Chapter 16
As an IT professional, it doesn’t matter how much you know today — there is always more to learn! I can assure you that what you know today could become outdated as technology evolves and morphs into new innovations. With that said, in this chapter I point you to ten sites online that I know will be extremely helpful to you not only as a pen tester but as a security professional in general.
SANS.org leads to the SANS Institute where since 1989 the site has been filled with a large amount of useful security information that is freely accessible to all. This online resource is easily searchable from the home page and within it contains many resources a pen tester can use, including the SANS Information Security Reading Room that hosts approximately 3,000 original research papers in 110 important categories of security.
You can sign up for weekly bulletins, alerts, newsletters, risk alerts, and other email items that can keep you abreast of threats. You can also access the Internet Storm Center, which is an early warning system for threats.
There are many other resources available such as templates, vendor product information, information on open and closed source software, and so much more.
Another point of interest on the SANS website as shown in Figure 16-1 is the connection to their focused areas on pen testing at
Another point of interest on the SANS website is the connection to their certification arm of SANS, which is called GIAC (Global Information Assurance Certification). GIAC is focused on different areas of security, such as incident response and handling, forensic, and of course pen testing. You can get directly to their GPEN certification (see Figure 16-2) at
https://www.giac.org/certifications/pen-testing
Aside from being an industry standard exam that tests your ability to conduct a pen test, the GIAC.org site also has a wealth of information about pen testing. You’ll need to pay for the exam and the study materials that come with it. There are other tests available such as CompTIA’s Pentest+ and others, but the benefit to getting GPEN certified is that you get to connect to a community of expert pen testers as well as getting certified and educated.
sei.cmu.edu
Carnegie Mellon University (CMU) has long been a source of amazing security information. You’ll find information about risk assessments, pen testing, forensics, and security-based incident handling. The CMU site has a CERT landing page that hosts publications and other scholarly works about cybersecurity:
https://www.sei.cmu.edu/about/divisions/cert/
CERT partners with industry experts (from areas such as technology industry, law, government, and academia) to provide advanced studies and research on relevant topics.
Legal penetration sites are variously hosted by groups that provide a realistic way for ethical hackers to learn real hacking skills on networks and systems that have been left in a semi-hardened state. If you run a search on Google for “Legal Penetration Sites,” you will pull up reputable sources to find these sites.
Cisco.com has information in their help forums as well as security magazines (another great resource) and other sites that host these penetration test hubs where you can hone your skills.
The Open Web Application Security Project (OWASP) was established in 2001 and is currently a not-for-profit organization that works on the foundation of group collaboration. OWASP is a group that boasts open source and does so with no affiliation of any kind. Their focus is on web application hacking and the security of applications, software, web apps, and programs.
The frameworks, information, and resources provided help to guide a pen tester into areas of risk and vulnerabilities surrounding applications such as hacking APIs.
https://www.owasp.org/index.php/Category:Vulnerability
This site can really help you better understand more in-depth details about SQL injection, fuzzing, and other topics surrounding programing and software hacking, and what you should seek to penetrate and exploit these systems as an ethical hacker. Figure 16-3 shows the top ten application security risks at the any time.
Tenable makes Nessus, and you can visit the website for more information on vulnerability scanning, pen testing, and risk assessments. One of the greatest things you can find on the Tenable website is a series of tools and information primarily focused on pen testing. In their research papers are details on how to become a better pen tester:
https://www.tenable.com/research
Figure 16-4 shows the Tenable website where you can download Nessus for trial use, or purchase a license for permanent use.
Nmap is undeniably one of the hottest and most used tools for pen testing outside of Nessus and Metasploit. Contained in Kali, Nmap is a tool that can really do it all. On the website you will find advanced usage of the tool to include subverting firewalls, spoofing scans, getting around IDS, automation and scripting of the tool, and so much more.
Wireshark is one of the de facto tools in your toolkit and a primary source of information for troubleshooting networks, information gathering, or pen testing.
https://www.wireshark.org/#learnWS
Within the main website you will find tons of detailed information on how to use this tool. As well, the forums where engineers talk about issues and things they find are loaded with literally thousands of pieces of valuable information that will help you learn more about networking, TCP/IP, the Internet, and how packets and frames traverse a network.
In today’s pen testing world, one of the go-to sites for security professionals is Dark Reading. Dark Reading helps provide information not only on old but breaking news stories geared towards an online community of security gurus and professionals looking for more information about topics like pen testing.
You’ll find newsletters and feeds and the sections on Attacks and Breaches can help you emulate scenarios in your pen testing, stay on top of trends, and conduct ethical hacks to test your security posture.
https://www.offensive-security.com/
From the distributors of Kali, Offensive Security is a company that specializes in doing penetration testing. Offensive Security offers penetration testing services as a service, and they provide a certification as well. On this site, shown in Figure 16-5, you can learn more about pen testing from the experts who do it day in and day out. You’ll find sample checklists, tools, reports, and a lot of the things you might want to emulate in your own pen tests.
18.223.124.244