If you want to teach yourself network security (hacking technology), you must first understand what network security is! What is a hacker!
Network security can be classified based on attack and defense perspectives. The “red team” and “penetration testing” we often hear about study attack techniques, while the “blue team”, “security operations” and “security operations and maintenance” study defense. technology.
Regardless of the field such as network, web, mobile, desktop, cloud, etc., there are two sides of attack and defense. For example, web security technology includes both web penetration and web defense technology (WAF). As a qualified network security engineer, you should be both offensive and defensive. After all, only by knowing yourself and the enemy can you be victorious in every battle.
1. Misunderstandings in self-study network security learning
1. Don’t try to become a programmer first (programming-based learning) and then start learning
Behavior: Start mastering from programming, learn front-end and back-end, communication protocols, everything.
Disadvantages: It takes too long and not much key knowledge is available after the actual transition to security.
A lot of security function knowledge and even nouns are not understood unserialize outfile
2. Don’t take deep learning as the first lesson
Many people are eager to learn network security well and solidly, so it is easy to push too hard and fall into a misunderstanding: deep learning is required for all content, but taking deep learning as the first lesson of network security is not What a great idea. Here’s why:
[1] The black box nature of deep learning is more obvious, and it is easy to learn in one go.
【2】Deep learning has high requirements on oneself, is not suitable for self-study, and can easily lead to a dead end.
3. Misunderstandings about self-study based on hacker skills and interests:
Behavior: Crazy search for security tutorials, join various small circles, download resources whenever I find them, and watch videos whenever I find them, as long as they are related to hackers.
Disadvantages: Even after considering the quality of resources, the knowledge points that can be learned are very scattered and highly repetitive.
It happens from time to time that I can’t understand the code, I can’t understand the explanation, and I have only a half-understanding.
After spending a lot of time understanding it, I realized that the content of this video was actually the same as other knowledge points I watched.
4. Don’t collect too much information
There are a lot of learning materials about network security on the Internet, and there are several gigabytes of materials that can be downloaded or viewed. And many friends have a "collecting habit", buying more than a dozen books at once, or collecting dozens of videos.
Many online learning materials are extremely repetitive and most of the content has not been updated a few years ago. During the introductory period, it is recommended to choose "small but refined" materials. Below I will recommend some learning resources that I think are good for beginners. Please read them patiently.
2. Some preliminary preparations for learning network security
1.Hardware selection
I am often asked, "Does learning network security require a computer with high configuration?" The answer is no. Computers used by hackers do not need high configuration, as long as they are stable. Because some programs used by hackers require low-end CPUs. It can run very well and does not take up much memory. Another thing is that hacking is done under DOS commands, so the computer can be used at its best! So, don’t buy a new machine in the name of learning...
2.Software selection
Many people are confused about whether to use Linux, Windows or Mac systems to learn hacking. Although Linux looks very cool, it is not friendly to newcomers. Windows systems can also use virtual machines to install target machines for learning.
As for programming languages, Python is the first choice because of its good expansion support. Of course, many websites on the market are developed with PHP, so it is okay to choose PHP. Other languages include C++, Java…
Many friends will ask whether they need to learn all languages? the answer is negative! To quote my sentence above: Learning programming is just a tool, not a purpose. Our goal is not to become programmers.
(An additional thing to mention here is that although learning programming cannot get you started, it can determine how far you can go on the road to network security, so it is recommended that you learn some basic programming knowledge by yourself)
3.Language ability
We know that computers were first invented in the West. Many terms or codes are in English. Even some existing tutorials were originally translated from the original English version. It usually takes a week for a vulnerability to be discovered and translated into Chinese. At this time difference, the loopholes may have been patched. And if you don’t understand some professional terms, you will have obstacles when communicating with other hackers about technology or experience, so you need a certain amount of English and hacker terms (you don’t need to be particularly proficient, but you need to be able to understand the basics)
For example: broiler, mounted horse, shell, WebShell, etc.
3. Network security learning route (latest compiled in 2023)
Phase One: Security Basics
Cybersecurity Industry and Regulations
Linux operating system
computer network
HTML PHP Mysql Python basics to practical mastery
Phase Two: Information Collection
IP information collection
Domain name information collection
Server information collection
Web website information collection
Google hacking
Fofa network security mapping
Phase Three: Web Security
SQL injection vulnerability
XSS
CSRF vulnerability
File upload vulnerability
File contains vulnerability
SSRF vulnerability
XXE vulnerability
Remote code execution vulnerability
Password brute force cracking and defense
Middleware parsing vulnerability
Deserialization vulnerability
Stage 4: Penetration Tools
MSF
Cobalt strike
Burp suite
Nessus Appscea AWVS
Goby XRay
Sqlmap
Nmap
Kali
The fifth stage: actual digging of holes
Vulnerability mining skills
Src
Cnvd
Crowd testing project
Recurrence of popular CVE vulnerabilities
Shooting range actual combat
Finally
In order to help everyone learn network security better, the editor has prepared an introductory/advanced learning material for network security for everyone. The content in it is all notes and materials suitable for beginners with zero basic knowledge. It can be understood even if you don’t know programming. Understand, all the information is 282G in total. If friends need a complete set of network security introduction + advanced learning resource package, you can click to receive it for free (if you encounter problems with scanning the QR code, you can leave a message in the comment area to receive it)~
CSDN gift package: "Network Security Introduction & Advanced Learning Resource Package" free sharing
Network security source code collection + tool kit
Network
security interview questions
Finally, there is the network security interview questions section that everyone is most concerned about.
All the information is 282G in total. If friends need a full set of network security introductory + advanced learning resource packages, you can click to get it for free ( If you encounter problems with scanning the code, you can leave a message in the comment area to get it)~
Video supporting materials & domestic and foreign network security books and documents
