foreword
This article is relatively long~~Be patient and read it~
Is Internet Security Really That Good?
As far as I know, there is a huge shortage of network security talents in my country. It is estimated that the talent gap in this area will reach 3.27 million in 2023. I only have more than 20,000 college students in this area every year. Now all governments and enterprises are developing digital transformation, and they are also coveting talents in network security. Therefore, it is a good choice for everyone to choose the direction of network security. As long as there is the Internet, network security needs someone to maintain it. The development prospects of the industry good!
Judging from the current development trend, under the impetus of the Industrial Internet, network security will receive more and more attention in the future. On the one hand, the Industrial Internet has further promoted the combination of the Internet and the physical field, which has obviously expanded the boundaries of traditional network applications. , which also makes network security more and more influential on industrial scenarios. On the other hand, driven by the new infrastructure plan, a large number of social resources and industrial resources will be fully digitized in the future, which will inevitably pose more challenges to network security. Require.
Network security talent training model
From the perspective of the current talent training system, the training of network security talents includes both undergraduate education and junior college education, as well as postgraduate education. Therefore, there are still many ways to become network security talents. Choose different education methods according to the actual situation. For current professionals, if conditions permit, it is a good choice to enter the field of network security through postgraduate study. In recent years, the employment situation of graduate students in the field of network security is still good.
Compared with the era
of consumer Internet, in the era of industrial Internet, the technical system of network security will fully expand to emerging fields such as the Internet of Things, big data and artificial intelligence, and the technologies in these emerging fields are still in rapid development. In the process, the security requirements in these areas are also more urgent. Taking big data as an example, big data will comprehensively promote the process of data value, and big data itself will create a huge value space based on data value, but if there is no security as a guarantee, big data will not go far.
Because network security is related to many technical systems, it involves a lot of content. For example, the device layer, network layer, platform layer, data layer and application layer of the Internet of Things have corresponding security requirements, so learning network security often It requires a systematic learning process, and the learning difficulty is relatively high. Since the development potential of the Internet of Things in the 5G era is very great, and as an important carrier, the Internet of Things can carry technologies such as big data, cloud computing, and artificial intelligence, so it is a good choice to develop in the direction of Internet of Things security.
From the perspective of the demand for security talents in the field of Internet of Things, there is a large demand for talents in the field of industrial applications. The entry threshold for these positions is not high. The key work content lies in the design, deployment and maintenance of network security solutions, such as various firewalls. Equipment safety and debugging, etc., these contents can usually be mastered smoothly after a systematic learning process. The key point is that more experiments must be done.
Network security can be further subdivided, and can also be divided into: network penetration, reverse analysis, vulnerability attack, kernel security, mobile security, cracking PWN and many other sub-directions. Today's article is mainly aimed at the direction of network penetration. Other directions are for reference only. The learning routes are not exactly the same. If I have a chance, I will sort it out separately.
How to get started learning network security
Learning network security requires a solid basic knowledge of computer and network. If you want to engage in research and development positions in the field of network security in the future, you also need to have a solid mathematical foundation. Since the overall amount of knowledge is very large, learning network security should first have its own learning entry point. For those with strong hands-on ability, they can start with basic network knowledge, and then relevant knowledge.
route map
Let’s take a look at an overall roadmap first, and get a preliminary understanding of what knowledge needs to be learned in this direction
I have divided a total of six stages, but it does not mean that you have to learn all of them before you can start working. For some junior positions, it is enough to learn the third and fourth stages.
Come on, don't talk much, let's learn together and witness the journey from bronze to king!
The first stage of Black Iron (Qi training period) - the Stone Age, is aimed at pure novice Xiaobai who has just entered the arena. At this stage, it is mainly to lay the foundation, and there are five parts to learn:
Some basic commands on Windows
, the use of PowerShell and simple scripting, and the use of several important components that Windows will often deal with in the future: registry, group policy manager, task manager, event viewer, etc.
In addition, learn to build a virtual machine on Windows, learn to install the system, and prepare for the next learning of Linux.
For Linux
network security, it is inevitable to deal with Linux frequently. I have seen many newcomers follow some training courses to learn Kali as soon as they come up. I am eager to learn Kali without even establishing the basic Linux concepts. This is learning to run before I can walk, which is putting the cart before the horse.
In the basic stage, it mainly focuses on usage, learning commands related to text editing, files, networks, permissions, disks, users, etc., and has a basic understanding of Linux.
Computer Network
Network security, computer network is certainly very important to exist. As a basic stage, this section mainly studies computer networks from a macro perspective, rather than sticking to the meaning of certain fields of a certain protocol.
First of all, starting from the local area network, understand the basic network of computer communication - Ethernet, how to communicate in the local area network? What is the difference between a hub and a switch? What are MAC addresses, IP addresses, subnets, and subnet masks used for?
Then it leads to a larger wide area network, the Internet, what is a network communication protocol, and the layering of communication protocols. Through the seven-layer and four-layer models, the basic concepts of computer networks are quickly established, the functions of each layer of protocols, and which protocols are there. How the protocol is applied in today's Internet.
Web Basics
A very important part of network penetration is Web security. To learn Web security, you must first start with the basics of the Web front-end.
This section is very simple. It is to learn the most primitive web front-end three tricks: the development and use of HTML+CSS+JS, and lay the foundation for future learning of web-related security knowledge.
This section is relatively practical and hands-on. You need to do some web programming by yourself, especially the familiarity with JavaScript, understand what Ajax is, and learn about the commonly used jQuery library. Commonly used content.
Database Basics
In the last part of the basic stage, you can come to some basic knowledge of databases.
At this stage, I mainly learn some theoretical knowledge, focusing on mastering concepts such as libraries, tables, and indexes, and then learn how to write SQL, and learn to add, delete, modify, and query data. Temporarily do not use programming to operate the database.
Bronze (foundation period)
has gone through the Stone Age, and you have already reserved some basic computer knowledge: the use of operating systems, network protocols, front-end basics, and initial knowledge of databases, but this is not enough to do network security. In the second bronze In the first stage, you still need to learn the basics further. After the first stage, the difficulty will start to rise slowly.
The knowledge to be learned at this stage is:
Advanced Web
In the previous stone age, we had a preliminary contact with web programming and understood the basic principles of web pages. But at that time, it was a purely front-end, purely static web page, without touching the back-end. At this advanced stage, you have to start touching the content of the Web backend.
First, start from the two commonly used mainstream web servers, learn the basic knowledge of Apache and Linux, and then introduce the basic principles of dynamic web pages, transition from CGI/Fast-CGI to later dynamic web page technologies such as ASP/PHP/ASPX/JSP, and understand Their history, evolution and basic working principles.
Finally, learn some basic knowledge in web development: form operations, Session/Cookie, JWT, LocalStorage, etc., to understand what these basic terms mean, what they are used for, and what they solve.
PHP programming
To learn Web back-end development, you have to learn a back-end development language. In this section, choose to start with PHP.
But remember, choosing PHP here is not to let you engage in PHP back-end development in the future, nor does it mean how popular PHP is now, but under a specific historical background, PHP-related website security issues are very representative, so choose this language It is more convenient for us to study security issues.
Due to the different purposes of learning, the learning method is different from ordinary back-end development. Here we learn the basics of grammar, basic back-end request processing, database access, and then get in touch with the commonly used ThinkPHP framework. Of course, if you are interested, it is of course better to learn more.
The second stage of advanced computer network
needs to enrich the study of computer network. This time, the focus is on HTTP/HTTPS and packet capture analysis.
You must master tcpdump on Linux, including common parameter configurations. Then focus on learning Wireshark to analyze data packets, and use Fiddler to capture and analyze encrypted HTTPS traffic.
By viewing the communication flow under the packet capture software, the understanding of the computer network changes from abstract to concrete.
Encryption and decryption technology
Next, let's learn about some codec technologies and encryption and decryption technologies that are often dealt with in the field of network security. Including base64 encoding, symmetric encryption, asymmetric encryption, hashing technology and so on.
Understand their basic concepts, what they are used for, what problems they solve, and finally understand how they work.
Recommended book: "Encryption and Decryption"
Silver (the knot stage)
is now entering the third stage - the Silver Age, and the exciting moment is coming. At this stage, we have begun to fully learn the real network security technology. The foundation laid in the previous two stages, in This stage will also come in handy.
The knowledge to be learned at this stage is:
Introduction to Web Security
With the previous Web front-end and PHP programming foundation, you can formally learn Web security. Several typical attack methods in the field of web security: SQL injection, XSS, CSRF, various injections, SSRF, file upload vulnerabilities, etc., each of which needs to be studied in detail, while learning theory and hands-on practice.
Be careful not to use websites on the Internet to attack learning, this is an illegal act. You can build some websites that contain vulnerabilities in the virtual machine (there are many websites that can be downloaded and played on the Internet), and use the websites you built to practice.
Network Scanning and Injection
We have learned some web security attack methods, but these are not enough. When we face the attack target, how to find the attack point and obtain the target information is very important.
This information includes: what operating system the target is running, what ports are open, what services are running, what type of backend service is, what version information is, etc., and what vulnerabilities can be exploited. Only by obtaining this information can we target Predictively formulate attack methods and take down the target.
Common network information scanning includes port scanning, website background scanning, vulnerability scanning and so on. Need to learn common scanning tools and how they work.
Information Collection & Social Engineering
In addition to the information that needs to be scanned above, in network security, it is often necessary to investigate a lot of information, such as website registration information, associated characters, content retrieval within the website, and so on. This requires learning and mastering related techniques of information gathering and social engineering.
Whois information is used to query domain name information, cyberspace search engines such as shodan, zoomeye, and fofa retrieve information behind IP, domain name, URL, etc. Google Hacking uses search engines to retrieve website internal information, these things are collected in network information Frequently used skills.
Brute Force Cracking
In a network attack, when the open service of the target is scanned, the most direct thing is to log in. Common services include SSH, RDP, MySQL, Redis, web forms, and more.
At this time, brute force cracking usually comes in handy, by using a dictionary composed of common usernames and passwords of various services, and brute force cracking through programs.
Commonly used blasting tools include hydra, super weak passwords, and mimikatz, which are often used to obtain Windows system passwords.
In the last stage of the golden (Yuanying period)
, I learned some security attack technologies. At this stage, I need to learn security defense and security detection technologies. Security has both offensive and defensive aspects, and both are indispensable.
WAF technology
The first thing to learn is WAF - Web Application Firewall.
What Web security learns is to attack computer systems through Web technology, and WAF is to detect and defend against these security attacks. As the saying goes, knowing yourself and the enemy can win every battle. As an attacker, you must master the working principle of WAF and find weaknesses to bypass detection. As a defender, you need to continuously strengthen security detection and defense capabilities to effectively discover and defend against Web attacks.
It is necessary to learn the architecture adopted by the current mainstream WAF software such as openresty, modsecurity, and several main detection algorithms: feature-based, behavior-based, machine learning-based, etc.
Network Protocol Attacks & Intrusion Detection
WAF is mainly aimed at Web-related security attacks. In this section, we will further expand our vision to the entire network protocol stack, including TCP hijacking, DNS hijacking, DDoS attacks, DNS tunneling, ARP spoofing, and ARP flooding. Wait, you need to master the principles of these traditional classic attack methods, build an environment for practice, and lay the foundation for subsequent intranet penetration.
In addition, as the defensive side, you also need to learn security detection through network traffic analysis technology, understand commonly used network analysis technology, detection framework, rule syntax, and prepare for future security-related development or security defense work.
Log technology
is the most common behavior to discover attack behavior through logs. The attacker’s web request, system login, brute force cracking attempt, etc. will be recorded by various software in the system, and the attacker will often erase the relevant Log records, so learning to master these logs is a skill that both offensive and defensive teams need to learn.
Common logs include system login logs (Windows, Linux), web server logs, database logs, and so on.
Python Programming
At this stage, it's time to learn some Python programming development. Although network security does not often need to do a lot of engineering development, it is very useful to master basic programming skills, which can be used to write crawlers, data processing, network scanning tools, vulnerability POC, etc., and among many programming languages, Python is undoubtedly is the most suitable.
Browser Security
The last part of this stage is to learn some security knowledge on the browser side, and consolidate browser-related vulnerability attacks in web security.
It is necessary to focus on mastering the two most mainstream browser features of IE and Chrome, what is the sandbox mechanism of the browser, same-origin policy and cross-domain technology, etc.
Platinum (Hua Shen period)
third-party component vulnerabilities The
previous web security-related attacks have been classic techniques for many years. After years of development, they have become quite mature, and the number of related vulnerabilities is not as large as before. Now most of the attacks are It is done by relying on various third-party component vulnerabilities, so learning and researching the vulnerabilities of these common third-party components, on the one hand, mastering these attack methods for use in actual combat, on the other hand, understanding by analogy, is also very useful for the work of vulnerability mining helpful.
The research objects mainly cover some engineering components actually used in the current Internet services, such as the Java technology stack series Spring Family Bucket, SSM, Redis, MySQL, Nginx, Tomcat, Docker, etc.
Intranet penetration
In network penetration, after capturing a point, it is just the beginning. How to transfer and control more nodes after the penetration is the scope of research and study of intranet penetration. A typical example is the Eternal Blue virus of the year, which spread rapidly through the SMB protocol loopholes, resulting in a large area of being infected.
There are many and complicated things to learn in intranet penetration, and the difficulty will increase a lot, but this is a very important part of network penetration, and you must chew more. This part has less theory and more practicality, and needs to build more environments to simulate learning.
Operating system security technology & privilege escalation technology & virtualization technology
penetrates into the computer through web and other means, due to various restrictions, there is often a demand for privilege escalation, and it also involves many contents closely related to the operating system security mechanism. Therefore, it is also necessary to learn some operating system security knowledge.
For example, the respective rights management mechanisms on Windows and Linux, methods of raising rights, commonly used vulnerabilities, tools, etc.
Finally, learn some knowledge about virtualization technology to deal with scenarios where you may need to escape from the virtual machine.
The king (ascension!)
CobalStrike & MetaSploit
engage in network penetration, these two artifacts are absolutely indispensable. The information scanning, vulnerability attack, intranet penetration, Trojan horse implantation, port bounce and other technologies learned earlier can be comprehensively used and integrated through these two artifacts. At the same time, these two tools are frequently used by major hacker teams.
Learning to use these two artifacts will greatly improve the attack efficiency, and it is a must-have choice for network infiltrators at home and traveling!
Other security technologies have expanded
to the late stage of network penetration. If you want to become a security expert, you must not just rest in your own field of expertise. You need to learn more about other fields of network security to expand your knowledge.
Such as binary vulnerability attack, reverse engineering, Trojan horse technology, kernel security, mobile security, side channel attack, etc. Of course, when studying, you don’t need to go as deep as students in the professional direction, but you need to dabble and understand, enrich your knowledge, and build A comprehensive network security knowledge and skill stack.
Sharing of learning resources
If you want to really cultivate in the network security industry, briefly list the contents in the book list. If you have any better ideas, welcome to the comment area to communicate!
Computer and System Principles
"Coding: The Language Hidden Behind Computer Software and Hardware" [US] Charles Petzold
"In-depth Understanding of Computer Systems" [US] Randal E.Bryant
"In-depth Understanding of Windows Operating System" [US] Russinovich, ME; Solomon, DA·
"Linux Kernel Design and Implementation" [US] Robert Love
"In-depth Understanding of Android Kernel Design Ideas" Lin Xuesen "
Android System Source Code Scenario Analysis" Luo Shengyang
"In-depth Understanding of Mac OS X & iOS Operating Systems" [US] Jonathan Levin ·
"In-depth Understanding of Linux Kernel" 【US】DanielP.Bovet ·
"Code Secret: Exploring the Computer System from the Perspective of C/C++" Zuo Fei ·
"Android Dalvik Virtual Machine Structure and Mechanism Analysis (Volumes 1 and 2)" Wu Yanxia; Zhang Guoyin ·
"Android Internals::Power User's View" [US] Jonathan Levin, Chinese translation
"The Most Powerful Android Book: An Analysis of Architecture"
Programming Development
System Platform
Windows
"Windows Programming" [US] Charles Petzold
"Windows Core Programming" [US] Jeffrey Richter "
32-bit Assembly Language Programming in Windows Environment" Luo Yunbin "
Windows Driver Development Technology Detailed Explanation" Zhang Fan
Linux/Unix
"Advanced Programming in UNIX Environment" [US] W.Richard Stevens; Stephen A.Rago
"Linux Programming" [US] Neil Matthew; Richard Stones
"Linux Device Drivers" [US] Jonathan Corbet; Alessandro Rubini ;Gerg Kroah-Hartman
macOS/iOS
"iOS Programming" [US] Christian Keur; Aaron Hillegass
"OS X and iOS Kernel Programming) [Australia] Halvorsen, OH; Clarke, D
Android
"The First Line of Code - Android" Guo Lin
"The Definitive Guide to Android Programming" [US] Brian Hardy; BillPhillips
Programming Language C
"C Language Programming" [US] Brian W.Kernighan; Dennis M.Ritchie
"C Primer Plus" [US] Stephen Prata, Introductory Books
"C and Pointers" [US] Kenneth A.Reek
" C Pitfalls and Flaws "[US] Andrew Koenig ·
"C Expert Programming" [US] Peter van der Linden
C++
"C++ Primer Plus" [US] Stephen Prata, an introductory book
"C++ Primer" [US] Stanley B.Lippman; Josée Lajoie; Barbara E.Moo, an advanced book
ASM
"Intel Assembly Language Programming" [US] Kip Irvine
"Intel Development Manual"
"Assembly Language (3rd Edition)" Wang Shuang
"x86 Assembly Language: From Real Mode to Protected Mode" Li Zhong
Java
"Java Core Technology" [US] Cay S.Horstmann; Gary Cornell, introductory books
"Java Programming Thoughts" [US] Bruce eckel, advanced books
JavaScript
"JavaScript DOM Programming Art" [US] Jeremy Keith; [PLA] Jeffrey Sambells
"JavaScript Advanced Programming" [US] Zakas.Bicholas C.
"Vue.js Project Development Combat" Zhang Fan
Python
"Python Core Programming (Second Edition)" [US] Wesley J Chun
Shell
· "Linux Shell Scripting Guide" [Print] Sarath Lakshman
Debugging Technology
· "Software Debugging" Zhang
Yinkui · "Debug Hacks" [Japan] Hiroshi Yoshioka
;
Data Structure and Algorithm
"Data Structure and Algorithm Analysis - C Language Description" [US] Mark Allen Weiss
"Introduction to Algorithms" [US] Thomas H.Cormen; Chales E.Leiserson; Ronald l.Rivest "
My First This Algorithm Book" [Japan] Shuichi Miyazaki; Yasuhiro Ishida, introductory book, diagrams without code "
Graphic Algorithms: An Introductory Book on Algorithms as Interesting as a Novel" [US] Aditya Bhargava
Principles of Compilation
· "Perspective of Compilation System: Graphic Compilation Principles" new design team, introductory book
"Principles of Compilation" (Dragon Book) [US] Alfered V.Aho; Monica S.Lam; Ravi Sehi
; Practical combat with decompilation technology" Pang Jianmin
Others
· "Programming Proverbs" Liang Zhaoxin
· "Clean Code" [US] Robert C.Martin
"Code Encyclopedia" [US] Steve McConnell
· "Refactoring: Improving the Design of Existing Code" [US] Martin Fowler
Network Technology
"TCP/IP Detailed Explanation (Volume 1: Protocol)" [US] Kevin R.fall; W.Richard Stevens
"Wireshark Packet Analysis in Practice" [US] Chris Sanders
Security Technology
Security Development
"Day Book Night Reading: From Assembly Language to Windows Kernel Programming" Tan Wen; Shao Jianlei ·
"Rootkit: The Lurker in the Gray Area of the System" [US] Bill Blunden ·
"Rootkits——Security Protection of Windows Kernel" [US] 】Gerg Hoglund; James Butler·
"BSD ROOTKIT Design - Kernel Hacker Guidebook" 【US】Joseph Kong·
"Fishing in the Cold River: Windows Kernel Security Programming" Tan Wen; Yang Xiao; Shao Jianlei
Reverse Engineering
"Encryption and Decryption" Duan Gang ·
"Malware Analysis Knacks and Toolbox - Techniques and Weapons Against "Rogue" Software" [US] Michael Hale Ligh; Steven Adair · "C++ Disassembly and Reverse Analysis Technology Secret" Qian Linsong; Zhao Haixu ·
"IDA Authoritative Guide" [US] Chris Eagle ·
"Reverse Engineering Authoritative Guide" [Ukraine] Dennis Yurichev, multi-platform entry encyclopedia ·
"Android Software Security and Reverse Analysis" Feng Shengqiang ·
"macOS Software Security and Reverse Analysis" Feng Shengqiang ·
"iOS Application Reverse Engineering (2nd Edition)" Sha Zishe; Wu Hang
Web Security
"Hacking Attack and Defense Technology Collection: Web Practical Combat" [US] Marcus Pinto, Dafydd Stuttard ·
"White Hats Talk about Web Security" Wu Hanqing ·
"Web Security Testing" [US] Paco Hope; Ben Waltber ·
"Web Front-end Hacking Technology Revealed" "Zhong Chenming; Xu Shaopei
"Proficient in Script Hacker" Zeng Yunhao
Software/System Security
"0day Security: Software Vulnerability Analysis Technique (2nd Edition)" Wang Qing, an introductory book
"Vulnerability War: Essentials of Software Vulnerability Analysis" Lin Yaquan, an advanced book
"Catching Bugs Diary" [Germany] Tobias Klein , Advanced Books ·
"Hacker Defense 2009 Buffer Overflow Attack and Prevention Special" ·
"Utilization and Prevention of Kernel Vulnerabilities" [US] Enrico Perla; Massimiliano Oldani ·
"Fuzzing for Software Security Testing and Quality Assurance (2nd Edition)" 【US】Charlie Miller, in translation of blog posts ·
"iOS Hackers' Handbook" 【US】Charlie Miller, the Chinese version is not recommended ·
"The Mac Hacker's Handbook】【US】Charlie Miller·
"The Authoritative Guide to Android Security Attack and Defense】【US】Joshua J.Drake; [West] Pau Oliva Fora; [US] Collin Mulliner·
《The Art of Softwar Security Assessment: Identifying and Preventing Software Vulnerabilities》【America】Mark Dowd·
《Android Security Cookbook》【America】Keith Makan; Scott Alexander -Bown, Chinese translation
"Android Security Attack and Defense Actual Combat"
"Fuzz Testing - Mandatory Security Vulnerability Mining" [US] Michael Mutton·
"Exploit Writing Series Tutorials" [US] Corelan Team ·
"MacOS and iOS Internals, Volume Ⅲ: Security & Insecurity" [US] Jonathan Levin, in translation from the perspective of blog posts ·
"Grey Hat Hackers: Ethics of Justice Hackers, Penetration Testing, Attack Methods and Vulnerability Analysis Techniques "[US] Allen Harper; Shon Harris· "Threat Modeling: Designing and Delivering More Secure Software" [US] Adam Shostack
Radio Security
"Radio Security Attack and Defense Revealed" Yang Qing; Huang Lin
Hardware Security
"Hardware Security Attack and Defense Revealed" Jian Yunding, Yang Qing
Car Safety
"Smart Car Security Attack and Defense Revealed" Li Jun; Yang Qing "Car Hacker Exposure" [US] Craig Smith
Operation and Maintenance
"Docker Technology Introduction and Practical Combat" Yang Baohua; Dai Wangjian; Cao Yalun "
Bird Brother's Linux Private Kitchen" Most of the network security learning technical materials of Bird Brother 
have been collected and sorted out for everyone. Due to the limited space, only part of the information is displayed , if you need a network security learning package, you can leave me a message or kick me in the background~ Share it with everyone for free~