Penetration Testing (Pentesting) Resources

Introduction

Welcome to Penetration Testing Resources !

These are the penetration testing resources I’ve used, seen used by others, and believe can be really useful if you want to break into pentesting. Whether you’re testing for vulnerabilities, improving security, or learning ethical hacking, these books, tools, and courses will help you get started

---

Infrastructure PenTesting

Courses

1. eLearnsecurity (INE)
   • eJPT (Junior Penetration Tester)
   • eCPPT (Certified Professional Penetration Tester)
2. Offensive Security (Offsec)
   • OSCP (Offensive Security Certified Professional)
   • OSEP (Offensive Security Experienced Penetration Tester)
     • My OSEP Review
     • Used Resources for OSEP (OSEP_Prep)
3. Altered Security
   • Certified Red Team Professional (CRTP)
4. SANS
   • GIAC Penetration Tester (GPEN - SEC560)
   • GIAC Exploit Researcher and Advanced Penetration Tester (GXPN - SEC660)

Books

1. Penetration Testing: A Hands-On Introduction to Hacking
2. Mastering Kali Linux for Advanced Penetration Testing

Labs

1. HackTheBox (HTB)
2. TryHackMe (THM)
3. VulnHub
4. Offensive Security (Offsec) Proving Grounds

---

Web Applications PenTesting

Courses

1. eLearnsecurity (INE)
   • eWPT (Web Application Penetration Tester)
   • eWAPTx (Web Application Penetration Tester eXtreme)
   • The Hacker Playbook: Practical Guide To Penetration Testing (3 Books)
   • Rtfm: Red Team Field Manual

Books

1. The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws

Labs

1. HackTheBox (HTB)
2. TryHackMe (THM)

---

Cheat-Sheet

Protocols

1. SMB (Server Message Block) Pentesting - 445,139/TCP
2. LDAP (Lightweight Directory Access Protocol) Pentesting - 389, 636, 3268, 3269/TCP
3. Kerberos Pentesting - 88/TCP

Privilege Escalation

Windows

1. Dumping Windows Password Hashes
2. Windows PrivEsc with SeBackupPrivilege