After a couple of years of learning on my own, I created a brief list of the assets I think were most useful for me at the time of learning web pentesting. Hope you find it helpful!
- Linux Basics for Hackers: Getting Started with Networking, Scripting, and Security in Kali, by OccupyTheWeb. => Beginner friendly and very well written.
- Penetration Testing: A Hands-On Introduction to Hacking, by Georgia Weidman => In my opinion it’s a bit outdated and some parts are difficult to understand but still a very good book.
- Web Hacking 101, by Peter Yaworski => A summary of all common web vulnerabilities with examples.
- Hands-On Penetration Testing on Windows, by Phil Bramwell => Also focusing on the registry tree and how the most common keys work (such as kerberos keys that handles authentication). Microsoft official docs are good for this.
- @three_cube a.k.a OccupytheWeb. This is from the author of the first book listed above and also has a very good hacking blog: https://www.hackers-arise.com/
- @stokfredik =>The coolest hacker ever! He also has a great YouTube channel
- @thecybermentor and @TCMSecurity
Overall #infosec twitter is a very good place to start reading writeups and latest news.
If you’re just starting, I recommend Tryhackme. It’s amazing! And it has a lot of walkthrough boxes (just be aware of this). Then, I would jump to Hackthebox which has the most realistic machines. In my opinion pentesterlab is a bit expensive for the quality their competitors have for almost half the price, but their certificates are good.
Bug bounty is about hacking as a freelancer, but it’s nice to read writeups (if public), as these are real business-level vulnerabilities. Also reading about bug bounty will teach you tricks to increase your speed and overall organization, which is one of the key skills you need in this category. Why? Because you want to report your findings before anyone else to get paid and avoid duplicates. Hackerone is one of these platforms: https://hackerone.com/directory/programs?order_direction=DESC&order_field=resolved_report_count
- Burp Suite or any other web scanner alternative
- Hydra login cracker
- Any hash cracker like john the ripper, hashcat, etc
- Shodan: at least to understand what it is, in case you want to use it one day
- What are writeups? Instructions about how someone hacked something in detail.
I’m most probably missing something here, but I think it’s a nice starting point. Let me know in the comments if you would add anything else to this list and/or what helped you when you started learning pentesting.