Thread to share Pentest related links in.

[Archangel-Amael]

Ok we had one of these before, and there have been a few various posts here and there with a few links in them. This one will be stickied here in the experts section.
We can all add and refer to it.



I will add more links into this section in the future. For the time being feel free to start adding your own.

I will try to gather some of the various and sundry posts from the forums and put them here.


Please note that any links that do not fit within the standards of the rules will probably get your account banned. This means warez, and links that have nothing to do with penetration testing.

[thorin]

Thorin's Suggested Links for Reading, Research, and Newbies

Some blogs worth checking (IMHO):
Jeremiah Grossman
The Spanner - A tool for designers dealing with programmers dealing with designers…
ThreatExpert Blog
BT Blog
Metasploit

Papers or document collections worth checking:
NIST.gov - Computer Security Division - Computer Security Resource Center
Analyzing 20,000 MySpace Passwords - CyberKnowledge Blog
(The following are Canadian, I'm sure there are equivalent docs for the US and other countries that are available)
CSEC: Government of Canada Publications
RCMP - Technical Security Branch - Publications

Other Info Sites/Resources:
Irongeek.com
VulnerabilityAssessment.co.uk
Anti-Cross Site Scripting
.:[ packet storm ]:. - http://packetstormsecurity.org/
Internet Storm Center Diary
The Ethical Hacker Network - Anti-Hacker Tool Kit: Reverse Engineering Binaries
ha.ckers.org web application security lab
Upside-Down-Ternet
Google code search info

I-Hacked.com Taking Advantage Of Technology - Cracking Wifi with Back|Track
TAZ Security Forum: Pen Testing, Tutorials, Videos, Backtrack, Aircrack, Intrusion, Detection, Rainbow Tables, Wireless, TAZCast Sessions, and more...
Wireless Security 802.11 Security Wirelessdefence.org Index
PerryGeo » Wardriving with Ubuntu Linux and Google Earth

Packetlife Cheat Sheets

Books:
Amazon.com: Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks (0689145704617): Michal Zalewski: Books
Security Engineering - A Guide to Building Dependable Distributed Systems (Online Book)
Open Source Security Testing Methodology Manual (OSSTMM)

Online Tools/Lookups:
Hash Generator
XSSed - XSS (cross-site scripting) information and vulnerable websites archive
Manufacturer to Network Card Cross-Reference
http://www.iana.org/assignments/port-numbers
List of TCP and UDP port numbers - Wikipedia, the free encyclopedia
URLVoid (Check Websites for Malware)
Website Security Check - Unmask Parasites
Is my site safe? Check your SSL certificate!
DNSsy - DNS Test and Check - Free DNS Tools and Report
Down for everyone or just me
Check Username Availability at Multiple Social Networking Sites
Microsoft Security Bulletin Search

Law:
State Hacking Laws (US)
10 ways you might be breaking the law with your computer: UPDATED (US)
C-46, Section 326 (Canada/Federal)
C-46, Section 430 (Canada/Federal)

Testing Environments & Apps:
Hacking Without All the Jailtime
Damn Vulnerable Linux
WebGoat
Metasploitable
Deliberately Insecure Web Applications For Learning Web App Security
Web Security Dojo & Web Security Dojo v1.0 Announcement
MOTH (Collection of vulnerable web apps)
De-ICE
OWASP Broken Web Apps Project
Google-Gruyere

Groups you may want to attend meetings with or consider membership in:
OWASP
ISSA
ISACA
HTCIA
ISECOM

Misc:
How to Break Into Security, Schneier Edition

[tek911]

My blogs which i have rss feeds from:
/dev/random blog - /dev/random
Carnal0wnage (chris gates and crew) - carnal0wnage.attackresearch.com
Command Line Kun Fu (Ed Skoudis, Hal Pommeranz and crew) - Command Line Kung Fu
Contagio (good 0day and exploit info) - contagio
Exotic Liability (Got to love Security Podcasts that aren't paul asadorian [no offense to that guy]) - Exotic Liability
Exploit-db (follow this rss feed if you're in any role where new exploits matter. not an option) - Exploits Database by Offensive Security
Skull Security - SkullSecurity
Google Online Security Blog (mainstream yes, but still surprisingly not followed as much as one would think) - Google Online Security Blog
ha.ckers.org (got to love rsnake's web app posting, sadly this blog is close to ending) - ha.ckers.org web application security lab
holisticinfosec (they have a good monthly toolsmith write up where they showcase new security tools) - HolisticInfoSec.org
infoseccynic - J4vv4D | Mild-mannered Security Consultant & Cynical Superhero
jeremiah grossman's blog (already posted up by you so i wont link but awesome none the still)
krebs on security (go to for new mainstream threats, mass exploits, government cyberwar, fraud, etc) - Krebs on Security
mubix blog (rob fuller == Awesome) - Room362.com - Mubix Links
Practical Exploitation (mubix related, but not the mubix blog) - Practical Exploitation:
pseudo-flaw (greg fleischer awesome web app stuff, he got busy but still some good content up there) pseudo-flaw.net - ~= Gregory Fleischer =~
rational survivability blog - Rational Survivability - THE Cloud & Virtualization Security Blog
security musings - Security Musings
Tao Security (Richard Bejtlich, heavy on the government cyberwar but awesome) - TaoSecurity
not so secure blog - www.notsosecure.com


I'll save the rehashing of linking to metasploit blog, dark reading, full disclosure, securityfocus, etc. If its main stream i'm assuming you already have it.

Carnal0wnage is my favorite. Some blogs when a new post is up, it immediately turns you into a kid at chrismas. Everything on carnal 0wnage has been good stuff. cg keep it up man, find some time when you're not busy and throw some more up!


I've got to run but when i get a free moment ill put up some links. That being said, if you're into web app assessment scope this out (nothing earth shattering but comes in handy):
https://www.squarefree.com/bookmarklets/

[hhmatt]

Adding a few useful links here off the top of my head. (In no particular order)

Blogs:
Archangel-Amael's blog http://archangelamael.blogspot.com/ has a good coverage of BT tools and some nice detailed nmap tutorials
Lupin's blog http://grey-corner.blogspot.com/ - Home of ssltest and some very good exploit tutorials and extras.
Purehate's blog http://pur3h4t3.blogspot.com/ - See the cool WPA cracking machine and other tutorials.
Question Defense blog http://www.question-defense.com/ - Purehate also posts here from time to time but it has a lot of good information all IT related. (not all Infosec related)
Streakers blog http://members.netjunkies.net/streaker/blog/ - Home of the amish network admin.
h-online http://www.h-online.com/ - Has a security section you will see it on the right hand side about halfway down. Not updated often but the content is usually good.
Bruce Schneier blog - http://www.schneier.com/ - Wrote most of the current encryption schemes we use today. He also wrote a few books on encryption I suggest checking them out. Applied Cryptography is one of my Schneier favorites http://www.schneier.com/book-applied.html


Misc:
Fleeman anderson & bird - http://www.fab-corp.com/ - Good prices and great quality for all kinds of wifi components. I've purchased a few antennas from them before and I was very pleased. They also have a Cantenna kit that you may want to check out.
Security Focus - http://www.securityfocus.com/ - Lots of current vulnerability information.
Security tube - http://securitytube.net/ - If you like video's this site has some good one's to learn from.
Secunia - http://secunia.com/ - Great site to get Infosec news and vulnerability information.
Church of wifi - http://www.churchofwifi.org/default....lay.asp?PID=90 - Wireless rainbow tables and almost everything wifi.
archive.org http://www.archive.org/ Web archive that has almost everything!
Hackaday http://hackaday.com/ This site is really fun if you like DIY or just tearing things apart. Not all of it is hacker related but it does contain some security tools.
Hak5 - http://www.hak5.org/ - Trust your technolust!
Hacker Quarterly - http://www.2600.com/
Phrack - http://www.phrack.org/

Books: (All are amazon links, if you don't like them use something else this is just easier for me. Also I don't personally own each and every book listed and this is not an exhaustive list. But I do own and have read quite a few of the ones listed.)
http://www.amazon.com/Gray-Hat-Hacki.../dp/0072257091
http://www.amazon.com/Hacking-Art-Ex...4884070&sr=1-1 (Version 1 too I'm just being lazy.)
http://www.amazon.com/Professional-P...4884177&sr=1-8
http://www.amazon.com/Social-Enginee...884177&sr=1-13
http://www.amazon.com/Google-Hacking...884274&sr=1-23
http://www.amazon.com/Nmap-Network-S...884509&sr=1-76
http://www.amazon.com/Penetration-Te...884571&sr=1-91
http://www.amazon.com/Art-Intrusion-...884571&sr=1-98 (I believe this is more of a novel)
http://www.amazon.com/Fuzzing-Brute-...4884786&sr=1-1
http://www.amazon.com/WarDriving-Det...4884888&sr=1-1 (Our very own Thorn and Mother co-authored this one)
http://www.amazon.com/WarDriving-Wir...4884995&sr=1-9

Don't forget to pickup some of the many great books on programming. You will want to know one or more languages.

I apologize in advance if I've added duplicates. I made an attempt to filter out the sites I regularly go to that were already posted.

Edit:
Forgot to thank Thorin and Tek911 for all the great links already posted. Many thanks!

[cseven]

Blogs
http://securegossip.com/
- http://securityreliks.securegossip.com/
- http://infolookup.securegossip.com/

Youtube
http://www.youtube.com/user/ChRiStIaAn008#p/p
- Shmoocon 2011
- Defcon 13 to 17
- Black Hat USA 2010
- Tons of other videos

Everything
https://code.google.com/p/pentest-bookmarks/

[HaQue]

One that I am interested in is http://pentest-standard.org

A lot of the guys that we all know from the great podcasts and well known security companies(think EL, Eurotrash, spiderlabs, social-engineer.org, rapid7 etc etc) are working on this and it sounds like something that will benefit the industry immensely.

[Sys7emR00t]

hmm... pauldotcom.com, tenable.com, www.offensive-security.com/resources/, hak5.org, sans.org and http://www2.opensourceforensics.org/tools to name a few.

[Sp3ctr3]

Ed Skoudis' Counter Hack Reloaded (http://www.amazon.com/Counter-Hack-R.../dp/0131481045)
Shon Harris' CISSP All In One http://www.amazon.com/CISSP-All-One-.../dp/0072193530
The Best Damn Cybercrime and Digital Forensics Book Period(Cyberlaw fundamentals section is a must read)http://www.amazon.com/Best-Cybercrim.../dp/1597492280
The Art Of Human Hackinghttp://www.amazon.com/Social-Enginee.../dp/0470639539
R3l1k's Metasploit:The Penetration Testers's Guidehttp://www.amazon.com/Metasploit-Pen...dp/159327288X/
SANS InfoSec reading room has some great whitepapers.
Fyodor's http://insecure.org

[thorin]

Any chance this thread could be copied/migrated to the new Kali site?