Binary security and network penetration for beginners, which one is better?

Hello everyone, this is Jay Chou

1-direction selection

Recently, many fans asked me a question unanimously: binary security and network penetration, how to choose?

Today’s article is an attempt to answer this question, and I hope it will help you in choosing a direction.

First of all, let's make it clear what these two directions are for.

Generally speaking, the direction of binary security is mainly to do reverse analysis, vulnerability mining and exploit, kernel security, cracking, etc.

Network penetration is mainly web security, intranet penetration, vulnerability scanning and utilization, security auditing, log analysis, etc.

Simply put, in the binary direction, software, programs, instructions, debuggers, operating system and other things are often dealt with; the network penetration direction, servers, missing scanning tools, databases, dictionaries, logs etc. are often dealt with. .

Of course, the two directions are not completely separated. In many cases, the two may overlap, such as flow analysis .

2- learning difficulty

In terms of learning difficulty, I personally think that the direction of binary security will be steeper.

This direction needs to focus on learning "C/C++ Programming", "Compilation Principles", "Operating Systems", "Computer Composition Principles", "Computer Networks" and many other computer professional courses, and then combine learning reverse analysis technology, vulnerability attack technology and other knowledge . The knowledge involved here is of a certain degree of difficulty. Novice Xiaobai needs to work steadily. Starting from programming, it is difficult to get started without a year of work.

The following is a skill learning map of binary vulnerabilities that I saw on Xuenet before, and share it with you:

The network penetration direction is relatively speaking, it is more friendly to the zero-based Xiaobai. You can learn some simple computer network knowledge and Web programming, and you can get started. You don't need to know much about the underlying principles and technologies of computers.

But note that this is just getting started. The things to learn in this direction are not less than binary security. Web security, Linux, network protocol attacks, log analysis of various network servers/middleware, vulnerability scanning, privilege escalation technology, intranet transfer and many more.

One of the characteristics of the network penetration direction is that it is wide and complex, and it is necessary to learn all aspects of computer and network. The binary security direction will be relatively more focused.

3- Employment

In terms of employment, network penetration will have more jobs than . After all, not all Internet companies have operating systems and client products, but all Internet companies have web servers.

The direction of binary security is mainly the sample analysis and security research of some large companies, or the kernel security and driver development positions of some game companies.

Basically, all major factories will have their own SRC, which is the emergency response center, and will have many security positions. At the same time, each security vendor, as Party B, will also have many security service positions and penetration testing engineer positions. Therefore, in terms of employment, There will be more choices in the direction of network penetration.

In summary, binary security jobs are difficult to learn, and employment options are not as many as network penetration. If there is no obvious interest preference, I will give priority to learning the direction of network penetration. Another advantage of this direction is that it has a wide range of learning and will be exposed to all aspects, even if you want to transfer to other positions such as development or operation and maintenance in the future, it is relatively easy.

Of course, the direction of binary security is not undesirable. If you have a special interest in program reversal and vulnerability attacks, and you can survive a period of dark exploration, you will also usher in your own light. This direction is because The difficulty is high, and there are few people willing to enter. Once you have achieved something, it is also very popular.

Of course, the above only represent my personal views and opinions. Welcome everyone to comment and exchange in the message area, and express your choices and opinions.