Finding Resources to Prepare for the Offensive Penetration Testing

Types of Resources

Hands-on Labs & Platforms

  • Hack The Box (HTB)

    • Free & VIP subscription

    • Beginner content improving

    • Realistic machines; some harder than certs

    • Retired machines have walkthroughs

    • Recommended: IppSec YouTube channel

  • VulnHub

    • Free downloadable VMs

    • Great for offline practice

    • User-submitted machines

    • Tedious setup sometimes (VirtualBox/VMWare)

    • Many walkthroughs on blogs & YouTube

  • TryHackMe

    • Free & subscription options

    • Browser-based or OpenVPN access

    • Beginner-friendly with guided learning paths

    • Certifications like Jr. Penetration Tester (TryHackMe Red Team Path)

  • Pentester Academy (now part of INE)

    • Paid (monthly)

    • Includes red team labs

    • Labs tell you what to look for (less realistic)

    • Comes with PDFs/videos

  • OverTheWire Wargames

    • Free

    • Great for CLI basics, Linux, and web challenges

    • Start with BanditNarnia, Leviathan, etc.

Books & Guides

  • Red Team Field Manual – Ben Clark

  • The Hacker Playbook 1 & 2 – Peter Kim

  • Operator Handbook – NETMUX

  • Penetration Testing – Georgia Weidman (Beginner must-read)

Pre-Built Vulnerable Labs

  • DVWA (Damn Vulnerable Web App)

  • Metasploitable 1–3

  • OWASP WebGoat

  • bWAPP

  • Can be run locally or in a VM; ideal for testing tools and scripts

Useful Commands & Cheat Sheets

  • pentestmonkey – Webshells, reverse shells, cheats

  • g0tmi1k – Privilege escalation guides

  • PayloadsAllTheThings (GitHub) – One of the best curated pentest repos

  • HackTricks (GitHub) – In-depth on techniques, recon, post-exploitation

  • GTFOBins – Unix privilege escalation via system binaries

GitHub Repositories

  • Search for OSCP, PNPT, eCPPT, or TryHackMe prep

  • Repos with:

    • Notes

    • Cheatsheets

    • Custom scripts

    • Practice writeups

Personal Blogs & Walkthroughs

Tips for Learning

  • Document everything: Use Notion, Obsidian, or GitBook

  • Follow learning paths: e.g., TryHackMe or HTB Academy

  • Join Discord/Reddit communities:

    • r/HowToHack, r/OSCP, r/netsecstudents

    • TryHackMe and HTB Discords

PreviousNote Taking and Mind MappingNextM02: Kali Linux Basics

Last updated