java渗透_Java开发和渗透测试该选哪一个？

1.学习如何使用搜索引擎

2.养成阅读计算机学术论文的习惯。

3.彻底吃透计算机组成原理。

4.吃透嵌入式这门课程

5.吃透Linux所有代码

6.吃透信号与系统等等电子信息相关知识，芯片网络两手抓。

7.熟练使用C，汇编，Python,PHP, 知道他们的运行原理，编译原理，知道各种可执行文件的格式，链接原理，要熟练做到看一行代码，就能知道系统调用了什么资源，内存是怎么分布的，用了什么数据结构，反编译出来是啥样的，等等，从本质上了解各种意义上的shell是怎么回事，知道各种漏洞的本质。

8.再次系统了解整个网络协议系统，要吃的透透的。

9.各种数据库要拿来就用，深入了解他们的算法以及原理。

10.阅读各种网络架构代码，各种web相关的开源代码，搞懂原理，其实到了这里自己就知道自己要做什么了。

上面讲的是对于系统学的建议

如果你是小白

直接实战是最好的方法

因为这样能快速提高水平

理论和实际差距是特别大的

简单分享到这里，感兴趣的可以来找我拿一些这方面的干货资料

参考下图找我交流

let exec_throw stk pre_state (block : Llair.block) exc =

let func = block.parent in

[%Trace.call fun {pf} -> pf "from %a" Llair.Reg.pp func.name.reg]

;

let unwind formals scope from_call state =

Dom.retn formals (Some func.fthrow) from_call

(Dom.post scope from_call state)

in

( match Stack.pop_throw stk ~unwind ~init:pre_state with

| Some (from_call, retn_site, stk, unwind_state) ->

let fthrow = func.fthrow in

let exit_state =

Dom.exec_move unwind_state (IArray.of_ (fthrow, exc))

in

let post_state = Dom.post func.locals from_call exit_state in

let retn_state =

Dom.retn func.formals func.freturn from_call post_state

in

exec_jump stk retn_state block retn_site

| None -> Work.skip )

|>

[%Trace.retn fun {pf} _ -> pf ""]

let exec_skip_func :

Stack.t

-> Dom.t

-> Llair.block

-> Llair.Reg.t option

-> Llair.jump

-> Work.x =

fun stk state block areturn return ->

Report.unknown_call block.term ;

let state = Option.fold ~f:Dom.exec_kill ~init:state areturn in

exec_jump stk state block return

let exec_term :

exec_opts

-> Llair.program

-> Stack.t

-> Dom.t

-> Llair.block

-> Work.x =

fun opts pgm stk state block ->

"@[<2>exec term@\n@[%a@]@\n%a@]" Dom.pp state Llair.Term.pp block.term] ;

match block.term with

| Switch {key; tbl; els} ->

IArray.fold tbl

~f:(fun x (case, jump) ->

match Dom.exec_assume state (Llair.Exp.eq key case) with

| Some state -> exec_jump stk state block jump |> Work.seq x

| None -> x )

~init:

( match

Dom.exec_assume state

(IArray.fold tbl ~init:Llair.Exp.true_

~f:(fun b (case, _) ->

Llair.Exp.and_ (Llair.Exp.dq key case) b ))

with

| Some state -> exec_jump stk state block els

| None -> Work.skip )

| Iswitch {ptr; tbl} ->

IArray.fold tbl ~init:Work.skip ~f:(fun x (jump : Llair.jump) ->

match

Dom.exec_assume state

(Llair.Exp.eq ptr

(Llair.Exp.label

~parent:(Llair.Reg.name jump.dst.parent.name.reg)

~name:jump.dst.lbl))

with

| Some state -> exec_jump stk state block jump |> Work.seq x

| None -> x )

| Call ({callee; actuals; areturn; return} as call) -> (

let lookup name =

Option.to_list (Llair.Func.find pgm.functions name)

in

let callees, state = Dom.resolve_callee lookup callee state in

match callees with

| [] -> exec_skip_func stk state block areturn return

| callees ->

List.fold callees ~init:Work.skip ~f:(fun x callee ->

( match

Dom.exec_intrinsic ~skip_throw:opts.skip_throw state

areturn callee.name.reg actuals

with

| Some None ->

Report.invalid_access_term

(Dom.report_fmt_thunk state)

block.term ;

Work.skip

| Some (Some state) when Dom.is_false state -> Work.skip

| Some (Some state) -> exec_jump stk state block return

| None when Llair.Func.is_undefined callee ->

exec_skip_func stk state block areturn return

| None ->

exec_call opts stk state block {call with callee}

(Domain_used_globals.by_function opts.globals

callee.name.reg) )

|> Work.seq x ) )

| Return {exp} -> exec_return ~opts stk state block exp

| Throw {exc} ->

if opts.skip_throw then Work.skip

else exec_throw stk state block exc

| Unreachable -> Work.skip