If you want to teach yourself network security (hacking technology), you must first understand what network security is! What is a hacker! ! !
Network security can be classified based on attack and defense perspectives. The “red team” and “penetration testing” we often hear about study attack techniques, while the “blue team”, “security operations” and “security operations and maintenance” study defense. technology.
无论网络、Web、移动、桌面、云等哪个领域,
都有攻与防两面性,例如 Web 安全技术,既有 Web 渗透,
也有 Web 防御技术(WAF)。作为一个合格的网络安全工程师,
应该做到攻守兼备,毕竟知己知彼,才能百战百胜。
1. Misunderstandings and traps in self-study network security learning
1. Don’t try to become a programmer first (programming-based learning) before starting to learn
Behavior: Start mastering from programming, learn everything from front-end to back-end, communication protocols, and everything.
Disadvantages: It takes too long and not much key knowledge is available after the actual transition to security.
A lot of security function knowledge and even nouns are not understood unserialize outfile
2. Don’t take deep learning as the first lesson
Many people are eager to learn network security well and solidly, so it is easy to push too hard and fall into a misunderstanding: deep learning is required for all content, but taking deep learning as the first lesson of network security is not What a great idea. Here’s why:
[1] The black box nature of deep learning is more obvious, and it is easy to learn in one go.
【2】Deep learning has high requirements on oneself, is not suitable for self-study, and can easily lead to a dead end.
3. Misunderstandings about self-study based on hacker skills and interests:
Behavior: Crazy search for security tutorials, join various small circles, download resources whenever I find them, and watch videos whenever I find them, as long as they are related to hackers.
Disadvantages: Even after considering the quality of resources, the knowledge points that can be learned are very scattered and highly repetitive.
It happens from time to time that I can’t understand the code, I can’t understand the explanation, and I have only a half-understanding.
After spending a lot of time understanding it, I realized that the content of this video was actually the same as other knowledge points I watched.
4. Don’t collect too much information
There are a lot of learning materials about network security on the Internet, and there are several gigabytes of materials that can be downloaded or viewed. And many friends have a "collecting habit", buying more than a dozen books at once, or collecting dozens of videos.
Many online learning materials are extremely repetitive and most of the content has not been updated a few years ago. During the introductory period, it is recommended to choose "small but refined" materials. Below I will recommend some learning resources that I think are good for beginners. Please read them patiently.
2. Some preliminary preparations for learning network security
1.Hardware selection
I am often asked, "Does learning network security require a computer with high configuration?" The answer is no. Computers used by hackers do not need high configuration, as long as they are stable. Because some programs used by hackers require low-end CPUs. It can run very well and does not take up much memory. Another thing is that hacking is done under DOS commands, so the computer can be used at its best! So, don't buy a new machine in the name of learning...
2.Software selection
Many people are confused about whether to use Linux, Windows or Mac systems to learn hacking. Although Linux looks very cool, it is not friendly to newcomers. Windows systems can also use virtual machines to install target machines for learning.
As for programming languages, Python is the first choice because of its good expansion support. Of course, many websites on the market are developed with PHP, so it is okay to choose PHP. Other languages include C++, Java...
Many friends will ask whether they need to learn all languages? the answer is negative! To quote my sentence above: Learning programming is just a tool, not a purpose. Our goal is not to become programmers.
(An additional thing to mention here is that although learning programming cannot get you started, it can determine how far you can go on the road to network security, so it is recommended that you learn some basic programming knowledge by yourself)
3.Language ability
We know that computers were first invented in the West. Many terms or codes are in English. Even some existing tutorials were originally translated from the original English version. It usually takes a week for a vulnerability to be discovered and translated into Chinese. At this time difference, the loopholes may have been patched. And if you don’t understand some professional terms, you will have obstacles when communicating with other hackers about technology or experience, so you need a certain amount of English and hacker terms (you don’t need to be particularly proficient, but you need to be able to understand the basics)
3. Network security learning route
The picture is too large! If the upload is not clear and you need a high-definition PDF version, you can leave a message and let me know or kick me! Since private messages from strangers are limited every day! You can also follow me. After following, the backend will automatically send a sharing link. You can just pick it up yourself!
The first stage (laying a good foundation)
网络安全行业与法规
Linux操作系统
计算机网络基础课程
HTML基础课程
PHP零基础课程
MySQL基础课程
图解Python语法Second stage (primary penetration)
信息收集
WEB安全
漏洞扫描
APP渗透
渗透工具
漏洞复现
实战挖洞Stage Three (Advanced Penetration)
渗透框架
权限提升
权限维持
隧道技术
内网渗透
溯源取证
无线安全
DDOs攻防Phase 4 (Safety Management)
等级保护
风险评估
应急响应
数据安全
面试就业指导Stage 5 (Binary Reverse)
c语言
c++
汇编语言
安卓逆向
Windows逆向
免杀-反杀毒技术Note: The first three stages are the focus of learning
4. Recommendation of study materials
The learning framework has been sorted out, and now we need information resources. I have compiled the information resource documents corresponding to all knowledge points here. If you don’t want to look for them one by one, you can refer to these materials!
Like, favorite and leave a message in the comment area "Already followed"! You can share it with everyone for free! Friends who can't wait can also kick me directly from the platform! Or follow me and the background will automatically send it to everyone! After following, please pay attention to the background news!
Video tutorials + interview questions + tools + learning routes + notes
All the information has been sorted out
Conclusion
The network security industry is like a river and lake, where people of all colors gather. Compared with many well-known and decent people in European and American countries who have a solid foundation (understand encryption, know how to protect, can dig holes, and are good at engineering), our country's talents are more of a heretic (many white hats may be unconvinced), so in the future talent training and In terms of construction, it is necessary to adjust the structure and encourage more people to do "positive" "system construction" that combines "business" with "data" and "automation". Only in this way can we quench the thirst for talents and truly provide comprehensive services to society. The Internet provides security.
Special statement:
This tutorial is purely technical sharing! This tutorial is in no way intended to provide technical support to those with ill intentions! We also do not assume any joint liability arising from the misuse of technology! The purpose of this tutorial is to maximize everyone's attention to network security and take corresponding security measures, thereby reducing the economic losses caused by network security! ! ! !