foreword
[It's already 2023, and I'm still asking how to get started with network security] So this issue will publish a learning route and method on how to learn network security. If you find it useful, like it and save it
First of all, let's talk about what problems usually arise when learning the direction of network security
1. It takes too long to lay the foundation
It takes a long time to learn the basics, and there are several languages. Some people will fall on the way to learn the linux system and commands, and more people will fall on learning the language;
2. The level of knowledge points is not clear
For the basic content of network security, many people don't know how much they need to learn, and they swallow it all, resulting in spending too much time on the basics; I saw many friends who bought books on HTML, PHP, databases, computer networks, etc., and each book is still very expensive. It is thick, and many of them are written in depth. I find that the more I learn, the less confident I am. Others can find a job if they learn PHP or database, but network security needs to learn so much, and I am more and more suspicious of whether I have chosen the wrong direction;
3. Knowledge points can’t distinguish the key points
Many people have spent a lot of energy to learn the basic content, but found that a lot of knowledge has little to do with subsequent network security, did not distinguish the key points, and wasted a lot of time;
4. The learning of knowledge points is not systematic
I saw a lot of friends looking for a lot of videos on station b, and bought some small lessons on other platforms. There are also 1-2T learning materials and video content on Baidu cloud disk, but it takes a lot of money to finish each class Time, and a lot of content is repetitive. After learning SQL injection, I saw another company talking about SQL injection later. It was not bad. I will study it again and find that after learning all the principles of web vulnerabilities, I am still not sure about myself. Have you learned nothing about web vulnerabilities?
5. It is difficult to solve problems by yourself
For beginners, many will build some shooting ranges by themselves, but due to the configuration environment and other reasons, there will be a lot of time delay, especially when beginners encounter three consecutive problems that cannot be solved, it is easy to give up; for some people with poor hands-on ability Classmates, this may directly affect the confidence to continue learning;
6. The level of actual combat is not enough
For learning network security and penetration testing technology, in fact, to a large extent, what you learn is "hacking" technology. By learning how to attack and intrude, you can better understand how to defend systems and applications; and this is precisely network security. If you only have theory and little practical experience, it will be more difficult to get a job; in normal study, in addition to building some open source shooting ranges for practice, it is best to have a shooting range composed of real loopholes for learning. You can go to the SRC platform to penetration test some real websites (you must obtain authorization to penetrate real websites), but it is relatively difficult to find out, and many beginners will lose confidence and doubt themselves;
7. Intranet learning is more difficult
The information about Web penetration is everywhere on the Internet, and it is relatively easy to learn, but the information on the intranet is relatively scarce on the Internet, and there are not many materials that can be used for reference. Technical improvement and accumulation; learning will be more difficult.
Understand the problem, and at the same time combine some of your own characteristics to adjust the learning direction, you will get twice the result with half the effort. The following are 3 learning routes, which are suitable for different learning groups
**I have packaged and sorted out the complete set of materials from book viewing and cyber security entry to advanced proficiency in 30G [Poke me to get network security resources]
Method 1: Learn programming first, then learn Web penetration and tool usage, etc.
Applicable people: small partners with a certain code foundation
(1) Basic part
The basic part needs to learn the following:
(1.1) Computer network:
Focus on learning OSI, TCP/IP model, network protocol, working principle of network equipment, etc., and quickly read through other content;
(1.2) Linux system and commands:
Since most of the web servers currently on the market run on Linux systems, if you want to learn how to infiltrate the web system, you must at least be very familiar with the linux system, and you need to learn common operating commands;
**Suggestion for learning: **Learning about 10% of the common commands is applicable to 90% of the work scenarios. Like office software, master the most commonly used 10% of the functions. There is no problem in basic daily use. Go to Du Niang; there are only 50-60 common linux commands, and many novices learn all the commands by swallowing them all, but they can't remember them! ! ! ! This method of learning is also wrong;
(1.3) Web framework:
Familiar with the content of the web framework, the front-end HTML, JS and other scripting languages are enough, the back-end PHP language is the key learning, remember not to learn the language according to the development idea, the minimum requirement of php is to be able to read the code, of course, it is best to write, But not development, but not development, but not development, important things are said three times;
(1.4) Database:
You need to learn SQL syntax, and use the common database MySQL to learn the corresponding database syntax. The same is true. You can understand some advanced syntax of SQL. learn too deeply;
(2) Web Security
(2.1) Web penetration
Master the principles, utilization, defense and other knowledge points of more than 10 common web vulnerabilities ranked top by OWASP, and then match them with certain shooting range exercises; some beginners may ask, where to find information, it is recommended to buy directly A more authoritative book, learn with the free video system of station b, and then use the open source shooting range to assist in practice;
** [Recommended Books] **White Hats Talk about Web Security (Ali White Hat Hacker Dao Shendao Works)
**【Recommended shooting range】** Common shooting ranges can be searched on the github platform. The following shooting ranges are recommended: DVWA, bWAPP, upload-labs-master, SQL-lib-master, WebBug, pikachu, etc. Some are comprehensive shooting ranges, and some are specialized A shooting range for a vulnerability;
(2.2) Tool Learning
In the stage of web penetration, you still need to master some necessary tools. There are many videos on station b to learn the tools. Choose some well-explained videos to watch. Don’t watch many videos with one tool. Most of the videos are repetitive and waste time. ;
**Main tools and platforms to master: **burp, AWVS, Appscan, Nessus, sqlmap, nmap, shodan, fofa, proxy tools ssrs, hydra, medusa, airspoof, etc. The above tools can be practiced using the above open source shooting range To practice, enough is enough.
The practice is almost done. You can go to the SRC platform to infiltrate the real site to see if there is a breakthrough. If it involves bypassing WAF, you need to study specifically for bypassing WAF. There are not many postures. Learn systematically and then summarize more Experience, to a higher level.
(2.2) Automated penetration
Automated penetration needs to master a language, and it needs to be used proficiently. It can be any language that you are already familiar with. If you don’t have a good command of one, then I recommend learning python. The main reason is to learn It looks simple, and there are many modules, so it is very convenient to write some scripts and tools;
What the hell? I also need to learn programming. Didn’t I just say that programming is not a necessary condition for learning network security? If you don’t understand automation penetration, it will not affect your entry and employment, but it will affect your career development. And learning python does not require you to master many unnecessary modules, nor does it affect your career development. Thousands of lines of code need to be developed, only use it to write some tools and scripts, as few as 10 lines of code, as many as 1-200 lines of code, the amount of general code is much less than that of developers, for example, a The core code of the simplified domain name crawler code is only 1-20 lines;
Some friends may be anxious again, so how do you need to learn?
It takes a few days to learn the grammar of python. Brothers and sisters who have a code foundation may be able to learn the grammar of python in one day at the earliest, because the languages are all connected, but the fastest way to learn a language is to write code, nothing else Other methods; then you can start to try to write some common tools, such as crawlers, port detection, data packet core content extraction, intranet active host scanning, etc., such codes can be searched online; then write some POC and EXP For the script, just use the shooting range as a practice; some friends may have to ask again, what are POC and EXP, go by yourself, and develop a good habit of doing it;
(2.3) Code Audit
What the hell? Look at the code again. The content here requires relatively high coding ability, so if the coding ability is weak, you can skip this part of the study first, without affecting the learning and development on the road of penetration.
But if you want to go further in Web penetration, you need to be proficient in a backend development language. PHP is recommended, because the websites developed with php in the backend occupy the largest number. Of course, you are also proficient in python, asp, java and other languages, congratulations , you already have a good foundation;
Code audit, as the name implies, audits the source code of other people's websites or systems, and audits the system for loopholes by auditing the source code or code environment (belonging to the category of white box testing);
So how do you learn it? The specific content of learning is listed as follows in order:
-
Master some dangerous functions and security configurations of PHP;
-
Familiar with the process and method of code audit;
-
Master 1-2 code audit tools, such as seay, etc.;
-
Master the common functional audit method; (recommend auditing AuditDemo, let you have confidence)
-
Common CMS framework audit (difficult);
**[Recommended Books]** There is a foreign book "Code Audit: Enterprise-level Web Code Security Architecture" for code auditing. Of course, you can read it when you have time. It is recommended to find a set of system-introduced courses on station b. Go to study; find AuditDemo on github, download the source code, build it on a local virtual machine, and then use tools and audit methods to audit 10 vulnerabilities in AuditDemo, the difficulty distribution conforms to the normal distribution, you can challenge it;
As for the CMS framework audit, you can go to some CMS official websites and download some historically vulnerable versions to audit. You can use the official website’s user manual to learn the framework. For example, ThinkPHP3.2 version has some loopholes, and you can try to understand the code; But remember not to look at the code as soon as you come up, because the code volume of the CMS framework is relatively large. If you don’t learn the framework systematically first, you basically cannot understand it; after learning the framework, you can write a simple POC and audit it together according to the code audit method and tools Framework; in fact, it is not as difficult as you think. If you are a developer who changed careers, congratulations, you already have the inherent advantages of code auditing.
Then some friends asked again, my code is very poor, can I not learn code auditing, code auditing is not a necessary condition for learning network security, it is best to master it, and it will not affect subsequent study and employment if you fail to master it, but you need Choose a stage and practice to be more professional and proficient, such as web penetration or intranet penetration, or automated penetration;
(3) Intranet security
Congratulations, if you learn this, you can basically engage in a job related to network security, such as penetration testing, web penetration, security services, security analysis and other positions;
If you want to have a wider range of employment and stronger technical competition, you need to learn more about intranet penetration;
The knowledge of the intranet is slightly more difficult, which has a certain relationship with the current learning materials and shooting ranges on the market; the main learning content of the intranet mainly includes: intranet information collection, domain penetration, proxy and forwarding technology, application and System privilege escalation, tool learning, anti-virus technology, APT, etc.;
Don't talk to me about professional terms, blah blah blah! How to learn specifically?
**[Recommended Books]** This question is a bit big, uh uh uh uh uh uh! You can read "Intranet Security Attack and Defense: A Practical Guide to Penetration Testing". This book is well written. It is one of the few books in China that talks about intranets.
The little friend has to ask again, where can I download it to the intranet shooting range! Uh uh uh uh uh! This stumps me. If you are capable enough and have a high computer configuration, you can use virtual machines to build an intranet environment. Generally, you need more than 3 virtual machines. You can also find some intranet shooting ranges abroad, and there are some charges The shooting range is OK;
(4) Penetration and expansion
The penetration and expansion part is also closely related to the specific job position, and it is required to master it as much as possible. It mainly includes log analysis, security reinforcement, emergency response, etc.; among them, the focus is on the first three parts, and there are not many information on this area on the Internet. , and there are not many well-formed books and materials. You can learn through industry-related technical groups or materials shared by the industry. If you can learn this step, you have basically been considered a success in getting started. Learn log analysis, security reinforcement, and emergency response. Knowledge is also relatively easy.
Method 2: Learn Web penetration and tools first, then learn programming
Applicable people: those who have very weak coding ability, or have no coding ability at all, and other friends with poor foundation
Then some friends will ask, how do you learn Web penetration if you don’t have a good foundation?
The basic parts still need to be learned, such as linux system, computer network, a little bit of web framework, and database still need to be mastered in advance;
Some content like php language, automated penetration and code audit can be put at the end. After learning the previous knowledge, it is relatively easy to learn the language after learning the previous knowledge;
**[Priority recommendation]**Method 2, for noobs, the code foundation is usually weak, and many novices will fall into the language learning in the early stage, so it is recommended to learn method 2, first learn web penetration and tools, and It is more interesting, and it is easy to maintain a high learning motivation and enthusiasm. I will not talk about the specific learning content. Please refer to method 1.
Method 3: Choose a training institution to study
Applicable people: small partners who need systematic learning, enhanced practical ability, career change and quick employment
Well, this is the end of the talk, you can choose the method that suits you to learn
In addition, I have packaged and organized a full set of materials for book acquisition and Internet security entry to advanced, and friends who need to learn can