Completely zero foundation, how to learn penetration?

Language 2023-07-01 05:09:13 views: null

In the field of network penetration, it is not difficult to be a script kiddie, use tools and so on, and learn it in a month.

Many people simply understand that network penetration is a website, which is a big mistake!

But it's no wonder that the three tricks and two styles of Web security are the best to teach and learn, and it's easy to write blogs. You can go out and fool people by learning a few tricks, so that many people mistakenly think that network penetration is Web security. Safety.

The result is that after learning a few tricks of Web security, I found that I still seem to be very good at it and can't do much. Or they don't understand the principles behind these tools at all, and they can't cope with slight changes in the situation.

If you want to become a master in network penetration, you need to master the full-stack capabilities of computers, networks, and programming. Operating systems, log analysis, traffic analysis, vulnerability attacks, security audits, web security, network protocols, programming languages, etc. need to be learned of.

Some of these things can be obtained through the study of basic courses, and some of them need to be accumulated through actual combat training.

So if you want to go deep and go far in this industry, you need a solid computer foundation and a lot of practical training accumulation!

Let's talk about these two parts separately:

1. Solid computer foundation

If you are a non-major class student, most of the students who study network penetration start their journey from web front-end and back-end technologies, web security, and missing scanning tools.

This is no problem at all. These contents have relatively lower requirements on the computer system knowledge system, and it is faster to get started and more fulfilling.

But sooner or later you have to pay back when you come out to play, and the foundation that has been left behind still needs to be made up later.

For students who are engaged in network penetration, what are these foundations?

I won't talk about computer composition principles, data structures and algorithms. The most closely related are these three:

Computer network, operating system & Linux, Web development technology (backend + frontend)

These three must be studied hard, study hard!

Only after you have learned computer networks, you will know the principles of network communication, what is network protocol attack, and how to conduct traffic analysis.

After learning the operating system and Linux, you will know how to trace the source of the attack, how to analyze the system security log, and the principle of server privilege escalation.

After learning web development technology, you will know the principles behind those web security attack methods such as SQL injection, XSS, CSRF, and one-sentence Trojan horses, and how to conduct vulnerability scanning.

2. A large amount of actual combat training accumulation

Basic knowledge can be learned by reading books, but some things need to be accumulated through actual combat.

For example, through traffic analysis and log analysis to find the loopholes in the website

For example, use POC to win the next server

For example, building a security defense system

These things, the book does not tell you the standard answer, you need to enrich your own security experience through offensive and defensive confrontation on the basis of network security knowledge, and become your own security capability.

In this regard, you can train by playing CTF, participating in red-blue confrontation, and protecting the net.

I have drawn a learning roadmap for network penetration before. From bronze to king, you can refer to it for learning: the above is the learning point of view of network penetration that I shared. I hope it can give you some inspiration and help for self-study.


It is not easy for newcomers to learn by themselves, and I have come all the way in this way. In the process, I have collected and sorted out a lot of learning materials, including:

1. Many out-of-print books that are no longer available
2. Internal training materials of major security companies
3. A full set of toolkits 4.
100 copies of src source code technical documents
5. Basic introduction to network security, Linux, web security, offensive and defensive videos
6. Emergency Response Notes 7. Network Security Learning Route
8. CTF Capture the Flag Analysis
9. WEB Security Introductory
Notes

Guess you like

Origin blog.csdn.net/xv7777666/article/details/131405334
Recommended
Ranking
error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘
Database migration between Navicat servers
Minimum number of rotation of the array: Array
balenaEtcher for mac (make a boot disk software) v1.5.67
Custom processing serialization and deserialization in jackson
Mu-en-mask system development software
Mastering Regular Expressions
Find mileage Java--
Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions
[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite
Daily
More
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)

Code World

© 2018 codetd.com