Safety Programming Education in safe contact
I did a few things
- Writing tutorials, web security, mobile security, penetration testing, emergency response, etc
- Set up experiments
- Setting up CTF competition environment
- Automatic audit topic
- Platform exploration based on CAAS
- Training & live broadcast
- Exploration of paid customized competition
- The creation and maintenance of community and knowledge base
- Administration
I have created a model called "monthly competition", which is also available in ACM and other directions. Monthly competition introduces traffic precipitation through free way, charges downstream such as live broadcast, and provides valuable content through reproduction and other ways.
The main value lies in knowledge, which is true knowledge payment.
What's the advantage of this? Compared with the traditional offline teaching, this way saves the cost of both parties. Some offline training involves business trips, whether the time is acceptable or not, and the cost is higher than online training. Online training doesn't need you to just connect to the Internet. With the maturity of the current live broadcast technology, the cost of the live broadcast is also being reduced, which is suitable for live teaching. Moreover, this idea has been given by many customers. In Anheng, some customers allow online teaching when they communicate with me, and the first view to watch the teacher's notebook will not encounter a series of problems such as unclear projection, limited site hardware environment, etc.
Value: provide growing knowledge, let students deeply digest knowledge through practice, and become a part of life.
Motivation: when I went to do this, there was only one laboratory platform product in that department. This product was ¥% Yeah, great! interesting。。 The customers who chat with me constantly "like" this product. After learning this information, I think the promotion potential of this department is still great. After all, I want to take a test of 90 points and 100 points The effort is obviously much higher, but from 10 to 60, the potential is huge. Yes, I hold this mentality and start from a better perspective of the company. I have made this month's competition by myself with my own resources. I can't find my own projects. I have established my own operation organization and live broadcast. HMM At that time, the official account of WeChat was also issued by me. The introduction of the question was also done by the interns.
For 2-3 months, the leader told me not to work alone. Well, at that time, I thought this pattern was very good. Children's right and wrong, adults are talking about the pros and cons, right personal point of view, what is the significance of these J8 lives.. But this is not what I want. For me, I just want to carry. If you don't carry, please don't hinder me from trying to carry.
I knew what I wanted, so I stayed out for the whole year.
In this 1-year limited resource exploration, I have learned
1. Automated audit topics and deployment, agreed upon submission format
2. Input and output. From doing one thing a month to gradually reducing the work pressure and burden brought by this work, basically reducing the time to occupy one third of a month. At that time, the estimated output is calculated according to the live broadcast cost of 10 yuan, which can initially reach the balance of revenue and expenditure. Of course, 2C is difficult to make money. In the process of exploration, there is also a big customer who said that he would like to buy this service to support my work. He said that he would promote all employees to participate in this matter and have a budget. As long as the strategy is used properly, the spread and profitability of the virus are not a problem. Look at so many models such as red envelopes in the circle of friends.. This marginal cost will be reduced very quickly, mainly because it is difficult to break through this balance of payments. At that time, I have completed a small goal I set, that is, balance of payments. Next, as long as I continue to expand the base and reduce the marginal cost
3. Live lectures. This is a non-technical job. Most of the computer programmers are grumpy and flexible. So in order to improve their enthusiasm and enthusiasm for learning, you can refer to the crosstalk master who took the postgraduate entrance examination... You see, he's online. Just study, or a normal lecturer, as long as it's not someone who doesn't like communication...
Some people say that the live broadcast can't answer questions for many students. Offline questions are OK. In fact, 80% of them don't attend the training for a long time. They may have told several courses and thought they were familiar with them. There are still a lot of such people.
Half an hour can be reserved for answering questions in the live broadcast. And set some video breakpoints, from which it is FAQ. The mainstream live platforms allow messages, and many of them can be explained and analyzed.
4. Optimization of knowledge dissemination mode of technology. Technology is difficult to form a specific server like a product, most of which is a courseware. However, the limitation of courseware is that there are many words. I want to see so many contents, but for the rookie, even if I give him ideas, he can't understand them, so he needs to use live broadcast and video to have a more intuitive feeling. That's one of the reasons I do community and live. There are many courseware on the market, which can't be seen really. Think from a beginner's point of view, this... What and what is written. To know that the people who study technology are very vegetable, just like PM, the users are very stupid, and you can learn if you want to make the product very simple. If you write and technology analysis blogs like that, you will not survive. If you start a business like this, you will show off or reflect yourself in technology... My God, your user base may only be dozens of people... Well, tomorrow you'll be out of business... So it must be very simple and easy to understand. It's better to take a screenshot of step1 and Step2
5. Platform optimization. At the beginning, it was VMware and openstack, which were too large, no matter how much image and topic were compressed. There was a competition of several hundred people.. At that time, 11-12 servers were used to create more than 300 virtual machines. It took 1 night to create ¥%*(*(&…
Not only not to optimize but also very proud, I worked overtime.... (* &¥% stupid
In order to simplify this process, I found a way to greatly reduce the time and hardware scale after exploration, that is, CAAS. Container cloud. The host of the windows container needs to be windows and the specified image version. That's OK. This can meet my needs very well.
Other networks through docker can be built across VLAN to meet penetration and other environment construction. In order to reduce network pressure, we must control network traffic. At the beginning, the topic is sharing, that is to say, everyone's access is a virtual machine instance. In this way, the pressure on this single instance is too great. You can use sqlmap to run down MySQL of this instance and hang up.. And you will encounter this problem no matter how you deal with it. It will be a little better if you adjust the concurrent memory, etc., but once the human base is expanded After all, if a single server can be optimized to support thousands of visitors, I won't work here. I should be maintaining the MySQL community. I've developed it in Ali, and I don't need the word cluster.
Therefore, running a container through CAAS can easily face such pressure, and each visit and flow can be customized, and there will be no sharing problem. Some people change the home page to cause other players to visit the topic abnormally.
Forget it. Some things need to be researched. There are many people on the Internet. Some people are suitable for sharing technology and content to them. Some people are unwilling to share. Then I don't want such people to get these resources.
If you want to communicate with me, you can add my wechat or leave a message. Hahaha, that's better
User access - > charge member or not, resource authentication - > online platform - > request back-end CAAS container cloud - > find image - > generate container - > return to online platform
To access the corresponding container, you can add several more VPN servers in the platform layer and enter the container network environment through VPN connection. Well, this scheme should be the best. In the way of port forwarding, users access an IP + port. It's hard to open an HTTP service to port 72632. It's hard to watch. Some CMS still write IP.
Of course, I solved the problem
In a word, I can now realize a product that can log in to the cloud platform through VPN dialing to operate and replicate the experiment. The others are live broadcast, competition, community, etc. Community is still a very important thing, such as wooyun T00ls, which needs to settle the user's