Hitachi

U.S.A.

Hitachi Group Global Network

Americas

Asia

Europe

Middle East and Africa

Oceania

Close

10 Penetration Testing Resources You Need to Bookmark
You are here: Home \ Penetration Testing \ 10 Penetration Testing Resources You Need to Bookmark
pentest-resources
Posted on Tuesday, February 27th, 2018 by

Penetration tests (or pentests, in short) are simulated attacks carried out in a controlled environment by third-party security specialists. A pentest will reveal whether an organization is potentially vulnerable to cyberattacks and provides recommendations on how to strengthen its security posture. Given today’s ever evolving cyberthreat landscapes, penetration tests have become one of the most-commonly known security tactics to help organizations uncover critical vulnerabilities, strengthen their security defenses and meet compliance requirements such as PCI DSS.

 

Related post: Top 7 Cyber Security Resources

 

There is a large demand for skilled professional penetration testers or so-called ‘ethical hackers’, and more and more security professionals pursue relevant certifications such as Certified Ethical Hacker (C|EH), Licensed Penetration Tester (LPT), Certified Penetration Tester (CPT) or GIAC Penetration Tester (GPEN). In fact, a 2016 research report revealed that the penetration testing market is estimated to triple in size from USD 594.7 million to USD 1,724.3 million between 2016 and 2021.

Curious about how to stay up to speed? We’ve gathered 10 useful resources vetted by Hitachi Systems Security’s own Penetration Testers that will help you keep up with the rapidly evolving landscape of ethical hacking. Make sure to bookmark this blog and check back regularly for updates!

 

Top 10 Pentesting Resources

 

  1. Offensive Security

Offensive Security is an industry-leading information security training and penetration testing website, offering trainings and certifications, virtual penetration testing labs, etc. Offensive Security provides safe virtual network environments through its penetration testing labs to help aspiring and seasoned penetration testers acquire and enhance their penetration testing skills. In terms of certifications, Offensive Security offers the Offensive Security Certified Professional certification (OSCP) – the crown jewel of all related certifications, if we don’t count the higher level certs such as OSCE (Offensive Security Certified Expert).

 

  1. The Exploit Database

The Exploit Database is an online archive of public exploits and corresponding vulnerable software, developed and maintained by Offensive Security for the information and use of vulnerability researchers and penetration testers. The exploits listed on the Exploit Database are collected through mailing lists, direct submissions and other publicly available resources.

 

  1. The SANS Institute

The SANS Institute is a private for-profit training organization, known as one of the largest in the world for IT Security information and education. They maintain a wide variety of blogs and resources aimed at all subcategories of IT and IT Security, including penetration testing. Fun penetration testing resources include posters such as “Blueprint: Building a Better Pentester” or “Penetration Testing: Attack Surfaces, Tools & Techniques”, training courses about penetration testing and ethical hacking and a vast library of blog articles on the SANS Penetration Testing Blog.

 

  1. PentesterLab

PentesterLab provides a collection of penetration testing labs of varying degrees of difficulty to help penetration testers understand and test systems for vulnerabilities. By completing the online exercises, penetration testers can earn certificates of completion, such as the Capture-the-Flag Badge, the Authentication Badge or the Serialize Badge.

 

  1. Cybrary

Cybrary is possibly one of the best information security education sites on the internet. It contains full-length college course videos for everything from basic networking up to and including training for certifications, explanations of secure coding, penetration testing and everything else security related. The majority of Cybrary content is free.

 

  1. Penetration Testing Practice Lab

Building your skills through hands-on lab experimentation is vital in the life of penetration tester. Aman Hardikar, who built a hugely useful mind map showing various free, publicly available distributions, challenges, and other resources for practicing your skills. Access the Penetration Testing Practice Lab here and have a look.

 

  1. Ethical Hacking LinkedIn Group

Ethical Hacking is a LinkedIn group specifically created for ethical hackers to have a medium for exchanging knowledge, ideas and techniques specific to penetration testing. Some of our own Penetration Testers have joined this LinkedIn group to stay abreast of trends & best practices.

 

  1. Kioptrix

Kioptrix is a hands-on, practical blog that provides penetration testers with flawed Operating System images that they can download. Once downloaded, they can set up their own virtual machine and try attacking these Operating Systems to learn about the most common vulnerabilities and security holes.

 

  1. EHacking.net

EHacking.net is yet another great resource for free content about penetration testing and vulnerability scanning, including a directory of relevant open source tools, penetration testing and Metasploit tutorials, blog articles, videos etc.

 

  1. GitHub – Awesome Penetration Testing

GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together. GitHub has compiled a post called “Awesome Penetration Testing” that lists a collection of “awesome penetration testing resources, tools and other shiny things”. In short, it really is awesome because it’s one of the most complete lists we’ve found. Penetration testers can find resources about vulnerability databases, report templates, books, security courses, conferences, magazines etc.

 

Bonus: This one’s for our French-speaking readers

  1. MISC

Founded in 1995, the French publication MISC (Multi-System & Internet Security Cookbook) is dedicated 100% to information security subjects, both in technical as well as in scientific nature. For our francophone penetration testers, this subscription-based resource will provide you with a regular rundown of information security-related subjects, such as reverse engineering, security certifications, internal and external penetration testing, smart city security, secure messaging apps, IoT security, etc.

 

If you’re interested in learning more about penetration testing at Hitachi Systems Security, get in touch with us directly to request a quote.

Learning How Hackers Hack

Katharina Gerberding
About author:
Katharina Gerberding is the Marketing Manager, Content Strategy at Hitachi Systems Security in Montreal, Quebec, Canada. In her current role, she is responsible for developing impactful content marketing strategies to strengthen the organization’s brand recognition, support sales efforts, and help raise awareness for cybersecurity across the globe. Katharina graduated with a Master’s degree in Cross-Cultural Communication and Business Management from Newcastle University, U.K., and obtained a dual Bachelor’s degree in Multilingual Communication and Linguistics from Cologne University of Applied Sciences, Germany, and Northumbria University, U.K. Since 2012, she is member of the sponsorship committee of the humanitarian mission “Sainte-Justine at the Heart of the World”, which facilitates knowledge exchange in pediatric cardiology for children around the world. Katharina is passionate about communications, cross-culturalism and holistic living, and can be found exploring the many restaurants of Montreal in her free time.

Subscribe

Recent Videos

What is Penetration Testing?

What is a Vulnerability Assessment?

What is a Control Assessment?


More