| As mentionned several times already, OWASP has very interesting stuff, it's more web application oriented though.
(https://www.owasp.org) WebGoat is a good way to put things in practice locally.
(https://github.com/WebGoat/WebGoat) The project ZAP is a really great tool to help you in the process.
(https://www.zaproxy.org) Outside the web sphere, exploit database is a great site with a bunch of exploit code, explanation and papers.
(https://www.exploit-db.com) The tool suite in Kali Linux is also very good if you don't mind read the documentation and try understanding the goal of the tools.
(https://www.kali.org) Kali NetHunter lets you practice from Android.
(https://github.com/offensive-security/kali-nethunter) Security is such a wide domain that you can quickly get flood.
I don't think the ultimate step-by-step learning guide exists. Once you've learned and practiced a bit, if you don't give up too soon, you will get the point and understand how deep you need to go into a protocol or a system to actually do something yourself (then this not about security documentation anymore, but about understanding how the target works, and how you can make it work the way you want). I would say that you need to focus on some targets first, and expand the scope over time depending on your needs/interests. |