Shulou(Shulou.com)06/01 Report--

How to become a HACK god from scratch? In view of this problem, today the editor summarizes this article about HACK, hoping to help more friends who want to solve this problem to find a more simple and feasible way.

First of all, let me classify the popular science.

(all on the rookie basis, will write a form word on the line.)

Level 1; script boy; difficulty: none, up to part of the level of HACK News (one penny to buy iphone, hack the goddess photos on the alma mater's official website, etc.)

Level 2; network security engineer; difficulty: low, can rely on technology employment, when a good salary of white-collar workers, but the threshold will be higher and higher.

Level 3; laboratory researcher; difficulty: proficient in at least one field, excellent audit experience, script, POC, binary related knowledge.

Level 4; safety level; difficulty: high, a certain field of knowledge points through and have their own understanding achievements. One person can support all the demand trees of a function of APT. (in fact, this has something to do with experience # time, and difficulty has nothing to do with talent.)

So, if you just want to get started and want to learn some skills, you can do it no matter how poor your foundation is.

For those who find it difficult to get started, I'm afraid most of them are hot in three minutes.

So how to get to the appropriate level from the entry level?

In stage 1, the skill points of script boys are mainly in the use of HACK tools.

So you just need to take the time to learn about OWASP TOP 10 and learn about mainstream scanners, tools, and how to use them. It is not difficult to learn all this in only six classes in our open class.

Stage 2, when you want to get a job in this way, you need to understand the current situation of the industry.

For example, what is the job of a popular network security engineer these days? After all, creating value for the company is fundamental to maintaining the relationship between the employee and the company.

You will find that it is the resident operation and maintenance or that carries out HACK testing on the customer asset system.

At this time, the level of the first stage is no longer competent, because Party A has money and can pile up basic security precautions by relying on WAF firewalls.

Therefore, at this time, we need to lay the foundation and systematically learn the content of HACK.

What's the content? The use and principle of all mainstream HACK methods and * HACK techniques.

At this stage, it is very important to find the right education platform.

Because almost all "safety education and training" institutions stay in simple CTF, or blindly pursue the latest loophole targets, but the awareness of how to do "HACK systematic education" (that is, how to design teaching, curriculum research) is actually very lacking.

And there are too many private teams and platforms in every period, but according to the long-term observation of our team support program, their behavior is more like being a community than education itself.

Zero basic how to learn HACK, network security:

First, understand the principle of the system, web function system to understand

Introduction to front-end code and back-end programming

Third, learn the principle of mainstream security skills & using

Learn to make use of mainstream loopholes

Fifth, master loophole mining ideas and skills

Finally, two misunderstandings of self-study are mentioned.

1. The misunderstanding of self-study based on programming.

Behavior: learn from programming, front-end and back-end, communication protocols, everything

Disadvantages: it takes too long and there is not much key knowledge available after the actual transition to security.

Many knowledge of security functions and even nouns do not understand unserialize outfile

2. Misunderstandings of self-study in the direction of * skills and interests:

Behavior: frantically search for security tutorials, join a variety of small circles, go down every resource, watch every video, as long as it is HACK-related.

Disadvantages: even after considering the quality of resources, the knowledge points that can be learned are also very scattered and highly repetitive.

The code is not understood, the explanation is not understood, and a little knowledge occurs from time to time.

After spending a lot of time to understand, I found that the content of this video is actually the same as other knowledge points I watch.

So what do we do?

Taken together, HACK skills are interested first and the foundation is later. If you have mastered the skills and found that the principle is not clear, add the relevant basic knowledge immediately.

We have planned a systematic learning system based on zero-based → HACK bigwigs.

The first step for a novice with zero foundation should be:

Understanding of the communication principle between the front and back end of Web and the server

(the front and back end refers to H5, JS, PHP, SQL, and the server refers to WinServer, Nginx, Apache, etc.)

The second step: the principle and utilization of current mainstream loopholes

At this time, we should learn the principle and utilization of mainstream vulnerabilities such as SQL, XSS, CSRF and so on.

The third step: the excavation of current mainstream loopholes and audit reproduction.

Learn the idea of 0day dug by our predecessors, and repeat it, try the same audit.

These three-step learning methods are enough for beginners to become small.

What are the specific learning steps for each stage?

The first step is to set up the environment.

One-click phpstudy or lnmp is not in a hurry to use, first manually match, for the correlation of configuration files, you can well understand the supply chain, operating mechanism and working principle of various parts and gears in Web.

The second step is to learn from actual combat.

When you get to the skill level, you have to go to actual combat. Of course, you can't go black directly. If you don't authorize it, you will break the law.

But it is not recommended to do CTF, frankly speaking, the current CTF is rarely suitable for beginners to learn.

Because the topic is basically not close to the actual combat, the logical structure is not reasonable, and nine times out of ten, the problem makers are students, and there is no significance from education, just competition and competition.

What are we going to do? Do not allow actual combat and do not recommend doing CTF.

At this time, it is necessary to choose a suitable shooting range for practice.

At present, although there are only a few official shooting ranges, civil society and open source ones are everywhere.

Look for a shooting range with "systematization" like SQLI-LAB for practice and actual combat.

Second, five steps, SRC.

At this time, we will conduct the actual combat of SRC, dig the real station and hand in the loopholes. Verify the ability to exploit vulnerabilities.

SRC and CNVD are also good additions to your resume.

The third step is to learn from technology sharing posts (vulnerability mining types).

Watch and learn all the 0DAY mining posts in the past ten years, and then build an environment to reproduce loopholes, to think and learn the author's hole-digging thinking.

This is the end of the HACK learning advice. I hope the above content can be helpful to you and learn more knowledge. If you like this article, you might as well share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.