Hello everyone, this is Jay Chou!
Recently, a classmate asked me, what is the learning route of network security?
Not much nonsense, let’s take a picture of the town building first to see what direction network security has, what are the relationships and differences between them, and what they need to learn.
In the technical category of this circle, jobs mainly have the following three directions:
Security R&D
Security Research: Binary Direction
Security research: the direction of network penetration
Let me explain them one by one below.
The following cards can be used to receive learning materials related to network security for free to help everyone avoid detours in the learning process:
[The network security knowledge you want, click here! ! ! ]
The first direction: security research and development
You can understand cyber security as the e-commerce industry, education industry and other industries, each industry has its own software research and development, cyber security as an industry is no exception, the difference is that the research and development of this industry is the development and network security business Related software.
That being the case, common jobs in other industries also exist in the security industry, such as front-end, back-end, big data analysis, etc., but in addition to such general-purpose development positions, there are also some R&D positions that are closely related to the security business.
This classification can be divided into two sub-types below:
Do security product development, do defense
Do security tool development and attackFirewall, IDS, IPS
WAF (Web Site Application Firewall)
Database gateway
NTA (Network Traffic Analysis)
SIEM (Security Incident Analysis Center, Situation Awareness)
Big data security analysis
EDR (security software on terminal equipment)
DLP (Data Leakage Prevention)
antivirus software
Security detection sandbox
To sum up, most of the security research and development products are used for detection and discovery and defense against security attacks, involving the terminal side (PC computer, mobile phone, network equipment, etc.)
The technologies used to develop these products are mainly C/C++, Java, and Python three major technology stacks, and there are also a small number of GoLang and Rust.
Compared with the other two directions, security research and development positions have lower requirements for network security technology (only relative, the research and development of some products does not require low security skills), and I have even seen many companies that have nothing to do with security. Know. In this case, if you have an understanding of network security technology in addition to basic development skills, it will naturally be a bonus item when you interview for these positions.
The second direction: Binary security
Binary security direction, this is one of the two major technical directions in the security field.
This direction mainly involves software vulnerability mining, reverse engineering, virus and Trojan horse analysis, etc. It involves operating system kernel analysis, debugging and anti-debugging, and anti-virus technologies. Because they often deal with binary data, binary security is used to collectively refer to this direction over time.
The characteristics of this direction are: needs to endure loneliness.
It's not as good as security research and development that can have tangible product output, and it's not as cool as it sounds like the direction of network penetration. This direction is more time spent on silent analysis and research.
Take vulnerability mining as an example. It takes a lot of time just to learn all kinds of attack techniques. In this field, in order to study a problem, it may take months or even years, which is by no means the average person can persist. Not only that, it is not hard work that can lead to success, and more depends on talent.
Like the heads of Tencent's major security laboratories, well-known leaders of TK and Wu Shi, they already know the meaning of vulnerability mining, and they have mastered this skill, and they can think of new gameplay in a dream. But geniuses like this are really rare, and most people can't match them.
If programmers are hard pressed, then binary security research is hard pressed Plus
The third direction: network penetration
This direction is more in line with most people's perception of "hackers". They can hack mobile phones, computers, websites, servers, and intranets. Everything can be hacked.
Compared with the binary security direction, this direction is easier to get started in the early stage, master some basic techniques, and pick up various ready-made tools to open the hack.
However, if you want to change from a script kid to a hacker god, the further you go in this direction, more things need to be learned and mastered.
The direction of network penetration is more inclined to "actual combat", so there are higher requirements on the breadth of technology, from network hardware equipment, network communication protocols, network services (web, mail, files, databases, etc.), to operating systems, attacks Techniques and so on need to be understood. It is more inclined to be an all-round computer expert who integrates various technologies for "real combat."
Let’s talk about the learning route. The content is a bit long, so you can click a like first so that you can find it back in time if you don’t get lost.
Learning route
Let’s take network penetration as an example. Let’s take a look at what a novice should learn from scratch, and what is the specific learning route?
Let's first come to a picture of the overall situation, and grasp the overall situation as a whole:
The picture is a bit big, and it is compressed badly after uploading. Friends who want to get high-resolution images can come here:
Liver for 7 days, super network penetration learning roadmap!
In this roadmap, there are a total of six stages, but it does not mean that you have to learn all to get started. For some junior positions, learning the third and fourth stages is enough.
The following content must be combined with the above picture to see the best effect. It is recommended to create a new tab page in the browser, open the picture, and read it together.
Stone Age
The first stage-the Stone Age, is aimed at the pure novice Xiaobai who just entered the market. At this stage, it is mainly to lay the foundation, and there are five parts to be learned:
Windows
Some basic commands on Windows, the use of PowerShell and simple scripting, as well as the use of several important components that Windows will often deal with in the future: registry, group policy manager, task manager, event viewer, etc.
In addition, learn to build a virtual machine on Windows, learn to install the system, and prepare for the next learning of Linux.
Network security is bound to deal with Linux frequently. I saw many newcomers learn Kali following some training courses as soon as they came up. I was anxious to learn Kali without even establishing basic Linux concepts. This is a case of learning to run before I learn how to walk.
In the basic stage, it is mainly to use, learn text editing, files, network, permissions, disks, users and other related commands, and have a basic understanding of Linux.
computer network
Network security, computer networks must be very important to exist. As a basic stage, this section mainly learns computer networks from a macro perspective, rather than deadlocking the meaning of certain fields of a certain protocol.
First of all, starting from the local area network, understand the basic network of computer communication-Ethernet, how is communication in the local area network? What is the difference between a hub and a switch? What are MAC addresses, IP addresses, subnets, and subnet masks used for?
Subsequently, the larger wide area network, the Internet, what is the network communication protocol, the problem of communication protocol layering, the basic concept of computer network is quickly established through the seven-layer and four-layer model, the role of each layer protocol, which protocols are there, these How the protocol is used in today's Internet.
Web foundation
A very important part of network penetration is Web security. To learn Web security, you must first start with the basics of Web front-end.
This section is very simple, it is to learn the most primitive Web front-end three tricks: the development and use of HTML+CSS+JS, to lay the foundation for future learning of Web-related security knowledge.
This section is relatively more hands-on, you need to do some web programming yourself, especially familiar with JavaScript, understand what Ajax is, and learn about the commonly used jQuery library. These are very basic and basic in the web front-end. Commonly used content.
Database foundation
In the last part of the basic stage, you can come in contact with some basic knowledge of the database.
This stage mainly learns some theoretical knowledge, focusing on concepts such as libraries, tables, and indexes, and then learns the writing of SQL, and learns to add, delete, modify and check data. There is no need to program to operate the database for the time being.
Bronze Age
After passing through the Stone Age, you have already stocked up some basic computer knowledge: the use of operating systems, network protocols, front-end basics, and initial knowledge of databases, but this is not enough for network security. In the second bronze stage, you still need Further learning the basics, above the first stage, the difficulty will start to rise slowly.
The knowledge that needs to be learned at this stage is:
Web advanced
In the previous Stone Age, we were initially exposed to web programming and understood the basic principles of web pages. But at that time, it was purely front-end, purely static web pages, and did not touch the back-end. In this advanced stage, you are about to start getting in touch with the content of the web backend.
Start with two commonly used mainstream web servers, learn the basic knowledge of Apache and Linux, and then introduce the basic principles of dynamic web pages, from CGI/Fast-CGI to later ASP/PHP/ASPX/JSP and other dynamic web technologies, understand Their development history, evolution process and basic working principle.
Finally, learn some basic knowledge in web development: form operation, Session/Cookie, JWT, LocalStorage, etc., to understand what these basic terms mean, what to use, and what to solve.
PHP programming
To learn Web back-end development, you have to learn a back-end development language. In this section, choose to start with PHP.
But remember that choosing PHP here is not for you to engage in back-end development of PHP in the future, nor is it to say how popular PHP is now, but that PHP-related website security issues are very representative under a specific historical background. Choose this language It is more convenient for us to study security issues.
Because the purpose of learning is different, the learning method is different from ordinary back-end development. Here we learn the basics of grammar, basic back-end request processing, database access, and then touch the commonly used ThinkPHP framework. Of course, if you are interested, it is better to learn more in-depth.
Advanced Computer Network
The second stage needs to enrich the study of computer network. This time, focus on HTTP/HTTPS and packet capture analysis.
The tcpdump on Linux must be mastered, including common parameter configuration. Then focus on learning Wireshark to analyze data packets, and use Fiddler to capture and analyze encrypted HTTPS traffic.
By viewing the communication flow under the packet capture software, the understanding of the computer network has changed from abstract to concrete.
Encryption and decryption technology
Next, come to understand some of the coding and decoding technologies and encryption and decryption technologies that are often dealt with in the field of network security. Including base64 encoding, symmetric encryption, asymmetric encryption, hash technology, etc.
Understand their basic concepts, what they are used for, what problems they solve, and finally understand how they work.
Recommended books: "Encryption and Decryption"
Silver Age
Now we have entered the third stage-the Silver Age, and the exciting moment is about to come. At this stage, we have begun to learn the real network security technology in an all-round way. Useful.
The knowledge that needs to be learned at this stage is:
Getting started with web security
With the previous Web front-end and PHP programming foundation, you can formally learn Web security. Several typical attack methods in the web security field: SQL injection, XSS, CSRF, various injections, SSRF, file upload vulnerabilities, etc., each of which requires detailed study, while learning theories and hands-on practice.
Be careful not to use websites on the Internet to attack learning. This is illegal. You can build some websites that contain vulnerabilities in the virtual machine (there are many on the Internet that you can download to play), and use the websites you built to practice.
Network scanning and injection
I have learned some web security attack methods, but these alone are not enough. When we face the attack target, how to find the attack point and obtain the target's information is very important.
This information includes: what operating system the target is running, what ports are open, what services are running, what type of back-end service is, what is the version information, etc., what vulnerabilities can be exploited, and only after obtaining this information can it be targeted Sexually formulate the means of attack and take down the target.
Common network information scanning includes port scanning, website background scanning, vulnerability scanning and so on. Need to learn commonly used scanning tools and how they work.
Information Collection & Social Engineering
In addition to the information that needs to be scanned above, in network security, it is often necessary to investigate a lot of information, such as website registration information, associated people, content retrieval within the website, and so on. This requires learning and mastering the relevant techniques of information collection and social engineering.
Whois information is used to query domain name information. Cyberspace search engines such as shodan, zoomeye, and fofa retrieve information behind IP, domain names, URLs, etc. Google Hacking uses search engines to retrieve website internal information. These things are often found in network information collections. Skills used.
Brute force
In a network attack, after scanning the target's open service, the most direct way is to log in. Common services include SSH, RDP, MySQL, Redis, Web forms, and so on.
At this time, brute force cracking usually comes in handy, by using a dictionary composed of common user names and passwords of various services, and brute force cracking through programs.
Commonly used blasting tools include hydra, super weak passwords, and a mimikatz, which is commonly used to obtain passwords for Windows systems.
Golden age
In the last stage, I learned some security attack techniques. In this stage, I need to learn security defense and security detection techniques. Security has both offensive and defensive characteristics, and neither is indispensable.
WAF technology
The first thing to learn is WAF-Web Application Firewall.
Web security learns to attack computer systems through Web technology, and WAF detects and defends against these security attacks. As the saying goes, knowing yourself and the enemy can win all battles. As an attacker, you must master the working principle of WAF and find weaknesses to bypass detection. As a defender, you need to continuously strengthen security detection and defense capabilities to effectively detect and resist Web attacks.
You need to learn the architecture used by the current mainstream WAF software, such as openresty, modsecurity, and several main detection algorithms: feature-based, behavior-based, machine learning-based, and so on.
Network protocol attack & intrusion detection
WAF is mainly aimed at web-related security attacks. In this section, we will further expand our vision to the entire network protocol stack, such as TCP hijacking, DNS hijacking, DDoS attacks, DNS tunneling, ARP spoofing, ARP flooding, etc. You need to master these The principles of traditional classic attack methods and the establishment of environmental practices lay the foundation for subsequent intranet penetration.
In addition, as a defensive party, you also need to learn to conduct security inspections through network traffic analysis techniques, understand commonly used network analysis techniques, detection frameworks, and rule grammars, and reserve for future security-related development or security defense work.
Logging technology
It is the most common behavior to discover attack behavior through logs. Web requests, system logins, brute force cracking attempts, etc. of the attacker will be recorded by various software of the system. After the attacker succeeds, the related logs will often be erased. Recording, so learning to master these logs is a skill that people on both offensive and defensive teams need to learn.
Common logs include system login logs (Windows, Linux), web server logs, database logs, and so on.
Python programming
At this stage, it's time to learn some Python programming development. Although network security does not need to do a lot of engineering development often, it is very useful to master basic programming skills, which can be used to write crawlers, data processing, network scanning tools, vulnerability POCs, etc., and among many programming languages, Python is undoubtedly Is the most suitable.
Browser security
The last part of this stage is to learn some browser-side security knowledge and consolidate browser-related vulnerabilities in Web security.
Need to focus on the two most mainstream browser features, IE and Chrome, what is the sandbox mechanism of the browser, the same-origin policy and cross-domain technology, etc.
Platinum Age
Vulnerabilities in third-party components
The previous Web security-related attacks have been classic methods for many years. After years of development, they have been quite mature. The related vulnerabilities are not as many as before. Now many attacks rely on various third-party component vulnerabilities. It's done, so learning to study the vulnerabilities of these common third-party components, on the one hand, mastering these attack methods for use in actual combat, on the other hand, by analogy, is also very helpful for the work of vulnerabilities mining.
The research objects mainly cover some engineering components actually used in Internet services, such as the Java technology stack series Spring Family Bucket, SSM, Redis, MySQL, Nginx, Tomcat, Docker, and so on.
Intranet penetration
In network penetration, after attacking the next point, it is just the beginning. How to transfer and control more nodes after penetration is the category of intranet penetration research and learning. A typical example is the Eternal Blue virus of the year. It spreads rapidly through the loopholes of the SMB protocol, causing a large area of hits.
There are many and complicated things to learn in intranet penetration, and the difficulty will increase a lot, but this is a very important part of network penetration, and we must gnaw more. This part has fewer theories and is more practical and requires more environment simulation learning.
Operating system security technology & privilege escalation technology & virtualization technology
After penetrating into the computer through the web and other means, due to various restrictions, there will often be a need to escalate rights, and it will also involve many content closely related to the operating system security mechanism, so it is very necessary to learn some operating system security knowledge of.
Like the respective rights management mechanisms on Windows and Linux, the rights escalation methods and commonly used vulnerabilities, tools, etc.
Finally, learn some knowledge related to virtualization technology to deal with scenarios that may need to escape from the virtual machine.
Age of Kings
CobalStrike & MetaSploit
Learning to use these two artifacts will greatly improve the efficiency of the attack, and it is an essential choice for network infiltrators to travel at home!
Other security technology expansion
At the later stage of network penetration, if you want to become a security expert, you must not just stand still in your area of expertise, you need to learn more about other areas of network security and expand your knowledge.
For example, binary vulnerability attacks, reverse engineering, Trojan horse technology, kernel security, mobile security, side channel attacks, etc. Of course, when studying, you don’t need to be as in-depth as students in the professional direction, but you need to learn, enrich your knowledge and build Comprehensive network security knowledge and skill stack.
The above is the network security learning route I shared, and I hope to have some enlightenment and help for you who are self-taught.
It is not easy for new entrants to learn by themselves. I have also come along this way. In the process, I collected and sorted out a lot of learning materials, including:
1. Many out-of-print e-books that you can't buy
2. Training materials inside the major safety factory
3. PPT of speeches at top security conferences at home and abroad
4. Research papers published by top security research teams
5. Essence posts from top security forums
Now share with you who are self-taught for free. If you feel helpful, please help me and give me a like~
[Click me to get it for free! ! ! ]
Rome was not built in a day. Only with careful craftsmanship can Rome be built more beautifully! Currently on the market, network security can learn less content, not as extensive as development languages, etc. It is recommended that you also pay more attention to some videos, forums, articles and books, etc. to get started. Everything is difficult at the beginning. If you have any questions, you can ask more questions. .
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。