The scanner developed learning
I. Objectives
To determine your goals before scanner developed, my goal is more biased in favor of fingerprint identification, RCE class vulnerability scanning. Because the penetration testing process assets to collect the more so the higher the likelihood of successful penetration, remote execution vulnerability like simple and crude.
Interrupt the learning process is always subject to a variety of irresistible force, and energy can not concentrate for a long time to learn the same things, too anxious heart, safety tips all over the world can not completing basic subject knowledge is worth to keep in mind. The basics and routines linked together to break through the bottleneck. In order to study the contents of uninterrupted retained in the mind, they chose to take notes the way recorded. Anyway because no one watching blog, children's shoes are very anxious.
[To get the approval of the crowd by showing high-yield operation, which is the dream of many financiers. ]
Second, learn the skill tree
Has a fast learning can care has been taken in the white hat submenus, you can not have a short board. There is only the amount of standard board and zoomed to get accustomed block ⻓ plate. Pig Man and recap of "white hat learn my route," which referred to the knowledge of screening out and remind myself what to learn.
Basics
Hardware & OS:
NetEase cloud classroom study.163.com/curricula/cs.htm
1、
高等数学
2、
计算机组成原理
- 总线/存储器
- 运算器
- Cpu处理器
- 输入输出外设
离散数学基础
概率论与数理统计
3、
操作系统
- 启动/调用
- 进程/线程
- 内存管理
- 文件系统
计算机网络
线性代数
4、
计算机系统结构
- CPU结构
- 指令集
- 寻址方式
近世代数The internet:
TCP/IP详解-卷1application:
Watch video acceptance is the highest. Familiar with PHP, Python, Java
书籍:
CSS / HTML / JavaScript权威指南
视频:
兄弟连 PHP MySQL 开发
后盾网 PHP 开发
**Laravel/ThinkPHP/Yii/CodeIgniter**
中谷教育
**Django/Flask/Tornado**
MSSQL .NET 开发
动⼒力力节点 J2EE 开发
**Servlet/JSP/反射机制 **
**Spring4/Struts2/Hibernate5/MyBatis3**database:
SQL
- MySQL
- MSSQL
- Oracle
- PostgreSQL
NoSQL
- MongoDB
内存
- Redis
- MemcacheA new understanding of security technology
注入漏洞
- SQL注入
- 命令注入
- 表达式/代码注入
- SSRF网络注入
信息泄露
- 配置文件
- 测试文件
- 备份文件
- 接口暴露
- 心脏滴血
文件
- XXE
- 文件包含
- 任意文件读取
- 任意文件上传
逻辑漏洞
- 穷举遍历
- 水平越权
- 流程乱序
- 数据篡改
- 未授权访问
拒绝服务
暴力破解
二进制漏洞
- 缓冲区溢出
- 堆/栈溢出
- 内存泄露
前端漏洞
- XSS
- CSRF
- ClickJacking
Automation development knowledge transverse stack
Linux assembly language and debugging technology is the basis of the technology stack. IOS also was supposed to learn and get Andorid course, but then think energy is limited.
汇编语言
调试技术
- Linux内核开发与调试 - 张银奎
- 深入软件调试 - 张银奎
二进制漏洞
- 0day安全:软件漏洞分析技术
- Fuzzsecurity教程
- 漏洞战争
- exploit编写系列教程
- 栈溢出攻击之弹出计算器
https://blog.csdn.net/rectsuly/article/details/70179755Third, the scan mode
The current understanding of the scanner can be applied to several types of forms to find loopholes and work use, active scanning, passive scanning and fingerprinting.
Active scan
CMS vulnerability scanning to collect a large number of POC CMS vulnerability scan. CMS relies on rules loophole library.
Passive scanning
The attacker to access the site to generate traffic to submit the URL to the background data acquisition program in the form of HTTP proxy detection of vulnerabilities,
Fourth, information collection
After only get a lot of information assets in order to generate a lot of input on vulnerability detection output. Mainly the use of big data intelligence gathering secondary domain name, port, IP, URL to achieve.
- Search engine (Baidu, Google, Sogou)
- Big Data Security (fofa, zoomeye, censys, etc.)
- Subdomain Enumeration
Fifth, vulnerability testing
- POC, EXP plug (Pocsuite, etc.)
- Vulnerability Scanner (AWVS, etc.)
Sixth, data plan
- IP, domain name, port, banner, CMS, creation time, update time