Mid-level engineer looking to explore PenTesting. While I have a few years experience on the backend (and have dipped my toes into security), I'm quite frankly a noob, and would love it if you folks could recommend some good pentesting resources.