Preface
I posted an article a few days ago about self-study of network security (hacking). Unexpectedly, I received many private messages from people wanting to learn network security hacking techniques! But I don’t know where to start! How to learn? How to learn?
Today I want to share something with you. Many people come up and say they want to learn hacking, but they start learning without even knowing the direction. In the end, they just end up in vain! Hacking is a big concept that includes many directions, and different directions require different learning content.
Including starting from school, I have been on the road to network security for 10 years. Whether I was doing security research in school or working on kernel security products and binary vulnerability attack and defense at Baidu and 360 after graduation, I know all about it. The importance of learning methods. Without a good learning path and good learning methods, you will often achieve half the result with half the effort.
Network security can be further subdivided into: network penetration, reverse analysis, vulnerability attacks, kernel security, mobile security, cracking PWN and many other sub-directions. Today's article mainly focuses on the direction of network penetration, which is the main technology of "hackers" as everyone knows it. Other directions are for reference only. The learning routes are not exactly the same. If I have the chance, I will sort it out separately.
Preschool speech
1.这是一条坚持的道路,三分钟的热情可以放弃往下看了
2.多练多想,不要离开了教程什么都不会了.最好看完教程自己独立完成技术方面的开发.
3.有时多google,baidu,我们往往都遇不到好心的大神,谁会无聊天天给你做解答.
4.遇到实在搞不懂的,可以先放放,以后再来解决
Network security zero-based entry learning route & planning
primary
1. Network security theoretical knowledge (2 days)
①Understand the relevant background and prospects of the industry, and determine the development direction.
②Learn laws and regulations related to network security.
③The concept of network security operations.
④Introduction to MLPS, regulations, processes and specifications for MLPS. (very important)
2. Basics of penetration testing (one week)
①Process, classification, and standards of penetration testing
②Information collection technology: active/passive information collection , Nmap tool, Google Hacking
③Vulnerability scanning, vulnerability exploitation, principles, utilization methods, tools (MSF), bypassing IDS and anti-virus reconnaissance
④Host Offensive and defensive drills: MS17-010, MS08-067, MS10-046, MS12-20, etc.
3. Operating system basics (one week)
①Common functions and commands of Windows system
②Common functions and commands of Kali Linux system
③Operating system security (system intrusion troubleshooting/system reinforcement basics)
4. Computer network basics (one week)
①Computer network basics, protocols and architecture
②Network communication principles, OSI model, data forwarding process
③ Common protocol analysis (HTTP, TCP/IP, ARP, etc.)
④Network attack technology and network security defense technology
⑤Web vulnerability principles and defenses: active/passive attacks, DDOS attacks, CVE vulnerability recurrence
5. Basic database operations (2 days)
①Database basics
②SQL language basics
③Database security Reinforcement
6. Web penetration (1 week)
①Introduction to HTML, CSS and JavaScript
②OWASP Top10
③Web vulnerabilities Scanning Tools
④Web Penetration Tools: Nmap, BurpSuite, SQLMap, others (Chop Knife, Miss Scan, etc.)
Congratulations, if you learn this, you can basically work in a network security-related job, such as penetration testing, web penetration, security services, security analysis and other positions; if you learn the standard protection module well, you can also work as a standard protection engineer. Salary range 6k-15k
So far, about 1 month. You have become a "script kiddie"
7. Script programming (beginner/intermediate/advanced)
In the field of network security. The ability to program is the essential difference between "script kiddies" and real hackers. In the actual penetration testing process, in the face of complex and changeable network environments, when commonly used tools cannot meet actual needs, it is often necessary to expand existing tools, or write tools and automated scripts that meet our requirements. At this time, Requires certain programming skills. In the CTF competition where every second counts, if you want to effectively use homemade script tools to achieve various purposes, you need to have programming skills.
For beginners, it is recommended to choose one of the scripting languages Python/PHP/Go/Java and learn to program common libraries; build a development environment and choose an IDE. Wamp and XAMPP are recommended for PHP environments, and Sublime is highly recommended for IDEs; ·Learn Python programming , the learning content includes: grammar, regularity, files, networks, multi-threading and other common libraries. We recommend "Python Core Programming", don't read it all; · Use Python to write exploits for vulnerabilities, and then write a simple web crawler; · PHP basic syntax Learn and write a simple blog system; Be familiar with the MVC architecture, and try to learn a PHP framework or Python framework (optional); ·Understand Bootstrap layout or CSS.
8. Super Hacker
This part of the content is still relatively far away for students with zero foundation, so I will not go into details and post a rough route. If you are interested in children's shoes, you can research it.
Bold style If the picture is too large and compressed by the platform and cannot be seen clearly, what if you want this detailed learning roadmap?
You can follow me and the background will automatically send it to everyone! After following, please pay attention to the background news!
As well as the video supporting materials I compiled & domestic and foreign network security books, documents & tools, etc.
If you want to get into hacking & network security, all the above resources have been packaged, and you can learn hacking techniques systematically: 282G, the most comprehensive network security information package on the entire network, is available for free! After following me, it will be automatically sent to everyone! After everyone pays attention, just pay attention to the background news~
Conclusion
Cybersecurity is a vital issue in today's society. With the rapid development of technology, the Internet has penetrated into every aspect of our lives, bringing us tremendous convenience and opportunities. However, there are also various risks and threats in the network, such as hacker attacks, data leaks, etc. Therefore, learning network security knowledge has become an issue that everyone should pay attention to and attach importance to.
Special statement:
This tutorial is purely technical sharing! This tutorial is in no way intended to provide technical support to those with ill intentions! We also do not assume any joint liability arising from the misuse of technology! The purpose of this tutorial is to maximize everyone's attention to network security and take corresponding security measures, thereby reducing the economic losses caused by network security. ! ! !