Preface
I posted an article a few days ago about self-study of network security (hacking). Unexpectedly, I received many private messages from people wanting to learn network security hacking techniques! But I don’t know where to start! how to learn
Today I want to share something with you. Many people come up and say they want to learn hacking, but they start learning without even knowing the direction. In the end, they just end up in vain! Hacking is a big concept that includes many directions, and different directions require different learning content.
Including starting from school, I have been on the road to network security for 10 years. Whether I was doing security research in school or working on kernel security products and binary vulnerability attack and defense at Baidu and 360 after graduation, I know all about it. The importance of learning methods. Without a good learning path and good learning methods, you will often achieve half the result with half the effort.
Network security can be further subdivided into: network penetration, reverse analysis, vulnerability attacks, kernel security, mobile security, cracking PWN and many other sub-directions. Today's article mainly focuses on the direction of network penetration, which is the main technology of "hackers" as everyone knows it. Other directions are for reference only. The learning routes are not exactly the same. If I have the chance, I will sort it out separately.
Preschool speech
这是一条坚持的道路,三分钟的热情可以放弃往下看了
多练多想,不要离开了教程什么都不会了.最好看完教程自己独立完成技术方面的开发.
有时多google,baidu,我们往往都遇不到好心的大神,谁会无聊天天给你做解答.
遇到实在搞不懂的,可以先放放,以后再来解决Network security zero-based entry learning route & planning
primary
1. Network security theoretical knowledge (2 days)
了解行业相关背景,前景,确定发展方向。
学习网络安全相关法律法规。
网络安全运营的概念。
等保简介、等保规定、流程和规范。(非常重要)2. Penetration testing basics (one week)
渗透测试的流程、分类、标准
信息收集技术:主动/被动信息搜集、Nmap工具、Google Hacking
漏洞扫描、漏洞利用、原理,利用方法、工具(MSF)、绕过IDS和反病毒侦察
主机攻防演练:MS17-010、MS08-067、MS10-046、MS12-20等3. Operating system basics (one week)
Windows系统常见功能和命令
Kali Linux系统常见功能和命令
操作系统安全(系统入侵排查/系统加固基础)4. Computer network basics (one week)
计算机网络基础、协议和架构
网络通信原理、OSI模型、数据转发流程
常见协议解析(HTTP、TCP/IP、ARP等)
网络攻击技术与网络安全防御技术
Web漏洞原理与防御:主动/被动攻击、DDOS攻击、CVE漏洞复现5. Basic database operations (2 days)
数据库基础
SQL语言基础
数据库安全加固6. Web penetration (1 week)
HTML、CSS和JavaScript简介
OWASP Top10
Web漏洞扫描工具
Web渗透工具:Nmap、BurpSuite、SQLMap、其他(菜刀、漏扫等)Congratulations, if you learn this, you can basically work in a network security-related job, such as penetration testing, web penetration, security services, security analysis and other positions; if you learn the standard protection module well, you can also work as a standard protection engineer. Salary range 6k-15k
So far, about 1 month. You have become a "script kiddie"
Script Programming (Beginner/Intermediate/Advanced)
in the field of cybersecurity. The ability to program is the essential difference between "script kiddies" and real hackers. In the actual penetration testing process, in the face of complex and changeable network environments, when commonly used tools cannot meet actual needs, it is often necessary to expand existing tools, or write tools and automated scripts that meet our requirements. At this time, Requires certain programming skills. In the CTF competition, where every second counts, if you want to use homemade script tools efficiently to achieve various purposes, you need to have programming skills.
For beginners, it is recommended to choose one of the scripting languages Python/PHP/Go/Java and learn to program common libraries; build a development environment and choose an IDE. Wamp and XAMPP are recommended for PHP environments, and Sublime is highly recommended for IDEs; ·Learn Python programming , the learning content includes: grammar, regularity, files, networks, multi-threading and other common libraries. We recommend "Python Core Programming", don't read it all; · Use Python to write exploits for vulnerabilities, and then write a simple web crawler; · PHP basic syntax Learn and write a simple blog system; Be familiar with the MVC architecture, and try to learn a PHP framework or Python framework (optional); ·Understand Bootstrap layout or CSS.
super hacker
This part of the content is still relatively far away for students with zero foundation, so I won’t go into details and post a rough route. If you are interested in children's shoes, you can research it.
If the picture is too large and compressed by the platform and cannot be seen clearly, what if you want this detailed learning roadmap?
YesFollow me and the background will automatically send it to everyone! After following, please pay attention to the background news!
As well as the video supporting materials I compiled & domestic and foreign network security books, documents & tools, etc.
If you want to get into hacking & network security, all the above resources have been packaged, and you can learn hacking techniques systematically: 282G, the most comprehensive network security information package on the entire network, is available for free! After following me, it will be automatically sent to everyone! After everyone pays attention, just pay attention to the background news~
Conclusion:
Cybersecurity is a vital issue in today's society. With the rapid development of technology, the Internet has penetrated into every aspect of our lives, bringing us tremendous convenience and opportunities. However, there are also various risks and threats in the network, such as hacker attacks, data leaks, etc. Therefore, learning network security knowledge has become an issue that everyone should pay attention to and attach importance to.
Special statement:
This tutorial is purely technical sharing! This tutorial is in no way intended to provide technical support to those with ill intentions! We also do not assume any joint liability arising from the misuse of technology! The purpose of this tutorial is to maximize everyone's attention to network security and take corresponding security measures, thereby reducing the economic losses caused by network security. ! ! !