Pentesting is a major component of many kinds of security audits, including the PCI-DSS regulation, which requires annual pentests on active systems that handle or hold payment information. Pentesters will use a mix of manual and automated testing, using a vast array of tools, some of which we recently covered in our post on Ethical Hacking.
Because of the dynamic nature of the security world – as well as the changing nature of hackers, staying up to date on the latest techniques, tools, and exploits is an essential part of all security professionals lives, including pentesting. At a time when application security is still so new, with brand new risks like the Internet of Things and containers and the cloud continuously popping up, it’s critical that pentesters stay in the know and be a part of the community.
The blog written by the Attack Research team is one of the best sources of information for pentesters, with posts on a wide array of pentesting techniques, discoveries, news, etc. The company also holds training sessions at Black Hat.
Active since 2012, PentestGeek is a blog dedicated to sharing the experiences of the writers and ethical hacking experts who run the blog. It’s a great peek into the everyday jobs of experienced pentesters in high-profile companies.
What began as an IRC channel in 1999 has grown into a regularly updated blog discussing the latest ethical hacking/pentesting news, tools, and techniques with over 30,000 subscribers.
This blog run by Tim Tomes (@LaNMaSteR53) with the tagline ‘a hacker looking out for users by educating,’ does exactly that. Tim details his discoveries found while hacking and blogs about topics ranging from Linux Shells to DEFCON badge hacking to AppSec hacks.
A security researcher and white hat hacker, Marco’s also big on teaching, and has held various professorships and researcher roles in his decade of experience. His blog is an extension of his knowledge, and Marco writes extensively about fascinating techniques he’s discovered over time.
Written by Daniel Compton (@commonexploits), a professional pentester for nearly two decades, Common Exploits aims to share Daniel’s expertise and news on tools, exploits and other areas of penetration testing. Daniel often shares his own scripts for various pentesting commands and exploits and is a great resource for upping your ethical hacking game.
SANS is an amazing resource for all AppSec professionals, and they offer a dedicated pentesting blog for the community. The blog is great for finding checklists for various pentesting tasks, challenges to test your skills, and posts about specific pentesting tools and techniques.
Written by the team that runs Trails of Bits, a security firm with expertise in both defensive and offensive security techniques, the blog is a collection of their shared knowledge in helping organizations improve and/or repair their security practices and processes.
We’ve featured Robin’s blog before, but Digininja is a need-to-know resource for pentesters, as well. With a focus on Metasploit, Wifi and Networking, DigiNinja is a must-read for anyone in the security industry.
A great way to stay up to date with the latest news in pentesting is to join groups and follow pentesting thought leaders on your favorite social media sites. The Ethical Hacking group is just one of many communities to join and contribute your own pentesting resources.
A great resource for everything related to penetration testing and ethical hacking, Ehacking.net is another must-have in your bookmarks bar.
There’s still a big portion of the InfoSec community who rely on email lists to get their news, as antiquated as it may seem. Seclists.org, run by the Nmap Security Scanner people, offers an outstanding, comprehensive list of the most popular mailing lists, if you so desire. There’s a unique list for everyone, including ‘noobies’ and, of course, pentesters.
If you’re ever searching for a specific type of tool, chances are you’ll find what you’re looking for on Kitploit’s site. It’s a goldmine for information on pentesting tools, so make sure to keep it in your bookmarks.