I. Introduction
1. This is a persistent path, you can give up the enthusiasm for three minutes and read on.
2. Practice more and think more, don't leave the tutorial without knowing anything. It is best to complete the technical development independently after reading the tutorial.
3. Sometimes we google, baidu, we often can't meet kind masters, who will give you answers every day in boredom.
4. If you encounter something that you really don't understand, you can let it go first and solve it later.
1. Learn the basics:
First, you can learn the basics by self-studying or taking a cybersecurity course. Understand fundamental concepts such as computer networks, operating systems, programming languages, and network protocols. Learn terminology and concepts of network security such as authentication, access control, encryption, and more.
2. Explore cybersecurity tools:
Familiarity with commonly used network security tools and techniques. For example, learn to use Wireshark to analyze network traffic, use Nmap for vulnerability scanning, use Metasploit for penetration testing, etc. Get hands-on with these tools and learn how they work and how to use them.
3. Understand common attack types:
Learn about various common types of cyber attacks such as denial of service attacks, malware (viruses, worms, Trojans) attacks, social engineering, and more. Learn about the methods and techniques attackers use, and how to defend against and counter them.
2. Learning route
Phase 1: Security Basics
Cybersecurity Industry and Regulations
Linux operating system
computer network
HTML PHP Mysql Python basics to practical mastery
Phase Two: Information Gathering
IP information collection
Domain name information collection
Server Information Collection
Web site information collection
Google hacking
Fofa Network Security Mapping
Phase Three: Web Security
SQL injection vulnerability
XSS
CSRF vulnerability
File Upload Vulnerability
file contains bug
SSRF vulnerability
XXE vulnerability
Remote Code Execution Vulnerabilities
Password Brute Force Cracking and Defense
Middleware Parsing Vulnerabilities
Deserialization Vulnerabilities
Stage Four: Penetration Tools
MSF
Cobalt strike
Burp suite
Nessus Appscea AWVS
Goby XRay
Sqlmap
Nmap
Kali
The fifth stage: actual combat digging
Vulnerability mining skills
Src
Cnvd
Crowdtest project
Recurrence of popular CVE vulnerabilities
Shooting Range Combat
3. Recommendations for learning materials
The learning framework has been sorted out, and now the resources are missing. I have sorted out the resource documents corresponding to all the knowledge points here. If you don’t want to look for them one by one, you can refer to these materials!
1. Video tutorial (shareable)
2. Hacking tools & SRC technical documents & PDF books & web security, etc. (shareable)
If you need to learn materials and tutorials, you can leave a message after liking and collecting: closed, please share, I will send them to everyone one by one! ! !
Book list recommendation:
Computer operating system:
[1] Coding: the language hidden behind computer software and hardware
【2】In-depth understanding of the operating system
【3】In-depth understanding of windows operating system
【4】Linux kernel and implementation
Programming development class:
【1】windows programming
【2】windwos core becomes
【3】Linux programming
【4】Unix environment advanced into
【5】IOS becomes
[6] The first line of code Android
【7】C programming language design
【8】C primer plus
[9] C and pointers
[10] C expert programming
[11] C traps and defects
[12] Assembly language (Wang Shuang)
【13】java core technology
【14】java programming ideas
【15】Python core programming
[16] Linux shell script strategy
[17] Introduction to Algorithms
[18] Compilation principle
[19] Compilation and decompilation technology practice
[20] The way to clean code
[21] Code Encyclopedia
[22] TCP/IP Detailed Explanation
【23】Rootkit: Lurkers in the gray area of the system
【24】Hacking Attack and Defense Technology Collection
【25】Encryption and decryption
【26】C++ Disassembly and Reverse Analysis Technique Revealed
[27] web security testing
【28】White hat talks about web security
【29】Proficient in script hacking
【30】Web front-end hacking technology secret
[31] Programmer's Application
【32】English Writing Handbook: Elements of Style
epilogue
The network security industry is like a river and lake, where people of all colors gather. Compared with many decent families with solid foundations in European and American countries (understand encryption, know how to protect, can dig holes, and are good at engineering), our talents are more heretics (many white hats may not be convinced), so in the future Talent training and In terms of construction, it is necessary to adjust the structure and encourage more people to do "positive" "system and construction" that combines "business" and "data" and "automation" in order to quench the thirst for talents and truly serve the society in an all-round way. Internet provides security.