Created a Github page with useful materials for those who want to start to learn pentesting/hacking. GitHub - creotiv/start-learn-pentesting-red-team !!! Always do all work from VM or dedicated machine for that, remember that all tools that you install may have some malware(mostly not but the risk exists). 
So you should prevent access to your real machine. Also dont forget to use VPN, even when using training VM from hackthebox (because you will be sharing same network with many people) BOOKS & ARTICLES — Course for beginners https://www.youtube.com/watch?v=WnN6dbos5u8&ab_channel=TheCyberMentor Staring Point course from https://www.hackthebox.com/ — How to pawn Juice Shop guide https://pwning.owasp-juice.shop/ — many tutorials and howtos https://book.hacktricks.xyz/ — exsploits & reverse engineering course https://guyinatuxedo.github.io/index.html — buffer overflow for beginers https://medium.com/purple-team/buffer-overflow-c36dd9f2be6f — buffer overflow, how to pass ASLR & PIE & NO-STACK-EXECUTION protection https://medium.com/cyber-unbound/buffer-overflows-ret2libc-ret2plt-and-rop-e2695c103c4c — OWASP testing checklist. Help to not forget something https://github.com/tanprathan/OWASP-Testing-Checklist — OWASP testing guide for checklist above ^ https://owasp.org/www-project-web-security-testing-guide/v41/ TOOLS — VM player to run Kali https://www.vmware.com/products/workstation-player.html — Kali linux for pentesters. Base Tool https://www.kali.org/ — web site vulnerability scanner. https://github.com/sullo/nikto — wordpress vulnrability scanner. https://wpscan.com/wordpress-security-scanner — NMAP port, script, vulnerability scanner. Base tool https://www.kali.org/tools/nmap/ — Login cracker for different protocols https://www.kali.org/tools/hydra/ — Dir,Subdomains enumerator for websites https://www.kali.org/tools/gobuster/ — Pentesting framework. Base Tool https://www.metasploit.com/ — Privilege escalation for Win. Base Tool https://github.com/carlospolop/PEASS-ng/tree/master/winPEAS — Privilege escalation for Linux. Base Tool https://github.com/carlospolop/PEASS-ng/tree/master/linPEAS — console debugger https://www.kali.org/tools/gdb/ — edb debugger with ui https://www.kali.org/tools/edb-debugger/ SERVICES Data arvesting — find emails on domain https://hunter.io/ — find if email was leaked https://haveibeenpwned.com/ — subdomain search https://crt.sh/ — technology stack info https://builtwith.com/ — servers search engine https://search.censys.io/ — servers search engine https://www.shodan.io/ DATA LEAKS — how passwords changes with time + 1.4B email:pass https://github.com/philipperemy/tensorflow-1.4-billion-password-analysis TRAINING — Platform with VMs that you can try to hack https://www.hackthebox.com/ — training site https://tryhackme.com/ — Training app for web pentesters https://github.com/juice-shop/juice-shop — excercices for hackers (not free) https://pentesterlab.com/ EXPLOIT DBs https://exploit-db.com https://www.seebug.org/ WORDLISTS — many different https://github.com/danielmiessler/SecLists/ — SQL inj payloads https://github.com/payloadbox/sql-injection-payload-list — web payloads https://github.com/foospidy/payloads

YouTube

How to Make a Linux Kernel with Nasm, Go Binary, Mini Linux

Code A Full Node for A Proof Of Work Blockchain - From Scratch

Read My Stories

Nominated for 2022 - HackerNoon Contributor of the Year - Linux

Too Long; Didn't Read

Boost your HackerNoon story @ $159.99! 🚀

Learn Pentesting/Hacking - The Red Team

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Untitled Story

Code A Full Node for A Proof Of Work Blockchain - From Scratch

Windows Sticky Keys Exploit: The War Veteran That Never Dies

Binary Exploitation ELI5– Part 1

Critical Security Update: Coinbase Security Team Discovers Zero-Day Exploit in Firefox

Crypto Security: How To Protect Your Project From Hacking

Code A Full Node for A Proof Of Work Blockchain - From Scratch

Windows Sticky Keys Exploit: The War Veteran That Never Dies

Binary Exploitation ELI5– Part 1

Critical Security Update: Coinbase Security Team Discovers Zero-Day Exploit in Firefox

Crypto Security: How To Protect Your Project From Hacking

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps