Sites that I have found interesting when trying to learn more about information security and penetration testing:
- PaulDotCom – I never miss an episode of the PaulDotCom.com security weekly podcast.
- Bruce Schneier – Information security legend
- Free Rainbow Tables – A website offering free rainbow tables for download, or to buy shipped on a physical disk. Their rainbow tables are made using distributed computing.
- Hack This Site – A set of webapp hacking tests that I’m currently working my way through.
- Exploit Exercises – A set of application exploit tutorials which I haven’t even started looking at yet.
- PenTesticles – An infosec blog (with an absolutely brilliant title) written by a couple of guys based in the UK (like me).
- Hack Armoury – A site where you can download common pentesting tools via many common protocols (even SAMBA!)
- InfoSecs – Rare posts on infosec and penetration testing
- PenTest-n00b – Blog of another person trying to break into infosec (just like me). Has a nice blog post from 11 Jan 2011 listing sites that are safe to hack. I notice he signs off “Cheers” at the end of his about me page, so it looks like he might be a fellow Brit too.
- Metasploit Unleashed – Free (any donations go to charity) online course for metasploit
- Quakenet PHP Tutorial – When pentesting a webapp written in PHP, it helps a lot to understand the PHP language and the common security mistakes made by developers. This tutorial is pretty good.
- OWASP – The Open Web Application Security Project
- Browser Security Handbook – All about security measures in web brosers.
Feel free to let me know of any others that you think I may find interesting.