foreword
- 1. Entering the network security industry is a persistent path, and the enthusiasm for three minutes can be given up and read on.
- 2. Practice more and think more, don't leave the tutorial without knowing anything, it is best to complete the technical development independently after reading the tutorial.
- 3. Sometimes with more Baidu, we often don't meet kind-hearted masters, who will give you answers every day when they are bored.
- 4. If you really don't understand something, you can let it go first and solve it later.
First, let’s divide the level of science popularization (all according to the basics of Xiaobai, just write a form and word will do)
Level 1: Script Kiddie; Difficulty: None, reaching the level of " Hacker News " (buying an iPhone for a penny, hacking the alma mater's official website to hang pictures of goddesses, etc.)
Level 2: Network Security Engineer; Difficulty: Low, can rely on technology to get a job, and be a white-collar worker with a good salary, but the threshold will become higher and higher.
Level 3; Lab Researcher; Difficulty: Moderate, proficient in at least one domain, excellent audit experience, script, POC, binary
I understand everything about it.
Level 4; security expert level; Difficulty: high, penetrate the knowledge points in a certain field and have your own understanding. One person can support all the requirement trees of a certain function of APT. (In fact, this point is related to experience #time, and the difficulty has nothing to do with talent)
So, if you just want to get started and want to learn some skills, no matter how poor your foundation is, you can do it like a gourd. Those who find it difficult to get started, I am afraid that most of them will become popular in three minutes.
So how do you get started?
Phase 1: Getting Started with Basic Operations
The first step to getting started is to learn some current mainstream security tool courses and supporting books on basic principles. Generally speaking, this process takes about one month.
Phase Two: Learning the Basics
At this stage, you already have a basic understanding of cybersecurity. If you have finished the first step, I believe you have theoretically understood the above is sql injection, what is xss cross-site scripting attack, and you have also mastered the basic operations of security tools such as burp, msf, and cs. The most important thing at this time is to start laying the foundation!
The so-called "foundation" is actually a systematic study of basic computer knowledge. If you want to learn network security well, you must first have 5 basic knowledge modules:
1. Operating system
2. Protocol/Network
3. Database
4. Development language
5. Principles of Common Vulnerabilities
What is the use of learning these basics?
The level of knowledge in various fields of computer determines the upper limit of your penetration level.
[1] For example: if you have a high level of programming, you will be better than others in code auditing, and the exploit tools you write will be easier to use than others;
[2] For example: if you have a high level of database knowledge, then when you are conducting SQL injection attacks, you can write more and better SQL injection statements, which can bypass WAF that others cannot bypass;
【3】For example: if your network level is high, then you can understand the network structure of the target more easily than others when you infiltrate the internal network. You can get a network topology to know where you are, and get the configuration of a router. file, you will know what routes they have made;
【4】For another example, if your operating system is good, your privilege will be enhanced, your information collection efficiency will be higher, and you can efficiently filter out the information you want.
The third stage: actual combat operation
1. Mining SRC
The purpose of digging SRC is mainly to put the skills into practice. The biggest illusion of learning network security is to feel that you know everything, but when it comes to digging holes, you can’t do anything. SRC is a very good opportunity to apply skills.
2. Learn from technical sharing posts (vulnerability mining type)
Watch and learn all the 0day mining posts in the past ten years, and then build an environment to reproduce the loopholes, think and learn the author's digging thinking, and cultivate your own penetrating thinking
3. Range practice
Build a shooting range by yourself or go to a free shooting range website to practice. If you have the conditions, you can buy it or apply to a reliable training institution. Generally, there are supporting shooting range exercises.
Stage 4: Participate in CTF competitions or HVV operations
Recommended: CTF
CTF has three points:
【1】A chance close to actual combat. Now the network security law is very strict, unlike before, everyone can mess around
[2] Topics keep up with the frontiers of technology, but many books lag behind
[3] If you are a college student, it will be very helpful for finding a job in the future.
If you want to play a CTF competition, go directly to the competition questions. If you don’t understand the competition questions, go to the information based on what you don’t understand
Recommended: HVV (network protection)
HVV has four points:
[1] It can also greatly exercise you and improve your own skills. It is best to participate in the HVV action held every year
【2】Be able to meet many bigwigs in the circle and expand your network
【3】The salary of HVV is also very high, so you can earn a lot of money if you participate
[4] Like the CTF competition, if you are a college student, it will also be very helpful for finding a job in the future
Why would self-study fail?
Most of the people who have really achieved results in self-study can probably count it with one hand, and a large part of the rest are talking about bragging, and it is more difficult to persevere.
reason of failure:
According to our analysis, there are 3 main reasons:
1. There is no mature route. People in this major don't know where to find the route, let alone those who change careers?
Second, there is no one to guide and wrong learning methods. To put it bluntly, it is hard training.
3. Poor self-control + too many temptations, unable to calm down and study, and the learning progress has been stagnant for several months;
Antidote to defeat:
1. The correct and appropriate route.
2. The courage to win. In historical marches and wars, morale is very important. You must have confidence, otherwise you will continue to fall into self-doubt and then embark on the road of giving up.
3. Small goals and continuity. Learning Internet security requires continuous learning. Continuous learning is very important. You must also have your own small goals, such as how much to learn in half a month/month, what kind of results you want to make, This kind of continuous confirmation and feedback to strengthen confidence and achievements will naturally have continuous motivation. Or let a cruel person supervise you and beat you often. And the way to try to punch in. But I don't recommend joining groups. Groups either become purposeful and profitable, or they are suitable for work plus fishing.
Fourth, practice more and review more.
5. Don't rush for success. Generally speaking, the self-study time is 6 to 10 months, so don't worry, and don't go for an interview when your skills are not solid, it will only make us feel frustrated.
Persistence in self-study is really important, keep the clouds open and see the moonlight.
I have also compiled some network security information for you below. If you don’t want to find them one by one, you can refer to these information.
1. Zero-Basic Introduction to Network Security
For students who have never been exposed to network security, we have prepared a detailed learning and growth roadmap for you. It can be said that it is the most scientific and systematic learning route, and it is no problem for everyone to follow this general direction.
At the same time, there are supporting videos for each section corresponding to the growth route:
Due to the limited space, only part of it is shown, you need to click the link below to get it
7fcc327deef435a30bfc550b33b5975f2bcc18dfb2ee20683da66025c68253a4c79 &token=1423804057&lang= zh_CN#rd2. Video Tutorial
Many friends don't like obscure text, and I have prepared a video tutorial for you, which has a total of 21 chapters, and each chapter is the essence of the current section.
3. SRC & hacker literature
Everyone's favorite and most concerned about SRC technology books & hacking techniques are also included
SRC technical literature:
Since hacker information is a sensitive resource , it cannot be directly displayed here !
4. Information on network protection operations
Among them, the corresponding information about the HW net protection operation has also been prepared, which can be equivalent to the gold finger of the competition!
Due to the limited space, only part of it is shown, you need to click the link below to get it