Penetration testing is a very broad course. The first thing we need to do is to be proficient in a certain direction, and then we must also dabble in other aspects.
Most of the loopholes were discovered abroad.
1. Recommended research books:
Metasploit penetration testing guide "Kenny (industry classic) Zhuge Jianwei translation
"Metasloit penetration testing devil training camp" Zhuge Jianwei (domestic classic)
"Network Attack Technology and Practice" Zhuge Jianwei (Tsinghua University Network Security Course)
PDF e-book
"Metasploit Penetration Testing Guide" Kenny (industry classic)
"Metaslpoit Penetration Testing Devil Training Camp" Zhuge Jianwei (domestic classic) "Network Attack Technology and Practice" Zhuge Jianwei (Tsinghua University Network Security Course) Mindmanager Notes
" Metasploit penetration testing from entry to proficiency" Chen Xinjie PingingLab internal teaching version ③ PPT lecture notes
"Network Attack Technology and Practice" PPT (Tsinghua University Network Security Course)
Unauthorized penetration testing is a crime
2. Penetration testing
1. Penetration testing process:
①Before the attack (network checkpoint, network scan, network enumeration)
②During the attack (using vulnerability information for penetration attack and obtaining permissions)
③After the attack (post-penetration maintenance attack, file copy, Trojan horse implantation, trace erasure)
---------------------------------------process---------- -----------------------------------------
Early stage of interaction "Pre-Engagement Interaction)
Information Gathering
and Threat Modeling
Vulnerability Analysis Phase (Vulnerability Analysis)
Penetration Attack Stage (Exploitation)
Post Penetration Attack Stage (Post Exploitation)
Reporting phase (Reporting)
2. Penetration testing definition:
Penetration testing is a technology and method of simulating malicious attackers, defeating the security control measures of the target system,
obtaining access control rights, and discovering security risks with business impact consequences.
3. Penetration classification:
Black-box testing: The internal code structure of the original system under test is unknown. (Now it's more about doing black box testing)
White box testing: If the source code is open, auditors can test the source code.
Gray box testing: knowing part of the source code.
4. Penetration testing standards:
Some Defense Standards of Information Security
Defense Standard:
Attack standards: PTES penetration testing execution standards, web security threat classification standards,
NISP SP800-42 Network Security Testing Guide, oWASP Top Ten Web Application Security Threat Items
The lifecycle of a security vulnerability:
--Security Vulnerability Research and Mining--Penetration Code Development and Testing Closed Team Penetration Flow
Security loopholes and penetration codes proliferate
Malicious programs appear and spread
Penetration codes harm the Internet on a large scale
5. Penetration testing tools
BT5/Kail linux ("Arsenal" for information security personnel)
Environment construction:
Three virtual machines: ① BT5 is the attack machine, ② qin2 is the background server, ③ OWASP website server. ping each other
The server is placed in the DMZ (NAT) area, and the part of the company's intranet belongs to the inside area.
The entire environment has two networks:
A total of 5 virtual machines, set them
Collected learning routes & notes 
https://mp.weixin.qq.com/s/KQx_eIwdjCj3QdErxKb7ZQ