Xiaobai learns how to get started with network security

Recently, many friends have asked me a lot of questions, and these are the most common ones

• Learning XXX knowledge has no effect;
• Learning XXX skills has no direction;
• There is no way to get started with learning XXX;

Give you a piece of advice, if you have no foundation at all, it is best not to blindly look for information to learn in the early stage, because most people basically put the information in the favorites to eat ashes, and at the same time collect more information, You will be confused when you learn, and you will be very stressed.

Sharpening a knife is not a mistake in chopping firewood. If you are going to learn by yourself, you have to do it step by step:

The first step: build a self-study knowledge framework, how to build a learning framework, I will talk about it later;

Step 2: Customize phased learning plans and goals for yourself according to the learning framework, preferably weekly self-feedback and adjustment;

Step 3: Find suitable self-study resources for the weekly study plan, pay attention, only find what is currently needed, and don’t be greedy

Step 4: Find a few people who understand and deal with them well, and someone will answer you when you encounter problems in the later study process;

These have to be done step by step, don't think about eating into a big fat man in one go.

There are also tricks to building a learning framework, such as the three methods I often use:

1. To become friends with a good person, you can be friends around you or colleagues in the company, but be careful, remember to invite them to dinner to bond with each other, otherwise, few people will help you at critical moments;
2. Search the roadmap of the knowledge points you want to know from various blog sites, and then find highly praised blog posts, basically not bad, but pay attention to distinguishing the authenticity;
3. Find a few more training institutions to see what kind of course outline they organize, what knowledge points are involved, and then make a classification and summary. I won’t talk about the specifics, so as not to make everyone think that I am advertising for training institutions;

Not much nonsense, let’s take a picture of the town building first to see what directions network security has, what are the relationships and differences between them, and what each needs to learn.

(The upload has been very blurry, so there is no expansion, if you need a high-definition version, you can tell me in the comment area)

In this circle technology category, jobs mainly have the following three directions:

Security Research and Development
Security Research: Binary Direction
Security Research: Network Penetration Direction

Let's explain them one by one.

The first direction: security research and development

You can understand network security as the e-commerce industry, education industry and other industries. Every industry has its own software research and development, and network security is no exception as an industry. The difference is that the research and development of this industry is the development and network security business. related software.

That being the case, there are common positions in other industries in the security industry, such as front-end, back-end, big data analysis, etc., but in addition to such general development positions, there are also some R&D positions closely related to the security business.

This category can be further divided into two subtypes:

Do security product development, do defense
Do security tool development, do attack
Firewall, IDS, IPS
WAF (Web site application firewall)
database gateway
NTA (network traffic analysis)
SIEM (security event analysis center, situational awareness)
big data security analysis
EDR ( security software on endpoint devices)
DLP (data loss prevention)
antivirus software
security detection sandbox

To sum up, most of the security research and development products are used to detect and defend against security attacks, involving the terminal side (PC computer, mobile phone, network equipment, etc.)

The technologies used to develop these products are mainly three technology stacks of C/C++, Java, and Python, and there are also a small number of GoLang and Rust.

Compared with the other two directions, security R&D positions have lower requirements for network security technology (only relatively, the R&D of some products does not have low requirements for security skills), and I have even seen many R&D companies that have nothing to do with security. Know. In this case, if you have an understanding of network security technology in addition to basic development skills, it will naturally be a bonus item when you interview for these positions.

Second Direction: Binary Security

Binary security direction, which is one of the two major technical directions in the security field.

This direction mainly involves software vulnerability mining, reverse engineering, virus and Trojan horse analysis, etc., and involves operating system kernel analysis, debugging and anti-debugging, anti-virus and other technologies. Because we often deal with binary data, binary security is used to collectively refer to this direction over time.

The characteristic of this direction is: need to endure loneliness.

It’s not as good as security research and development, which can have real product output, and it’s not as cool as the direction of network penetration. This direction spends more time in silent analysis and research.

Taking vulnerability mining as an example, it takes a lot of time just to learn various attack techniques. In this field, it may take months or even years to study a problem, which is definitely not something that ordinary people can persist. Not only that, success is not achieved through hard work, but more on talent.

People like the heads of Tencent's major security laboratories, well-known TK leaders in the industry, and Wu Shi have already mastered the profound meaning of vulnerability mining and have mastered this stunt. They can think of new ways to play in their dreams. But geniuses like this are really rare and beyond the reach of most people.

If programmers are hard-working, then binary security research is hard-working Plus

The third direction: network penetration

This direction is more in line with most people's perception of "hackers". They can hack mobile phones, computers, websites, servers, and intranets, and everything can be hacked.

Compared with the direction of binary security, this direction is easier to get started in the early stage. After mastering some basic technologies, you can hack with various ready-made tools.

However, if you want to change from a script kid to a master hacker, the further you go in this direction, the more things you need to learn and master.

The direction of network penetration is more inclined to "practical combat", so there are higher requirements for the breadth of technology, from network hardware devices, network communication protocols, network services (web, email, files, databases, etc.), to operating systems, attack Methods and so on need to know. I am more inclined to be an all-round computer expert, who can integrate various technologies for "actual combat".

Let's start to talk about the learning route. The content is a bit long, so you can give it a like first, so that you can find it in time if you don't get lost.

How to get started?

After talking about the macro, let's get down to the specific technical points and show you the web security learning route I made for the team members. The overall course is about half a year, depending on each person's situation.

If you refine the content you need to learn every week to this level, you still worry that you won’t learn it, and you won’t be able to get started. In fact, you have learned it for two months, but it’s all about learning from east to west, what? The content is just a taste, and I haven't gone deep into it, so I have the feeling that I can't get into the door after studying for 2 months.

(Friendly reminder: If you find it helpful, you can bookmark this answer, so as not to find it later)

1. Concepts related to web security (2 weeks)

• Familiar with basic concepts (SQL injection, upload, XSS, CSRF, one-sentence Trojan horse, etc.).
• Google/SecWiki through keywords (SQL injection, upload, XSS, CSRF, one-word Trojan horse, etc.);
• Read "Mastering Script Hackers", although it is very old and has errors, it is still possible to get started;
• Watch some infiltration notes/videos to understand the whole process of actual infiltration, you can Google (infiltration notes, infiltration process, intrusion process, etc.);

2. Familiar with penetration related tools (3 weeks)

• Familiar with the use of AWVS, sqlmap, Burp, nessus , chopper, nmap, Appscan and other related tools.
• To understand the purpose and usage scenarios of such tools, first use the software name Google/SecWiki;
• Download the backdoor-free versions of these software for installation;
• Learn and use, specific teaching materials can be searched on SecWiki, for example: Brup's tutorial, sqlmap;
• Once you have learned these commonly used software, you can install Sonic Start to make a penetration toolbox;

3. Infiltration combat operation (5 weeks)

• Master the entire stages of penetration and be able to independently penetrate small sites.
• Look for infiltration videos on the Internet to watch and think about the ideas and principles, keywords (infiltration, SQL injection videos, file upload intrusion, database backup, dedecms exploits, etc.);
• Find a site/build a test environment for testing by yourself, remember to hide yourself;
• Thinking penetration is mainly divided into several stages, and what work needs to be done in each stage;
• Study the types of SQL injection, injection principles, and manual injection techniques;
• Research the principle of file upload, how to truncate, double suffix spoofing (IIS, PHP), parsing exploits (IIS, Nignix, Apache), etc.;
• Study the principles and types of XSS formation, the specific learning method can be Google/SecWiki;
• Study the method and specific use of Windows/Linux privilege escalation;

4. Pay attention to the dynamics of the security circle (1 week)

• Pay attention to the latest vulnerabilities, security incidents and technical articles in the security circle.
• Browse daily security technology articles/events through SecWiki;
• Pay attention to practitioners in the security circle through Weibo/twitter (if you encounter a big cow’s attention or a friend’s decisive attention), take time to check it every day;
• Subscribe to domestic and foreign security technology blogs through feedly/fresh fruit (not limited to domestic, usually pay more attention to accumulation), if you don't have a feed, you can look at the aggregation column of SecWiki;
• Cultivate the habit of actively submitting security technical articles to link to SecWiki every day for accumulation;
• Pay more attention to the latest vulnerability list and recommend a few: exploit-db , CVE Chinese library, Wooyun, etc., and practice when encountering public vulnerabilities.
• Follow the topics or videos of domestic and international security conferences, and recommend SecWiki-Conference.

5. Familiar with Windows/Kali Linux (3 weeks)

• Learn Windows/Kali Linux basic commands and common tools;
• Familiar with common cmd commands under Windows, such as: ipconfig, nslookup, tracert , net, tasklist, taskkill , etc.;
• Familiar with common commands under Linux, such as: ifconfig, ls, cp, mv, vi, wget, service, sudo, etc.;
• Familiar with common tools under Kali Linux system, you can refer to SecWiki, " Web Penetration Testing with Kali Linux ", "Hacking with Kali", etc.;
• If you are familiar with the metasploit tool, you can refer to SecWiki, "Metasploit Penetration Testing Guide".

6. Server security configuration (3 weeks)

• Learn server environment configuration, and be able to discover security problems in the configuration through thinking.
• IIS configuration under Windows2003/2008 environment, pay special attention to configuration security and operation permissions;
• The security configuration of LAMP in the Linux environment mainly considers running permissions, cross-directory, folder permissions, etc.;
• Remote system reinforcement, restrict user name and password login, and restrict ports through iptables;
• Configure software Waf to strengthen system security, and configure mod_security and other systems on the server;
• The Nessus software is used to perform security detection on the configuration environment and discover unknown security threats.

7. Script programming learning (4 weeks)

• Choose one of the scripting languages ​​Perl/Python/PHP/Go/Java to learn programming of commonly used libraries.
• Build a development environment and choose an IDE. The PHP environment recommends Wamp and XAMPP, and the IDE strongly recommends Sublime;
• Python programming learning, learning content includes: grammar, regularization, files, network, multi-threading and other common libraries, recommend "Python Core Programming", don't read it;
• Write the exploit of the vulnerability in Python, and then write a simple web crawler;
• Learn PHP basic grammar and write a simple blog system , see "PHP and MySQL Programming (4th Edition)", video;
• Familiar with the MVC architecture, and try to learn a PHP framework or Python framework (optional);
• Understand Bootstrap's layout or CSS;

8. Source code audit and vulnerability analysis (3 weeks)

• It can independently analyze script source code programs and find security problems.
• Familiar with the dynamic and static methods of source code audit, and know how to analyze the program;
• Find and analyze the vulnerabilities of open source programs from Wooyun and try to analyze them yourself;
• Understand the causes of web vulnerabilities, and then search and analyze them through keywords;
• Study the formation principles of web vulnerabilities and how to avoid such vulnerabilities from the source code level, and organize them into a checklist.

9. Security system design and development (5 weeks)

• Be able to build your own security system and put forward some security suggestions or system architecture.
• Develop some practical security gadgets and open source to reflect personal strength;
• Establish your own security system and have your own understanding and opinions on company security;
• Propose or join the architecture or development of large security systems;

This roadmap has been detailed to what content to learn every week and to what extent. It can be said that the web security roadmap I compiled is very friendly to newcomers. In addition, I also compiled corresponding I can also share some of the learning materials if you need them (the confidential part cannot be shared), and you can tell me in the comment area if you need it!

 

If you find it helpful, you can help me like it and bookmark it. If the writing is wrong or unclear, you are welcome to point it out in the comment area, thank you!