Zero basis how to do hacking? You should be aware of this topic many times.
Of course, there are many categories of hackers. For reasons that do not want to see the policeman, this article discusses the more friendly white hat of the hackers. Of course, there are black hats that are willing to talk. Welcome to talk about life with Lei Feng. You dare to come, I dare to write.
Lin Dafu, author of “Vulnerabilities War: The Essentials of Software Vulnerability Analysis†is a goose factory security practitioner. He kills himself and refuses to admit that he is a white hat. He prefers to use the term “security practitioner†to position himself. However, from a doctor (yes, you read it correctly, I'm talking about a doctor) to a safety practitioner, it is very convincing for him to guide how a white person is a white hat.
This is a story of Cao Yingxin in Han.
Before setting foot on this road, Dr. Lin was first accepted by the five-year medical school.
- Why does a medical student switch to safety?
- Because the novel read more.
In fact, there is such a bad example. If you have just turned in a girlfriend who has finished paying for your single life and suddenly encountered the goddess in your heart, would you think about the goddess and do something with the goddess? Don't lie. It's you.
The game of profession and hobbies, especially in the student era, is no different.
When he was freshman, he liked to read hackers' novels. Lin Dafu went to the library to find some hacking books. He didn't take breaks at noon every day. He read and read books in the library almost every day. He even went to class to read computer books. The hacker legend Hell "Hacker" "hackers in the fingers" ... ... made him fascinated.
As a student party, there wasn’t much money in his hands. Lin had bought a computer in her senior year before she could only go to an internet cafe, a school room, or borrow a roommate’s computer.
Readers should be able to express their feelings - the books that are borrowed are books that are really fast and good, and they can be learned without conditions and conditions.
As a result, Lin used the Nokia mobile phone to finish the "Windows Programming", "Windows Core Programming" and "32-bit Assembly Language Programming in Windows Environment". Afterwards, simply looking at online paper books, there is only one reason - because it is more affordable than looking at e-books at Internet cafes.
In addition to throttling is the absolute truth, "open source" is also an important way. Come, we note this sentence, the young man who loves to read books is not bad luck, because maybe it can also be used to make money.
This is the case with Lin, who often submits articles to the “Hacker Line†magazine during the university. On the one hand, he can improve his personal skills. On the one hand, he can use the royalties as a subsidy for living. Later, with the fee and his brother's financial support, he bought his first computer. Later, half of the book "Vulnerability War: Software Vulnerability Analysis Essentials" was completed on that computer.
"In the road to study, I have been a person walking silently. Even a housemate who has lived for a few years does not know that I am learning safety knowledge. I have bought a bunch of computer books The inside of the dormitory closet, in this process, I walked through many detours and even gave up many times, but I was fortunate that I finally persisted, and I still walk on the road to safety today..."
With the advice of a friend in the circle, Dr. Lin began looking for safety-related work during the first semester of the fifth year (medical five-year system), and finally got the offer of a goose factory.
Dr. Lin told Lei Feng Network -
“I was still practicing in the Second Department of Orthopaedics and Traumatology of Xiamen City that year. The outpatient department was not particularly busy. After I had finished acupuncture treatment for a patient with lumbar spine, I received an interview call from the Tencent Security Center. Then the director was not in charge. , secretly hide behind the clinic to the stairs behind the phone interview, the interview process is still relatively smooth, the second day Tencent Security Center on the call that I hope I went to the Shenzhen headquarters interview.
When HR interviewed me, it was the subject of lumbar disc herniation. It was also a unique interview experience.
After returning to Xiamen, I explained to the teacher that I had changed the situation. After that, I had the opportunity to go to the operating table. I would take the initiative to give it to other classmates, so that they would have more opportunities to practice, and I naturally have more Time to specialize in security technology. “
Is there a threshold for hacking?After listening to Dr. Lin’s story, do you think this is another “children’s family� It doesn't matter. Before Xiaobai decides to go this way, let's take a look at the daily routine of a hacker to see if it can attract you.
If you want to become a professional safety practitioner, please take A, if you want to be an amateur white hat, please go B.
Port A: Both offensive and defensive are basic requirements. Many times attack technologies are researched for better defense. It is often necessary to make security assessments for business products, develop remediation plans for vulnerabilities, conduct security monitoring of products after going online, and sometimes servers are invaded during the middle of the night and they have to climb up to work overtime.
Maybe sometimes it's the following group of amateurs who do not have to go to work/school during the day. - Dr. Lin said.
B: More people are keen to study attack techniques because attacks are more likely to arouse the interest of others. It is said that there are some white hats in Chengdu during the day and sell barbecues at night. However, they are technically indistinguishable from those of security professionals. They just don't have to think too much about product security defenses. They can brush in major SRC platforms. Or other overseas loopholes such as HackOne.
All in all, amateurs can make security professionals work overtime, but security professionals can't. Dr. Lin was very "depressed" - it can be seen that sometimes the professional status is lower than that of amateurs.
Of course, Lei Fengnet (searching for "Lei Feng Net" public number attention) does not encourage you to embark on the path of "amateurs" if you edit the channel of the resident guest channel. If you like the hacker KO in "The Little Smile is Allure", you can do a good job. Excluding the barbecue, so maybe Chengdu welcomes you.
If the A or B options are acceptable, let's look again at whether or not you must be the "other's child's child" before you can embark on this path.
Q: What's the potential or characteristics of Lin who is suitable for hackers? Or is there no limit at all?
A: Usually the so-called smart people can be roughly divided into three types: neural type (high innate intelligence, such as the famous mathematician genius John Nash), and experience type (acquired long-term experience acquisition, such as "Japanese Goddess of Life" Ono. Erlang) and self-examination (self-reflection, monitoring and management, such as "stock god" Warren Buffett).
Among these three types of people, I think the most important aspect for safety personnel is the experience type, which is based on long-term continuous learning and accumulation. Many times it is hardly worth comparing with IQ. Introspection-type talent may be more suitable for safety technology. Researching, constantly summing up and inspiring from the mistakes, researching some new technologies, for example, constantly improving existing loopholes and exploiting ideas to discover more loopholes and formulating more comprehensive defense schemes. Of course, such people also need long-term learning.
Therefore, the most important thing to do in safety is to persevere in learning ability, as well as self-examination and continuous self-examination.
If it is necessary to provide a simple measure and test method to determine whether Xiaobaishi is not suitable for entering the security field, Lin believes that it may be possible for interns or graduates to try the following method: assigning testers an item without any relevance The project of knowledge in the field of safety is to see how it can learn the full knowledge required in the shortest time and complete the project work as quickly as possible.
Hands to teach you as a hackerIn judging whether it is appropriate for us to embark on the "Journey", we will usher in a dry product to share - in the end how to learn to become a hacker?
- Juvenile, I think you have a wonderful skeleton. It's a good material for hackers.
--Ok?
- So, why don't we come to hacker education school? !
--roll!
When you see this dialogue, you must be able to laugh. The hacker education platform known as "systematic, comprehensive package, and favorable price" basically entered the hacking education platform. You know...
This road does not seem to work. Let's change one.
Security can be divided into many areas, such as Web security, software security, mobile security, wireless security, network security... Dr. Lin suggested that according to their own interests to choose it, but I believe there will still be many people engage in the web, because the “black station†Cool.
Xiao Baijin, always encounter many puzzles, Lin's experience is as follows:
1, beginners will often find some books or articles with "hacker" word to learn, but will slowly find that eventually returned to some basic computer courses, such as C, assembly and system principles, etc.;
2. "Learning to learn" may be more efficient than "learning to apply", that is, when it is needed, it has the purpose of specializing in learning related knowledge and then applying it to practice, such as developing a tool, etc. The methods are often more efficient and more secure than waiting to be used after learning.
3. The technical problems and perplexities that cannot be solved cannot be avoided. Sometimes it might be better to put them first. After learning some time, you can look back. If you solve them, it is a kind of progress. Of course, you can also go to some forums (for example, see Snow) to ask others;
4. Last but not least, persist, persist, and persist in learning...
So, to what extent can you reach out to the loophole?
Dr. Lin said -
Engaging in Web security may be easier to get started, but for a long time, you will encounter a bottleneck that belongs to "pre-heroes."
Engaging in binary security has a high barrier to entry and requires a long learning time. It is a technical foundation and it belongs to "later heroes".
If you want to have loopholes as early as possible, it may be the best choice for Web vulnerabilities. Beginners can help establish confidence and interest. You can follow some Web security tutorials or books for some Vulnerability Experiment Platforms, such as WebGoat.
Fuzzing (fuzzy test) is currently the mainstream software vulnerability mining technology, generally not based on the type of vulnerability, but based on the attack surface to develop the corresponding Fuzzer tool, or based on open source Fuzzer to do secondary development. Of course, the most ideal is a variety of general-purpose Fuzzers, but the more versatile, may be dug, the greater the chance of being knocked holes. Digging holes is a way of thinking. Thinking about a road that few people walk through and developing a corresponding fuzzer may be rewarding.
In the process of upgrading to white hats, there is one thing that Lin and her editors should remind them of:
The white hat arrest incident and the dark cloud escalation incident once again sounded the alarm and all non-authorized penetration tests were illegal. Many white hats do not recognize the difference between testing and intrusion. Some people drag other people's databases and still call it "friendship testing." Even if it is an authorized test behavior, if the test process is still using destructive, invasive Means, manufacturers can still pursue legal responsibilities. "Be out and mix, sooner or later!"
Do not touch black production, do not engage in invasion and destruction, and you can go longer and further on the road to safety.
Finally, attach the reading experience of the safe books that Dr. Lin wrote on her personal blog in 2014.
1. Mobile Security
There are few mobile security books in China, mainly in foreign countries. Although most of them are not introduced, many can be found on the Internet in high-definition color English originals, some of which may be issued by the government itself. Although there are many foreign books in this area, I have read several Andorid security books. I feel it is still not enough. For example, "Android Security: Attacks and Defenses" "Android Apps Security" "Mobile Application Security" "Mobile Malware Attacks and Defense" China's "secure terminal security of the mobile Internet secret" is not recommended, too many columns assembled, lack of personal subjective understanding, "Android security mechanism analysis and application of practice" is not to buy, scholarly school wiki-style books.
I recommend a few: "Android Security Cookbook" "Android software security and reverse analysis" is mainly about Android application security, Android system security books are not yet published monograph, but in April "Android Hacker's Handbook" is about to publish, see catalog Still feel pretty expected, relatively few iOS security books, mainly "iOS Hacker's Handbook" (mainly speaking about system security, do not buy the Chinese version, the translator lacks a software security foundation, too many mistakes, it is intolerable to look straight), " iOS application security offensive and defensive (English version, biased toward application security), "iOS application reverse engineering: analysis and actual combat" (reverse books for iOS applications), other books on Android and iOS development, online electronic version, a lot of their own Look, mobile security books, I mostly read e-books, buy paper books are basically not. Therefore, at present, mobile security books, or try to see the original English version of it, if interested in Android security, look at the "Android Hacker's Handbook" book (Supplement: the current online version of the electronic).
2. Program Design
The main programming languages ​​here are C and ASM. After all, they mainly learn only the two languages. Other scripting languages ​​such as PHP and ASP are not mentioned. The books on C language include the legendary "Four Masterpieces of C Language", namely "C Programming Language", "C and Pointers", "C Traps and Defects" and "C Expert Programming". The book is enough, as for the data structure and algorithm can refer to other foreign masterpieces. Few domestically produced programming books can be used. About C introductory books, many people will recommend that book, and I first read the book, but then I slowly found that the book is not very good, a lot of mistakes, The programming style is also not good. For those who are proficient in XXX, 24 hours XXX, 30 days XXX, XXX from entry to proficiency, these books are to take the title to flicker, purely for the author to defraud the fee, compare the titles of those foreign masterpieces You know, a good book does not use those names.
I am very much in favor of the technology that does not come into contact within half a year. I do not need to buy books in this area. About ASM mainly on the "80x86 assembly language programming" "32-bit assembler programming in the windows environment," these two books, assembly language books will be relatively less, some of the online bookstores in the program design column does not even asm a class. The contents of many programming books are written in stereotypes, such as C language books, nothing more than some variables, arrays, pointers, but some books will mention programming style, memory optimization, tree, linked list, halved Search method, GDB debugging, linux knowledge, such as "c primer plus" "C and pointer", these are also considered a highlight of the book. About windows programming, devaluation "windows program design" volumes, "windows core programming", other feelings do not need to look too much, or to practice.
Programming books attached with a lot of code, the feeling of electronic version on the computer is very eye-breaking, easy to eye fatigue, if necessary, you can buy a physical book to see, but in practical applications, sometimes can be used for reference, convenient Check it out. At the same time, we must also advise everyone that "the paper must come to a final light, and must know that this matter must be done." Especially for program learners, it is imperative to write code, and reading books is useless. This is what I once committed. mistake! And some books are used for reference, not for reading, or even if you read all the cow books, you may not even write a few codes at the end. Finally, you will always be injured!
3. Reverse Engineering
This book on reverse engineering is naturally the first to look at Snow Publishing's "Encryption and Decryption." In this respect, the power of snow is not worse than that of foreign countries. There is a good place for reverse learning and communication. When the third edition of the encryption and decryption was published, there had been a copycat version, so everyone had to look at it when they bought it. It would be best to buy it at a regular bookstore. It may not be available online at the moment, but there is an electronic version online. In addition, books in this area include "Hacker's Disassembler Uncovering," "Hacker's Debugging Technique Revealing," "Reverse Engineering Revealing," and domestically published "Software Debugging" is also a bovine book, which makes up for vacancies in this area. There are also published "IDA Authoritative Guides" which are also good books. They explain all aspects of IDA in detail. After reading, you will find out how much difference you can make with IDA.
The Snow Translation Team has also published a "IDA Pro Code Cracker," but I haven't read it yet. In the reverse engineering books in this area are almost so a few, and other like entry and real-time encryption and decryption, encryption and decryption of the actual super manual, encryption and decryption Raiders ... ... these can basically be abandoned, basically copy the snow plus decryption There is no need to spend money, time and energy on this book. With regard to the method of obtaining the latest information, you can subscribe to the RSS of the Interactive Publishing Network Computer Book. As soon as you have a computer book, you will know it. It is often updated, but it is also an applied technology book. Many of these books are not necessary to buy. , such as what Windows 7 use Daquan, proficient in the registry, windows operation XXX, if necessary, direct Baidu, google on the line, there is no need to spend money to buy such books.
4. Script Security
In the offensive and defensive books, the earliest Zeng Yun's "Proficient in Hacking Scripts" was written quite comprehensively. From shallow to deep, although not thick, the typesetting was intensive and the content was still many, but the paper was not very good. It is very rough. There are many cases of infiltration and actual combat. The domestic law in this area was not very strict. If it is put today, some of the contents may be deleted. In addition, we can also look at foreigners "hacker attack and defense technology collection: WEB combat article" (focus recommended) "xss attack" "sql injection" (Chinese translation: "SQL injection attack and defense"), and "WEB security testing", There is an e-book on the English version of the Internet. In the past two years, it was published in China. It mainly recommended "reading WEB security in white hats" and "WEB front-end hacker technology".
5. System bottom layer
The first book on system theory that was read that year was "a deep understanding of the computer system," a very good book. Other such books include "In-depth analysis of the windows operating system" "widnows system principle and implementation", etc., before the domestic out of this "Windows operating system principle", which also wrote the key university computer teaching materials, behind the read chaos snow blog Only after the last article did I know that the book was a plagiarism and was also sued by the original author. In the end, I also paid compensation. I had finished reading it from the beginning.
With regard to books on overflow attacks, there are mainly "Network penetration technologies" and "0day security: software vulnerability analysis techniques" and "gray hat hacking" in China. Although the book was published very early and some of them are outdated, their thinking is not Outdated. If you want to get the latest books, the best way is to say the above: Subscribe to RSS. For some unfamiliar technology books, you must first look at the complete list, and then look for the online version of the electronic version, if there is to look at before you decide to buy again, and if you have already bought or seen similar classic books, It needs to reconsider whether it is really necessary to buy it. Speaking of so many books to spend, here's to talk about a free set, then the "intel development manual", this set is a free gift to the world by Intel Corporation books, a total of five, before I booked two All the kits were sent from the United States to the school. They thought that the first email was not received and they sent another one. I didn't expect Intel to actually send two sets of them. Really generous! Now they are no longer sending paper books. They only send CDs containing electronic versions. '
Everyone want a budget laptop. There are different level according to application scenarios. 14 inch Budget Laptop For Students for your elementary project, 10.1 inch Low Budget Laptop for kids play or online learning, 15.6inch celeron j4125 Budget Laptop For Programmers, 14inch budget i5 laptop for your business projects, 15.6inch budget i7 laptop for university students, officers who love bigger screen and performance focused, etc. Of course, other type laptops also optional, like Yoga Laptop , 2 In 1 Laptop , android laptop, etc
As a professional manufacture of custom laptop, Android Tablet, Mini PC , All In One PC, we can provide unique and satisfy oem service. What you need to do is kindly share the exact parameters and special points care more, thus we can provide solutions accordingly.
When you have tender, you can contact us and send the parameters list require, then will provide the most matched one for you. More simple way is that you share your budget, design, delivery time , etc. Believe you can always get a right solution here.
Budget Laptop,20k Budget Laptop,Low Budget Laptop,Top 10 Budget Laptops,Budget Laptop For Programmers
Henan Shuyi Electronics Co., Ltd. , https://www.shuyiaiopc.com