For pentesting, often the company hires people to test under an NDA, and keep everything secret because they dont want to be embarassed.

There are sone public pentests out there. For example https://www.opentech.fund/impact/security-safety-audits/

If you want to read some really hard core security vuln hunting, see https://googleprojectzero.blogspot.com/