When it comes to hackers, who do you think of? Kevin Mitnick, who is "rewarded" by the FBI, Linus Torvalds, the "father of Linux", or Richard Stork, the "theorist" Mann?
Speaking of the person who has had the greatest influence on my technical path, it must be Ali’s “patron saint”-Wu Hanqing. Perhaps you are more familiar with his nickname “Brother Dao”. The first time I came into contact with Brother Dao was his book "White Hat Talks about Web Security". This book can be said to be a standard for security practitioners, with a Douban score of 8.2. It has also been grandly introduced by Springer Publishing House in the United States and published in English around the world .
Later, I learned more about Brother Dao’s experience, and it’s not an exaggeration to call him a “genius”:
At the age of 15, he entered the Youth Class of Xi'an Jiaotong University, taught himself computers, and founded the "Phantom Forum", an information security organization that is extremely influential in China's security circle;
At the age of 20, he joined Alibaba to participate in security construction work and designed the early application security systems of Alibaba B2B, Taobao, and Alipay;
At the age of 24, he joined Alibaba Cloud and became the most valuable security expert of Alibaba Group ;
In 2012, he published "White Hat Web Security" and sold more than 100,000 copies. In the same year, he joined Ping An Bao and started his entrepreneurial journey;
In 2014, Ping An Bao was acquired by Alibaba and returned to Alibaba, becoming the youngest member of the Organization Department (P10) of Alibaba Group. In December of the same year, he led the team to successfully defend against the largest DDoS attack in Internet history at that time (453.8Gbps);
From 2015 to 2016, we specialized in situational awareness, realized elastic security networks, and launched the innovative product "Game Shield";
In 2017, he was selected into the MIT Global Young Science and Technology Innovation Talent List, and was the first person selected into TR35 in the field of Internet security in China; he later participated in the construction of City Brain, VCS construction, established Alibaba Cloud Group A, and was also responsible for Alibaba Cloud's cloud game products and services. Developed a number of benchmark products for metaverse and cloud games;
In 2021, he took charge of the Alibaba Cloud website and founded the "Computing Forum";
Launch of “Computational Libraries” in 2022.
In addition to lamenting Brother Dao's high-density and high-achievement life, what I admire most is his ultimate pursuit and unremitting efforts in the field of security . I believe everyone must have been flooded with the news of Brother Dao's resignation a while ago. Many people have speculated that Brother Dao is really going to take off the "safety" label this time?
The mystery was only revealed in the past few days. Brother Dao accepted an exclusive interview in Geek Time, and the content was summarized in the **"Super Interview: Conversation with Brother Dao"** column.
This is the first time I have seen him systematically and completely present his more than 20 years of exclusive thinking on technology . Rarely from the perspective of an engineer rather than a safety expert, it explains how engineers can cultivate their personal abilities in three aspects: "spiritual, cognitive and ability" .
And because it is in the form of a conversation, it feels like you are face to face with Brother Dao when reading. These more than 100 questions not only allow us to see the story behind Dao's high-density life, but also contain many of his key points for the growth of technical people in the new era, such as: how to understand the world through "computationalism " The underlying laws, how to cultivate the ability to independently dismantle technical hot spots, etc.
Just like Lei Jun said, "Only cognitive breakthroughs can bring about real growth." I suggest you spend two hours reading this column carefully to understand the new world view of a mature manager, an ultimate engineer, and a computationalist. , I believe it can bring you interesting and in-depth perspectives, and also provide you with the opportunity to break your cognitive inertia and gain more inspiration.
How to learn hacking & network security
As long as you like my article today, my private network security learning materials will be shared with you for free. Come and see what is available.
1. Learning roadmap
There are a lot of things to learn about attack and defense. I have written down the specific things you need to learn in the road map above. If you can complete them, you will have no problem getting a job or taking on a private job.
2. Video tutorial
Although there are many learning resources on the Internet, they are basically incomplete. This is an Internet security video tutorial I recorded myself. I have accompanying video explanations for every knowledge point in the roadmap above.
The content covers the study of network security laws, network security operations and other security assessments, penetration testing basics, detailed explanations of vulnerabilities, basic computer knowledge, etc. They are all must-know learning contents for getting started with network security.
(They are all packaged into one piece and cannot be expanded one by one. There are more than 300 episodes in total)
Due to limited space, only part of the information is displayed. You need to click on the link below to obtain it.
3. Technical documents and e-books
I also compiled the technical documents myself, including my experience and technical points in participating in large-scale network security operations, CTF, and digging SRC vulnerabilities. There are more than 200 e-books. Due to the sensitivity of the content, I will not display them one by one.
Due to limited space, only part of the information is displayed. You need to click on the link below to obtain it.
4. Toolkit, interview questions and source code
"If you want to do your job well, you must first sharpen your tools." I have summarized dozens of the most popular hacking tools for everyone. The scope of coverage mainly focuses on information collection, Android hacking tools, automation tools, phishing, etc. Interested students should not miss it.
There is also the case source code and corresponding toolkit mentioned in my video, which you can take away if needed.
Due to limited space, only part of the information is displayed. You need to click on the link below to obtain it.
Finally, here are the interview questions about network security that I have compiled over the past few years. If you are looking for a job in network security, they will definitely help you a lot.
These questions are often encountered when interviewing Sangfor, Qi Anxin, Tencent or other major companies. If you have good questions or good insights, please share them.
Reference analysis: Sangfor official website, Qi’anxin official website, Freebuf, csdn, etc.
Content features: Clear organization and graphical representation to make it easier to understand.
Content summary: Including intranet, operating system, protocol, penetration testing, security service, vulnerability, injection, XSS, CSRF, SSRF, file upload, file download, file inclusion, XXE, logical vulnerability, tools, SQLmap, NMAP, BP, MSF…
Due to limited space, only part of the information is displayed. You need to click on the link below to obtain it.