What exactly should the road of cybersecurity go?

I wrote an article before that specifically answered this question. But there are still many friends who do not know how to go down this road!

Unlike Java, C/C++ and other back-end development positions with a very clear learning route, network security is more self-groping, and there are many things to learn, which is difficult to form a system.

Although network security is one of the many directions of computers, in this direction, many subdivisions can be further subdivided, and the difference between the things to be learned in different directions is quite large, so it needs to be discussed separately.

Network security branch

In fact, on top of the concept of network security, there is a larger concept: information security. We will not explore the difference between the two in academic division, if there is no special explanation, the text regards it as a concept, let's look at the actual work direction, what are the subdivision routes.

In this circle of technical categories, there are three main directions for jobs:

Safety R&D

Security Research: Binary Direction

Security Research: Direction of Network Infiltration

Let's take a look at each of them.

Safety R&D

There are two main categories of R&D positions in the security industry:

R&D positions that have little to do with the security business

R&D positions closely related to the security business

You can understand cybersecurity as other industries such as e-commerce and education, each industry has its own software research and development, network security as an industry is no exception, the difference is that the research and development of this industry is to develop software related to network security business.

That being the case, the positions that are common to other industries also exist in the security industry, front-end, back-end, big data analysis, etc., that is, belong to the first classification above, and have little to do with the security business. Here we focus on the second type of R&D position that is closely related to the security business.

This classification can be divided into two subtypes:

Do safety product development, do prevention

Do security tool development, do attack

The products to be developed in the security industry mainly (but not limited to) are the following:

Firewall, IDS, IPS

WAF (Web Application Firewall)

Database gateway

NTA (Network Traffic Analysis)

SIEM (Security Incident Analysis Center, Situational Awareness)

Big data security analytics

EDR (Security Software on End Devices)

DLP (Data Leak Prevention)

Antivirus

Security detection sandbox

To sum up, most of the products developed by security are used to detect and defend against security attacks, involving the terminal side (PC computers, mobile phones, network equipment, etc.) and the network side.

The technologies used to develop these products are mainly based on C/C++, Java, and Python, and a small number of GoLang and Rust.

Security R&D positions, compared with the other two directions, the requirements for network security technology are lower (but relatively, the R&D of some products is not low on security skills), and even I have seen many companies that do not know anything about security. In this case, if you have an understanding of network security technology in addition to basic development skills, it will naturally be a plus when you interview for these positions.

In addition to the requirements of general development skills, security R&D positions can focus on the following technologies:

The above list is only the most directly related part, you need to know more security technology to better develop products, continue to read.

Binary safe

Binary security direction, which is one of the two major technical directions in the field of security.

This direction mainly involves software vulnerability mining, reverse engineering, virus Trojan analysis and other work, involving operating system kernel analysis, debugging and anti-debugging, anti-virus and other technologies. Because it is often dealing with binary data, binary security has been used over time to refer to this direction.

This direction is characterized by the need to endure loneliness.

Compared with security research and development, there can be real product output, nor as cool as the network penetration direction, which spends more time silently analyzing and researching.

Taking vulnerability mining as an example, it takes a lot of time just to learn a variety of attack methods. In this field, it can take months or even years to study a problem, which is by no means something that the average person can stick to. Not only that, you can succeed without hard work, but more on talent.

Like the heads of several security labs of Tencent, the well-known TK sect leader in the industry, Wu Shi and other figures, they have mastered the meaning of vulnerability mining, and have integrated this stunt, and can dream of new ways to play. However, such geniuses are too few to match.

If programmers are pressed, then binary security research is hard work.

If you still have the courage to enter this field after reading this, then the following things you need to learn:

Compared with safety research and development, this direction is not only more technically difficult, but also provides few companies that provide these positions, and are basically distributed in several first-tier cities in Beijing, Shanghai, Guangzhou and Shenzhen.

Network penetration

This direction is more in line with most people's cognition of "hackers", they can hack mobile phones, black computers, black websites, black servers, black intranets, and everything can be hacked.

Compared with the binary security direction, this direction is easier to get started at the beginning, master some basic technologies, and pick up a variety of ready-made tools to open the black.

However, in order to change from a script kid to a hacker god, the further you go in this direction, the more things you need to learn and master:

The direction of network penetration is more inclined to "actual combat", so there are higher requirements for the breadth of technology, from network hardware devices, network communication protocols, network services (web, mail, files, databases, etc.), to operating systems, attack methods, etc. need to be understood. It is more inclined to be an all-round computer expert, integrating various technologies for "actual combat".

The network penetration direction works in the following directions:

Security services, commonly known as Party B, this is the most important direction, providing security capability support for Party A's company, such as penetration testing, product security testing, etc.

Security capacity building, commonly known as Party A, domestic slightly larger companies have their own SRC (Security Emergency Response Center), that is, they have their own security team.

National Team: You know

Learning route

After the above three major technical directions, let's talk about how to get on the road? Here's my opinion.

We fall on the specific technical point, the network security learning route, the overall learning time is about half a year, depending on each person's situation.

If you refine the content to learn every week to this extent, you will still worry about whether you will learn and can't enter the door, in fact, in the final analysis, it is two months of learning, but it is all learning from the east, learning from the west, everything is shallow, not going deep, so there will be a feeling that after learning for 2 months, you can't enter the door.

1. Web Security Related Concepts (2 weeks)

• Familiar with basic concepts (SQL injection, upload, XSS, CSRF, one-sentence Trojan, etc.);
• Google/SecWiki via keywords (SQL injection, upload, XSS, CSRF, one-sentence trojans, etc.);
• Read "Mastery of Script Hacking", although it is very old and buggy, but it is still okay to get started;
• Watch some infiltration notes/videos to understand the whole process of infiltration in practice, you can Google (infiltration notes, infiltration process, invasion process, etc.);

2. Familiar with infiltration related tools (3 weeks)

• Familiar with AWVS, sqlmap, Burp, nessus, chopper, nmap, Appscan and other related tools;
• To understand the purpose and usage scenarios of such tools, first use the software name Google/SecWiki;
• Download the backdoor version of these software to install;
• Learn and use, specific textbooks can be searched on SecWiki, e.g. Brup's tutorials, sqlmap;
• These software to be commonly used have learned to install Sonic Start to make an infiltration toolbox;

3. Infiltration combat operation (5 weeks)

Master the entire stage of infiltration and be able to infiltrate small sites independently. Find the infiltration video online and think about the ideas and principles in it, keywords (infiltration, SQL injection video, file upload intrusion, database backup, dedecms exploit, etc.);

• Find your own site/build a test environment for testing, remember to hide yourself;
• Thinking penetration is mainly divided into several stages, and what work needs to be done at each stage;
• Research the types of SQL injection, injection principles, and manual injection techniques;
• Study the principle of file upload, how to perform truncation, double suffix spoofing (IIS, PHP), parsing exploits (IIS, Nignix, Apache), etc.;
• Research the principles and types of XSS formation, specific learning methods can be Google/SecWiki;
• Study the methods and specific use of Windows/Linux privileges;

4. Pay attention to the dynamics of the safety circle (1 week)

• Follow the latest vulnerabilities, security incidents and technical articles in the security circle;
• Browse daily security technical articles/events via SecWiki;
• Follow the practitioners of the security circle through Weibo/twitter (meet the attention of big bulls or the decisive attention of friends), and take time to brush up every day;
• Subscribe to domestic and foreign security technology blogs through feedly/fresh fruit (don't be limited to China, usually pay more attention to accumulation), if you don't have a feed, you can take a look at the aggregation column of SecWiki;
• Make it a habit to submit security technical articles to SecWiki every day for accumulation;
• Pay more attention to the latest vulnerability list, recommend a few: exploit-db, CVE Chinese library, Wooyun, etc., and practice when encountering public vulnerabilities.
• Pay attention to the topics or videos of domestic and international security conferences, and recommend SecWiki-Conference;

Familiar with Windows/Kali Linux (3 weeks)

• Learn basic Windows/Kali Linux commands and common tools;
• Familiar with common cmd commands under Windows, such as: ipconfig, nslookup, tracert, net, tasklist, taskkill
• Wait;
• Familiar with common commands under Linux, such as: ifconfig, ls, cp, mv, vi, wget, service, sudo, etc.;
• Familiar with the common tools under Kali Linux system, you can refer to SecWiki "Web Penetration Testing with Kali Linux", "Hacking with Kali", etc.;
• Familiar with metasploit tools, you can refer to SecWiki, "Metasploit Penetration Testing Guide";

6. Server security configuration (3 weeks)

• Learn the configuration of the server environment, and be able to find out the security problems of the configuration through thinking;
• IIS configuration in Windows 2003/2008 environment, pay special attention to configuration security and running permissions;
• The security configuration of LAMP in the Linux environment mainly considers running permissions, cross-directory, folder permissions, etc.;
• Remote system hardening, restricting username and password login, restricting ports through iptables;
• Configuration software Waf to strengthen system security, configure mod_security and other systems on the server;
• Conduct security detection of the configuration environment through Nessus software to discover unknown security threats.

7. Script programming learning (4 weeks)

• Choose one of the scripting languages Perl/Python/PHP/Go/Java to learn programming common libraries;
• Build a development environment and choose an IDE, PHP environment recommends Wamp and XAMPP, IDE strongly recommends Sublime;
• Python programming learning, learning content includes: syntax, regular, file, network, multi-threading and other common libraries, recommended "Python core programming", do not finish reading;
• Write the exp of the vulnerability in Python, then write a simple web crawler;
• PHP basic syntax to learn and write a simple blog system, see PHP and MySQL Programming (4th Edition), video;
• Familiarize yourself with the MVC architecture and try to learn a PHP framework or Python framework (optional);
• Understand the layout or CSS of Bootstrap;

8. Source code audit and vulnerability analysis (3 weeks)

• Independently analyze script source code and find security problems.
• Familiar with the dynamic and static methods of source code auditing, and know how to analyze the program;
• Look for vulnerabilities in open source programs on Wooyun and try to analyze them yourself;
• Understand the causes of web vulnerabilities, and then search and analyze them through keywords;
• Study the formation principle of web vulnerabilities and how to avoid such vulnerabilities from the source code level, and organize them into a checklist.

9. Safety system design and development (5 weeks)

• Can establish their own security system, and can put forward some security suggestions or system architecture.
• Develop some practical security gadgets and open source them to show personal strength;
• Establish your own security system and have some understanding and insights into the company's security;
• Propose or add architecture or development to large-scale security systems;

Here you can refer to the following growth roadmap:

I have also compiled some cybersecurity learning materials

Part of the content display

Video tutorials

Book materials

SRC Kit & HW Operation Cyber Protection

Interview question information

Source & installation package

If you need all of the above seeds, you can click: "Hacking & Cybersecurity Introduction & Advanced Learning Resource Pack" to get it for free

1. Many out-of-print e-books that can no longer be bought 2. Internal training materials of security manufacturers 3. A full set of toolkits 4. 100 src source code technical documents 5. Introduction to network security basics, Linux, web security, attack and defense videos 6. Emergency response notes 7. Network security learning route 8. Analysis of CTF flag capture competition 9. WEB security introduction notes

Finally, I have compiled a simple learning method for you to learn from:

1. Read more

Reading is always the most effective way, and although books are not necessarily the best way to get started, understanding books requires a certain foundation; But for now, books are a more reliable primer.

For example: "Hacker Attack and Defense--- Web Security Practical Explanation", "Web Front-end Hacking Technology Revealed", "Security Road: Web Penetration Technology and Practical Case Analysis (2nd Edition)"

Now there are more web security books, so everyone can take a lot less detours in the process of learning. If you have difficulty reading the above recommended books, look for web-safe books that you can read.

Of course, on paper, it is shallow, how can it be good if you don't practice it.

2. Learning of common tools

1.Burpsuite Learn Proxy Capture Pack Modification Learn Intruder Blasting Module Learn Practical Bapp App Store Plugins 2. Nmap uses Nmap to probe the port opened by the target hostUse Nmap to probe the network service of the target host, and determine its service name and version number3. SQLMap uses SQLMap to mine and exploit common vulnerability types for SQL injection vulnerabilities scanned in AWVS

3. Learning and development

1. Book "PHP in detail"

2. Practice using PHP to write a list of directories, you can list the list of any directory through parameters, use PHP to crawl the content of a web page and output, use PHP to crawl the content of a web page, write to the Mysql database, and then output.

You can also find a training course and study systematically.

summary

The above are some personal suggestions for friends who are new to cybersecurity, and finally there is a point to clarify:

The technologies in the different directions listed above are not strictly independent, on the contrary, they are often complementary and need to be combined and integrated.

Everyone's knowledge is limited, and I am no exception. This article is just my family's words, I suggest you read more people's summary and experience, horizontal comparison, both listening is clear, partial listening is dark.

The field of cybersecurity is like a towering tree with fruits, and there are countless onlookers standing underneath, all of whom claim to love cybersecurity and want to go up to the tree to pick fruit, but they hesitate and hesitate in the face of vine branches that hang down from time to time.

In fact, you can climb this tree by grabbing any vine branch. What most people lack is such a beginning.

If you need network security information, you can click: "Hacker & Network Security Introduction & Advanced Learning Resource Package" to share for free