Since I have written a lot of articles related to network security technology before, many readers know that I am engaged in network security-related work, so people often ask me in private messages:
I'm just getting started with network security, what should I learn?
What to learn?
What are the directions?
How to choose?
What are the career prospects in this line of work?
Without further ado, let’s first create a roadmap to see what directions network security has, what are the relationships and differences between them, and what each needs to learn.
In this circle technology category, jobs mainly have the following three directions:
Security R&
D Security Research: Binary Direction
Security Research: Network Penetration Direction
Let's explain them one by one.
The first direction: security research and development
You can understand network security as the e-commerce industry, education industry and other industries. Every industry has its own software research and development, and network security is no exception as an industry. The difference is that the research and development of this industry is the development and network security business. related software.
That being the case, there are common positions in other industries in the security industry, such as front-end, back-end, big data analysis, etc., but in addition to such general development positions, there are also some R&D positions closely related to the security business.
This category can be further divided into two subtypes:
Do security product development, do defense,
do security tool development, do attack
firewall, IDS, IPS
WAF (Web site application firewall)
database gateway
NTA (network traffic analysis)
SIEM (security event analysis center, situational awareness)
big data security analysis
EDR ( Security software on endpoint devices)
DLP (Data Leakage Prevention)
antivirus
security detection sandbox
To sum up, most of the security research and development products are used to detect and defend against security attacks, involving the terminal side (PC computer, mobile phone, network equipment, etc.)
The technologies used to develop these products are mainly three technology stacks of C/C++, Java, and Python, and there are also a small number of GoLang and Rust.
Compared with the other two directions, security R&D positions have lower requirements for network security technology (only relatively, the R&D of some products does not have low requirements for security skills), and I have even seen many R&D companies that have nothing to do with security. Know. In this case, if you have an understanding of network security technology in addition to basic development skills, it will naturally be a bonus item when you interview for these positions.
Second Direction: Binary Security
Binary security direction, which is one of the two major technical directions in the security field.
This direction mainly involves software vulnerability mining, reverse engineering, virus and Trojan horse analysis, etc., and involves operating system kernel analysis, debugging and anti-debugging, anti-virus and other technologies. Because we often deal with binary data, binary security is used to collectively refer to this direction over time.
The characteristic of this direction is: need to endure loneliness.
It’s not as good as security research and development, which can have real product output, and it’s not as cool as the direction of network penetration. This direction spends more time in silent analysis and research.
Taking vulnerability mining as an example, it takes a lot of time just to learn various attack techniques. In this field, it may take months or even years to study a problem, which is definitely not something that ordinary people can persist. Not only that, success is not achieved through hard work, but more on talent.
People like the heads of Tencent’s major security laboratories, well-known TK leaders in the industry, and Wu Shi have already mastered the profound meaning of vulnerability mining and have mastered this stunt. They can think of new ways to play in their dreams. But geniuses like this are really rare, and most people can't match them.
If programmers are hard-working, then binary security research is
the third direction of hard-working Plus: network penetration
This direction is more in line with most people's perception of "hackers". They can hack mobile phones, computers, websites, servers, and intranets, and everything can be hacked.
Compared with the direction of binary security, this direction is easier to get started in the early stage . After mastering some basic technologies, you can hack with various ready-made tools.
However, if you want to change from a script kid to a master hacker, the further you go in this direction, the more things you need to learn and master.
The direction of network penetration is more inclined to "practical combat", so there are higher requirements for the breadth of technology, from network hardware devices, network communication protocols, network services (web, email, files, databases, etc.), to operating systems, attack Methods and so on need to know. I am more inclined to be an all-round computer expert, who can integrate various technologies for "actual combat".
Let's start to talk about the learning route. The content is a bit long, so you can give it a like first, so that you can find it in time if you don't get lost.
In this roadmap, there are six stages in total, but it does not mean that you have to learn all of them before you can start working. For some junior positions, it is enough to learn the third and fourth stages.
The following content must be combined with the above picture to see the best effect. It is recommended to create a new tab page in the browser, open the picture, and look at it together.
1. The Stone Age
The first stage, the Stone Age, is aimed at pure novice Xiaobai who has just entered the arena. At this stage, it is mainly to lay the foundation, and there are five parts to learn:
1、Windows
Some basic commands on Windows, the use of PowerShell and simple scripting, and the use of several important components that Windows will often deal with in the future: registry, group policy manager, task manager, event viewer, etc.
In addition, learn to build a virtual machine on Windows, learn to install the system, and prepare for the next learning of Linux.
For network security, it is necessary to deal with Linux frequently. I have seen many newcomers follow some training courses to learn Kali as soon as they come up. I am eager to learn Kali without even establishing the basic Linux concepts. This is learning to run before I can walk. It is putting the cart before the horse
In the basic stage, it mainly focuses on usage, learning commands related to text editing, files, networks, permissions, disks, users, etc., and has a basic understanding of Linux.
2. Computer network
Network security, computer network is definitely a very important existence. As a basic stage, this section mainly studies computer networks from a macro perspective, rather than sticking to the meaning of certain fields of a certain protocol.
First of all, starting from the local area network, understand the basic network of computer communication - Ethernet, how to communicate in the local area network? What is the difference between a hub and a switch? What are MAC addresses, IP addresses, subnets, and subnet masks used for?
Then it leads to a larger wide area network, the Internet, what is a network communication protocol, and the layering of communication protocols. Through the seven-layer and four-layer models, the basic concepts of computer networks are quickly established, the functions of each layer of protocols, and which protocols are there. How the protocol is applied in today's Internet.
3. Web foundation
A very important part of network penetration is web security. To learn web security, you must first start with the basics of web front-end.
This section is very simple. It is to learn the most primitive web front-end three tricks: the development and use of HTML+CSS+JS, and lay the foundation for future learning of web-related security knowledge.
This section is relatively practical and hands-on. You need to do some web programming by yourself, especially the familiarity with JavaScript, understand what Ajax is, and learn about the commonly used jQuery library. Commonly used content.
4. Database foundation
In the last part of the basic stage, you can come to some basic knowledge of the database.
At this stage, I mainly learn some theoretical knowledge, focusing on mastering concepts such as libraries, tables, and indexes, and then learn how to write SQL, and learn to add, delete, modify, and query data. Temporarily do not use programming to operate the database.
2. The Bronze Age
After passing the Stone Age, you have already accumulated some basic knowledge of computers: the use of operating systems, network protocols, front-end basics, and first knowledge of databases, but this is not enough to do network security. In the second bronze stage, you still need After learning the basics further, after the first stage, the difficulty will start to rise slowly.
The knowledge that needs to be learned at this stage is:
1. Advanced Web
In the previous Stone Age, we had a preliminary contact with web programming and understood the basic principles of web pages. But at that time, it was a purely front-end, purely static web page, without touching the back-end. At this advanced stage, you have to start touching the content of the Web backend.
First, start from the two commonly used mainstream web servers, learn the basic knowledge of Apache and Linux, and then introduce the basic principles of dynamic web pages, transition from CGI/Fast-CGI to later dynamic web page technologies such as ASP/PHP/ASPX/JSP, and understand Their history, evolution and basic working principles.
Finally, learn some basic knowledge in web development: form operations, Session/Cookie, JWT, LocalStorage, etc., to understand what these basic terms mean, what they are used for, and what they solve.
2. PHP programming
To learn Web back-end development, you have to learn a back-end development language. In this section, choose to start with PHP.
But remember, choosing PHP here is not to let you engage in PHP back-end development in the future, nor does it mean how popular PHP is now, but under a specific historical background, PHP-related website security issues are very representative, so choose this language It is more convenient for us to study security issues.
Due to the different purposes of learning, the learning method is different from ordinary back-end development. Here we learn the basics of grammar, basic back-end request processing, database access, and then get in touch with the commonly used ThinkPHP framework. Of course, if you are interested, it is of course better to learn more.
3. Advanced computer network
The second stage needs to enrich the study of computer network. This time, the focus is on HTTP/HTTPS and packet capture analysis.
You must master tcpdump on Linux, including common parameter configurations. Then focus on learning Wireshark to analyze data packets, and use Fiddler to capture and analyze encrypted HTTPS traffic.
By viewing the communication flow under the packet capture software, the understanding of the computer network changes from abstract to concrete.
4. Encryption and decryption technology
Next, let's learn about some codec technologies and encryption and decryption technologies that are often dealt with in the field of network security. Including base64 encoding, symmetric encryption, asymmetric encryption, hashing technology and so on.
Understand their basic concepts, what they are used for, what problems they solve, and finally understand how they work.
Recommended books: "Encryption and Decryption"
III. The Silver Age
Now we are entering the third stage—the Silver Age, and the exciting moment is coming. At this stage, we begin to learn the real network security technology in an all-round way. The foundation laid in the previous two stages will also be sent Useful.
The knowledge that needs to be learned at this stage is: 
1. Introduction to Web Security
With the previous web front-end and PHP programming foundation, you can formally learn web security. Several typical attack methods in the field of Web security: SQL injection, XSS, CSRF, various injections, SSRF, file upload vulnerabilities, etc., each of which needs to be studied in detail, while learning theory and hands-on practice.
Be careful not to use websites on the Internet to attack learning, this is an illegal act. You can build some websites that contain vulnerabilities in the virtual machine (there are many websites that can be downloaded and played on the Internet), and use the websites you built to practice.
2. Network scanning and injection
We have learned some attack methods of web security before, but these are not enough. When we face the attack target, how to find the attack point and obtain the information of the target is very important.
This information includes: what operating system the target is running, what ports are open, what services are running, what type of backend service is, what version information is, etc., and what vulnerabilities can be exploited. Only by obtaining this information can we target Predictively formulate attack methods and take down the target.
Common network information scanning includes port scanning, website background scanning, vulnerability scanning and so on. Need to learn common scanning tools and how they work.
3. Information Gathering & Social Engineering
In addition to the information that needs to be scanned above, in network security, it is often necessary to investigate a lot of information, such as website registration information, associated characters, content retrieval within the website, and so on. This requires learning and mastering related techniques of information gathering and social engineering.
Whois information is used to query domain name information, cyberspace search engines such as shodan, zoomeye, and fofa retrieve information behind IP, domain name, URL, etc. Google Hacking uses search engines to retrieve website internal information, these things are frequently used in network information collection skills used.
4. Brute force cracking
In a network attack, when the service opened by the target is scanned, the most direct thing is to log in. Common services include SSH, RDP, MySQL, Redis, web forms, and more.
At this time, brute force cracking usually comes in handy, by using a dictionary composed of common usernames and passwords of various services, and brute force cracking through programs.
Commonly used blasting tools include hydra, super weak passwords, and mimikatz, which are often used to obtain Windows system passwords.
4. The Golden Age
In the last stage, I learned some security attack technologies. At this stage, I need to learn about security defense and security detection technologies. Security has both offensive and defensive aspects, and both are indispensable.
1.
WAF technology
The first thing to learn is WAF - Web Application Firewall.
What Web security learns is to attack computer systems through Web technology, and WAF is to detect and defend against these security attacks. As the saying goes, knowing yourself and the enemy can win every battle. As an attacker, you must master the working principle of WAF and find weaknesses to bypass detection. As a defender, you need to continuously strengthen security detection and defense capabilities to effectively discover and defend against Web attacks.
It is necessary to learn the architecture adopted by the current mainstream WAF software such as openresty, modsecurity, and several main detection algorithms: feature-based, behavior-based, machine learning-based, etc.
2. Network protocol attack & intrusion detection
WAF is mainly aimed at Web-related security attacks. In this section, we will further expand our vision to the entire network protocol stack, such as TCP hijacking, DNS hijacking, DDoS attacks, DNS tunneling, ARP spoofing, ARP flooding, etc., which need to be mastered The principles of traditional classic attack methods and the practice of setting up an environment will lay the foundation for subsequent intranet penetration.
In addition, as the defensive side, you also need to learn security detection through network traffic analysis technology, understand commonly used network analysis technology, detection framework, rule syntax, and prepare for future security-related development or security defense work.
3. Log technology
It is the most common behavior to discover attack behavior through logs. The attacker's web requests, system logins, brute-force cracking attempts, etc. will be recorded by various software in the system, and the attackers will often erase related logs after they succeed. Records, so learning to master these logs is a skill that both offensive and defensive teams need to learn.
Common logs include system login logs (Windows, Linux), web server logs, database logs, and so on.
4. Python programming
At this stage, it's time to learn some Python programming development. Although network security does not often need to do a lot of engineering development, it is very useful to master basic programming skills, which can be used to write crawlers, data processing, network scanning tools, vulnerability POC, etc., and among many programming languages, Python is undoubtedly is the most suitable.
5. Browser Security
The last part of this stage is to learn some browser-side security knowledge and consolidate browser-related vulnerability attacks in web security.
It is necessary to focus on mastering the two most mainstream browser features of IE and Chrome, what is the sandbox mechanism of the browser, same-origin policy and cross-domain technology, etc.
5. The Platinum Age
1. Vulnerabilities in third-party components
The previous web security-related attacks are classic techniques that have been used for many years. After years of development, they have become quite mature, and the number of related vulnerabilities is not as large as before. Many attacks now rely on various third-party component vulnerabilities. Completed, so study and study the vulnerabilities of these common third-party components. On the one hand, master these attack methods for use in actual combat. On the other hand, it is very helpful for the work of vulnerability mining.
The research objects mainly cover some engineering components actually used in the current Internet services, such as the Java technology stack series Spring Family Bucket, SSM, Redis, MySQL, Nginx, Tomcat, Docker, etc.
2.
Intranet penetration
In network infiltration, after capturing a point, it is just the beginning. How to transfer and control more nodes after the infiltration is the scope of research and study of intranet penetration. A typical example is the Eternal Blue virus of the year, which spread rapidly through the SMB protocol loopholes, resulting in a large area of being infected.
There are many and complicated things to learn in intranet penetration, and the difficulty will increase a lot, but this is a very important part of network penetration, and you must chew more. This part has less theory and more practicality, and needs to build more environments to simulate learning.
3. Operating system security technology & privilege escalation technology & virtualization technology
After infiltrating into the computer through web and other means, due to various restrictions, there is often a need to escalate privileges, and it will also involve a lot of content closely related to the security mechanism of the operating system, so it is also very necessary to learn some security knowledge of the operating system of.
Such as the respective authority management mechanism on Windows and Linux, the method of escalation of authority and commonly used vulnerabilities, tools, etc.
Finally, learn some knowledge about virtualization technology to deal with scenarios where you may need to escape from the virtual machine.
6. Age of Kings
1, CobalStrike & MetaSploit
Learning to use these two artifacts will greatly improve the attack efficiency, and it is a must-have choice for network infiltrators at home and traveling!
I have also compiled some network security information for you below. If you don’t want to find them one by one, you can refer to these information.
video tutorial
SRC&Hacking Technical Documentation
Hacking Tools Collection
