Technology
Detailed Explanation of Spring Web MVC DispatcherServlet—Official Original
TCP / IP protocol layers structure and function
Command type literal pos: unknown; Fallback type literal pos: unknown] with root cause
Design of multifunctional curtain controller with indoor anti-theft alarm
Daily
More
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)

Code World

© 2018 codetd.com