Pentesting Informational Resources

Understanding the basics of how to attack is important for any security professional. Specializing in it is required for penetration testers.

Learning Resources

Active Directory Security – http://adsecurity.org/ Active Directory offensive and defensive resources.

Exploit Writing Fuzzy Security – http://www.fuzzysecurity.com/tutorials/expDev/1.html – Exploit writing tutorial by Fuzzy Security.

Exploit Writing Tutorial Part 1 – https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/ – Exploit writing tutorial by Corelan Team.

High On Coffee Blog – https://highon.coffee/ – Great cheatsheets and tips for common open source security tools.

Intelligence Gathering 

Iron Geek – http://www.irongeek.com/ Source for conference videos and more.

Offensive Security’s Metasploit Unleashed – https://www.offensive-security.com/metasploit-unleashed/ – Good free course for learning to use Metasploit.

Securitytube.nethttp://www.securitytube.net/ Great site for a range of free hacking how-to videos.

Vulnhubhttps://www.vulnhub.com/ Download pre-made vulnerable virtual machines to practice on.

Standards and Methodologies

OWASP – https://www.owasp.org/index.php/Web_Application_Penetration_Testing OWASP provides a penetration testing methodology for web applications at no cost.

The Penetration Testing Execution Standard – http://www.pentest-standard.org/index.php/Main_Page Fairly in-depth methodology for performing penetration tests.