Understanding the basics of how to attack is important for any security professional. Specializing in it is required for penetration testers.
Active Directory Security – http://adsecurity.org/ Active Directory offensive and defensive resources.
Exploit Writing Fuzzy Security – http://www.fuzzysecurity.com/tutorials/expDev/1.html – Exploit writing tutorial by Fuzzy Security.
Exploit Writing Tutorial Part 1 – https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/ – Exploit writing tutorial by Corelan Team.
High On Coffee Blog – https://highon.coffee/ – Great cheatsheets and tips for common open source security tools.
Iron Geek – http://www.irongeek.com/ Source for conference videos and more.
Offensive Security’s Metasploit Unleashed – https://www.offensive-security.com/metasploit-unleashed/ – Good free course for learning to use Metasploit.
Securitytube.net – http://www.securitytube.net/ Great site for a range of free hacking how-to videos.
Vulnhub – https://www.vulnhub.com/ Download pre-made vulnerable virtual machines to practice on.
Standards and Methodologies
OWASP – https://www.owasp.org/index.php/Web_Application_Penetration_Testing OWASP provides a penetration testing methodology for web applications at no cost.
The Penetration Testing Execution Standard – http://www.pentest-standard.org/index.php/Main_Page Fairly in-depth methodology for performing penetration tests.