Red Team Penetration Testing Training Areas

SUBMITTED BY: DevilDawg

DATE: July 27, 2021, 9:33 p.m.

UPDATED: July 27, 2021, 9:35 p.m.

FORMAT: Text only

SIZE: 10.5 kB

History Raw Download

HITS: 1055

Report
  1. I am writing this thread for the people that is interested in Red Team and Pen-Testing. These are some of the sites I read to further my education and people I follow on youtube and twitch.
  3. https://itsfoss.com/best-kali-linux-tools/ (Links to an external site.) Kali tools to learn
  5. https://hkh4cks.com/blog/2018/01/22/common-enumeration-tools/ (Links to an external site.) enumeration tools and arguments
  7. http://dfir.org/?q=node/8 (Links to an external site.) Recommended books to read , many topics to choose from
  9. https://www.aditiconsulting.com/11-important-interview-questions-for-network-penetration-testers/ (Links to an external site.) important interview questions
  11. https://www.edureka.co/blog/interview-questions/cybersecurity-interview-questions/ (Links to an external site.) interview questions
  13. https://resources.infosecinstitute.com/top-30-penetration-tester-pentester-interview-questions-and-answers-for-2019/#gref (Links to an external site.) and more interview questions
  15. https://thehackermaker.com/learning-resources/ (Links to an external site.) some training websites and books to read
  17. https://www.hackingtutorials.org/ (Links to an external site.) tutorials to watch and learn
  19. http://www.xss-game.appspot.com/level1 (Links to an external site.) test your XSS skills here
  21. https://netsec.ws/?p=309 (Links to an external site.)Linux Privilege Escalation Scripts
  23. https://www.upwork.com/search/profiles/?nbs=1&q=pen-testing (Links to an external site.) once you get some mad skills, you can sell yourself here and build up your resume in the process.
  25. https://netsec.ws/?p=331 (Links to an external site.) Creating Metasploit Payloads
  27. https://www.instagram.com/648hrk/ (Links to an external site.) this guy always has some crazy videos to learn from
  29. https://hackingsecuritytools.blogspot.com/2019/05/cross-site-scripting-xss-complete-tutorial-guide.html (Links to an external site.) XSS training guide
  31. http://breakthesecurity.cysecurity.org/category/hacking-tutorials (Links to an external site.) hacking tutorials
  33. http://breakthesecurity.cysecurity.org/2010/12/hacking-website-using-sql-injection-step-by-step-guide.html (Links to an external site.) SQL injection training guide
  35. https://ired.team/offensive-security-experiments/offensive-security-cheetsheets/sql-injection-xss-playground (Links to an external site.) SQLInjection and XSS Playground, click the links on the left side of the page to get more articles to learn from
  37. https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/ (Links to an external site.) Basic Linux Priv ESC
  39. http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet (Links to an external site.) Reverse Shell Cheatsheet
  41. https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/ (Links to an external site.) Windows Priv ESC methods for pen testers
  43. https://www.jb51.net/tools/xss.htm (Links to an external site.) XSS Cheat Sheet
  45. https://nmap.org/nsedoc/categories/vuln.html (Links to an external site.) Nmap Scripts and explanation
  47. https://www.vulnhub.com/resources/ (Links to an external site.) training sites, books, VPNs, and more
  49. https://docs.google.com/spreadsheets/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/htmlview# (Links to an external site.) planning on taking the OSCP ? these boxes from HTB are very similar
  51. https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/ (Links to an external site.)
  53. https://www.hackingarticles.in/penetration-testing/ (Links to an external site.) Raj Chandels blog has so much free information to give. There is a wealth of knowledge just on this website, no need to go anywhere else really. Make sure you go threw the 4 tabs: CTF Challenges; Web Penetration Testing; Red Teaming; Penetration Testing
  55. Paid web sites I use:
  57. https://www.elearnsecurity.com/# (Links to an external site.) this web site has certifications to prep you for your pen testing career. I would use this site before attempting to take the OSCP. The OSCP is the golden ticket to get you past the HR department, but there is more knowledge in the eLearning training.
  59. https://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/ (Links to an external site.) OSCP is the golden ticket to get your application looked at. This is by means no easy test, but you can do it if you put the time in. There are plenty of write ups about this 24hr exam , you will just have to comb the web to find them. This is a entry level certification, but first lets get you some training to prep for this and your future career.
  61. https://overthewire.org/wargames/ (Links to an external site.) Start off with Bandit , this site will train you and help you succeed as a pen tester. There is many levels to each game and as you go from one level to the next it gets harder. Train and learn what they have to offer. Stuck ? youtube is your best friend
  63. https://www.hackthebox.eu/ (Links to an external site.) you think you are ready to test your mad skills ? you can either pay the $12 dollars a month for all the retired boxes or you hack into there server and get your invite code. I will give you one tid bit of advice........... Once you get your Base64 code decrypted you will need to refresh your HTB screen or as I did opened 2 HTB windows and put the Base 64 code into the new, fresh window.
  65. Ok Now onto YouTube people I follow or some that I follow:
  67. https://www.youtube.com/user/elithecomputerguy/videos (Links to an external site.) Eli the computer Guy, a lot of great training videos
  69. https://www.youtube.com/user/NetworkChuck/videos?pbjreload=10 (Links to an external site.) CCNA guru
  71. https://www.youtube.com/user/professormesser/videos (Links to an external site.) Professor Messer cant say enough about this gentleman, he also has free monthly live training classes for Sec+, and A+ just go to his website and join in for free. This is your goto guy for comptia training
  73. https://www.youtube.com/user/ConfigTerm/videos (Links to an external site.) David Bombal - Cisco Guru among other things
  75. https://www.youtube.com/user/Ceophreak/videos (Links to an external site.) CEOS3C Linux training and application training
  77. https://www.youtube.com/channel/UCgTNupxATBfWmfehv21ym-g/videos (Links to an external site.) Null Byte some interesting training videos for the pen tester
  79. https://www.youtube.com/channel/UCPeJcqbi8v46Adk59plaaXg (Links to an external site.) Burp training for the Web APP Pen Testing
  81. https://www.youtube.com/channel/UC0ZTPkdxlAKf-V33tqXwi3Q/videos (Links to an external site.) Hackersploit great training videos for hackers
  83. https://www.youtube.com/user/zaidsabeeh/videos (Links to an external site.) Zaid great instructor and has great videos
  85. https://www.youtube.com/user/cristivlad25/videos (Links to an external site.) Cristi has a lot of great videos for the Pen tester, and he is always adding new videos weekly. Add him on Linkedin
  87. https://www.youtube.com/user/saintdrug/videos (Links to an external site.) Black Hat Ethical Hacking , great videos for applications you will use during hacking
  89. https://www.youtube.com/channel/UC31jVeFdiPWsxMRqhXapRGQ/videos (Links to an external site.) Injection, this guy was coding for a long time before he started hacking, he is a little hard to follow sometimes, but you can learn from his videos
  91. https://www.youtube.com/channel/UCCZDt7MuC3Hzs6IH4xODLBw/videos (Links to an external site.) Nahamsec has videos for the hacker
  93. https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA/videos (Links to an external site.) IppSec , this guy is great, great videos, you can learn a lot from this guy if you are pursuing ethical hacking or pen testing. Add him on Linkedin
  97. Ok if you have not heard of Bug Bounty Hunting you are falling behind. Bug Bounty is where you testing company programs to find vulnerabilities before it hits the market. You may or may not know when coders are given a project they do not have a lot of time to implement security functions. So now companies send there software to bug bounty hunters and you try to hack it. If you find a vulnerability, you write it up and submit it and get paid $$$$$. There was one guy that made his first million within 2 years of bug hunting. There is a picture online where 6 people is standing together where they all have earned a million plus due to bug hunting. The main one I follow is Bugcrowd.
  99. https://www.youtube.com/channel/UCo1NHk_bgbAbDBc4JinrXww/videos (Links to an external site.) they walk you threw and answer a lot of questions on there training videos
  101. https://www.youtube.com/channel/UCQN2DsjnYH60SFBIA6IkNwg/videos (Links to an external site.) STOK , this guy here, Jeff Spicoli from fast times at ridgemont high made over. he reminds me of him so much it is just to funny. But STOK makes a career on Bug Hunting and has gotten paid a lot of money.
  103. https://www.synack.com/red-team/ (Links to an external site.) Once you think you have mad skills in either hacking or bug hunting apply to this corporation and excel in your career. These are top notch people in the game
  107. Ok I have saved the best for last. The Cyber Mentor . He has a ton of great training videos to learn from including Buffer over Flows, Linux for ethical hackers, to pen testing for noobs and zero to hero. He also has free live classes on twitch every wed night at 8pm Eastern. The last free training he was doing is Web APP Pen Testing. This is something you might think about studying on now. I would say 99.9% of businesses has a web page, so the need of web app pen testing will explode within time. Get a head of the power curve. If you are new to the game start with Pen Testing for Noobs , he will hold your hand and walk you threw each stage of the hacking methodology. Next I would go with Zero-to-Hero training videos. Should be 16 of them and finally Web App pen testing. This guy is the greatest, he will talk with you and answer all your questions about anything you can think of. Add him on Linkedin, twitch, and twitter. Go to his website and subscribe to his emails, you will get texts when he goes live. He will either has a live class like Active Directory hacking, or who knows what or he might just be playing Overwatch and answer your questions for the 2 or so hours.
  109. https://www.youtube.com/channel/UC0ArlFuFYMpEewyRBzdLHiw/videos
comments powered by Disqus