If you want to learn network security (hacking technology) by yourself, you must first understand what network security is! What a hacker!
Network security can be classified based on the perspective of attack and defense. The "red team" and "penetration testing" we often hear are research on attack technology, while the "blue team", "security operation" and "security operation and maintenance" are research on defense technology.
Regardless of the field of network, web, mobile, desktop, cloud, etc., there are two sides of attack and defense. For example, web security technology includes both web penetration and web defense technology (WAF). As a qualified network security engineer, you should be both offensive and defensive. After all, you can win every battle if you know yourself and the enemy.
1. Misunderstandings and pitfalls of self-study network security learning
1. Don't try to become a programmer first (programming-based learning) and then start learning
Behavior: Master it from programming, learn everything from front-end to back-end, communication protocols, and everything.
Disadvantages: It takes too long, and there is not much critical knowledge available after the actual transition to security.
A lot of security function knowledge and even nouns do not understand unserialize outfile
2. Don’t take deep learning as the first lesson
Many people are aiming to learn network security well and solidly, so it is easy to use too much force and fall into a misunderstanding: it is to learn all the content in depth, but it is not right to use deep learning as the first lesson of network security. good idea. The reasons are as follows:
[1] The black-box nature of deep learning is more obvious, and it is easy to learn and swallow
【2】Deep learning has high requirements on itself, it is not suitable for self-study, and it is easy to enter a dead end
3. Misunderstandings of self-study based on hacker skills and interests:
Behavior: frantically searching for security tutorials, joining various small circles, downloading every resource, watching every video, as long as it is related to hackers.
Disadvantages: Even after considering the quality of resources, the knowledge points that can be learned are very scattered and highly repetitive.
The code can't be understood, the explanation can't be understood, and the situation of half-knowledge happens from time to time.
After spending a lot of time understanding it, I realized that the content of this video is actually the same as other knowledge points I watched.
4. Don’t Collect Too Much Data
There are a lot of learning materials about network security on the Internet, and there are several gigabytes of materials that can be downloaded or watched at every turn. And many friends have "collection addiction", buying more than a dozen books at once, or collecting dozens of videos
Many online learning materials are extremely repetitive and most of the content has not been updated a few years ago. During the introductory period, it is recommended to choose "small but fine" materials. Below I will recommend some learning resources that I think are good for Xiaobai. Read on patiently.
2. Some preliminary preparations for learning network security
1. Hardware selection
I am often asked "Do I need a computer with a high configuration to learn network security?" The answer is no, the computer used by hackers does not need any high configuration, as long as it is stable. Because some programs used by hackers, low-end CPUs are also It can run very well, and it doesn’t take up much memory. There is another one, the hacker is done under the DOS command, so the computer can be used in the best condition! So, don’t re-purchase the machine in the name of learning...
2. Software selection
Many people will be entangled in learning hackers whether to use Linux, Windows or Mac system. Although Linux looks cool, it is not friendly to newbies. The Windows system can also use the virtual machine to install the target machine for learning
As for the programming language, Python is the most recommended because of its good expansion support. Of course, many websites on the market are developed by PHP, so it is also possible to choose PHP. Other languages include C++, Java...
Many friends will ask if they want to learn all languages? the answer is negative! To quote my sentence above: Learning programming is just a tool, not an end, our goal is not to become a programmer
(An extra thing to mention here is that although learning programming cannot get you started, it can determine how far you can go on the road of network security, so I recommend you to learn some basic programming knowledge by yourself)
3. Language ability
We know that computers were first invented in the West, and many nouns or codes are in English. Even some existing tutorials were originally translated from English, and it usually takes a week for a bug to be translated into Chinese. Vulnerabilities may have been patched at this time difference. And if you don’t understand some professional terms, you will have obstacles when communicating technology or experience with other hackers, so you need a certain amount of English and hacker professional terms (you don’t need to be particularly proficient, but you must be able to understand the basics)
For example: broiler, hanging horse, shell, WebShell, etc.
3. Network security learning route (2023 latest arrangement)
Image too large! If the upload is not clear and needs a high-definition PDF version, you can leave a message to tell me or kick me ! Due to the limited number of private messages from strangers every day! You can also follow me. After following, the background will automatically send a sharing link, and you can pick it up yourself !
Phase 1: Security Basics
Cybersecurity Industry and Regulations
Linux operating system
computer network
HTML PHP Mysql Python basics to practical mastery
Phase Two: Information Gathering
IP information collection
Domain name information collection
Server Information Collection
Web site information collection
Google hacking
Fofa Network Security Mapping
Phase Three: Web Security
SQL injection vulnerability
XSS
CSRF vulnerability
File Upload Vulnerability
file contains bug
SSRF vulnerability
XXE vulnerability
Remote Code Execution Vulnerabilities
Password Brute Force Cracking and Defense
Middleware Parsing Vulnerabilities
Deserialization Vulnerabilities
Stage Four: Penetration Tools
MSF
Cobalt strike
Burp suite
Nessus Appscea AWVS
Goby XRay
Sqlmap
Nmap
Kali
The fifth stage: actual combat digging
Vulnerability mining skills
Src
Cnvd
Crowdtest project
Recurrence of popular CVE vulnerabilities
Shooting Range Combat
Note: The first three stages are the focus of learning
Fourth, the recommendation of learning materials
The learning framework has been sorted out, and now the resources are missing. I have sorted out the resource documents corresponding to all the knowledge points here. If you don’t want to look for them one by one, you can refer to these materials!
Only you can't think of it! None I can't find! !
Like, favorite, leave a message in the comment area "Already concerned"! It can be shared with everyone for free! Friends who can't wait can also kick me directly! Or after following me, the background will automatically send it to everyone! After paying attention, please pay attention to the background news!
Video Tutorial 
Hacking Tools & SRC Technical Documentation & PDF Books & Web Security, etc.
epilogue
The network security industry is like a river and lake, where people of all colors gather. Compared with many decent families with solid foundations in European and American countries (understand encryption, know how to protect, can dig holes, and are good at engineering), our talents are more heretics (many white hats may not be convinced), so in the future Talent training and In terms of construction, it is necessary to adjust the structure and encourage more people to do "positive" "system and construction" that combines "business" and "data" and "automation" in order to quench the thirst for talents and truly serve the society in an all-round way. Internet provides security.
Special statement:
This tutorial is purely technical sharing! The purpose of this tutorial is in no way to provide and technical support for those with bad motives! Nor does it assume joint and several liability arising from the misuse of technology! The purpose of this tutorial is to maximize everyone's attention to network security and take corresponding security measures to reduce economic losses caused by network security