Pentesting made easy

Pentesting made easy

Notions de Cyber

Blue team

AD DS

modules

GPO

Objects d'AD

Organisationnal Units

Security groups

Users accounts

Modules Kerberos

Compte Krbtgt

KDC

SPN

Active Directory

Kerberos

DevOps

Outils d’analyse de code (SAST, SCA)

SCA (Software Composition Analysis)

Firewall

IDS et IPS

TLS inspection

URL filtering

WAF

Langages de programation

KQL

SQL Protection

SQL

MEID AZ AD

Services Azure

Azure Ajouter des droits à un utilisateur

Azure functions

Azure Storage account

Azure Virtual Desktop

Logic App

Services Défensifs

Azure Bastion

Azure DDoS protection

Azure Firewall

Azure Network security groups

Microsoft conditionnal access

Microsoft Defender for Cloud

Microsoft Defender for identity

Microsoft Defender for Office 365

Microsoft Defender XDR

Microsoft Defender

Microsoft Entra ID

Microsoft Priva

Microsoft Sentinel

Authentification MEID

Hybrid joined device

OpenID Connect

Primary Refresh Token

Service Principal VS Managed Identity

Sécuriser Azure

VM à remplir

Red Team

Attaques

CVE protocoles

FTP

RDP

SSH

TELNET

OSINT

Détection tenant Azure

OSINT Azure

Reverse Engineering

Buffer Overlow

Reverse Engineering

Réseau

MITM

Spoofing

Services

Azure et AD

Active directory

Exploiter Active directory

Kerberos exploitation

MEID et Azure

Anonymous blob storage access exploit

Automation Account attack

Insecure Authentification and Access Controls

Pass the PRT

Password spray attack

Phishing Accounts Office 365

By-Pass SMS 2FA

Cryptographic Failures

Identification and Authentication Failures

Insecure Design

Security Logging and Monitoring Failures

Security Misconfiguration

Software and Data Integrity Failures

Vulnerable and Outdated Components

Social engieering

Phishing

WEB

Injections

Blind Injection SQL

Injection SQL

1. Client vs Server

API - Attack

Clickjacking

CSP Bypass

CSRF

DDoS

Downgrade Attack

File Inclusion Vulnerabilities

Injections

Security Missconfiguration

SSRF

Supply Chain Attack

XSS

XXE

TOP10 Owasp

Outils

Arachni

Azure Hound

Binary Ninja

Binwalk

BurpSuite

Cutter

Dirb

DNSpy

Ettercap

EvilGinx

GDB

GHIDRA

Gobuster

LLDB

Mimikatz

NMAP

o365-Stealer

ObjDump

PHP Filter

ROADTools

SQLMap

Strings

Pentest

0. Pentest Protocol

1. Attaque physique

1.5 WiFi Attacks

10. Pivoting

2. OSINT et reconnaissance

3. Network Pentesting

4. Web Pentesting

5. Social engineering

6. Get a shell

7. Exfiltration

8. Privilege Escalation

9. Post execution

Tips & Fiches

Créer une VM avec une GUI

GitHub

SSRF

Def et fonctionnement :

Exploitation :

Connected Pages

Depth