m0rn1ngstr

m0rn1ngstr

Penetration Tester. CTF Player

Penetration Testing: Learning Resources

2 minute read

Hello, friends.

I created this post to collect all resources I used or currently use to advance in my career as a penetration tester. I hope that you will find this list helpful.

Furthermore, I subdivided content into several categories to help people who are completely new to IT and to people with background.

Note: I will update this list as I will find something new.

Basics (IT + Cybersec)

  • Pre Security – TryHackMe room, covering basics with fun exercises. Can be a start point if you are completely new to this. I also have a separate article on this learning path, check it out

  • Google IT Support – Certification on Coursera by Google, including courses on Networks, Operating Systems, Administration, and Security. Enjoyed the good production of videos.

  • Security+ course – I used Professor Messer’s videos as supplementary resources to pass my CompTIA Security+ exam. This course gives you the basics of Cybersecurity, which will be helpful in your future specialization in security or IT in general.

Pentest (beginner)

  • The Cyber Mentor YouTube channel or TCM academy – If you want to start in pentesting, you should definitely check out the Practical Ethical Hacking course, because it is one of the best online courses I came across. It covers all basics and Heath’s teaching method is really great. I had also taken his two courses about Privesc when I was preparing for my OSCP.

  • InsiderPhD – I truly enjoy Katie’s content on web hacking. Now I use some tricks I learned in her videos in my web assessments.

  • John Hammond – just chef’s kiss

  • IppSec – Great insights on HackTheBox machines. I love watching walkthroughs on machines that I rooted to find out what are alternative ways or what I can do better in the future.

Hands-on labs:

  • TryHackMe – I recommend you start with this platform. It has rooms with learning materials and whole learning paths. After you gain some experience you can try out challenges without walkthroughs.

  • HackTheBox – When you feel like you want a challenge, take a look at machines on HackTheBox. I started with this platform and gained most of my initial hands-on experience, so it has a special place in my heart.

  • Web Security Academy by PortSwigger – Great learning materials on web hacking with exercises on each topic.

Red Team

  • Red Team Fundamentals on TryHackMe – Get familiar with red team concepts, how it differs from pentest and toolset. (Contains free rooms and subscription-only)

  • Red Team Ops Certification – Great certification to get into red teaming. Course with amazing content and opsec tips. For labs, you will get an individual environment, access to Cobalt Strike and alerts in Kibana. What else to wish for?

I hope it was helpful to you. If you have any additional questions, feel free to tweet me @m0rn1ngstr

Stay safe and Happy Hacking!

Photo by Kaur Kristjan on Unsplash

You may also enjoy