My Favorite Penetration Testing Resources
During penetration testing engagements, I find myself referencing the same half dozen penetration testing blogs and websites. Here they are:
- WADcoms - This is my favorite resource on this list because it helps identify the most appropriate internal penetration testing tool for the conditions in the environment. You can narrow penetration testing activity by attack type, services, and operating system.
2. HackTricks - This is where I go when I am stuck and need inspiration to identify the next right path or service enumeration
3. The Hacker Recipes - Similar to HackTricks in format and purpose. When I need that extra spark to find a privilege escalation opportunity, this is where I look.
4. iRed Team - This resource has some great content on Active Directory misconfigurations
5. Darth Sidious - I really like the Windows-focused content on this site
https://hunter2.gitbook.io/darthsidious/
6. TWITTER. Twitter is an invaluable resource for anything in technology or information security (stay tuned for a future post where I share my favorite accounts). When you are feeling lost or unmotivated on a pentest, check Twitter and see what the industry leaders are doing. But remember to take the content and actually apply it. No one ever cracked that domain admin account on their twitter feed! ;)