Analysis of penetration test learning and actual combat stage

Initial contact stage

Many little partners who have just come into contact with the penetration testing industry when you walk out of the gate of the College , Sometimes I feel very confused , I don't know the plan for the future after learning penetration testing .

According to my analysis for many years , Come up with a set of my own ideas and opinions .

The first step is , Of course, first learn the basic knowledge of penetration testing .

The second step , It belongs to the advanced stage , Constantly summarize what content of penetration testing in the process of the project is the most helpful to us through actual combat .

The third step , Constantly learn from the practical experience of our predecessors , Thus, it can be flexibly applied to actual combat .

Step four , Analyze simply , Technical expertise , Go back to the source .

Step five , Mining and analyzing the most primitive elements , Discover the latest 0day Loophole .

I think the cognitive level should also be constantly improved , The cognitive side represents your height , Knowledge represents the current height .

Learning penetration testing must have their own ideas , Just like setting goals , What to do first, then what to do , Don't mess up the rhythm .

Here is a share of my learning and practical experience .

I am a rookie with dreams ,

The first stage , Of course, it is to understand the market of the network security industry , And development trend 、 The work done .

The second stage , So I began to look for ways to learn , Method , Ask Baidu if you don't understand , Baidu has also given me many methods of predecessors . So we choose the learning method that suits us to start learning .

I just started to learn PHP programing language , Secondly, I revisited MySQL database , Then learn how to collect information , Then learn about loopholes , Basic loopholes .

The third stage , It is to apply knowledge to actual combat , This stage is a small breakthrough stage , At first, I was digging some unprotected sites , Put the knowledge learned on the real website , So I chose src, Digging holes in actual combat is a stage of the formation of self thinking , Every penetration testing engineer should have his own ideas and methods of vulnerability mining , Bring everyone together , What is digested is what belongs to you .

Goals matter , In the actual combat stage, I plan to be on the list at least , So I studied some methods of vulnerability fast mining .

The fourth stage , It is the extension stage , Continue to expand the scope of our possible attacks , Or the way of defense .

Whatever it is , It is helpful for our attack , This will let us know how the target defends , In order to make better use of countermeasures . To achieve our goal of attacking target vulnerabilities .

The fifth stage , Analyze the origin of the vulnerability , Learn reverse thinking , No killing thought , Penetration testing technology , Programming technology , Network knowledge , Development integration and other knowledge , Think about what kind of problems it will produce , Try to explore new bug.

Maybe the idea is like this , After that, I will continue to publish my technical articles , Welcome to Europe ！