Preface
If you want to teach yourself network security (hacking technology), you must first understand what network security is! What is a hacker!
Network security can be classified based on attack and defense perspectives. The “red team” and “penetration testing” we often hear about study attack techniques, while the “blue team”, “security operations” and “security operations and maintenance” study defense. technology.
Regardless of the field such as network, web, mobile, desktop, cloud, etc., there are two sides of attack and defense. For example, web security technology includes both web penetration and web defense technology (WAF). As a qualified network security engineer, you should be both offensive and defensive. After all, only by knowing yourself and the enemy can you be victorious in every battle.
1. Misunderstandings and traps in self-study network security learning
1. Don’t try to become a programmer first (programming-based learning) and then start learning
In my previous answers, I have repeatedly stressed that you should not start learning network security based on programming. Generally speaking, learning programming not only has a long learning cycle, but also does not provide much key knowledge that can be used after the actual transition to security.
If the average person wants to learn programming well before starting to learn network security, it often takes a long time and it is easy to give up halfway. Moreover, learning programming is just a tool and not the purpose. Our goal is not to become programmers. It is recommended that in the process of learning network security, you should make up for what you don’t know, so that it can be more purposeful and less time-consuming.
2. Don’t take deep learning as the first lesson
Many people are eager to learn network security well and solidly, so it is easy to push too hard and fall into a misunderstanding: deep learning is required for all content, but taking deep learning as the first lesson of network security is not What a great idea. Here’s why:
[1] The black box nature of deep learning is more obvious, and it is easy to learn in one go.
【2】Deep learning has high requirements on oneself, is not suitable for self-study, and can easily lead to a dead end.
3. Misunderstandings about self-study based on hacker skills and interests
Behavior: Crazy search for security tutorials, join various small circles, download resources whenever I find them, and watch videos whenever I find them, as long as they are related to hackers.
Disadvantages: Even after considering the quality of resources, the knowledge points that can be learned are very scattered and highly repetitive.
It happens from time to time that I can't understand the code, I can't understand the explanation, and I have only a half-understanding.
After spending a lot of time understanding it, I realized that the content of this video was actually the same as other knowledge points I watched.
4. Don’t collect too much information
There are a lot of learning materials about network security on the Internet, and there are several gigabytes of materials that can be downloaded or viewed. And many friends have a "collecting habit", buying more than a dozen books at once, or collecting dozens of videos.
Many online learning materials are extremely repetitive and most of the content has not been updated a few years ago. During the introductory period, it is recommended to choose "small but refined" materials. Below I will recommend some learning resources that I think are good for beginners. Please read them patiently.
2. Some preliminary preparations for learning network security
1.Hardware selection
I am often asked, "Does learning network security require a computer with high configuration?" The answer is no. Computers used by hackers do not need high configuration, as long as they are stable. Because some programs used by hackers require low-end CPUs. It can run very well and does not take up much memory. Another thing is that hacking is done under DOS commands, so the computer can be used at its best! So, don't buy a new machine in the name of learning...
2.Software selection
Many people are confused about whether to use Linux, Windows or Mac systems to learn hacking. Although Linux looks very cool, it is not friendly to newcomers. Windows systems can also use virtual machines to install target machines for learning.
As for programming languages, Python is the first choice because of its good expansion support. Of course, many websites on the market are developed with PHP, so it is okay to choose PHP. Other languages include C++, Java...
Many friends will ask whether it is necessary to learn all languages? the answer is negative! To quote my sentence above: Learning programming is just a tool, not the purpose. Our goal is not to become programmers.
(An additional thing to mention here is that although learning programming cannot get you started, it can determine how far you can go on the road to network security, so it is recommended that you learn some basic programming knowledge by yourself)
3.Language ability
We know that computers were first invented in the West. Many terms or codes are in English. Even some existing tutorials were originally translated from the original English version. It usually takes a week for a vulnerability to be discovered and translated into Chinese. At this time difference, the loopholes may have been patched. And if you don’t understand some professional terms, you will have obstacles when communicating with other hackers about technology or experience, so you need a certain amount of English and hacker terms (you don’t need to be particularly proficient, but you need to be able to understand the basics)
3. Hacking & Network Penetration Learning Route
The picture is too large! If the upload is not clear and you need a high-definition PDF version, you can leave a message and let me know or kick me! Since private messages from strangers are limited every day! You can also follow me. After following, the backend will automatically send a sharing link. You can just pick it up yourself!
4. Recommendation of study materials
The learning framework has been sorted out, and now we need information resources. I have compiled the information resource documents corresponding to all knowledge points here. If you don’t want to look for them one by one, you can refer to these materials!
Like, favorite and leave a message in the comment area "Already followed"! You can share it with everyone for free! Friends who can't wait can also kick me directly from the platform! Or follow me and the background will automatically send it to everyone! After following, please pay attention to the background news!
Recommended book list:
Computer operating system:
【1】Coding: the language hidden behind computer software and hardware
【2】In-depth understanding of the operating system
【3】In-depth understanding of Windows operating system
【4】Linux kernel and implementation
Programming development category:
【1】 windows programming
【2】windwos core becomes
【3】Linux Programming
【4】Advanced transformation of unix environment
【5】IOS becomes
【6】The first line of code Android
【7】C programming language design
【8】C primer plus
【9】C and pointers
【10】C Expert Programming
【11】C Traps and Defects
【12】Assembly language (Wang Shuang)
【13】java core technology
【14】java programming ideas
【15】Python core programming
【16】Linuxshell script strategy
【17】Introduction to Algorithms
【18】Compilation principle
【19】Practical combat of compilation and decompilation technology
【20】How to clean your code
【21】Code encyclopedia
【22】Detailed explanation of TCP/IP
【23】Rootkit: Lurkers in the gray area of the system
【24】Hacker attack and defense technology guide
【25】Encryption and decryption
【26】C++ disassembly and reverse analysis technology revealed
【27】Web security testing
【28】White hat talks about web security
【29】Proficient in script hacking
【30】Web front-end hacking technology revealed
【31】Applications for programmers
【32】English Writing Handbook: Elements of Style
Common network security and forums
- Snow Forum
- safety class
- safe cow
- Safety internal reference
- Green Alliance
- prophetic community
- XCTF Alliance
Conclusion
The network security industry is like a river and lake, where people of all colors gather. Compared with many well-known and upright people in European and American countries who have a solid foundation (understand encryption, know how to protect, can dig holes, and are good at engineering), our country's talents are more of a heretic (many white hats may be unconvinced), so in the future talent training and In terms of construction, it is necessary to adjust the structure and encourage more people to do "positive" "system construction" that combines "business" with "data" and "automation". Only in this way can we quench the thirst for talents and truly provide comprehensive services to society. The Internet provides security.