My notepad about stuff related to security. Stuff I have come across that I don't feel like googeling again.
If you read about a vulnerability that you want to know more about I can really recommend searching for in on HackerOne via google. It is a good way to find real life examples of vulnerabilities.
Here is an example of such a search:
site:hackerone.com sql-injection
https://www.reddit.com/r/AskNetsec/comments/4p7onl/gaining_initial_access_in_realworld_pentesting/
Sometimes the line isn't very clear between the chapters. Some actions might be considered part of the vulnerability analysis-phase, but it could also but considered part of the recon-phase. Whatever, it doesn't really matter. Pentesting isn't a science, it is a craft. It can only be learned by practice.
These chapters are written sporadically with a lot of stuff missing. I just add stuff that I didn't know about before.