Understanding the basics of how to attack is important for any security professional. Specializing in it is required for penetration testers. THIS SECTION IS OUT OF DATE AND NEEDS UPDATED.
Active Directory Security – http://adsecurity.org/ Active Directory offensive and defensive resources.
Exploit Writing Fuzzy Security – http://www.fuzzysecurity.com/tutorials/expDev/1.html – Exploit writing tutorial by Fuzzy Security.
Exploit Writing Tutorial Part 1 – https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/ – Exploit writing tutorial by Corelan Team.
High On Coffee Blog – https://highon.coffee/ – Great cheatsheets and tips for common open source security tools.
Iron Geek – http://www.irongeek.com/ Source for conference videos and more.
Offensive Security’s Metasploit Unleashed – https://www.offensive-security.com/metasploit-unleashed/ – Good free course for learning to use Metasploit.
Securitytube.net – http://www.securitytube.net/ Great site for a range of free hacking how-to videos.
Vulnhub – https://www.vulnhub.com/ Download pre-made vulnerable virtual machines to practice on.
Standards and Methodologies
OWASP – https://www.owasp.org/index.php/Web_Application_Penetration_Testing OWASP provides a penetration testing methodology for web applications at no cost.
The Penetration Testing Execution Standard – http://www.pentest-standard.org/index.php/Main_Page Fairly in-depth methodology for performing penetration tests.