Sécurité réseau
réseauNmap Cheat Sheet
https://hackertarget.com/nmap-cheatsheet-a-quick-reference-guide/Tableaux de bord de la securite des réseaux
WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography
https://www.wireguard.ioWhy wireshark cannot display TLS/SSL - Wireshark Q&A
https://osqa-ask.wireshark.org/questions/34075/why-wireshark-cannot-display-tlssslRésilience de lʼInternet français - 2015
https://www.ssi.gouv.fr/uploads/2014/10/rapport_observatoire_2015.pdfPractical Packet Analysis - Using Wireshark to Solve Real-World Network Problems
Sécurité Web
webClient
clientXSS Filter Evasion Cheat Sheet
https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_SheetXSS Games
https://xss-game.appspot.com/RequestBin — Collect, inspect and debug HTTP requests and webhooks
https://requestb.in/Mockbin
http://mockbin.orgServer
serveurPHP Security Cheat Sheet
https://www.owasp.org/index.php/PHP_Security_Cheat_SheetLes PATH truncations: The old one - Daily Security
https://www.dailysecurity.fr/les-path-truncations/SQL Injection
sql-injectionphp - SQL injection that gets around mysql_real_escape_string()
https://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-stringBlind SQL Injection
blind-sql-injectionSANS Penetration Testing | Making Blind SQL Injection More Efficient
https://pen-testing.sans.org/blog/2011/10/31/making-blind-sql-injection-more-efficient-new-toolA faster method than Blind SQL Injection? - Information Security Stack Exchange
https://security.stackexchange.com/questions/15953/a-faster-method-than-blind-sql-injectionSQL Injection by truncation
sql-injection-by-truncationSQL Truncation Attack
http://resources.infosecinstitute.com/sql-truncation-attack/SQL Injection Cheat Sheet
https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/#StringwithoutQuotesReading and Writing Files | NetSPI SQL Injection Wiki
https://sqlwiki.netspi.com/attackQueries/readingAndWritingFiles/#mysqlSQLi filter evasion cheat sheet (MySQL) | Reiners' Weblog
https://websec.wordpress.com/2010/12/04/sqli-filter-evasion-cheat-sheet-mysql/Exploiting hard filtered SQL Injections | Reiners' Weblog
https://websec.wordpress.com/2010/03/19/exploiting-hard-filtered-sql-injections/NoSQL Injection
nosql-injectionNo SQL, No Injection?
https://arxiv.org/ftp/arxiv/papers/1506/1506.04082.pdfNoSQL Injection - Fun with objects and arrays
https://www.owasp.org/images/e/ed/GOD16-NOSQL.pdfLes NOSQL injections Classique et Blind: Never trust user input - Daily Security
https://www.dailysecurity.fr/nosql-injections-classique-blind/LDAP Injection
ldap-injectionfailles_web:ldap_injection [Zenk - security]
https://wiki.zenk-security.com/doku.php?id=failles_web:ldap_injection#injection_de_base_sur_authentification_username_passwordXpath Injection
xpath-injectionfailles_web:xpath_injection [Zenk - security]
https://wiki.zenk-security.com/doku.php?id=failles_web:xpath_injectionTesting for XPath Injection
https://www.owasp.org/index.php/Testing_for_XPath_Injection_(OTG-INPVAL-010)XPath Examples
https://msdn.microsoft.com/en-us/library/ms256086(v=vs.110).aspxXPath Syntax
https://www.w3schools.com/xml/xpath_syntax.asp{ Better } Hacker: Command Injection Without Spaces
http://www.betterhacker.com/2016/10/command-injection-without-spaces.htmlAdapter le concept de la Zip Bomb pour défendre son site web des scripts kiddies
https://korben.info/adapter-concept-de-zip-bomb-defendre-site-web-scripts-kiddies.htmlGitHub - swisskyrepo/PayloadsAllTheThings: A list of useful payloads and bypass for Web Application Security and Pentest/CTF
https://github.com/swisskyrepo/PayloadsAllTheThingsWebshells
webshellsGitHub - epinna/weevely3: Weaponized web shell
https://github.com/epinna/weevely3GitHub - flozz/p0wny-shell: Single-file PHP shell
https://github.com/flozz/p0wny-shellFile Operation Induced Unserialization via the “phar://” Stream Wrapper
https://cdn2.hubspot.net/hubfs/3853213/us-18-Thomas-It's-A-PHP-Unserialization-Vulnerability-Jim-But-Not-As-We-....pdfGitHub - swisskyrepo/PayloadsAllTheThings: A list of useful payloads and bypass for Web Application Security and Pentest/CTF
https://github.com/swisskyrepo/PayloadsAllTheThingsProtocols
protocolesPoint-to-point protocol over Ethernet
https://en.wikipedia.org/wiki/Point-to-point_protocol_over_EthernetMultiprotocol Encapsulation over ATM
https://en.wikipedia.org/wiki/Multiprotocol_Encapsulation_over_ATMGlobal networking
globalBorder Gateway Protocol
https://en.wikipedia.org/wiki/Border_Gateway_ProtocolBGP : Stealing the Internet
https://defcon.org/images/defcon-16/dc16-presentations/defcon-16-pilosov-kapela.pdfHébergement
hébergementChatons
https://chatons.orgComputer Networks - A. Tanenbaum - 5th edition
Réseaux et télécoms - Cours, Claude Servin
Initiation aux réseaux - Cours, Guy Pujolle
Menaces sur le réseau : guide pratique des attaques passives et indirectes
Routing protocols for ad hoc networks, Dmitri A. Moltchanov
https://www.cs.tut.fi/courses/TLT-2756/lect05.pdf