I. Introduction:
1. This is a persistent path, you can give up the enthusiasm for three minutes and read on.
2. Practice more and think more, don't leave the tutorial without knowing anything. It is best to complete the technical development independently after reading the tutorial.
3. Sometimes we google, baidu, we often can't meet kind masters, who will give you answers every day in boredom.
4. If you encounter something that you really don't understand, you can let it go first and solve it later.
1. Learn the basics:
First, you can learn the basics by self-studying or taking a cybersecurity course. Understand fundamental concepts such as computer networks, operating systems, programming languages, and network protocols. Learn terminology and concepts of network security such as authentication, access control, encryption, and more.
2. Explore cybersecurity tools:
Familiarity with commonly used network security tools and techniques. For example, learn to use Wireshark to analyze network traffic, use Nmap for vulnerability scanning, use Metasploit for penetration testing, etc. Get hands-on with these tools and learn how they work and how to use them.
3. Understand common attack types:
Learn about various common types of cyber attacks such as denial of service attacks, malware (viruses, worms, Trojans) attacks, social engineering, and more. Learn about the methods and techniques attackers use, and how to defend against and counter them.
2. Learning route
The picture is too big and a bit blurry! ! If you need to learn the pdf version of the route, you can follow the blogger to get it automatically! ! !
Phase 1: Security Basics
Cybersecurity Industry and RegulationsLinux operating system
computer network
HTML PHP Mysql Python basics to practical mastery
Phase Two: Information Gathering
IP information collectionDomain name information collection
Server Information Collection
Web site information collection
Google hacking
Fofa Network Security Mapping
Phase Three: Web Security
SQL injection vulnerabilityXSS
CSRF vulnerability
File Upload Vulnerability
file contains bug
SSRF vulnerability
XXE vulnerability
Remote Code Execution Vulnerabilities
Password Brute Force Cracking and Defense
Middleware Parsing Vulnerabilities
Deserialization Vulnerabilities
Stage Four: Penetration Tools
MSF
Cobalt strike
Burp suite
Nessus Appscea AWVS
Goby XRay
Sqlmap
Nmap
Kali
The fifth stage: actual combat digging
Vulnerability mining skillsSrc
Cnvd
Crowdtest project
Recurrence of popular CVE vulnerabilities
Shooting Range Combat
3. Recommendations for learning materials
The learning framework has been sorted out, and now the resources are missing. I have sorted out the resource documents corresponding to all the knowledge points here. If you don’t want to look for them one by one, you can refer to these materials!
1. Video tutorial (shareable)
2. Hacking tools & SRC technical documents & PDF books & web security, etc. (shareable)
Those who need to learn materials and tutorials can follow bloggers to get them automatically! ! ! Those who are anxious can get it from the official account at the bottom! ! !
4. Book list recommendation
In fact, books are very systematic, very suitable for getting started, and can allow you to master the basic content of this field, but the timeliness may not be very high. I suggest you choose which book to read, and don’t follow others’ advice. Many people will ask you to learn operating system principles, algorithms, etc. This is actually not in line with the law of learning. Find the corresponding book to learn what you want to learn, instead of starting from the most basic. start learning. Below are a few books I recommend.
Computer and System Principles
"Coding: The Language Hidden Behind Computer Software and Hardware" [US] Charles Petzold
"In-depth Understanding of Computer Systems" [US] Randal E.Bryant
"In-depth Understanding of Windows Operating System" [US] Russinovich, ME; Solomon, DA
"Linux Kernel Design and Implementation" [US] Robert Love
"In-depth Understanding of Android Kernel Design Ideas" Lin Xuesen
"Android System Source Code Scenario Analysis" Luo Shengyang
"In-depth Understanding of Mac OS X & iOS Operating Systems" [US] Jonathan Levin
"In-depth understanding of the Linux kernel" [US] DanielP.Bovet
"Code Secret: Exploring the Computer System from the Perspective of C/C++" Zuo Fei
"Android Dalvik Virtual Machine Structure and Mechanism Analysis (Volumes 1 and 2)" Wu Yanxia; Zhang Guoyin
"Android Internals::Power User's View "[US] Jonathan Levin, Chinese translation "The Strongest Android Book: Architecture Analysis"
If you need e-books, you can follow bloggers to get them automatically! ! ! Those who are anxious can get it from the official account at the bottom! ! !
epilogue
The network security industry is like a river and lake, where people of all colors gather. Compared with many decent families with solid foundations in European and American countries (understand encryption, know how to protect, can dig holes, and are good at engineering), our talents are more heretics (many white hats may not be convinced), so in the future Talent training and In terms of construction, it is necessary to adjust the structure and encourage more people to do "positive" "system and construction" that combines "business" and "data" and "automation" in order to quench the thirst for talents and truly serve the society in an all-round way. Internet provides security.
Special statement:
This tutorial is purely technical sharing! The purpose of this tutorial is in no way to provide and technical support for those with bad motives! Nor does it assume joint and several liability arising from the misuse of technology! The purpose of this tutorial is to maximize everyone's attention to network security and take corresponding security measures to reduce economic losses caused by network security.