Want to learn network security, but don't know where to study? I compiled a penetration testing learning method, not much to say, dry goods.
Web security knowledge learning (theoretical period)
Learn web security basics, html language, python, java, database, etc. In addition, you can also learn about the use of ports such as 3306 and 3389. (For details, please refer to the learning route content of Yusun Education Course)
Web foundation/penetration environment construction/common tools
1. It is essential to build an infiltration environment. The quickest way is to install a kalilinux virtual machine. There is no need to configure too many environments and tools. The system comes with it. Many beginners start learning from kali.
2. The use of common tools, such as: injection tools to learn sqlmap, burpsuite, Metasploit, nmap, beef, AWVS, wireshark, etc., and use tools to assist in the completion of penetration testing (tools need to configure the environment, for example, sqlmap needs a python environment to be able to use, small The white configuration is relatively tasteless, Yusun Education is equipped with all the toolkits, you can get the toolkits, and you don’t have to worry about learning stuck).
owasp top 10 vulnerabilities
SQL injection
Broken Authentication and Session Management
Sensitive Information Leakage
XML External Entity Injection (XXE)
access control interrupt
security misconfiguration
Cross Site Scripting (XSS)
unsafe deserialization
Use components with known vulnerabilities
Insufficient logging and monitoring
The above basic knowledge is a must-have skill for a network security technician. After mastering the principles, excavation, utilization, and repair methods of these vulnerabilities, it is recommended that each vulnerability has actual combat capabilities, that is, it can be reproduced on the shooting range and mastered. In the next step of study, you can try to penetrate some small and medium-sized websites under compliance.
Vulnerability mining (initial combat)
Google hacker
Maybe most of the students haven’t heard of Google Grammar before, and think that its functions are general and useless, but it’s not the case. In most cases, the loopholes still have to rely on Google Grammar. Many students may read the answers or articles of some SRC leaders, and directly find some companies, schools, governments and other platforms on the Internet to conduct penetration tests. This kind of behavior is undoubtedly wrong, let alone inexperienced. , For a novice, how much can be gained? The level and methods of the SRC masters may not necessarily apply to you.
For novices, it is more to use Google grammar to find loopholes, such as finding logic loopholes (SMS bombing), then intitle: register inurl://edu.cn If you don’t understand this grammar, it is recommended to remake it, this is the most basic , a simple Google grammar to find logical loopholes in educational institutions, or if you want to dig and inject, then inurl:asp?id=, so that the efficiency of digging holes is definitely better than searching blindly on the Internet, Google grammar can help us filter websites, We can use Google grammar to find relevant websites for penetration testing based on different vulnerability URL characteristics, website content, titles, etc. This is very important for Xiaobai digging holes.
Website Information Collection
In addition to problems such as thinking, technical problems, and being dug by other infiltrators, there is also a point that the information collection is not in place. The information collection may be trivial and useless, but sometimes it can determine whether the infiltration is successful or not, so we must It is necessary to do a good job in information collection in advance, such as whois, port, directory, subdomain name, mailbox enumeration and other means. You can also use the fofa platform (which seems to be closed recently) and shodan to further collect information. Related tools include nmap, Scapy, etc.
After learning so much, what should I do if I still can’t find any loopholes?
Then you have to reflect on the learning method. If you haven’t practiced it at all, you need to practice the shooting range first before going to the actual combat. If the shooting range can be successful, but this is still the case, you have to reflect on whether you have really mastered the loophole knowledge, or just learned it. muscle memory? When you master it and cooperate with Googlehacker and information collection, it is a breeze to dig out loopholes.
If you want to learn more comprehensive and professional knowledge and use the right time to achieve the desired learning effect, as a network security practitioner, it is recommended to refer to the professional learning route of the training class. Participating in project practice through systematic learning is better, the cycle is shorter, and it is easier to persevere, and better learning resources are provided to students, avoiding many detours.
Actual operation
1. Mining SRC
The purpose of digging SRC is mainly to put the skills into practice. The biggest illusion of learning network security is to feel that you know everything, but when it comes to digging holes, you can’t do anything. SRC is a very good opportunity to apply skills.
2. Learn from technical sharing posts (vulnerability mining type)
Watch and study all the 0day mining posts in the past ten years, and then build an environment to reproduce the loopholes, think and learn the author's digging thinking, and cultivate your own penetrating thinking
3. Range practice
Build a shooting range by yourself or go to a free shooting range website to practice. If you have the conditions, you can buy it or apply to a reliable training institution. Generally, there are supporting shooting range exercises.
Participate in CTF competition or HVV action
Recommended: CTF Competition
CTF has three points:
【1】A chance close to actual combat. Now the network security law is very strict, unlike before, everyone can mess around
[2] Topics keep up with the frontiers of technology, but many books lag behind
【3】If you are a college student, it will be very helpful for finding a job in the future
If you want to play a CTF competition, go directly to the competition questions, if you don’t understand the competition questions, go to the information according to what you don’t understand
Recommended: HVV (network protection)
HVV has four points:
[1] It can also greatly exercise you and improve your own skills. It is best to participate in the HVV action held every year
【2】Be able to meet many bigwigs in the circle and expand your network
【3】The salary of HVV is also very high, so you can earn a lot of money if you participate
[4] Like the CTF competition, if you are a college student, it will also be very helpful for finding a job in the future
I have also compiled some network security information for you below. If you don’t want to find them one by one, you can refer to these information.
video tutorial
SRC&Hacking Technical Documentation
Hacking Tools Collection
