Industrial Equipment

How to become a security engineer after studying hacking for more than ten years?

1 Introduction
To be honest, until now, I think that the vast majority of readers who read my article will eventually give up. The reason is very simple. After all, self-study is a learning method suitable for very few people, and it is very, very slow. There are too many variables in the process, and if you are not careful, you will miss your original ideal.

The study route is prepared at the end of the article.

However, after all, there are young people like me who have perseverance and ideals. They can really persist in learning this technology for ten years, and if someone gives a little guidance, it is possible to shorten his self-study time by one time. even more. Therefore, in line with the original intention of not missing a person, I have this long article. In addition to refining my own self-study process for ten years, this article is based on my experience for so many years. So I failed to learn well, in fact, the internal things were too sloppy. I hope this article can provide help to readers who want to learn by themselves.

2. Experience
After studying more than ten years of experience, my final conclusion is that the key point that determines whether most people can learn this technology is whether the understanding of some basic issues is accurate.

In human terms, the ability to use the wisdom (Tao) that follows the rules of the world to guide your inner impulses and goals (Skill) determines the final outcome of your study (or even greater, the outcome of this life).

Let me explain this question from three typical cognitive fallacies:

First of all, it is a game between the destination and growth.

I have asked a lot of beginners who learn hacking why they want to learn this, and the answer I get most is “I want to be awesome”, but as for how to be awesome, their answer is “If I learn how to hack Technology, I just _____”, and when you continue to ask what you need to learn to be so awesome, you basically stop asking.

Of course, the purpose of my article is to solve this question, but the author’s current experience is different from the state of learning eight years ago. I feel that I have the obligation and ability to give beginners a better , The answer can be used for a lifetime, so I have this nonsense, but personally, I think this is the essence of my experience.

I believe that most of the students who read this article have heard a sentence in high school, that is, “As long as you learn how to study, you can be admitted to a good university and you will be successful!” This once-and-for-all idea comes from our Human beings have evolved for millions of years, but with the development of the past few thousand years, this kind of thinking has gradually become our shackles. The sad thing is that, as new human beings, we have to endure the strengthening of this wrong value of high school education. The end result is that we who receive more education are weakened by our own value.

Students who have experienced the college entrance examination should have feelings:

When you were in high school, you were told you had to go to college to succeed

When you first entered university and thought you were successful, you were told that you had to take enough credits to get a diploma to be successful

And when you graduate and think you’re successful, you’re told you have to find a good job to be successful

And when you finally find a good job after a lot of hard work, you are told that you must complete the KPIs well, get promoted quickly and raise your salary to succeed

After you have tried your best to get promoted and raise your salary, you are told that you must buy a multi-million-dollar house in Beijing to succeed

And if you keep living/studying with this kind of thinking, then you will basically not succeed. Every achievement of your goal will make you more resentful and less fighting spirit. In the end, most people are limited to this Swallowed in an endless loop. And what’s worse, because you focus too much on the parts of achieving “success” each time, you can’t think about the problem in a bigger picture.

If you can’t break through the shackles brought by your genes, then you will always be the common people, and we all know that it is impossible for elites like hackers to appear among the common people.

Therefore, before you officially prepare to learn hacking, it is recommended that you first understand an objective fact, that is-only growth is the eternal theme, and success in the process is just a milestone on your growth path.

That is to say, you have to be clear about one thing. The so-called success is just a small goal for your lust, not the end. If you don’t realize this, serious problems will arise.

For example, if Xiao Ming thinks “If I want to learn hacking skills, I can steal the QQ account of beautiful women”, then if Xiao Ming develops according to the route of a professional hacker (readers who do not have this idea, please click close in the upper right corner, Go out and turn left to major hacker websites), the first thing Xiao Ming needs to do is to be proficient in C language.

Compared with the tool flow of stealing QQ, learning C language is simply not known to be how many times more advanced, so it is naturally more difficult. It’s not worth mentioning (the C language is far less advanced than Pirate QQ in Xiao Ming’s mind), the cognitive dissonance caused by this gap will eventually wipe out your passion for learning hacking technology.

Therefore, the first iron law of learning hacking technology is not to have terminal thinking, and a deep understanding of growth is the eternal theme.

Secondly, it is a game between fantasy and value.

Laziness is the behavior that is most likely to make people fantasize. Because of laziness, I can’t get it, but my heart desires so much, so I can only paralyze myself through fantasy. The fantasy here may be your conscious fantasy, or it may be an unconscious fantasy, and you don’t even know that you are in a fantasy.

But you don’t have to blame yourself for this, at least for me, or the conclusion I have drawn from observing the people around me, almost everyone, including me, is doing things with laziness all the time Struggles such as “too much to do”, “this is too hard”, “not inspired” etc. are all hallucinations born of laziness. Therefore, any big cow in your eyes has achieved today’s achievements through countless life-and-death games with laziness.

Therefore, you have to know that only when you really lean down to learn a little bit of knowledge will you get closer and closer to hackers. But the scary thing is that most beginners don’t understand this, and they always think in their hearts that there is a kind of panacea that can allow him to master hacking techniques in a shorter period of time, thus spending several times the so-called “more hacker skills”. “Short time” time to seek this method that does not exist.

Therefore, the second iron law of learning hacking technology is not to have any illusions, any tricks, as long as you decide to go this way by yourself, then no matter how you look for strange skills and tricks, you will not let you in the end. Take half a step less.

In the end, it is a game of impetuousness and patience.

Arrogance, complacency, and low-mindedness all come from impetuousness, and the most fatal thing is that the society as a whole is impetuous.

If you understand the meaning of growth, if you have firmly established your confidence in learning technology, then you may stumble over the last stone, which is patience with yourself.

Most people, including me, overestimate their energy, their efficiency, their IQ, and even their interest in setting goals.

This series of overestimation will seriously interfere with our learning effect in the second half of the study. The gap between reality and ideal will lead to cognitive dissonance of your own ability, and then underestimate your ability in all aspects, which will eventually lead to failure. .

Therefore, the third iron law of learning hacking skills is to always be patient with your ineffective self.

3. Questions to consider
Before you want to do anything, you must think clearly about three questions, namely why you are doing it, what are you willing to pay for it, and what is the result you want. The so-called wisdom is that a person constantly adjusts his expectations for various things in this way, so as to achieve a balance with the outside world. If this idea is mapped to the matter of hacker learning, it can be roughly divided into the following three questions.

First, think about why you want to learn this. To put it bluntly, what is your motivation? If your motivation is unsustainable, such as stealing a buckle (or even digging a system-level 0Day loophole), then I suggest that you modify your motivation to be sustainable. For example, if you want to Keep a record (even make others respect you more), because this kind of motivation is constantly changing. Only this kind of motivation can give you a longer source of motivation, and can make you persist longer, and also greater success can be achieved.

Second, consider what you can give. You have to be clear that everything has a price, and if you are younger at this time, your understanding of the “cost” will be less profound, and you must pay attention to this point.

Hacking technology is a very attractive, valuable, and cool thing, but if you want to accomplish such a charming thing, you either need great luck, or you need to pay inhumanely. s hard work.

For example, recently we often see media reports that a hacker from a certain domestic organization broke through the IE browser within a few seconds and bypassed the XX protection mechanism within a few seconds. But the truth of the matter is that they are actually running a code that they have prepared, and the few seconds mentioned in the media are actually the running time of the code. As far as I know, before they participate in the competition, the whole team needs to go through at least ten or even dozens of sleepless nights for these few seconds of ShowTime, and then they can create a work of art that may only be a few hundred bytes. The code (that is, Exploit) can only be taken to the scene to pass five levels and kill six generals.

If the most powerful hackers in this country with a population of 1.3 billion need to pay so much, how many sleepless nights should it take for you who are currently unknown to learn this technology?

Finally, consider what your study direction is. There are too many directions in the field of information security. If the most rough classification is made, it can be roughly divided into three categories: network security, software security, and basic security. Among them, network security includes network penetration, communication security, telecommunication security, etc. Software security includes authorization control, vulnerability mining, encryption and decryption, etc. Basic security is divided into theoretical security, cryptography, etc.

The question I get the most, and the one that frustrates me the most, is “I’ve seen your picture, but I want to know how should I learn it? Or where do I start?” Yes, you didn’t Misunderstood, even though my picture has received attention beyond imagination, there are still a large number of people who do not seem to have gained anything because of this precious picture in the world, and they are still confused. Of course, this It’s not all their fault either.

Everyone’s growth begins with knowing what they don’t need. For example, almost 95% of college students don’t know what they want at all, they only know what they don’t want. This is actually an immature person. This expression, in our dialect, is “cucumber eggs”.

So what do “cucumber eggs” need most? It is the guidance of the seniors, telling them what their real needs are, and then they suddenly realize that this is really what they need most at this time.

And as far as most things are concerned, it’s not that complicated at all, just pick a direction you are most interested in at random; Just pick the one that feels most pleasing to your eye.

Learning information security technology is like doing other things. In the end, if you want to achieve something, you must be a strong person who has climbed several peaks in this field. However, you can’t do this at the beginning, so the easiest way is to casually Pick a mountain that is not too low and try it out. Because as long as you can climb one of the peaks, you can see all the small mountains at a glance, and you have mastered the method of quickly climbing the adjacent peaks.

The same is true for learning information security technology. You should find a direction that is not too shallow (for example, penetration is a little shallow) to study in depth. After you have thoroughly studied this field, technologies in other directions will naturally be able to learn by analogy.

4. Detailed study route

[1] Acquisition of all resources <1] 1. Network security learning route 2. E-books (white hat) 3. Internal video of security giants 4. 100 src documents 5. Common security interview questions 6. Analysis of classic questions in ctf competition 7 , a full set of tool kits 8, emergency response notes

5. Conclusion – List of Reference Books

A total of 2632.50 yuan for all books, about 15,000 pages. It takes at least 3 years to study these contents on your own. If self-study while working, if the work content cannot be highly overlapped with the learning content, it will take at least 5 years.