I advise most people to forget about self-study (hacking) network security.

 I. Introduction:

1. This is a path to persevere. If you are enthusiastic for three minutes, you can give up and move on. 

2. Practice more and think more, don't know anything without leaving the tutorial. It is best to complete the technical development independently after reading the tutorial.

3. Sometimes when we search Google or Baidu, we often fail to meet a kind-hearted master who will give you answers without chatting.

4. If you encounter something you really don’t understand, you can put it aside for now and solve it later.

1. Learn the basics:

First, you can learn the basics by studying on your own or taking a cybersecurity course. Understand basic concepts such as computer networks, operating systems, programming languages, and network protocols. Learn network security terms and concepts such as authentication, access control, encryption, and more.

2. Explore cybersecurity tools:

Be familiar with commonly used cybersecurity tools and techniques. For example, learn to use Wireshark to analyze network traffic, use Nmap for vulnerability scanning, use Metasploit for penetration testing, etc. Practice using these tools and learn how they work and how to use them.

3. Understand common attack types:

Learn various common types of network attacks, such as denial of service attacks, malware (viruses, worms, Trojans) attacks, social engineering, etc. Understand the methods and techniques used by attackers, and how to defend and respond to these attacks.

2. Learning route

 The picture is too big and a bit blurry! ! If you need the pdf version of the learning route, you can follow the blogger to get it automatically! ! !

Phase One: Security Basics

Cybersecurity Industry and Regulations

Linux operating system

computer network

HTML PHP Mysql Python basics to practical mastery

Phase Two: Information Collection

IP information collection

Domain name information collection

Server information collection

Web website information collection

Google hacking

Fofa network security mapping

Phase Three: Web Security

SQL injection vulnerability

XSS

CSRF vulnerability

File upload vulnerability

File contains vulnerability

SSRF vulnerability

XXE vulnerability

Remote code execution vulnerability

Password brute force cracking and defense

Middleware parsing vulnerability

Deserialization vulnerability

Stage 4: Penetration Tools

MSF

Cobalt strike

Burp suite

Nessus   Appscea   AWVS

Goby   XRay

Sqlmap

Nmap

Kali

The fifth stage: actual digging of holes

Vulnerability mining skills

Src

Cnvd

Crowd testing project

Recurrence of popular CVE vulnerabilities

Shooting range actual combat
 

3. Recommendation of study materials

The learning framework has been sorted out, and now we are just missing information and resources. I have compiled the information and resource documents corresponding to all knowledge points here. If you don’t want to look for them one by one, you can refer to these materials!

1. Video tutorial (shareable)

 2. Hacking tools & SRC technical documents & PDF books & web security, etc. (can be shared)

 If you need learning materials and tutorials, you can follow the blogger to get them automatically! ! ! Anxious friends can get it through the official account at the bottom! ! !

Recommended book list:

Computer operating system:

【1】Coding: the language hidden behind computer software and hardware

【2】In-depth understanding of the operating system

【3】In-depth understanding of Windows operating system

【4】Linux kernel and implementation

Programming development category:

【1】 windows programming

【2】windwos core becomes

【3】Linux Programming

【4】Advanced transformation of unix environment

【5】IOS becomes

【6】The first line of code Android

【7】C programming language design

【8】C primer plus

【9】C and pointers

【10】C Expert Programming

【11】C Traps and Defects

【12】Assembly language (Wang Shuang)

【13】java core technology

【14】java programming ideas

【15】Python core programming

【16】Linuxshell script strategy

【17】Introduction to Algorithms

【18】Compilation principle

【19】Practical combat of compilation and decompilation technology

【20】How to clean your code

【21】Code encyclopedia

【22】Detailed explanation of TCP/IP

【23】Rootkit: Lurkers in the gray area of ​​the system

【24】Hacker attack and defense technology guide

【25】Encryption and decryption

【26】C++ disassembly and reverse analysis technology revealed

【27】Web security testing

【28】White hat talks about web security

【29】Proficient in script hacking

【30】Web front-end hacking technology revealed

【31】Applications for programmers

【32】English Writing Handbook: Elements of Style
 

Conclusion

The network security industry is like a river and lake, where people of all colors gather. Compared with many well-known and upright people in European and American countries who have a solid foundation (understand encryption, know how to protect, can dig holes, and are good at engineering), our country's talents are more of a heretic (many white hats may be unconvinced), so in the future talent training and In terms of construction, it is necessary to adjust the structure and encourage more people to do "positive" "system construction" that combines "business" with "data" and "automation". Only in this way can we quench the thirst for talents and truly provide comprehensive services to society. The Internet provides security.