When it comes to hackers, you may think it is very mysterious. In fact, the hackers we are talking about are white hat hackers. They are people who look for vulnerabilities in websites, systems, software, etc. and help manufacturers fix them. Part of it belongs to the direction of web security, which is to use loopholes to obtain some data or achieve control, so that the other party's program crashes and other effects.
01 Explanation of some common terms
Penetration : It is to detect whether there are security holes in your network equipment and system through scanning. If there are any, it may be invaded, just like a drop of water passing through a wooden board with holes. If the penetration is successful, the system is invaded.
Backdoor : This is a vivid metaphor. After the intruder successfully controls the target host using certain methods, it can implant a specific program in the other party's system, or modify certain settings to access, view or Take control of this host.
These changes are difficult to detect on the surface, as if the intruder secretly assigned a key to the owner's room, or repaired a key in an inconspicuous place, so that he can enter and exit at will. Usually most Trojan horse programs can be used by intruders to create backdoors (BackDoor)
Trojan horses : These are normal programs that pretend to be normal on the surface, but when these programs run, they will obtain the entire control authority of the system.
There are many hackers who are keen to use Trojan horse programs to control other people's computers, such as Gray Pigeon, Gh0st, PcShare and so on.
Broiler chicken : The so-called "broiler chicken" is a very vivid metaphor, which refers to computers, mobile phones, servers, or other smart devices such as cameras and routers that can be controlled by attackers to launch network attacks. For example, in the 2016 US East Coast Internet outage incident, hacker organizations controlled a large number of networked cameras to launch cyber attacks, and these cameras can be called "broilers."
0day vulnerability : The earliest cracking of 0day vulnerability was specifically for software, called WAREZ, and later developed into games, music, film and television and other content. The 0 in 0day means Zero, and the early 0day means that the cracked version appeared within 24 hours after the software was released. In the context of network attack and defense, 0day vulnerabilities refer to those vulnerabilities that have been discovered and exploited by attackers, but have not been known to the public, including the affected software manufacturers. The information advantage, because there is no corresponding patch or temporary solution for the vulnerability, the defender does not know how to defend, and the attacker can achieve the greatest possible threat.
1-day vulnerability : Refers to a vulnerability whose vulnerability information has been made public but has not yet been patched. The harm of such vulnerabilities is still relatively high, but officials often announce some mitigation measures, such as closing some ports or services.
Nday vulnerability : Refers to a vulnerability for which an official patch has been released. Under normal circumstances, the protection of such vulnerabilities only needs to be updated with patches. However, due to various reasons, there are often a large number of equipment vulnerability patches that are not updated in time, and the methods of exploiting the vulnerabilities have been made public on the Internet. Often such vulnerabilities are the most commonly used by hackers exploits used. For example, in the Eternal Blue incident, Microsoft had released patches in advance, but a large number of users were still affected.
SRC : Security Response Center, the Chinese name is Security Emergency Response Center, the security department of the manufacturer, which is mainly responsible for reviewing the vulnerabilities you dig and providing rewards.
Web security must understand some basic knowledge of the Web as a foundation to learn this technology, because not everyone can directly infiltrate and then learn basic knowledge, so in order to better get started with Web security, you must first Grab some basics.
02 How to get started with Web security?
-
To understand the basic types of vulnerabilities, you first need to understand the common types of web vulnerabilities, such as XSS, CSRF, SQL injection, command execution, code execution, URL redirection, etc. There are many common vulnerability complexes on the "shooting range platform" of Hetian Network Security Laboratory Now, novices can understand the principles while understanding the vulnerabilities.
-
Proficiency in using various operating systems The actual production environment is different from the shooting range. In order to exploit vulnerabilities more deeply, you also need to learn to use different operating systems proficiently, and at the same time have an understanding of their security features.
Maybe you have tried to find articles or videos in major security communities, and you will eventually find that there are many resources for getting started with basics, the quality of which is uneven, and the efficiency of self-study is not high.
As a newcomer, you may encounter all kinds of strange situations during the learning process. If you want to master the knowledge points more deeply, learn more systematically
Internet Security & Hacking Learning Resource Sharing:
Share with you a complete set of network security learning materials, and give some help to those who want to learn network security!
For students who have never been exposed to network security, we have prepared a detailed learning and growth roadmap for you. It can be said that it is the most scientific and systematic learning route, and it is no problem for everyone to follow this general direction.
Due to the limited space, only part of the information is displayed, friends, if necessaryA full set of " Introduction to Network Security + Advanced Learning Resource Pack ",needClick on the link belowYou can go to get
CSDN spree: "Hacker & Network Security Introduction & Advanced Learning Resource Pack" free sharing
At the same time, there are supporting videos for each section corresponding to the growth route:
Due to the limited space, only part of the information is displayed, friends, if necessaryA full set of " Introduction to Network Security + Advanced Learning Resource Pack ",needClick on the link belowYou can go to get
CSDN spree: "Hacker & Network Security Introduction & Advanced Learning Resource Pack" free sharing
Video supporting materials & domestic and foreign network security books and documents
Of course, in addition to supporting videos, we also organize various documents and books for you.
All the data is 282G in total , if you need it, friendsA full set of " Introduction to Network Security + Advanced Learning Resource Pack ",needClick on the link belowYou can go to get
CSDN spree: "Hacker & Network Security Introduction & Advanced Learning Resource Pack" free sharing