# Pentest & Bug Bounty ## Pentest & Bug Bounty - [Pentest et Bug Bounty](https://blog.s1rn3tz.ovh/pentest-et-bug-bounty.md) - [Pentest Methodology](https://blog.s1rn3tz.ovh/pentest-et-bug-bounty/pentest-methodology.md): Standard PTES - [Bug Bounty Methodology](https://blog.s1rn3tz.ovh/pentest-et-bug-bounty/bug-bounty-methodology.md) - [Ecrire un bon rapport](https://blog.s1rn3tz.ovh/pentest-et-bug-bounty/bug-bounty-methodology/ecrire-un-bon-rapport.md) - [Aspect Juridique (FR)](https://blog.s1rn3tz.ovh/pentest-et-bug-bounty/bug-bounty-methodology/aspect-juridique-fr.md) - [OSINT / Recon](https://blog.s1rn3tz.ovh/osint-recon.md): Techniques de reconnaissance passives et actives - [Sock Puppet](https://blog.s1rn3tz.ovh/osint-recon/sock-puppet.md) - [Mindmaps](https://blog.s1rn3tz.ovh/osint-recon/mindmaps.md): Quelques cartes heuristiques selon vos besoins - [Entreprise](https://blog.s1rn3tz.ovh/osint-recon/entreprise.md): Quelques ressources pour en apprendre un peu plus sur une entreprise - [Leaks](https://blog.s1rn3tz.ovh/osint-recon/leaks.md): Outils et sites pour recherche de fuites de données - [Manuel / Dorks](https://blog.s1rn3tz.ovh/osint-recon/manuel-dorks.md): Techniques de reconnaissance manuels - [Google dorks](https://blog.s1rn3tz.ovh/osint-recon/manuel-dorks/google-dorks.md) - [Github dorks](https://blog.s1rn3tz.ovh/osint-recon/manuel-dorks/github-dorks.md) - [Twitter Dorks](https://blog.s1rn3tz.ovh/osint-recon/manuel-dorks/twitter-dorks.md) - [Shodan Dorks](https://blog.s1rn3tz.ovh/osint-recon/manuel-dorks/shodan-dorks.md) - [Réseaux sociaux (SOCMINT)](https://blog.s1rn3tz.ovh/osint-recon/reseaux-sociaux-socmint.md): Outils dédiés à la reconnaissance de réseaux sociaux - [Telegram OSINT](https://blog.s1rn3tz.ovh/osint-recon/reseaux-sociaux-socmint/telegram-osint.md) - [Snapchat OSINT](https://blog.s1rn3tz.ovh/osint-recon/reseaux-sociaux-socmint/snapchat-osint.md) - [Linkedin OSINT](https://blog.s1rn3tz.ovh/osint-recon/reseaux-sociaux-socmint/linkedin-osint.md) - [Facebook OSINT](https://blog.s1rn3tz.ovh/osint-recon/reseaux-sociaux-socmint/facebook-osint.md): Facebook OSINT mindmap - [Tik tok OSINT](https://blog.s1rn3tz.ovh/osint-recon/reseaux-sociaux-socmint/tik-tok-osint.md) - [Instagram OSINT](https://blog.s1rn3tz.ovh/osint-recon/reseaux-sociaux-socmint/instagram-osint.md) - [Twitter OSINT](https://blog.s1rn3tz.ovh/osint-recon/reseaux-sociaux-socmint/twitter-osint.md) - [Discord OSINT](https://blog.s1rn3tz.ovh/osint-recon/reseaux-sociaux-socmint/discord-osint.md) - [Domaines et Sous-domaines](https://blog.s1rn3tz.ovh/osint-recon/domaines-et-sous-domaines.md): Sites et Outils dédiés à la reconnaissances sur des domaines et sous-domaines - [Scan de ports / web](https://blog.s1rn3tz.ovh/osint-recon/scan-de-ports-web.md): Outils dédiés aux scan de ports et aux scan web - [Emails](https://blog.s1rn3tz.ovh/osint-recon/emails.md): Sites et Outils dédiés à la reconnaissances mail - [Réseau](https://blog.s1rn3tz.ovh/osint-recon/reseau.md): Outils dédiés à la reconnaissance réseau - [Screenshots](https://blog.s1rn3tz.ovh/osint-recon/screenshots.md) - [Live camera](https://blog.s1rn3tz.ovh/osint-recon/live-camera.md) - [Reconnaissance faciale / images](https://blog.s1rn3tz.ovh/osint-recon/reconnaissance-faciale-images.md) - [Images](https://blog.s1rn3tz.ovh/osint-recon/images.md) - [Maps](https://blog.s1rn3tz.ovh/osint-recon/maps.md) - [Active Directory](https://blog.s1rn3tz.ovh/osint-recon/active-directory.md): Liste d'outils dédiés à la reconnaissance d'active directory - [Cloud](https://blog.s1rn3tz.ovh/osint-recon/cloud.md) - [Autre](https://blog.s1rn3tz.ovh/osint-recon/autre.md) - [Pentest Web](https://blog.s1rn3tz.ovh/pentest-web.md): Techniques de pentest web - [Brute force / Fuzzing](https://blog.s1rn3tz.ovh/pentest-web/brute-force-fuzzing.md): Outils dédiés au brute force (pas forcément pour le web) - [Injections](https://blog.s1rn3tz.ovh/pentest-web/injections.md): Outils dédiés aux injections de code - [XSS](https://blog.s1rn3tz.ovh/pentest-web/injections/xss.md): Cross-site scripting - [PDF injection](https://blog.s1rn3tz.ovh/pentest-web/injections/xss/pdf-injection.md) - [HTMLi](https://blog.s1rn3tz.ovh/pentest-web/injections/htmli.md) - [XXE](https://blog.s1rn3tz.ovh/pentest-web/injections/xxe.md) - [SSTI](https://blog.s1rn3tz.ovh/pentest-web/injections/ssti.md): Server-Side Template Injection - [SQLi](https://blog.s1rn3tz.ovh/pentest-web/injections/sqli.md) - [UNION based](https://blog.s1rn3tz.ovh/pentest-web/injections/sqli/union-based.md) - [Time based](https://blog.s1rn3tz.ovh/pentest-web/injections/sqli/time-based.md) - [Boolean based / Error Based](https://blog.s1rn3tz.ovh/pentest-web/injections/sqli/boolean-based-error-based.md) - [Out-Of-Band](https://blog.s1rn3tz.ovh/pentest-web/injections/sqli/out-of-band.md) - [CRLF](https://blog.s1rn3tz.ovh/pentest-web/injections/crlf.md) - [OS injection](https://blog.s1rn3tz.ovh/pentest-web/injections/os-injection.md) - [Log4Shell](https://blog.s1rn3tz.ovh/pentest-web/injections/log4shell.md) - [CSV](https://blog.s1rn3tz.ovh/pentest-web/injections/csv.md) - [ESI](https://blog.s1rn3tz.ovh/pentest-web/injections/esi.md): Edge Side Include - [XSLT](https://blog.s1rn3tz.ovh/pentest-web/injections/xslt.md) - [Injections dans emails](https://blog.s1rn3tz.ovh/pentest-web/injections/injections-dans-emails.md) - [ELi](https://blog.s1rn3tz.ovh/pentest-web/injections/eli.md): Expression Language injection - [OGNLi](https://blog.s1rn3tz.ovh/pentest-web/injections/eli/ognli.md): Open-Graph Navigation Language injection - [Open redirect](https://blog.s1rn3tz.ovh/pentest-web/open-redirect.md): Outils dédiés aux open redirect - [Path Traversal / LFI / RFI](https://blog.s1rn3tz.ovh/pentest-web/path-traversal-lfi-rfi.md): Outils dédiés aux path traversals et local file inclusion - [Bypass](https://blog.s1rn3tz.ovh/pentest-web/bypass.md): Outils dédiés aux bypass en tout genre - [WAF / Filter bypass](https://blog.s1rn3tz.ovh/pentest-web/bypass/waf-filter-bypass.md) - [2FA](https://blog.s1rn3tz.ovh/pentest-web/bypass/2fa.md) - [Charges utiles](https://blog.s1rn3tz.ovh/pentest-web/charges-utiles.md) - [CMS (Content Management System)](https://blog.s1rn3tz.ovh/pentest-web/cms-content-management-system.md): Techniques de pentest de CMS - [WordPress](https://blog.s1rn3tz.ovh/pentest-web/cms-content-management-system/wordpress.md): Pentest de site WordPress - [Joomla!](https://blog.s1rn3tz.ovh/pentest-web/cms-content-management-system/joomla.md): Pentest de sites Joomla! - [Magento](https://blog.s1rn3tz.ovh/pentest-web/cms-content-management-system/magento.md): Pentest de site Magento - [Drupal](https://blog.s1rn3tz.ovh/pentest-web/cms-content-management-system/drupal.md): Pentest de site Drupal - [SOP bypass](https://blog.s1rn3tz.ovh/pentest-web/sop-bypass.md): Same-Origin Policy - [CORS](https://blog.s1rn3tz.ovh/pentest-web/sop-bypass/cors.md): Cross-Origin Ressource Sharing - [postMessage()](https://blog.s1rn3tz.ovh/pentest-web/sop-bypass/postmessage.md) - [JSONP](https://blog.s1rn3tz.ovh/pentest-web/sop-bypass/jsonp.md): JSON Padding - [Clickjacking](https://blog.s1rn3tz.ovh/pentest-web/clickjacking.md) - [Insecure deserialization](https://blog.s1rn3tz.ovh/pentest-web/insecure-deserialization.md) - [Web Cache Poisoning / Deception](https://blog.s1rn3tz.ovh/pentest-web/web-cache-poisoning-deception.md) - [HTTP Smuggling](https://blog.s1rn3tz.ovh/pentest-web/http-smuggling.md) - [OAuth](https://blog.s1rn3tz.ovh/pentest-web/oauth.md) - [SAML](https://blog.s1rn3tz.ovh/pentest-web/saml.md): Security Assertion Markup Language - [JSON Web Token](https://blog.s1rn3tz.ovh/pentest-web/json-web-token.md): JWT - [CSRF](https://blog.s1rn3tz.ovh/pentest-web/csrf.md): Cross Site Request Forgery - [Cross-site WebSocket Hijacking (CSWSH)](https://blog.s1rn3tz.ovh/pentest-web/csrf/cross-site-websocket-hijacking-cswsh.md) - [IDOR](https://blog.s1rn3tz.ovh/pentest-web/idor.md): Insecure Direct Object Reference - [SSRF](https://blog.s1rn3tz.ovh/pentest-web/ssrf.md): Server-Side Request Forgery - [Cloud SSRF](https://blog.s1rn3tz.ovh/pentest-web/ssrf/cloud-ssrf.md) - [Protocol Smuggling](https://blog.s1rn3tz.ovh/pentest-web/ssrf/protocol-smuggling.md) - [APIs](https://blog.s1rn3tz.ovh/pentest-web/apis.md) - [REST](https://blog.s1rn3tz.ovh/pentest-web/apis/rest.md): Representational State Transfer - [GraphQL](https://blog.s1rn3tz.ovh/pentest-web/apis/graphql.md): Graph Query Language - [Mot de passe oublié](https://blog.s1rn3tz.ovh/pentest-web/mot-de-passe-oublie.md) - [Fonctions d'achat et de facturation](https://blog.s1rn3tz.ovh/pentest-web/fonctions-dachat-et-de-facturation.md) - [Broken authentication / register](https://blog.s1rn3tz.ovh/pentest-web/broken-authentication-register.md) - [Panneaux d'administration](https://blog.s1rn3tz.ovh/pentest-web/panneaux-dadministration.md) - [Upload features](https://blog.s1rn3tz.ovh/pentest-web/upload-features.md) - [Broken Link Hijacking](https://blog.s1rn3tz.ovh/pentest-web/broken-link-hijacking.md) - [Prise de contrôle de sous-domaine](https://blog.s1rn3tz.ovh/pentest-web/prise-de-controle-de-sous-domaine.md) - [Prise de contrôle de DNS](https://blog.s1rn3tz.ovh/pentest-web/prise-de-controle-de-dns.md) - [One liners](https://blog.s1rn3tz.ovh/pentest-web/one-liners.md) - [Misconfigurations](https://blog.s1rn3tz.ovh/pentest-web/misconfigurations.md) - [Analyse statique](https://blog.s1rn3tz.ovh/pentest-web/analyse-statique.md): Revue de code - [PHP](https://blog.s1rn3tz.ovh/pentest-web/analyse-statique/php.md) - [Ruby On Rails](https://blog.s1rn3tz.ovh/pentest-web/analyse-statique/ruby-on-rails.md) - [Perl](https://blog.s1rn3tz.ovh/pentest-web/analyse-statique/perl.md) - [JAVA](https://blog.s1rn3tz.ovh/pentest-web/analyse-statique/java.md) - [Javascript](https://blog.s1rn3tz.ovh/pentest-web/analyse-statique/javascript.md) - [Python](https://blog.s1rn3tz.ovh/pentest-web/analyse-statique/python.md) - [Golang](https://blog.s1rn3tz.ovh/pentest-web/analyse-statique/golang.md) - [.NET](https://blog.s1rn3tz.ovh/pentest-web/analyse-statique/.net.md) - [AWS S3](https://blog.s1rn3tz.ovh/pentest-web/aws-s3.md) - [Captcha](https://blog.s1rn3tz.ovh/pentest-web/captcha.md) - [Race conditions](https://blog.s1rn3tz.ovh/pentest-web/race-conditions.md) - [.git exposé](https://blog.s1rn3tz.ovh/pentest-web/.git-expose.md) - [Business logic](https://blog.s1rn3tz.ovh/pentest-web/business-logic.md) - [Prototype pollution](https://blog.s1rn3tz.ovh/pentest-web/prototype-pollution.md) - [Dependency confusion](https://blog.s1rn3tz.ovh/pentest-web/dependency-confusion.md) - [DoS](https://blog.s1rn3tz.ovh/pentest-web/dos.md): Déni de Services - [ReDoS](https://blog.s1rn3tz.ovh/pentest-web/dos/redos.md): Déni de Services par Regex - [Hash flooding](https://blog.s1rn3tz.ovh/pentest-web/dos/hash-flooding.md) - [Cookie bomb](https://blog.s1rn3tz.ovh/pentest-web/dos/cookie-bomb.md) - [Autre](https://blog.s1rn3tz.ovh/pentest-web/autre.md) - [Flask](https://blog.s1rn3tz.ovh/pentest-web/autre/flask.md) - [Symphony](https://blog.s1rn3tz.ovh/pentest-web/autre/symphony.md) - [Spring Boot](https://blog.s1rn3tz.ovh/pentest-web/autre/spring-boot.md) - [Django](https://blog.s1rn3tz.ovh/pentest-web/autre/django.md) - [Jenkins](https://blog.s1rn3tz.ovh/pentest-web/autre/jenkins.md) - [Common Vulnerabilities and Exposures (CVE)](https://blog.s1rn3tz.ovh/pentest-web/autre/common-vulnerabilities-and-exposures-cve.md) - [Pentest Cloud](https://blog.s1rn3tz.ovh/pentest-cloud.md) - [IaC (Infrastructure as Code)](https://blog.s1rn3tz.ovh/pentest-cloud/iac-infrastructure-as-code.md) - [Terraform](https://blog.s1rn3tz.ovh/pentest-cloud/iac-infrastructure-as-code/terraform.md) - [Helm](https://blog.s1rn3tz.ovh/pentest-cloud/iac-infrastructure-as-code/helm.md) - [Kustomize](https://blog.s1rn3tz.ovh/pentest-cloud/iac-infrastructure-as-code/kustomize.md) - [AWS](https://blog.s1rn3tz.ovh/pentest-cloud/aws.md): Amazon Web Services - [Enumeration](https://blog.s1rn3tz.ovh/pentest-cloud/aws/enumeration.md) - [Azure](https://blog.s1rn3tz.ovh/pentest-cloud/azure.md) - [Entra ID](https://blog.s1rn3tz.ovh/pentest-cloud/azure/entra-id.md): Anciennement Anzure AD - [Azure Resource Manager (ARM)](https://blog.s1rn3tz.ovh/pentest-cloud/azure/azure-resource-manager-arm.md) - [Enumeration](https://blog.s1rn3tz.ovh/pentest-cloud/azure/azure-resource-manager-arm/enumeration.md) - [GCP](https://blog.s1rn3tz.ovh/pentest-cloud/gcp.md): Google Cloud Platform - [GCP IAM](https://blog.s1rn3tz.ovh/pentest-cloud/gcp/gcp-iam.md) - [Authentification](https://blog.s1rn3tz.ovh/pentest-cloud/gcp/authentification.md) - [Enumeration](https://blog.s1rn3tz.ovh/pentest-cloud/gcp/enumeration.md) - [Kubernetes](https://blog.s1rn3tz.ovh/pentest-cloud/kubernetes.md) - [Pentest Conteneurs](https://blog.s1rn3tz.ovh/pentest-conteneurs.md) - [Docker](https://blog.s1rn3tz.ovh/pentest-conteneurs/docker.md) - [Docker API](https://blog.s1rn3tz.ovh/pentest-conteneurs/docker/docker-api.md) - [Docker Registries](https://blog.s1rn3tz.ovh/pentest-conteneurs/docker/docker-registries.md) - [Docker Misconfig & Hardening](https://blog.s1rn3tz.ovh/pentest-conteneurs/docker/docker-misconfig-and-hardening.md) - [Docker excessive capabilities](https://blog.s1rn3tz.ovh/pentest-conteneurs/docker/docker-excessive-capabilities.md) - [Pentest Réseau](https://blog.s1rn3tz.ovh/pentest-reseau.md): Techniques de piratages des réseaux - [Protocoles réseau](https://blog.s1rn3tz.ovh/pentest-reseau/protocoles-reseau.md) - [Wifi](https://blog.s1rn3tz.ovh/pentest-reseau/wifi.md): Techniques d'exploitation des réseaux wifi - [BLE](https://blog.s1rn3tz.ovh/pentest-reseau/ble.md): Bluetooth Low Energy - [VPN](https://blog.s1rn3tz.ovh/pentest-reseau/vpn.md) - [Pentest AD](https://blog.s1rn3tz.ovh/pentest-ad.md): Techniques de piratage d'Active Directory - [GPP](https://blog.s1rn3tz.ovh/pentest-ad/gpp.md): Group Policy Preferences - [Mouvements latéraux](https://blog.s1rn3tz.ovh/pentest-ad/mouvements-lateraux.md): Techniques de mouvements latéraux dans environnement AD - [Pass The Hash](https://blog.s1rn3tz.ovh/pentest-ad/mouvements-lateraux/pass-the-hash.md) - [Over Pass The Hash](https://blog.s1rn3tz.ovh/pentest-ad/mouvements-lateraux/over-pass-the-hash.md) - [ADCS](https://blog.s1rn3tz.ovh/pentest-ad/adcs.md) - [Pentest Mobile](https://blog.s1rn3tz.ovh/pentest-mobile.md) - [Android](https://blog.s1rn3tz.ovh/pentest-mobile/android.md) - [Méthodologie](https://blog.s1rn3tz.ovh/pentest-mobile/android/methodologie.md) - [Setup environnement](https://blog.s1rn3tz.ovh/pentest-mobile/android/setup-environnement.md) - [Collecte d'informations](https://blog.s1rn3tz.ovh/pentest-mobile/android/collecte-dinformations.md) - [Enumeration des données locales](https://blog.s1rn3tz.ovh/pentest-mobile/android/enumeration-des-donnees-locales.md) - [Reverse engineering](https://blog.s1rn3tz.ovh/pentest-mobile/android/reverse-engineering.md) - [Dé-obfuscation](https://blog.s1rn3tz.ovh/pentest-mobile/android/reverse-engineering/de-obfuscation.md) - [Analyse statique (Android)](https://blog.s1rn3tz.ovh/pentest-mobile/android/analyse-statique-android.md) - [Debug](https://blog.s1rn3tz.ovh/pentest-mobile/android/debug.md) - [Stockage de données non sécurisé](https://blog.s1rn3tz.ovh/pentest-mobile/android/stockage-de-donnees-non-securise.md) - [Logs](https://blog.s1rn3tz.ovh/pentest-mobile/android/stockage-de-donnees-non-securise/logs.md) - [Shared Preferences](https://blog.s1rn3tz.ovh/pentest-mobile/android/stockage-de-donnees-non-securise/shared-preferences.md) - [Strings](https://blog.s1rn3tz.ovh/pentest-mobile/android/stockage-de-donnees-non-securise/strings.md) - [SQLite DB](https://blog.s1rn3tz.ovh/pentest-mobile/android/stockage-de-donnees-non-securise/sqlite-db.md) - [Realm DB](https://blog.s1rn3tz.ovh/pentest-mobile/android/stockage-de-donnees-non-securise/realm-db.md) - [Mémoire](https://blog.s1rn3tz.ovh/pentest-mobile/android/stockage-de-donnees-non-securise/memoire.md) - [Copy/Paste buffer caching](https://blog.s1rn3tz.ovh/pentest-mobile/android/stockage-de-donnees-non-securise/copy-paste-buffer-caching.md) - [Keyboard press caching](https://blog.s1rn3tz.ovh/pentest-mobile/android/stockage-de-donnees-non-securise/keyboard-press-caching.md) - [Backup](https://blog.s1rn3tz.ovh/pentest-mobile/android/stockage-de-donnees-non-securise/backup.md) - [Carte SD](https://blog.s1rn3tz.ovh/pentest-mobile/android/stockage-de-donnees-non-securise/carte-sd.md) - [Firebase/Appspot misconfig](https://blog.s1rn3tz.ovh/pentest-mobile/android/firebase-appspot-misconfig.md) - [Deeplinks vulns](https://blog.s1rn3tz.ovh/pentest-mobile/android/deeplinks-vulns.md) - [Deeplink hijacking](https://blog.s1rn3tz.ovh/pentest-mobile/android/deeplinks-vulns/deeplink-hijacking.md) - [WebView hijacking (via deeplink)](https://blog.s1rn3tz.ovh/pentest-mobile/android/deeplinks-vulns/webview-hijacking-via-deeplink.md) - [Invalid Digital assets links](https://blog.s1rn3tz.ovh/pentest-mobile/android/deeplinks-vulns/invalid-digital-assets-links.md) - [WebView vulns](https://blog.s1rn3tz.ovh/pentest-mobile/android/webview-vulns.md) - [WebView Hijacking](https://blog.s1rn3tz.ovh/pentest-mobile/android/webview-vulns/webview-hijacking.md) - [RCE](https://blog.s1rn3tz.ovh/pentest-mobile/android/webview-vulns/webview-hijacking/rce.md) - [Vol de token](https://blog.s1rn3tz.ovh/pentest-mobile/android/webview-vulns/webview-hijacking/vol-de-token.md) - [Exfiltration de données](https://blog.s1rn3tz.ovh/pentest-mobile/android/webview-vulns/webview-hijacking/exfiltration-de-donnees.md) - [Guides outils](https://blog.s1rn3tz.ovh/pentest-mobile/android/guides-outils.md) - [Outil Drozer](https://blog.s1rn3tz.ovh/pentest-mobile/android/guides-outils/outil-drozer.md): Manuel d'utilisation de l'outi Drozer - [Injections SQL (Android)](https://blog.s1rn3tz.ovh/pentest-mobile/android/guides-outils/outil-drozer/injections-sql-android.md) - [Path traversal (Android)](https://blog.s1rn3tz.ovh/pentest-mobile/android/guides-outils/outil-drozer/path-traversal-android.md) - [Outil Objection](https://blog.s1rn3tz.ovh/pentest-mobile/android/guides-outils/outil-objection.md) - [Outil Frida](https://blog.s1rn3tz.ovh/pentest-mobile/android/guides-outils/outil-frida.md) - [Outil Medusa / Mango](https://blog.s1rn3tz.ovh/pentest-mobile/android/guides-outils/outil-medusa-mango.md) - [Apps For Pentesters](https://blog.s1rn3tz.ovh/pentest-mobile/android/guides-outils/apps-for-pentesters.md) - [Malware-apk](https://blog.s1rn3tz.ovh/pentest-mobile/android/guides-outils/apps-for-pentesters/malware-apk.md) - [LibChecker](https://blog.s1rn3tz.ovh/pentest-mobile/android/guides-outils/apps-for-pentesters/libchecker.md) - [Bypass](https://blog.s1rn3tz.ovh/pentest-mobile/android/bypass.md) - [Contournement de détection d'emulateur](https://blog.s1rn3tz.ovh/pentest-mobile/android/bypass/contournement-de-detection-demulateur.md) - [Fichiers d'emulateurs](https://blog.s1rn3tz.ovh/pentest-mobile/android/bypass/contournement-de-detection-demulateur/fichiers-demulateurs.md) - [Network Operator Name](https://blog.s1rn3tz.ovh/pentest-mobile/android/bypass/contournement-de-detection-demulateur/network-operator-name.md) - [Contournement des détections de rootage](https://blog.s1rn3tz.ovh/pentest-mobile/android/bypass/contournement-des-detections-de-rootage.md) - [Root management](https://blog.s1rn3tz.ovh/pentest-mobile/android/bypass/contournement-des-detections-de-rootage/root-management.md) - [Clé de signature du noyau](https://blog.s1rn3tz.ovh/pentest-mobile/android/bypass/contournement-des-detections-de-rootage/cle-de-signature-du-noyau.md) - [Props dangereux](https://blog.s1rn3tz.ovh/pentest-mobile/android/bypass/contournement-des-detections-de-rootage/props-dangereux.md) - [Binaire "su"](https://blog.s1rn3tz.ovh/pentest-mobile/android/bypass/contournement-des-detections-de-rootage/binaire-su.md) - [Permissions sur les repertoires](https://blog.s1rn3tz.ovh/pentest-mobile/android/bypass/contournement-des-detections-de-rootage/permissions-sur-les-repertoires.md) - [Contournement des protections biometriques](https://blog.s1rn3tz.ovh/pentest-mobile/android/bypass/contournement-des-protections-biometriques.md) - [SSL pinning bypass](https://blog.s1rn3tz.ovh/pentest-mobile/android/bypass/ssl-pinning-bypass.md) - [Contournement de code PIN](https://blog.s1rn3tz.ovh/pentest-mobile/android/bypass/contournement-de-code-pin.md) - [Lecteur de code QR/EAN/Barres...](https://blog.s1rn3tz.ovh/pentest-mobile/android/lecteur-de-code-qr-ean-barres....md) - [Injection de backdoor](https://blog.s1rn3tz.ovh/pentest-mobile/android/injection-de-backdoor.md) - [Task hijacking](https://blog.s1rn3tz.ovh/pentest-mobile/android/task-hijacking.md) - [Overlay attacks](https://blog.s1rn3tz.ovh/pentest-mobile/android/overlay-attacks.md) - [Tapjacking](https://blog.s1rn3tz.ovh/pentest-mobile/android/overlay-attacks/tapjacking.md) - [Invisible Keyboard](https://blog.s1rn3tz.ovh/pentest-mobile/android/overlay-attacks/invisible-keyboard.md) - [Résilience](https://blog.s1rn3tz.ovh/pentest-mobile/android/resilience.md) - [Third Party Keyboards](https://blog.s1rn3tz.ovh/pentest-mobile/android/resilience/third-party-keyboards.md) - [Allowed Copy/Paste on sensitive fields](https://blog.s1rn3tz.ovh/pentest-mobile/android/resilience/allowed-copy-paste-on-sensitive-fields.md) - [Background screen caching](https://blog.s1rn3tz.ovh/pentest-mobile/android/resilience/background-screen-caching.md) - [Schémas de signature](https://blog.s1rn3tz.ovh/pentest-mobile/android/resilience/schemas-de-signature.md) - [In-App updates](https://blog.s1rn3tz.ovh/pentest-mobile/android/resilience/in-app-updates.md) - [Corruption de Mémoire](https://blog.s1rn3tz.ovh/pentest-mobile/android/corruption-de-memoire.md) - [Bluetooth (Android)](https://blog.s1rn3tz.ovh/pentest-mobile/android/bluetooth-android.md) - [Dependances](https://blog.s1rn3tz.ovh/pentest-mobile/android/dependances.md) - [iOS](https://blog.s1rn3tz.ovh/pentest-mobile/ios.md) - [Méthodologie](https://blog.s1rn3tz.ovh/pentest-mobile/ios/methodologie.md) - [Setup environnement (iOS)](https://blog.s1rn3tz.ovh/pentest-mobile/ios/setup-environnement-ios.md) - [Reverse engineering (iOS)](https://blog.s1rn3tz.ovh/pentest-mobile/ios/reverse-engineering-ios.md) - [Analyse statique (iOS)](https://blog.s1rn3tz.ovh/pentest-mobile/ios/analyse-statique-ios.md) - [Contournement de détection de Jailbreak](https://blog.s1rn3tz.ovh/pentest-mobile/ios/contournement-de-detection-de-jailbreak.md) - [SSL pinning bypass (iOS)](https://blog.s1rn3tz.ovh/pentest-mobile/ios/ssl-pinning-bypass-ios.md) - [Contournement d'authentification biométrique](https://blog.s1rn3tz.ovh/pentest-mobile/ios/contournement-dauthentification-biometrique.md) - [Contournement d'anti-Hooking/Debugging](https://blog.s1rn3tz.ovh/pentest-mobile/ios/contournement-danti-hooking-debugging.md) - [Stockage de données non sécurisé (iOS)](https://blog.s1rn3tz.ovh/pentest-mobile/ios/stockage-de-donnees-non-securise-ios.md) - [Mémoire (iOS)](https://blog.s1rn3tz.ovh/pentest-mobile/ios/stockage-de-donnees-non-securise-ios/memoire-ios.md) - [Copy/Paste buffer caching (iOS)](https://blog.s1rn3tz.ovh/pentest-mobile/ios/stockage-de-donnees-non-securise-ios/copy-paste-buffer-caching-ios.md) - [Cookies (iOS)](https://blog.s1rn3tz.ovh/pentest-mobile/ios/stockage-de-donnees-non-securise-ios/cookies-ios.md) - [Logs (iOS)](https://blog.s1rn3tz.ovh/pentest-mobile/ios/stockage-de-donnees-non-securise-ios/logs-ios.md) - [Cache du clavier (IOS)](https://blog.s1rn3tz.ovh/pentest-mobile/ios/stockage-de-donnees-non-securise-ios/cache-du-clavier-ios.md) - [Backup (IOS)](https://blog.s1rn3tz.ovh/pentest-mobile/ios/stockage-de-donnees-non-securise-ios/backup-ios.md) - [Strings (iOS)](https://blog.s1rn3tz.ovh/pentest-mobile/ios/stockage-de-donnees-non-securise-ios/strings-ios.md) - [Background screen caching](https://blog.s1rn3tz.ovh/pentest-mobile/ios/background-screen-caching.md) - [WebView vulns (iOS)](https://blog.s1rn3tz.ovh/pentest-mobile/ios/webview-vulns-ios.md) - [Deeplinks/Universal links vulns (iOS)](https://blog.s1rn3tz.ovh/pentest-mobile/ios/deeplinks-universal-links-vulns-ios.md) - [Apple App Site Association](https://blog.s1rn3tz.ovh/pentest-mobile/ios/deeplinks-universal-links-vulns-ios/apple-app-site-association.md) - [Lecteur de code QR](https://blog.s1rn3tz.ovh/pentest-mobile/ios/lecteur-de-code-qr.md) - [Firebase misc](https://blog.s1rn3tz.ovh/pentest-mobile/ios/firebase-misc.md) - [Dependances (iOS)](https://blog.s1rn3tz.ovh/pentest-mobile/ios/dependances-ios.md) - [Predicate Injection](https://blog.s1rn3tz.ovh/pentest-mobile/ios/predicate-injection.md): NSPredicate / NSExpression vulnerability - [Corruptions de mémoire (iOS)](https://blog.s1rn3tz.ovh/pentest-mobile/ios/corruptions-de-memoire-ios.md) - [ARM64](https://blog.s1rn3tz.ovh/pentest-mobile/ios/corruptions-de-memoire-ios/arm64.md) - [Pentest physique](https://blog.s1rn3tz.ovh/pentest-physique.md) - [Crochetage](https://blog.s1rn3tz.ovh/pentest-physique/crochetage.md) - [RFID](https://blog.s1rn3tz.ovh/pentest-physique/rfid.md) - [Equipements](https://blog.s1rn3tz.ovh/pentest-physique/equipements.md) - [Hardware Hacking](https://blog.s1rn3tz.ovh/pentest-physique/hardware-hacking.md) - [UART](https://blog.s1rn3tz.ovh/pentest-physique/hardware-hacking/uart.md): Universal Asynchronous Receiver-Transmitter - [JTAG](https://blog.s1rn3tz.ovh/pentest-physique/hardware-hacking/jtag.md): Joint Test Action Group - [SWD](https://blog.s1rn3tz.ovh/pentest-physique/hardware-hacking/swd.md): Serial Wire Debug - [SPI](https://blog.s1rn3tz.ovh/pentest-physique/hardware-hacking/spi.md): Serial Peripheral Interface - [I²C](https://blog.s1rn3tz.ovh/pentest-physique/hardware-hacking/i-c.md): I squared C - [Fault Injection](https://blog.s1rn3tz.ovh/pentest-physique/hardware-hacking/fault-injection.md) - [Side-Channel Attacks](https://blog.s1rn3tz.ovh/pentest-physique/hardware-hacking/side-channel-attacks.md) - [Firmware hacking](https://blog.s1rn3tz.ovh/pentest-physique/firmware-hacking.md) - [Pentest IoT](https://blog.s1rn3tz.ovh/pentest-iot.md) - [Replay de stream camera](https://blog.s1rn3tz.ovh/pentest-iot/replay-de-stream-camera.md) - [Assistants vocaux](https://blog.s1rn3tz.ovh/pentest-iot/assistants-vocaux.md) - [Camera IP](https://blog.s1rn3tz.ovh/pentest-iot/camera-ip.md) - [DoS](https://blog.s1rn3tz.ovh/pentest-iot/dos.md) - [Imprimantes](https://blog.s1rn3tz.ovh/pentest-iot/imprimantes.md) - [Chromecast](https://blog.s1rn3tz.ovh/pentest-iot/chromecast.md) - [Hacking protocols](https://blog.s1rn3tz.ovh/hacking-protocols.md): Techniques de piratage par protocole - [Telnet - port 23](https://blog.s1rn3tz.ovh/hacking-protocols/telnet-port-23.md) - [SSH - port 22](https://blog.s1rn3tz.ovh/hacking-protocols/ssh-port-22.md) - [FTP - port 21](https://blog.s1rn3tz.ovh/hacking-protocols/ftp-port-21.md): Techniques d'exploitation du service File Transfert Protocole - [Whois - port 43](https://blog.s1rn3tz.ovh/hacking-protocols/whois-port-43.md) - [DNS - port 53](https://blog.s1rn3tz.ovh/hacking-protocols/dns-port-53.md): Technique d'exploitation de service Domain Name Server - [Kerberos - port 88](https://blog.s1rn3tz.ovh/hacking-protocols/kerberos-port-88.md) - [SNMP - ports 161-162](https://blog.s1rn3tz.ovh/hacking-protocols/snmp-ports-161-162.md): Techniques d'exploitation des services Simple Network Management Protocol - [SMB - ports 445-139](https://blog.s1rn3tz.ovh/hacking-protocols/smb-ports-445-139.md): Techniques d'exploitation des services Server Message Block - [SMTP - ports 25-587](https://blog.s1rn3tz.ovh/hacking-protocols/smtp-ports-25-587.md): Techniques d'exploitation des services Simple Mail Transfer Protocol - [RTSP - port 554](https://blog.s1rn3tz.ovh/hacking-protocols/rtsp-port-554.md) - [MS-RPC - ports 135-593](https://blog.s1rn3tz.ovh/hacking-protocols/ms-rpc-ports-135-593.md): Techniques d'exploitation des services MS-RPC - [Rsync - port 873](https://blog.s1rn3tz.ovh/hacking-protocols/rsync-port-873.md) - [MS-SQL - port 1433](https://blog.s1rn3tz.ovh/hacking-protocols/ms-sql-port-1433.md): Techniques d'exploitation des services Microsoft SQL Server - [Docker - port 2375](https://blog.s1rn3tz.ovh/hacking-protocols/docker-port-2375.md) - [MySQL - port 3306](https://blog.s1rn3tz.ovh/hacking-protocols/mysql-port-3306.md) - [LDAP - ports 389, 636, 3268, 3269](https://blog.s1rn3tz.ovh/hacking-protocols/ldap-ports-389-636-3268-3269.md) - [RDP - port 3389](https://blog.s1rn3tz.ovh/hacking-protocols/rdp-port-3389.md) - [VNC - ports 5800,5801,5900,5901](https://blog.s1rn3tz.ovh/hacking-protocols/vnc-ports-5800-5801-5900-5901.md) - [Ingénierie sociale](https://blog.s1rn3tz.ovh/ingenierie-sociale.md): Principe d'ingénierie sociale - [Concepts / Principes / Attaques](https://blog.s1rn3tz.ovh/ingenierie-sociale/concepts-principes-attaques.md) - [Ethique](https://blog.s1rn3tz.ovh/ingenierie-sociale/ethique.md) - [Profils comportementaux](https://blog.s1rn3tz.ovh/ingenierie-sociale/profils-comportementaux.md) - [Crack](https://blog.s1rn3tz.ovh/crack.md): Outils de cracking - [Autres outils utiles](https://blog.s1rn3tz.ovh/autres-outils-utiles.md): Cette page contient tout autre outils utiles lors de tests d'intrusions - [Sandbox / Sanitizer](https://blog.s1rn3tz.ovh/autres-outils-utiles/sandbox-sanitizer.md) - [Générateurs de wordlists personnalisées](https://blog.s1rn3tz.ovh/autres-outils-utiles/generateurs-de-wordlists-personnalisees.md) - [Post-Exploitation](https://blog.s1rn3tz.ovh/post-exploitation.md): Techniques de post-exploitation - [Énumération /Élévation de privilèges](https://blog.s1rn3tz.ovh/post-exploitation/enumeration-elevation-de-privileges.md): Techniques d'élévation de privilèges - [Linux](https://blog.s1rn3tz.ovh/post-exploitation/enumeration-elevation-de-privileges/linux.md) - [CVE-2022-0847 (Dirty Pipe)](https://blog.s1rn3tz.ovh/post-exploitation/enumeration-elevation-de-privileges/linux/cve-2022-0847-dirty-pipe.md) - [CVE 2021-4034 (PwnKit)](https://blog.s1rn3tz.ovh/post-exploitation/enumeration-elevation-de-privileges/linux/cve-2021-4034-pwnkit.md) - [CVE 2021-3560 (Polkit)](https://blog.s1rn3tz.ovh/post-exploitation/enumeration-elevation-de-privileges/linux/cve-2021-3560-polkit.md) - [Windows](https://blog.s1rn3tz.ovh/post-exploitation/enumeration-elevation-de-privileges/windows.md) - [PrintNightmare](https://blog.s1rn3tz.ovh/post-exploitation/enumeration-elevation-de-privileges/windows/printnightmare.md) - [SpoolFool](https://blog.s1rn3tz.ovh/post-exploitation/enumeration-elevation-de-privileges/windows/spoolfool.md) - [Usurpation de SAMAccountName](https://blog.s1rn3tz.ovh/post-exploitation/enumeration-elevation-de-privileges/windows/usurpation-de-samaccountname.md) - [Scheduled task/job (T1573.005)](https://blog.s1rn3tz.ovh/post-exploitation/enumeration-elevation-de-privileges/windows/scheduled-task-job-t1573.005.md) - [HiveNightmare](https://blog.s1rn3tz.ovh/post-exploitation/enumeration-elevation-de-privileges/windows/hivenightmare.md) - [Stored Credentials](https://blog.s1rn3tz.ovh/post-exploitation/enumeration-elevation-de-privileges/windows/stored-credentials.md) - [SeImpersonatePrivilege](https://blog.s1rn3tz.ovh/post-exploitation/enumeration-elevation-de-privileges/windows/seimpersonateprivilege.md): Abus des privilèges d'emprunt d'identité sur Windows 10 et Server 2019 - [SeBackupPrivilege](https://blog.s1rn3tz.ovh/post-exploitation/enumeration-elevation-de-privileges/windows/sebackupprivilege.md) - [Unquoted Service Path](https://blog.s1rn3tz.ovh/post-exploitation/enumeration-elevation-de-privileges/windows/unquoted-service-path.md) - [DLL Hijacking](https://blog.s1rn3tz.ovh/post-exploitation/enumeration-elevation-de-privileges/windows/dll-hijacking.md) - [SeBackupPrivilege](https://blog.s1rn3tz.ovh/post-exploitation/enumeration-elevation-de-privileges/windows/sebackupprivilege-1.md) - [Docker](https://blog.s1rn3tz.ovh/post-exploitation/enumeration-elevation-de-privileges/docker.md) - [Effacement des traces](https://blog.s1rn3tz.ovh/post-exploitation/effacement-des-traces.md) - [Persistance / Downloaders](https://blog.s1rn3tz.ovh/post-exploitation/persistance-downloaders.md) - [Defense evasion](https://blog.s1rn3tz.ovh/post-exploitation/defense-evasion.md) - [Exfiltration de Données](https://blog.s1rn3tz.ovh/post-exploitation/exfiltration-de-donnees.md) - [Computer Forensic](https://blog.s1rn3tz.ovh/computer-forensic.md) - [Méthodologie](https://blog.s1rn3tz.ovh/computer-forensic/methodologie.md) - [Live forensic](https://blog.s1rn3tz.ovh/computer-forensic/live-forensic.md) - [Mémoire non volatile](https://blog.s1rn3tz.ovh/computer-forensic/memoire-non-volatile.md) - [Mémoire volatile](https://blog.s1rn3tz.ovh/computer-forensic/memoire-volatile.md) - [File forensic](https://blog.s1rn3tz.ovh/computer-forensic/file-forensic.md) - [Mobile Forensic](https://blog.s1rn3tz.ovh/mobile-forensic.md) - [Méthodologie](https://blog.s1rn3tz.ovh/mobile-forensic/methodologie.md) - [Identification](https://blog.s1rn3tz.ovh/mobile-forensic/identification.md) - [Préservation](https://blog.s1rn3tz.ovh/mobile-forensic/preservation.md) - [Acquisition](https://blog.s1rn3tz.ovh/mobile-forensic/acquisition.md) - [Analyse](https://blog.s1rn3tz.ovh/mobile-forensic/analyse.md) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on a page URL with the `ask` query parameter: ``` GET https://blog.s1rn3tz.ovh/pentest-et-bug-bounty.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.