The reason why I wrote this article is that with the development of the great era, our profession is getting more and more attention. Therefore, I also want to use some of my humble opinions to help friends who want to get started in network security.
1. About online training
If you want to gain knowledge quickly, training is undoubtedly the fastest and most effective shortcut. First, the things taught are very superficial, and self-study is fast. Second, the price is very high. Third, what the lecturer talks about is his understanding. You can’t learn as deeply as you have learned, which leads to the inability to iterate what you learn later and adapt to new things. In summary, whether it’s the web or Intranet, or code audit, ctf.
2. Self-study
This is very difficult. You just started in one direction. You don’t know anything. You want to learn everything, but you don’t know what to spend time learning. Is it useful? Even if it is useful, how the hell do I know what I learned? Sample. I say one by one
What are you taking the time to learn?
To answer this question, we need to roughly understand the direction of network security & penetration, for example
For example, if I want to learn network attack and defense, then I need to understand some common web vulnerabilities, such as sql injection, xss vulnerability, ssrf vulnerability, and master information collection, right, and the use of some tools, right, such as burpsuit, sqlmap, xray And other tools This is the most basic. If you want to further improve, you may need to master some basic codes, such as how to detour when the code for executing commands in php is disabled, some deserialization of php, simple code analysis, and auditing. The in-depth utilization of vulnerabilities, such as how to bypass uploads, how to fight against waf, and the recurrence of the latest vulnerabilities, has the core idea of penetration and keeps changing on the basis of vulnerabilities. If you want to continue to improve, you need to have enough experience. Seeing unfamiliar cms, it is speculated that xxx has changed it twice. Audit the code, research a direction to find 0day, and follow the current general direction of security attack and defense. It turns out that injection is very popular. Until now All kinds of deserialization, java vulnerabilities (shiro, fastjson), memory horses can follow the general direction of research, and have their own opinions.
Then I start learning from the beginning, I have to learn the owasp top10 loopholes, find the environment to reproduce by myself, understand the principle, and then operate it, and then find some cms with problems, set up the environment to emerge by myself, and usually look at the forum, such as security guest, prophet, t00ls and other forums. Some people will ask, so do I learn js, html, or network protocol. First of all, many idiots on the Internet tell you to learn, I just want to say, learn a chicken 8, about js, the role of infiltration is nothing more than looking at the js of the web page to find information, some password encryption and decryption, or the existence of xss, we can According to js to pop-up fishing, and there is source code on github, why do you learn from him? When we reach a certain level, there will be some projects to drive you to learn, but when you reach this level, the process of your halfway experience will vaguely give you a general understanding of the framework of the language. As for html, what I use most is that some cms may have backdoors (uploads) or csrf, we need to construct html by ourselves, csrf can use burpsuit, the only html needs to learn a little bit about submit, network protocol, when you use burpsuit For packet capture, the agent will be exposed to this aspect. As for the tcp handshake, it is basically not used for offense and defense, and the arp spoofing is really not used. As for the intranet, it needs to be continuously accumulated and set up the environment by itself, step by step. Because I am learning offense and defense with 0 basics, all I talk about are my own opinions. Of course, this is a case of offense and defense, and there are many directions.
For example, reverse engineering, binary (pwn, vulnerability research/mining, horse writing), apt, security service (also divided into on-site, network attack and defense, security research), security operation (basically more parties, Enterprise security construction), security products (ids, edr, firewall, etc.), re-insurance, etc.
Cyber Security Learning Path
The first stage: getting started with basic operations and learning basic knowledge
The first step to getting started is to learn some current mainstream security tool courses and supporting books on basic principles. Generally speaking, this process takes about 1 month.
At this stage, you already have a basic understanding of cybersecurity. If you have finished the first step, I believe you have theoretically understood the above is sql injection, what is xss attack, and you have also mastered the basic operations of security tools such as burp, msf, and cs. The most important thing at this time is to start laying the foundation!
The so-called "foundation" is actually a systematic study of basic computer knowledge. If you want to learn network security well, you must first have 5 basic knowledge modules:
1. Operating system
2. Protocol/Network
3. Database
4. Development language
5. Principles of Common Vulnerabilities
What is the use of learning these basics?
The level of knowledge in various fields of computer determines the upper limit of your penetration level.
[1] For example: if you have a high level of programming, you will be better than others in code auditing, and the exploit tools you write will be easier to use than others;
[2] For example: if you have a high level of database knowledge, then when you are conducting SQL injection attacks, you can write more and better SQL injection statements, which can bypass WAF that others cannot bypass;
【3】For example: if your network level is high, then you can understand the network structure of the target more easily than others when you infiltrate the internal network. You can get a network topology to know where you are, and get the configuration of a router. file, you will know what routes they have made;
【4】For another example, if your operating system is good, your privilege will be enhanced, your information collection efficiency will be higher, and you can efficiently filter out the information you want.
The second stage: practical operation
1. Mining SRC
The purpose of digging SRC is mainly to put the skills into practice. The biggest illusion of learning network security is to feel that you know everything, but when it comes to digging holes, you can’t do anything. SRC is a very good opportunity to apply skills.
2. Learn from technical sharing posts (vulnerability mining type)
Watch and study all the 0day mining posts in the past ten years, and then build an environment to reproduce the loopholes, think and learn the author's digging thinking, and cultivate your own penetrating thinking
3. Range practice
Build a shooting range by yourself or go to a free shooting range website to practice. If you have the conditions, you can buy it or apply to a reliable training institution. Generally, there are supporting shooting range exercises.
Phase 3: Participate in CTF competitions or HVV operations
Recommended: CTF Competition
CTF has three points:
【1】A chance close to actual combat. Now the network security law is very strict, unlike before, everyone can mess around
[2] Topics keep up with the frontiers of technology, but many books lag behind
【3】If you are a college student, it will be very helpful for finding a job in the future
If you want to play a CTF competition, go directly to the competition questions, if you don’t understand the competition questions, go to the information according to what you don’t understand
Recommended: HVV (network protection)
HVV has four points:
[1] It can also greatly exercise you and improve your own skills. It is best to participate in the HVV action held every year
【2】Be able to meet many bigwigs in the circle and expand your network
【3】The salary of HVV is also very high, so you can earn a lot of money if you participate
[4] Like the CTF competition, if you are a college student, it will also be very helpful for finding a job in the future
Fourth, the recommendation of learning materials
Book list recommendation:
Computer operating system:
[1] Coding: the language hidden behind computer software and hardware
【2】In-depth understanding of the operating system
【3】In-depth understanding of windows operating system
【4】Linux kernel and implementation
Programming development class:
【1】windows programming
【2】windwos core becomes
【3】Linux programming
【4】Unix environment advanced into
【5】IOS becomes
[6] The first line of code Android
【7】C programming language design
【8】C primer plus
[9] C and pointers
[10] C expert programming
[11] C traps and defects
[12] Assembly language (Wang Shuang)
【13】java core technology
【14】java programming ideas
【15】Python core programming
[16] Linux shell script strategy
[17] Introduction to Algorithms
[18] Compilation principle
[19] Compilation and decompilation technology practice
[20] The way to clean code
[21] Code Encyclopedia
[22] TCP/IP Detailed Explanation
【23】Rootkit: Lurkers in the gray area of the system
【24】Hacking Attack and Defense Technology Collection
【25】Encryption and decryption
【26】C++ Disassembly and Reverse Analysis Technique Revealed
[27] web security testing
【28】White hat talks about web security
【29】Proficient in script hacking
【30】Web front-end hacking technology secret
[31] Programmer's application
【32】English Writing Handbook: Elements of Style
Common Internet Security and Forums
Kanxue Forum
Safety Class
Safety Niu
Safety Internal Reference
Green League
Prophet Community
XCTF Alliance
I have also compiled some network security information for you below. If you don’t want to find them one by one, you can refer to these information.
video tutorial
SRC&Hacking Technical Documentation
Hacking Tools Collection