To become the most powerful white hat, only persistent learning and thousands of times of actual combat tempering . You can only rely on yourself in actual combat, but the path of learning has been paved for you by the "Practical White Hat Talent Ability Map".
"What do you think the most powerful hacker should look like?" the author asked solemnly.
Passerby A who is tinkering with the computer: "I don't know what it is, but I know what it is not, such as me (laughing and squawking)!"
Passerby B pointing fingers at the side: "Have you seen the movie, let me give you a picture to make up for yourself - the keyboard is crackling, the screen is rolling down, and the finger is snapped suddenly, and the system is completely shut down ."
Before the words were finished, the two younger brothers lowered their heads again, and got into their two-person world, the logo of the Butian platform looming in the upper left corner of the computer screen. The author let out an oh, and made up his mind about it. Maybe what he said is the following?
The picture comes from the Internet
Suddenly, Passerby B shouted excitedly to Passerby A: "The RCE (Remote Code Execution Vulnerability) we submitted last time in Butian, the bonus has already arrived."
out of interest
On March 28, Butian Platform held its 10th anniversary birthday party as scheduled.
White-hat hackers from all directions came in droves. Most of them had immature faces, but they were full of self-confidence unique to young people, as if telling everyone that the future cyber world belonged to them.
On the podium, the person in charge of Butian Platform is talking happily about the glorious past of Butian Platform:
"The Butian platform always puts the rapid response to vulnerabilities in the first place, and takes building a healthy and prosperous white hat community to contribute to China's network security as its own responsibility. Since its establishment ten years ago, more than 100,000 white hat hackers have gathered here , submitted more than a million bugs."
"Then do you know what the most powerful hacker should look like?" The author couldn't wait to ask this question again.
"Ah, I just entered the industry the year before last, so this topic is still a bit far away from me." A white hat with Butian ID named BugMaker replied, "But you can refer to the 'Practical White Hat Talent Ability Map' released by Butian ( Atlas for short), which summarizes the practical skills that white hat hackers at different stages should master ."
"Is this the picture you're talking about?" I picked up my phone and showed it to him.
"Yes, this is this one. You see, from the most basic web vulnerability exploitation to high-level intranet penetration and low-level vulnerability mining, it's all on it ." BugMaker nodded.
The author counted, a total of 14 categories, 85 specific skills . If it is the most powerful hacker, I dare not say that they can master all of them, but at least they have mastered most of them.
"I see that this picture divides skills into three stages. What is your general position? Are you going to learn all the skills listed above?" The author asked questions one after another.
"I'm still at the primary stage, and I'm learning how to use various loopholes with my seniors and masters of Butian. As for further study, it mainly depends on interest. In fact, most of us enter the industry because of interest. , I became interested in this thing by chance.”
Hearing this sentence, the author asked around in the attitude of a "community cow", and the answers I got were similar. Some seniors led the way, some clubs played network security competitions together, and some had their own accounts. Stolen on a whim...
In a word, interest is always on the road.
Later, BugMaker told the author that when he was a sophomore, there was a small bug in the code he wrote. No matter how he debugged it, he couldn’t run it. Later, he consulted many people and found out where the bug appeared. Later, he gradually became aware of the loophole. Interested.
The ID of BugMaker also comes from there. It is intended to spur myself on my own experience. People who write codes will create bugs one after another, but since the first day I became a white hat, my goal is to find out these bugs and loopholes. , to ensure that it will not be infested by bad guys .
Start with "Script Kiddies"
Compared with BugMaker, Tracy (Mending ID) who is about the same age obviously has a longer white hat career.
He became a white hat very early, about fourteen or fifteen years old, when he was still in junior high school. On a hot Saturday, he was surprised to find that his game account had been stolen. As a veteran game player, of course he knows what this means, which makes Tracy, who can only play games for an hour or two during the holidays, feel cold.
Sure enough, the game equipment he worked so hard to accumulate could be "destroyed" by hackers. In those two years, he hated account hacking so much.
So Tracy is determined to become a white hat . In his mind, hackers must be the ones who do account hacking, and it is said on the Internet that white hats are good hackers with a strong sense of justice, and they are a new force against bad hackers .
On the first weekend after making this decision, Tracy was allowed to play on the computer for two hours by her parents as usual. Unexpectedly, he directly deleted his favorite game, and entered the three words "white hat" in the search engine bar backhandedly.
Faced with all kinds of tutorials and popular science articles on the Internet, Tracy was stunned for a while, not knowing where to start.
Until a post called "Avoid Being a "Script Kiddie"" appeared in front of his eyes. It probably means that the vast majority of white hats start with the use of scripting tools, but some beginners become complacent after learning to use some automated vulnerability scanning and exploitation tools, lose the motivation to continue learning, and become "boys who can only use scripts". ".
However, Tracy didn't care about many people's disdain for script kiddies. He only had one idea: if someone opened a script when playing games, he would become very powerful. Wouldn't it be the same to be a white hat?
"Have you heard of SQLMap?" Tracy asked me back.
"Of course I've heard it, you can see it here." The author pointed to the basic ability grid on the map in the phone.
White hat students know that SQLMap is an automated SQL injection tool whose main function is to scan, discover and exploit SQL injection vulnerabilities in applications.
Tracy said that the first security tool he learned to use was SQLMap , and its significance was no less than the first computer game he played, or the first pair of high-end basketball shoes for basketball lovers, or the first pair of high-end basketball shoes for fishing enthusiasts. My first fishing rod...
With the help of this tool, Tracy quickly learned the first skill of the white hat career - SQL injection.
SQL injection refers to adding additional illegal SQL statements to the original normal SQL statements, so as to deceive the database server into executing unauthorized arbitrary queries, and further obtain corresponding data information.
"Being a 'script kiddie' was really cool at the introductory stage, and it made me a 'hacker' that was still out of reach of my classmates at the time," said Tracy, using the word cool. SQLMap allows him to test SQL injection vulnerabilities in batches, and every successful exploit gives him an indescribable sense of satisfaction .
In the eyes of his classmates who can only play games, he is just cool.
Interestingly, among the several white hats that the author communicated with, most of the first tools they learned to use were SQLMap.
There are many scripting tools similar to SQLMap, such as BurpSuite, which is the favorite of some paranoids, which can automatically capture data packets and facilitate the batch collection of target intelligence information; another example is also known for SQL injection, D injection tool, name boy, etc... …
There is a certain threshold for digging holes, and it is not friendly to novices, so practicing using old loopholes is a compulsory course for every white hat. Automated scripting tools can reduce the threshold for exploiting vulnerabilities to a very low level, and can help users quickly grasp the principles and methods of exploiting various vulnerabilities. It is almost a must for all white hats to get started *. *
Many people think that script kid is a derogatory term, but Tracy doesn't think so. One of the great gods he worships often calls himself a script kid. Moreover, the use of scripts is not exclusive to novices, who would not love powerful and convenient tools?
escape the comfort zone
Unlike many people, Enjoy (Back Sky ID), who was born in a major, did not start as a script kiddie. As a student majoring in network security, he has laid an excellent programming foundation during his freshman and sophomore years, and has extensively dabbled in mainstream programming languages such as C/C++, Java, Python, and Go .
"When I was a sophomore, I found out that there was a senior in our club who would submit bugs in patching the sky or major SRCs from time to time, and then he took me to work on web security together." Enjoy said, because the code is written a lot, it is easy to get started as soon as you get started. Learn to do code audits with another buddy.
Fortunately than many people, Enjoy got off to a good start very quickly: with the help of his seniors, he found the front-end RCE of a certain office software owned by a certain first-tier software manufacturer through auditing the source code , and even this vulnerability was still a high-risk 0day (i.e. vulnerabilities that no one has ever discovered).
After submitting it to relevant software manufacturers, Enjoy got the first bucket of gold in his life, which was a huge sum of money for him who was a student at the time.
In contrast, Kamelo (Mending ID) is more inspirational. As a serious lover of programming and hacking, he spent all his time in the school's computer lab except playing basketball and watching football games with his classmates during college .
He especially likes to study various hacking gadgets, and marvels at how the predecessors can develop such powerful and easy-to-use gadgets.
"Should I say it or not, it's really cool to be a script kid." Kamelo said, imagine a cup of tea, a pack of cigarettes, a flat life of a script running for a day, almost no need to use any brains, and he started from here step by step white hat career.
But Kamelo doesn’t stop there. He likes a line in Jay Chou’s song "Listen to Mom" the most: In the future, everyone will read the comics I drew, and everyone will sing the songs I wrote.
So he has his own small goals: some of his first-published 0day vulnerabilities can be circulated on the Internet, and the security tools and popular science articles on attack and defense penetration written by himself can be circulated.
The transition from basic ability to advanced ability is not a smooth path. Kamelo spends a lot of time almost every day, researching programming skills and the causes of various vulnerabilities, so that he can know what kind of code will generate vulnerabilities and how to exploit these vulnerabilities.
Even, he will reproduce the vulnerability he wrote, and at the same time try to write the exploit code (EXP).
Although until now, Kamelo still has a certain distance from the small goal he set at the beginning, but in the Butian attack and defense community, his penetration skills strategy articles have a high degree of attention, and many of them have tens of thousands of views At the same time, it also gained a group of loyal fans and white hat friends.
"When I participated in the Butian Campus Tour, I really liked the words shared by a guest." Kamelo said that programming ability is the most obvious dividing line for white hats from entry to proficiency .
In his opinion, mastering one or more mainstream programming languages can help white hats to read and understand source code more easily, and it really helps to improve vulnerability mining capabilities. By deeply understanding the code and underlying architecture of the target application, white hats Potential vulnerabilities can be more easily discovered and attempts to exploit them carried out.
In the advanced ability grid in the middle layer of the map, although programming ability is only listed as one of them, programming ability is the core whether it is writing POC (vulnerability verification process) or web vulnerability mining .
The big holes of mainstream teams are almost all excavated through code audits.
move to a lower level
So, what is a big hole?
Harmful? A wide range of influence? In fact, there doesn’t seem to be a clear standard definition. Let’s call a vulnerability that is more harmful and affects more users after the vulnerability is triggered than a big hole.
So what kind of vulnerability will meet these two conditions at the same time? Someone must have immediately thought of the Eternal Blue that broke out in 2017.
Speaking of EternalBlue, this vulnerability has a clear sign that it resides on top of the Microsoft Windows operating system. Compared with various software applications, the operating system is located at a lower level of the computer. Therefore, under normal circumstances, vulnerabilities at the system layer are more destructive and more likely to become a big hole .
There is a reason for saying this.
If you compare the entire IT system to a bucket, if you poke a hole in the upper web application, only the top part of the water will flow out; but if you poke a hole in the lower operating system, then the whole bucket of water may flow out. All have to flow out.
Therefore, this kind of vulnerability from the bottom is more likely to become a cyber weapon for cyberspace confrontation between countries.
It's just that not everyone can dig system-level vulnerabilities. Looking down the map, in the high-level ability grid, system-level vulnerability mining stands out. If you can do this, at least you have to be a high-level white hat.
In other words, if you want to become a high-level white hat, you have to move on to a lower level after getting out of the script kiddie comfort zone .
TheSky (butian ID), who considers himself a security veteran, has a lot to say. His thick black hair makes it difficult to connect him with his identity as a white hat for more than ten years.
Summing up more than ten years of digging experience, he believes that compared with web application vulnerability mining, the difficulty of system layer vulnerability mining is mainly reflected in the following aspects :
* Complexity* : The mining of system layer vulnerabilities requires an in-depth understanding of underlying technologies such as operating systems, network protocols, and system kernels, and these technologies themselves are very complex. In addition, system-level vulnerabilities often involve interactions between multiple components and modules, making debugging and locating problems more difficult.
Lack of exploitability information : There are usually no public penetration testing platforms or exploit tools available for system-level vulnerabilities, so white hats need to write corresponding exploit scripts and tools themselves. This one puts all script kiddies at bay.
More professional skills are required : System layer vulnerability mining requires more professional knowledge, such as binary analysis, assembly language, memory management, etc. These skills may be new and foreign to many white hats.
Greater uncertainty : Since system layer vulnerabilities often lead to more serious consequences, such as denial of service, code execution, etc., the attack surface of the system layer is also more tightly protected. When digging system-level vulnerabilities, white hats need to be more cautious to avoid causing security problems.
Because it is more difficult and more destructive, digging out a loophole in an operating system often results in a higher bug bonus, which is highly sought after by white hat groups. The master who has long been famous in the hacker circle, who hasn't got a few 0days of the operating system yet.
"Then are you a high-level white hat?" The author couldn't help asking TheSky.
"Ahem, what do you think?" TheSky threw a confident look.
Combat-oriented
After practicing a certain amount of internal strength, **CTF (Capture the Flag)** is often the first training ground for white hats to enter. It is currently the most popular network security competition in the world.
The general process is that participating teams first obtain a string of strings or other content with a certain format from the competition environment given by the organizer through offensive and defensive confrontation, program analysis, etc., and submit it to the organizer. When it comes to the scores of related competition questions, this process is vividly called "capture the flag", which is a bit like winning the first place.
BugMaker, Enjoy, and Kamelo have participated in various CTF competitions many times, and have won high rankings. They all believe that CTF is of great benefit to improving technology and experience.
But then again, CTF is just a competition after all, the organizer will pre-arrange a virtual network environment, and the contestants are only faced with unchanging competition problems.
The white hat itself is to fight against the black industry, and it needs to be tempered repeatedly in the real environment .
In this regard, CTF is not comparable to the large-scale real-network offensive and defensive exercises that have become popular in recent years , that is, in a real network environment, the two sides of the organization are organized to compete.
In Kamelo's view, compared with CTF competitions, large-scale real-network offensive and defensive exercises have more comprehensive and comprehensive requirements for white hats. White hats need to master a wider range of knowledge and skills, have teamwork and safety awareness, and be able to quickly adapt to different situations and tasks .
For example, how to use deception, phishing and other means to trick the target, how to quickly obtain greater authority inside the target system after exploiting vulnerabilities to infiltrate into the target's intranet, and how to hide traces of your own intrusion from being detected by the security device of the defender , These are knowledge that are usually difficult to acquire.
"When I participated in the real network offensive and defensive exercise for the first time, I was actually a little nervous." Kamelo said that although he is good at infiltration technology, he chose a more challenging role and participated for the first time as a defensive team. It is more nervous than being an offensive player, because the attack penetration fails and it is a big deal to try again, but the defensive team has no way of guessing what kind of attack method the opponent will use.
Kamelo, who has gone through many actual combats, has faded away from his immaturity as a student, and has already grown into an offensive and defensive arrow of a certain enterprise security team. He also has a deeper understanding of white hats.
According to him, a top white hat hacker should have the following skills .
Proficient in computer network and operating system : Master the principles, structure and internal operation mechanism of computer network and operating system, fully understand the network structure and service functions, so as to better identify potential security risks.
In-depth understanding of various security tools and technologies : Possess a broad knowledge system, be familiar with various security tools and technologies, and be able to flexibly apply these tools and technologies to discover and exploit security vulnerabilities.
Possess programming and scripting language skills : Possess the ability to write programs and scripts to automate the testing and auditing process, improving efficiency and accuracy.
Good reverse engineering skills : the ability to understand and modify binary code, gain insight into how software works internally, and thus discover vulnerabilities in software.
Excellent vulnerability mining and exploitation skills : able to discover unknown vulnerabilities through various means, and use these vulnerabilities to invade the target system.
Good communication and teamwork skills : Collaborate with others to conduct penetration testing, remediation and troubleshooting.
"So do you have any advice for novice white hats who want to become the best hackers?" the author asked.
Kamelo pinched his nose, thought for a while and said: "Actually, there is nothing more. The map in your hand is a very valuable guiding material. This map is based on actual needs and is aimed at different stages and fields. Skills and knowledge are classified and explained in detail, which can provide practitioners with a clear career development path and skill improvement direction ."
Internet Security & Hacking Learning Resource Sharing:
Share with you a complete set of network security learning materials, and give some help to those who want to learn network security!
For students who have never been exposed to network security, we have prepared a detailed learning and growth roadmap for you. It can be said that it is the most scientific and systematic learning route, and it is no problem for everyone to follow this general direction.
Due to the limited space, only part of the information is displayed, friends, if necessaryA full set of " Introduction to Network Security + Advanced Learning Resource Pack ",needClick on the link belowYou can go to get
CSDN spree: "Hacker & Network Security Introduction & Advanced Learning Resource Pack" free sharing
At the same time, there are supporting videos for each section corresponding to the growth route:
Due to the limited space, only part of the information is displayed, friends, if necessaryA full set of " Introduction to Network Security + Advanced Learning Resource Pack ",needClick on the link belowYou can go to get
CSDN spree: "Hacker & Network Security Introduction & Advanced Learning Resource Pack" free sharing
Video supporting materials & domestic and foreign network security books and documents
Of course, in addition to supporting videos, we also organize various documents and books for you.
All the data is 282G in total , if you need it, friendsA full set of " Introduction to Network Security + Advanced Learning Resource Pack ",needClick on the link belowYou can go to get
CSDN spree: "Hacker & Network Security Introduction & Advanced Learning Resource Pack" free sharing