10 types of hackers, how many do you know?

There are generally 10 types of hackers

1. White hat hacker

White hat hackers refer to hackers who have been authorized or certified to work for governments and organizations by conducting penetration tests to identify network security vulnerabilities. They also ensure protection against malicious cybercrime. They work under the rules and regulations provided by the government, that's why they are called ethical hackers or cyber security experts.

2. Black hat hackers

They are often called hackers. Black hat hackers can gain unauthorized access to your system and destroy your important data. The attack methods they use are common hacks they have learned before. They are considered criminals because their malicious behavior can be easily identified.

3. Gray hat hackers

Gray hat hackers fall into a category between white hat hackers and black hat hackers. They are not legally authorized hackers. They work with both good and bad intentions; they can use their skills for personal gain. It's all up to the hacker. If a gray hat hacker uses his skills for his own personal gain, he/she is considered a black hat hacker.

4. Script kiddies

As far as hackers are concerned, they are the most dangerous people. A "script kiddie" is an unskilled person who uses scripts or downloads provided by other hackers to perform hacking. They attempt to attack computer systems and networks and disrupt websites. Their main purpose is to impress friends and society. Typically, script kiddies are teenagers who don't know much about hacking.

5. Green hat hacker

They are also amateurs in the hacker world, but they are a bit different from script kiddies. They care about hacking and strive to be full-fledged hackers. They are inspired by hackers and they are rarely asked questions about hackers. When hackers are answering their questions, they're listening for its novelty.

6. Blue hat hacker

They're a lot like script kiddies; they're new to the field of hacking. If someone makes a script kiddie angry, he/she may retaliate, then they are considered a blue hat hacker. Blue hat hackers take revenge on those who challenge them or irritate them. Like script kiddies, blue hat hackers have no desire to learn.

7. Red Hat Hacker

They are also known as sharp-eyed hackers. Like white hat hackers, red hat hackers are designed to deter black hat hackers. There is a big difference in how they work. When it comes to dealing with the malware behavior of black hat hackers, they have become ruthless. Red Hat hackers will continue to attack the aggressiveness of hackers who probably know that it too will have to replace the entire system.

8. State Sponsored Hacking

A state-sponsored hacker is someone appointed by the government to provide cybersecurity services and obtain classified information from other countries in order to stay ahead or avoid any danger to the country. They are highly paid government workers.

9. Hacktivists

These are also known as the online versions of the activists. Hacktivist refers to a hacker or group of anonymous hackers who gain unauthorized access to government computer files and networks for further social or political ends.

10. Malicious insiders or whistleblowers

A malicious insider or whistleblower may be an employee of a company or government agency with a grudge.

How to teach yourself to be a hacker?

For students who have never been exposed to network security, I have also prepared a detailed learning and growth roadmap for you. It can be said that it is the most scientific and systematic learning route, and it is no problem for everyone to follow this general direction.

how to learn

Let's get down to the specific technical points, the network security learning route, the overall learning time is about half a year, depending on each person's situation.

If you refine the content you need to learn every week to this level, you still worry that you won’t be able to learn it, and you won’t be able to get started. In fact, you have learned it for two months, but you have to learn from east to west, what? The content is just a taste, and I haven't gone deep into it, so I have the feeling that I can't get into the door after studying for 2 months.

1. Concepts related to web security (2 weeks)

• Familiar with basic concepts (SQL injection, upload, XSS, CSRF, one-word Trojan horse, etc.);
• Google/SecWiki through keywords (SQL injection, upload, XSS, CSRF, one-word Trojan horse, etc.);
• Read "Mastering Script Hackers", although it is very old and has errors, it is still possible to get started;
• Watch some infiltration notes/videos to understand the whole process of actual infiltration, you can Google (infiltration notes, infiltration process, intrusion process, etc.);

2. Familiar with penetration related tools (3 weeks)

• Familiar with the use of AWVS, sqlmap, Burp, nessus, chopper, nmap, Appscan and other related tools;
• To understand the purpose and usage scenarios of such tools, first use the software name Google/SecWiki;
• Download the backdoor-free versions of these software for installation;
• Learn and use, specific teaching materials can be searched on SecWiki, for example: Brup's tutorial, sqlmap;
• Once you have learned these commonly used software, you can install Sonic Start to make a penetration toolbox;

3. Infiltration combat operation (5 weeks)

Master the entire stages of penetration and be able to independently penetrate small sites. Look for infiltration videos on the Internet to watch and think about the ideas and principles, keywords (infiltration, SQL injection videos, file upload intrusion, database backup, dedecms exploits, etc.);

• Find a site/build a test environment for testing by yourself, remember to hide yourself;
• Thinking penetration is mainly divided into several stages, and what work needs to be done in each stage;
• Study the types of SQL injection, injection principles, and manual injection techniques;
• Research the principle of file upload, how to truncate, double suffix spoofing (IIS, PHP), parsing exploits (IIS, Nignix, Apache), etc.;
• Study the principles and types of XSS formation, the specific learning method can be Google/SecWiki;
• Study the method and specific use of Windows/Linux privilege escalation;

4. Pay attention to the dynamics of the security circle (1 week)

• Pay attention to the latest vulnerabilities, security incidents and technical articles in the security circle;
• Browse daily security technology articles/events through SecWiki;
• Pay attention to practitioners in the security circle through Weibo/twitter (if you encounter a big cow’s attention or a friend’s decisive attention), take time to check it every day;
• Subscribe to domestic and foreign security technology blogs through feedly/fresh fruit (not limited to domestic, usually pay more attention to accumulation), if you don't have a feed, you can look at the aggregation column of SecWiki;
• Cultivate the habit of actively submitting security technical articles to link to SecWiki every day for accumulation;
• Pay more attention to the latest list of vulnerabilities, and recommend a few: exploit-db, CVE Chinese library, Wooyun, etc., and practice when encountering public vulnerabilities.
• Follow the topics or videos of domestic and international security conferences, and recommend SecWiki-Conference;

5. Familiar with Windows/Kali Linux (3 weeks)

• Learn Windows/Kali Linux basic commands and common tools;
• Familiar with common cmd commands under Windows, such as: ipconfig, nslookup, tracert, net, tasklist, taskkill
• wait;
• Familiar with common commands under Linux, such as: ifconfig, ls, cp, mv, vi, wget, service, sudo, etc.;
• Familiar with common tools under the Kali Linux system, you can refer to SecWiki "Web Penetration Testing with Kali Linux", "Hacking with Kali", etc.;
• Familiar with metasploit tools, you can refer to SecWiki, "Metasploit Penetration Testing Guide";

6. Server security configuration (3 weeks)

• Learn server environment configuration, and be able to discover security problems in configuration through thinking;
• IIS configuration under Windows2003/2008 environment, pay special attention to configuration security and operation permissions;
• The security configuration of LAMP in the Linux environment mainly considers running permissions, cross-directory, folder permissions, etc.;
• Remote system reinforcement, restrict user name and password login, and restrict ports through iptables;
• Configure software Waf to strengthen system security, and configure mod_security and other systems on the server;
• Use Nessus software to perform security detection on the configuration environment and discover unknown security threats;

7. Script programming learning (4 weeks)

• Choose one of the scripting languages ​​Perl/Python/PHP/Go/Java to learn programming of commonly used libraries;
• Build a development environment and choose an IDE. The PHP environment recommends Wamp and XAMPP, and the IDE strongly recommends Sublime;
• Python programming learning, learning content includes: grammar, regularization, files, network, multi-threading and other common libraries, recommend "Python Core Programming", don't read it;
• Write the exploit of the vulnerability in Python, and then write a simple web crawler;
• Learn PHP basic grammar and write a simple blog system, see "PHP and MySQL Programming (4th Edition)", video;
• Familiar with the MVC architecture, and try to learn a PHP framework or Python framework (optional);
• Understand Bootstrap's layout or CSS;

8. Source code audit and vulnerability analysis (3 weeks)

• It can independently analyze script source code programs and find security problems.
• Familiar with the dynamic and static methods of source code audit, and know how to analyze the program;
• Find and analyze the vulnerabilities of open source programs from Wooyun and try to analyze them yourself;
• Understand the causes of web vulnerabilities, and then search and analyze them through keywords;
• Study the formation principles of web vulnerabilities and how to avoid such vulnerabilities from the source code level, and organize them into a checklist.

9. Security system design and development (5 weeks)

• Be able to build your own security system and put forward some security suggestions or system architecture.
• Develop some practical security gadgets and open source to reflect personal strength;
• Establish your own security system and have your own understanding and opinions on company security;
• Propose or join the architecture or development of large security systems;

Finally, I also sorted out some learning materials and notes for you, most of which are quite good, I hope it will be helpful to everyone!

Partial display

CSDN spree: "Hacker & Network Security Introduction & Advanced Learning Resource Pack" for free

Epilogue

To be honest, there is no threshold for obtaining the information package mentioned above. However, I think many people get it but don't learn it. Most people's question seems to be " how to act ", but it is actually " can't start" . This is true in almost any field. The so-called " everything is difficult at the beginning", the vast majority of people are stuck at the first step, and they have eliminated themselves before they even started. If you really believe you like cybersecurity/hacking, do it now, more than anything else .

The field of network security is like a towering tree full of fruit. There are countless onlookers standing under it. They all claim that they like network security and want to pick the fruit from the tree, but they are hesitant when faced with the vine branches that hang down from time to time. indecision.

In fact, you can climb this tree by just grabbing any vine branch. What most people lack is such a beginning.