1. Misunderstandings and pitfalls of self-study network security learning
1. Don't try to become a programmer first (programming-based learning) and then start learning
In my previous answers, I have repeatedly emphasized not to start learning network security based on programming. Generally speaking, learning programming is not only a long learning cycle, but also there are not many key knowledge available after the actual transition to security
If ordinary people want to learn programming well and start learning network security, it often takes a long time, and it is easy to give up halfway. And learning programming is just a tool, not an end. Our goal is not to become a programmer. It is suggested that in the process of learning network security, what will not be filled, which is more purposeful and less time-consuming
2. Don’t take deep learning as the first lesson
Many people are aiming to learn network security well and solidly, so it is easy to use too much force and fall into a misunderstanding: it is to learn all the content in depth, but it is not right to use deep learning as the first lesson of network security. good idea. The reasons are as follows:
[1] The black-box nature of deep learning is more obvious, and it is easy to learn and swallow
【2】Deep learning has high requirements on itself, it is not suitable for self-study, and it is easy to enter a dead end
3. Don’t Collect Too Much Data
There are a lot of learning materials about network security on the Internet, and there are several gigabytes of materials that can be downloaded or watched at every turn. And many friends have "collection addiction", buying more than a dozen books at once, or collecting dozens of videos
Many online learning materials are extremely repetitive and most of the content has not been updated a few years ago. During the introductory period, it is recommended to choose "small but refined" materials. Below I will recommend some learning resources that I think are good for Xiaobai. Read on patiently.
2. Some preliminary preparations for learning network security
1. Hardware selection
I am often asked "Do I need a computer with a high configuration to learn network security?" The answer is no, the computer used by hackers does not need any high configuration, as long as it is stable. Because some programs used by hackers, low-end CPUs are also It can run very well, and it doesn’t take up much memory. There is another one, the hacker is done under the DOS command, so the computer can be used in the best condition! So, don’t re-purchase the machine in the name of learning...
2. Software selection
Many people will be entangled in learning hackers whether to use Linux, Windows or Mac system. Although Linux looks cool, it is not friendly to newbies. The Windows system can also use the virtual machine to install the target machine for learning
As for the programming language, Python is the most recommended because of its good expansion support. Of course, many websites on the market are developed by PHP, so it is also possible to choose PHP. Other languages include C++, Java...
Many friends will ask if they want to learn all languages? the answer is negative! To quote my sentence above: Learning programming is just a tool, not an end, our goal is not to become a programmer
(An extra thing to mention here is that although learning programming cannot get you started, it can determine how far you can go on the road of network security, so I recommend you to learn some basic programming knowledge by yourself)
3. Language ability
We know that computers were first invented in the West, and many nouns or codes are in English. Even some existing tutorials were originally translated from English, and it usually takes a week for a bug to be translated into Chinese. Vulnerabilities may have been patched at this time difference. And if you don’t understand some professional terms, you will have obstacles when communicating technology or experience with other hackers, so you need a certain amount of English and hacker professional terms (you don’t need to be particularly proficient, but you must be able to understand the basics)
For example: broiler, hanging horse, shell, WebShell, etc.
route map
Let’s take a look at an overall roadmap first, and get a preliminary understanding of what knowledge needs to be learned in this direction
I have divided a total of six stages, but it does not mean that you have to learn all of them before you can start working. For some junior positions, it is enough to learn the third and fourth stages.
Come on, don't talk much, let's learn together and witness the journey from bronze to king!
The first stage, the Stone Age, is aimed at pure novice Xiaobai who has just entered the arena. At this stage, it is mainly to lay the foundation, and there are five parts to learn:
Windows
Some basic commands on Windows, the use of PowerShell and simple scripting, and the use of several important components that Windows will often deal with in the future: registry, group policy manager, task manager, event viewer, etc.
In addition, learn to build a virtual machine on Windows, learn to install the system, and prepare for the next learning of Linux.
Linux
For network security, it is necessary to deal with Linux frequently. I have seen many newcomers follow some training courses to learn Kali as soon as they come up. I am eager to learn Kali without even establishing the basic Linux concepts. This is learning to run before I can walk, which is putting the cart before the horse.
In the basic stage, it mainly focuses on usage, learning commands related to text editing, files, networks, permissions, disks, users, etc., and has a basic understanding of Linux.
computer network
Network security, computer network is definitely a very important existence. As a basic stage, this section mainly studies computer networks from a macro perspective, rather than sticking to the meaning of certain fields of a certain protocol.
First of all, starting from the local area network, understand the basic network of computer communication - Ethernet, how to communicate in the local area network? What is the difference between a hub and a switch? What are MAC addresses, IP addresses, subnets, and subnet masks used for?
Subsequently, the larger wide area network, the Internet, what is a network communication protocol, and the issue of communication protocol layering are quickly established through the seven-layer and four-layer models. The basic concept of computer networks, the role of each layer of protocols, which protocols are there, How these protocols are applied in today's Internet.
web-based
A very important part of network penetration is web security. To learn web security, you must first start with the basics of web front-end.
This section is very simple. It is to learn the most primitive web front-end three tricks: the development and use of HTML+CSS+JS, and lay the foundation for future learning of web-related security knowledge.
This section is relatively hands-on, and requires more hands-on web programming, especially familiarity with JavaScript, understanding what Ajax is, and learning the commonly used jQuery library, which is very basic in the front-end of the Web and common content.
database foundation
In the last part of the basic stage, you can come to some basic knowledge of the database.
At this stage, I mainly learn some theoretical knowledge, focusing on mastering concepts such as libraries, tables, and indexes, and then learn how to write SQL, and learn to add, delete, modify, and query data. Temporarily do not use programming to operate the database.
After passing the Stone Age, you have already accumulated some basic knowledge of computers: the use of operating systems, network protocols, front-end basics, and first knowledge of databases, but this is not enough to do network security. In the second bronze stage, you still need After learning the basics further, after the first stage, the difficulty will start to rise slowly.
The knowledge to be learned at this stage is:
advanced web
In the previous Stone Age, we had a preliminary contact with web programming and understood the basic principles of web pages. But at that time, it was a purely front-end, purely static web page, without touching the back-end. At this advanced stage, you have to start touching the content of the Web backend.
First, start from the two commonly used mainstream web servers, learn the basic knowledge of Apache and Linux, and then introduce the basic principles of dynamic web pages, transition from CGI/Fast-CGI to later dynamic web page technologies such as ASP/PHP/ASPX/JSP, and understand Their history, evolution and basic working principles.
Finally, learn some basic knowledge in web development: form operations, Session/Cookie, JWT, LocalStorage, etc., to understand what these basic terms mean, what they are used for, and what they solve.
PHP programming
To learn Web back-end development, you have to learn a back-end development language. In this section, choose to start with PHP.
But remember, choosing PHP here is not to let you engage in PHP back-end development in the future, nor does it mean how popular PHP is now, but under a specific historical background, PHP-related website security issues are very representative, so choose this language It is more convenient for us to study security issues.
Due to the different purposes of learning, the learning method is different from ordinary back-end development. Here we learn the basics of grammar, basic back-end request processing, database access, and then get in touch with the commonly used ThinkPHP framework. Of course, if you are interested, it is of course better to learn more.
Advanced Computer Networking
The second stage needs to enrich the study of computer network. This time, the focus is on HTTP/HTTPS and packet capture analysis.
You must master tcpdump on Linux, including common parameter configurations. Then focus on learning Wireshark to analyze data packets, and use Fiddler to capture and analyze encrypted HTTPS traffic.
By viewing the communication flow under the packet capture software, the understanding of the computer network changes from abstract to concrete.
Encryption and decryption technology
Next, let's learn about some codec technologies and encryption and decryption technologies that are often dealt with in the field of network security. Including base64 encoding, symmetric encryption, asymmetric encryption, hashing technology and so on.
Understand their basic concepts, what they are used for, what problems they solve, and finally understand their working principles.
Recommended book: "Encryption and Decryption"
Now we are entering the third stage—the Silver Age, and the exciting moment is coming. At this stage, we begin to learn the real network security technology in an all-round way. The foundation laid in the previous two stages will also be sent Useful.
The knowledge to be learned at this stage is:
Getting Started with Web Security
With the previous web front-end and PHP programming foundation, you can formally learn web security. Several typical attack methods in the field of web security: SQL injection, XSS, CSRF, various injections, SSRF, file upload vulnerabilities, etc., each of which needs to be studied in detail, while learning theory and hands-on practice.
Be careful not to use websites on the Internet to attack learning, this is an illegal act. You can build some websites that contain vulnerabilities in the virtual machine (there are many websites that can be downloaded and played on the Internet), and use the websites you built to practice.
Network scanning and injection
We have learned some attack methods of web security before, but these are not enough. When we face the attack target, how to find the attack point and obtain the target information is very important.
This information includes: what operating system the target is running, what ports are open, what services are running, what type of backend service is, what version information is, etc., and what vulnerabilities can be exploited. Only by obtaining this information can we target Predictively formulate attack methods and take down the target.
Common network information scanning includes port scanning, website background scanning, vulnerability scanning and so on. Need to learn common scanning tools and how they work.
Information Gathering & Social Engineering
In addition to the information that needs to be scanned above, in network security, it is often necessary to investigate a lot of information, such as website registration information, associated characters, content retrieval within the website, and so on. This requires learning and mastering related techniques of information gathering and social engineering.
Whois information is used to query domain name information, cyberspace search engines such as shodan, zoomeye, and fofa retrieve information behind IP, domain name, URL, etc. Google Hacking uses search engines to retrieve website internal information, these things are collected in network information Frequently used skills.
brute force
In a network attack, when the service opened by the target is scanned, the most direct thing is to log in. Common services include SSH, RDP, MySQL, Redis, web forms, and more.
At this time, brute force cracking usually comes in handy, by using a dictionary composed of common usernames and passwords of various services, and brute force cracking through programs.
Commonly used blasting tools include hydra, super weak passwords, and mimikatz, which are often used to obtain Windows system passwords.
In the last stage, I learned some security attack technologies. At this stage, I need to learn about security defense and security detection technologies. Security has both offensive and defensive aspects, and both are indispensable.
WAF technology
The first thing to learn is WAF - Web Application Firewall.
What Web security learns is to attack computer systems through Web technology, and WAF is to detect and defend against these security attacks. As the saying goes, knowing yourself and the enemy can win every battle. As an attacker, you must master the working principle of WAF and find weaknesses to bypass detection. As a defender, you need to continuously strengthen security detection and defense capabilities to effectively discover and defend against Web attacks.
It is necessary to learn the architecture adopted by the current mainstream WAF software such as openresty, modsecurity, and several main detection algorithms: feature-based, behavior-based, machine learning-based, etc.
Network Protocol Attack & Intrusion Detection
WAF is mainly aimed at Web-related security attacks. In this section, we will further expand our vision to the entire network protocol stack, such as TCP hijacking, DNS hijacking, DDoS attacks, DNS tunneling, ARP spoofing, ARP flooding, etc., which need to be mastered The principles of traditional classic attack methods and the practice of setting up an environment will lay the foundation for subsequent intranet penetration.
In addition, as the defensive side, you also need to learn security detection through network traffic analysis technology, understand commonly used network analysis technology, detection framework, rule syntax, and prepare for future security-related development or security defense work.
log technology
It is the most common behavior to discover attack behavior through logs. The attacker's web requests, system logins, brute-force cracking attempts, etc. will be recorded by various software in the system, and the attackers will often erase related logs after they succeed. Records, so learning to master these logs is a skill that both offensive and defensive teams need to learn.
Common logs include system login logs (Windows, Linux), web server logs, database logs, and so on.
Python programming
At this stage, it's time to learn some Python programming development. Although network security does not often need to do a lot of engineering development, it is very useful to master basic programming skills, which can be used to write crawlers, data processing, network scanning tools, vulnerability POC, etc., and among many programming languages, Python is undoubtedly is the most suitable.
browser security
The last part of this stage is to learn some browser-side security knowledge and consolidate browser-related vulnerability attacks in web security.
It is necessary to focus on mastering the two most mainstream browser features of IE and Chrome, what is the sandbox mechanism of the browser, same-origin policy and cross-domain technology, etc.
Third-Party Component Vulnerabilities
The previous web security-related attacks are classic techniques that have been used for many years. After years of development, they have become quite mature, and the number of related vulnerabilities is not as large as before. Many attacks now rely on various third-party component vulnerabilities. Completed, so study and study the vulnerabilities of these common third-party components. On the one hand, master these attack methods for use in actual combat. On the other hand, it is very helpful for the work of vulnerability mining.
The research objects mainly cover some engineering components actually used in the current Internet services, such as the Java technology stack series Spring Family Bucket, SSM, Redis, MySQL, Nginx, Tomcat, Docker, etc.
Intranet penetration
In network infiltration, after capturing a point, it is just the beginning. How to transfer and control more nodes after the infiltration is the scope of research and study of intranet penetration. A typical example is the Eternal Blue virus of the year, which spread rapidly through the SMB protocol loopholes, resulting in a large area of being infected.
There are many and complicated things to learn in intranet penetration, and the difficulty will increase a lot, but this is a very important part of network penetration, and you must chew more. This part has less theory and more practicality, and needs to build more environments to simulate learning.
Operating system security technology & privilege escalation technology & virtualization technology
penetrates into the computer through web and other means, due to various restrictions, there is often a demand for privilege escalation, and it also involves many contents closely related to the operating system security mechanism. Therefore, it is also necessary to learn some operating system security knowledge.
For example, the respective rights management mechanisms on Windows and Linux, methods of raising rights, commonly used vulnerabilities, tools, etc.
Finally, learn some knowledge about virtualization technology to deal with scenarios where you may need to escape from the virtual machine.
CobalStrike & MetaSploit
To engage in network penetration, these two artifacts are absolutely indispensable. The information scanning, vulnerability attack, intranet penetration, Trojan horse implantation, port bounce and other technologies learned earlier can be comprehensively used and integrated through these two artifacts. At the same time, these two tools are frequently used by major hacker teams.
Learning to use these two artifacts will greatly improve the attack efficiency, and it is a must-have choice for network infiltrators at home and traveling!
Other security technology development
At the later stage of network penetration, if you want to become a security master, you should not just stick to your own field of expertise, you need to learn more about other fields of network security to expand your knowledge.
Such as binary vulnerability attack, reverse engineering, Trojan horse technology, kernel security, mobile security, side channel attack, etc. Of course, when studying, you don’t need to go as deep as students in the professional direction, but you need to dabble and understand, enrich your knowledge, and build A comprehensive network security knowledge and skill stack.
Learning resource sharing
If you want to really go deep into the network security industry, simply list the contents in the book list. If you have any better ideas, welcome to comment in the comment area!
Computer and System Principles
"Coding: The Language Hidden Behind Computer Software and Hardware" [US] Charles Petzold
"In-depth Understanding of Computer Systems" [US] Randal E.Bryant
"In-depth Understanding of Windows Operating System" [US] Russinovich, ME; Solomon, DA·
"Linux Kernel Design and Implementation" [US] Robert Love
"In-depth Understanding of Android Kernel Design Ideas" Lin Xuesen "
Android System Source Code Scenario Analysis" Luo Shengyang
"In-depth Understanding of Mac OS X & iOS Operating Systems" [US] Jonathan Levin ·
"In-depth Understanding of Linux Kernel" 【US】DanielP.Bovet ·
"Code Secret: Exploring the Computer System from the Perspective of C/C++" Zuo Fei ·
"Android Dalvik Virtual Machine Structure and Mechanism Analysis (Volumes 1 and 2)" Wu Yanxia; Zhang Guoyin ·
"Android Internals::Power User's View" [US] Jonathan Levin, Chinese translation
"The Most Powerful Android Book: An Analysis of Architecture"
programming development
System Platform
Windows
"Windows Programming" [US] Charles Petzold
"Windows Core Programming" [US] Jeffrey Richter "
32-bit Assembly Language Programming in Windows Environment" Luo Yunbin "
Windows Driver Development Technology Detailed Explanation" Zhang Fan
Linux/Unix
"Advanced Programming in UNIX Environment" [US] W.Richard Stevens; Stephen A.Rago
"Linux Programming" [US] Neil Matthew; Richard Stones
"Linux Device Drivers" [US] Jonathan Corbet; Alessandro Rubini; Gerg Kroah -Hartman
macOS/iOS
"iOS Programming" [US] Christian Keur; Aaron Hillegass
"OS X and iOS Kernel Programming) [Australia] Halvorsen, OH; Clarke, D
Android
"The First Line of Code - Android" Guo Lin
"The Definitive Guide to Android Programming" [US] Brian Hardy; BillPhillips
programming language C
"C Language Programming" [US] Brian W.Kernighan; Dennis M.Ritchie
"C Primer Plus" [US] Stephen Prata, an introductory book
"C and pointers" [US] Kenneth A.Reek
"C traps and Defects"【US】Andrew Koenig ·
"C Expert Programming"【US】Peter van der Linden
C++
"C++ Primer Plus" [US] Stephen Prata, an introductory book
"C++ Primer" [US] Stanley B.Lippman; Josée Lajoie; Barbara E.Moo, an advanced book
ASM
"Intel Assembly Language Programming" [US] Kip Irvine
"Intel Development Manual"
"Assembly Language (3rd Edition)" Wang Shuang
"x86 Assembly Language: From Real Mode to Protected Mode" Li Zhong
Java
"Java Core Technology" [US] Cay S.Horstmann; Gary Cornell, an introductory book
"Java Programming Thoughts" [US] Bruce eckel, an advanced book
JavaScript
"JavaScript DOM Programming Art" [US] Jeremy Keith; [PLA] Jeffrey Sambells
"JavaScript Advanced Programming" [US] Zakas.Bicholas C.
"Vue.js Project Development Combat" Zhang Fan
Python
· "Python Core Programming (Second Edition)" [US] Wesley J Chun
· "Linux Shell Scripting Guide" [India] Sarath Lakshman
Debugging technology
· "Software Debugging" Zhang Yinkui
· "Debug Hacks" [Japan] Yoshioka Hiroshi; Yamato Kazuhiro; Oiwa Naohiro; Abe Toyo
;
Data Structures and Algorithms
"Data Structure and Algorithm Analysis - C Language Description" [US] Mark Allen Weiss ·
"Introduction to Algorithms" [US] Thomas H.Cormen; Chales E.Leiserson; Ronald l.Rivest ·
"My First Algorithm Book" [Japan] Miyazaki Shuichi; Ishida Yasuki, an introductory book, diagramming without code ·
"Algorithm Diagram: An Introductory Book on Algorithms as Interesting as a Novel" [US] Aditya Bhargava
Compilation principle
· "Compilation System Perspective: Graphical Compilation Principles" new design team, introductory book
"Compilation Principles" (Dragon Book) [US] Alfered V.Aho; Monica S.Lam; Ravi Sehi; Jeffrey
D.Ullmam Compilation Technology Practical Combat" Pang Jianmin
other
"Programming Proverbs" Liang Zhaoxin
"The Way to Clean Code" [US] Robert C.Martin
"Code Encyclopedia" [US] Steve McConnell
"Refactoring: Improving the Design of Existing Code" [US] Martin Fowler
network technology
"TCP/IP Detailed Explanation (Volume 1: Protocol)" [US] Kevin R.fall; W.Richard Stevens
"Wireshark Packet Analysis in Practice" [US] Chris Sanders
Security Technology
Security Development
"Day Book Night Reading: From Assembly Language to Windows Kernel Programming" Tan Wen; Shao Jianlei ·
"Rootkit: The Lurker in the Gray Area of the System" [US] Bill Blunden ·
"Rootkits——Windows Kernel Security Protection" [US] Gerg Hoglund; James Butler ·
"BSD ROOTKIT Design - Kernel Hacker Guidebook" [US] Joseph Kong ·
"Fishing in the Cold River: Windows Kernel Security Programming" Tan Wen; Yang Xiao; Shao Jianlei
Reverse Engineering
"Encryption and Decryption" Duan Gang ·
"Malware Analysis Knacks and Toolbox - Techniques and Weapons Against "Rogue" Software" [US] Michael Hale Ligh; Steven Adair · "C++ Disassembly and Reverse Analysis Technology Revealed" Qian Lin Song; Zhao Haixu
"IDA Authoritative Guide" [US] Chris Eagle
"Reverse Engineering Authoritative Guide" [Ukraine] Dennis Yurichev, Multi-platform Introduction Encyclopedia
"Android Software Security and Reverse Analysis" Feng Shengqiang "
macOS Software Security and Reverse Engineering Analysis" Feng Shengqiang ·
"iOS Application Reverse Engineering (Second Edition)" Sha Zishe; Wu Hang
web security
"Hacking Attack and Defense Technology Collection: Web Practical Combat" [US] Marcus Pinto, Dafydd Stuttard ·
"White Hats Talk about Web Security" Wu Hanqing ·
"Web Security Testing" [US] Paco Hope; Ben Waltber ·
"Web Front-end Hacking Technology Revealed" Zhong Chenming ;Xu Shaopei ·
"Proficient in Script Hackers" Zeng Yunhao
Software/System Security
"0day Security: Software Vulnerability Analysis Technique (Second Edition)" Wang Qing, an introductory book
"Vulnerability War: Essentials of Software Vulnerability Analysis" Lin Yaquan, an advanced book
"Catching Bugs Diary" [Germany] Tobias Klein, an advanced book ·
"Hacker Defense 2009 Buffer Overflow Attack and Prevention Special" ·
"Utilization and Prevention of Kernel Vulnerabilities" [US] Enrico Perla; Massimiliano Oldani ·
"Fuzzing for Software Security Testing and Quality Assurance (2nd Edition)" [US] Charlie Miller, in the translation of the blog post.
"iOS Hackers' Handbook" [US] Charlie Miller, the Chinese version is not recommended.
"The Mac Hacker's Handbook" [US] Charlie Miller.
"The Authoritative Guide to Android Security Attack and Defense" [US] Joshua J.Drake; 【West】Pau Oliva Fora; 【US】Collin Mulliner·
《The Art of Softwar Security Assessment: Identifying and Preventing Software Vulnerabilities》【America】Mark Dowd·
《Android Security Cookbook》【America】Keith Makan; Scott Alexander-Bown, China Translation
"Android Security Attack and Defense Actual Combat" ·
"Fuzz Testing - Mandatory Security Vulnerability Mining" 【US】Michael Mutton·
"Exploit Writing Series Tutorials" 【US】Corelan Team·
"MacOS and iOS Internals, Volume Ⅲ: Security & Insecurity" [US] Jonathan Levin, blog post perspective translation
"Grey Hat Hackers: Ethics, Penetration Testing, Attack Methods and Vulnerability Analysis Techniques for Justice Hackers" [US] Allen Harper ; Shon Harris · "Threat Modeling: Designing and Delivering More Secure Software" [US] Adam Shostack
radio safety
"Radio Security Attack and Defense Revealed" Yang Qing; Huang Lin
hardware security
"Hardware Security Attack and Defense Revealed" Jian Yunding, Yang Qing
car safety
"Smart Car Security Attack and Defense Revealed" Li Jun; Yang Qing "Car Hacker Exposure" [USA] Craig Smith
operation and maintenance
"Docker Technology Introduction and Practical Combat" Yang Baohua; Dai Wangjian; Cao Yalun
"Bird Brother's Linux Private Kitchen" Bird Brother
I have also compiled some network security information for you below. If you don’t want to find them one by one, you can refer to these information.
video tutorial
SRC&Hacking Technical Documentation
Hacking Tools Collection