The road to hackers

It's been a long time learning network security. On this road, here is the direction for novice friends.

First of all, what is a hacker? (It's just my personal knowledge)

Hackers (HACKER) in this world have very few people can tell us what is a hacker. In the media of the hype, the name of the hacker has become an unusually mysterious name. In many people's view, hackers are those who illegally invade the Web server, black People's web site or use a variety of Trojans to catch chickens, these people in the hacker community has a name called "Script Boy". They are in the strict 7-level hacker classification (FB Zhao General said that the grading standard) belongs to the 1 level, their role is only grandstanding. (Not all 1-level hackers are grandstanding, I mean those who go to Level 1 is not intentional to 2 levels of complacency, like to use the identity of hackers to force people.) ）

In my cognition, the hacker is the hacker 7 layer level of 4 people (level 4 people have begun to learn to write operating system kernel, such as the Linux 0.11 kernel) is a hacker, they can contribute to the hacker community, may be able to find system-level 0day.

They are not black hats, they are generally network security personnel working in Internet companies (white hat) and enthusiasts who persist in learning cyber security for a long time.

A real hacker in fact technology is not the first, the spirit is the first, the world's standard hacker spirit is "free, equal, free, sharing." But, I think the real hacker spirit should be "Hacking" the original intention, breakthrough!

Breakthrough the technical limit, break through the system privileges, break through the self limit!

Only by translating this spirit into one's own hacker spirit can we go further. (Heading to Level 7.) ）

With this understanding, let's take a look at how to go this way.

In fact, like playing games. What about playing games?

Right! Upgrade! This is the upgrade!

The first is level 1, Level 1 is defined as the person who will use various security attacks to invade.

Therefore, at this stage can buy this "hacker attack from the beginning to mastery", while watching the practice. Of course, it is recommended to build environment simulation intrusion. (By the way, the black is poisonous, use cautiously) and so you feel familiar with the operating system you use, you can understand the implementation of these security tools, you are going to enter the 2nd level.

Level 2 is defined as the use of the operating system is well understood, can be skilled in the selection and use of security tools people.

In fact, there is a certain understanding of the computer network, the principle of conventional means of intrusion and the implementation of proficient people. For example, you use the "Gray Pigeon Trojan" configured a service program, and then send a person, he is a little open, you can control his computer, in the process of the implementation of the principle of the service program and the implementation of the principle of the client. Then, understand the extranet and intranet, can manually invade the local area network of computers, and hijack these computers, or to carry out man-in-the-middle attacks and so on. Finally, you will understand IP and ports. (Yes, there is a focus, you can build a Web server, understand the DNS protocol, ARP protocol, IP/TCP protocol, but also to build FTP server, Telnet server, and Linux Shh protocol, to the database has a certain understanding, At this stage it is recommended to learn two languages: HTML and CSS, which are relatively simple.

And then there's Level 3, level 3 is the definition of the person who can make the security tools (others are always as good as their own things)

This phase is actually a programming learning phase, it is recommended to learn several languages:

1. Programming Language: C + + (must learn, otherwise buffer overflow is not studious, Linux kernel programming is not good), Java (optional), assembly (x86 Assembly, must learn, this does not affect the big), C of Windows programming (must learn), C Linux programming (recommended) , C's Windows core programming (must learn), C's Windows kernel programming (want to let someone else blue screen?). Do you want to write a rootkit? Think of the supreme realm of the avoidance of death? If you want to, you must learn).

2. Scripting language: Python (must learn, now only found his good), JavaScript (must learn, popular XSS vulnerability, will not it, want to use?) Don't! ), Ruby (if I tell you the famous world-class overflow attack platform Metasploit Framework is it written, what do you think? ）

3.web scripting language: PHP (must learn, not explained), ASP (see you, now this site less), JSP (must learn, not explained).

4. Database: Mysql,mssql, Oracle (3 must learn).

Here, you may have claimed to be "Daniel", but the path of hackers endless, but the above level 4 people have a big wave. (After these studies, you can buy a "little Hacker Road" to learn, as well as "proficient script hacker" and "White hat Talk web security", saying that once Baidu, Sina is only 3 levels of low-order (note, is once))

Then there is level 4, Level 4 refers to the person who can write their own operating system (note: Before this can learn some buffer overflow).

To do this is to learn the Linux kernel programming, first learn the old version of (about 20,000 lines of code, the proposed code back down, do not back the wrong, to often review), and then learn the file system and network parts.

I can only say so far, I wish you a good dream.

The road to hackers