[TOC]
这是我阅读tryhackme文章的一个记录项目(英文),偶尔有几篇谷歌翻译的文章,我仅仅稍润色了一下。
目前我正在翻译所阅览的文章,并不保证原文一样,但是尽量做到不曲解原意。
目录编写规则:主模块名为二级目录,主模块下的一级模块为三级目录。
这一部分针对完全零基础的网安入门者,告诉大家从什么地方开始学起、学习网安之前需要学习什么前置知识。学习这个模块完全不需要任何前置知识!
这一部分说明什么是进攻性安全,什么是防御性安全。同时介绍了一下网络安全中的职业分布。
- Intro to Offensive Security
- Intro to Defensive Security
许多服务器和安全工具都使用linux操作系统。网络安全中的重要技能之一就是能熟练使用linux。
这个模块可以让我们切身体验一下Windows操作系统及其安全控制机制。在这个模块中学习到的Windows基础知识能够帮助我们识别、利用和保护Windows操作系统。
- Windows Fundamentals 1
Web 基础旨在教会我们如何攻击web应用程序。为了成功地对web应用程序进行攻击和漏洞利用,我们需要理解web应用是如何工作的。
第一节的内容主要阐述了web的工作原理。
第二节主要阐述如何使用安全工具和目标进行交互。
第三节涵盖了如今web应用程序中所发现的大部分漏洞,我们可以上手实操一下对这些漏洞进行利用的过程。🤭
最后一节是实操环节,对前面所学进行实践。
The aim of this path is to teach you how to attack web applications. To successfully attack and exploit web applications, you need to understand how they work. The first section (Web Fundamentals) will give you all the pre-requisite knowledge on this.
The second section (Security Tools) focuses on learning how to use Industry Standard tooling to interact with your targets.
The third section (Vulnerabilities) covers various vulnerabilities found in web applications today. This section will go over root causes of these vulnerabilities and give you hands on experience on exploiting them.
The final section (Practise Makes Perfect) will help you apply what you've learnt in previous sections.
After completing this path, you should be able to:
- understand how web applications work
- utilise industry standard tooling when attacking web applications
- explain and exploit common web vulnerabilities
- apply this knowledge to other targets (be it within an interview or a professional web applications security assessment)
You need a basic understanding of how web applications work to complete this pathway. If you do not already have these prerequisites, complete the Pre-Security Pathway.
网络防御路径旨在给出一个检测和响应威胁需要查看的不同区域的宽泛的简介。 The Cyber Defense path aims to give a broad introduction to the different areas necessary to detect and respond to threats. This path will be looking at the following areas:
- Getting Started
- Threat and Vulnerability Management
- Security Operations and Monitoring
- Threat Emulation
- Incident Response & Forensics
- Malware Analysis and Reverse Engineering
Once you complete this path, you should have the fundamental components of detecting and responding to threats in a corporate environment and using these core concepts to build your understanding of more complex topics within this field.
Note: This pathway is still under development and more rooms will be added as they become available.
You need a basic understanding of fundamental computing principles and a broad understanding of the different areas of cyber security to complete this pathway. If you do not already have these prerequisites, complete the Pre-Security Pathway and Intro To Cyber Security Pathway.
- Tutorial
- Introductory Networking
- Network Services