Tina 
13160
Place
1090
Points
65
Challenges
0
Compromissions
3%
App - Script
5 Points1 / 33
1%
App - Système
5 Points1 / 93
6%
Cracking
25 Points4 / 70
4%
Cryptanalyse
15 Points3 / 75
0%
Forensic
0 Points0 / 44
3%
Programmation
5 Points1 / 29
3%
Réaliste
40 Points2 / 60
12%
Réseau
55 Points4 / 34
- o FTP - Authentification
- o TELNET - authentification
- x ETHERNET - trame
- x Kerberos - Authentification
- x NTLM - Authentification
- o Authentification twitter
- x Bluetooth - Fichier inconnu
- x CISCO - mot de passe
- x DNS - transfert de zone
- x IP - Time To Live
- x LDAP - null bind
- x OSPF - Authentification
- x POP - APOP
- x RF - AM Transmission
- x Extraction de données
- x RF - FM Transmission
- x RF - Key Fixed Code
- x SIP - Authentification
- x ETHERNET - Transmission altérée
- x Trafic Global System for Mobile communications
- x HTTP - DNS Rebinding
- o SSL - échange HTTP
- x Netfilter - erreurs courantes
- x SNMP - Authentification
- x Wired Equivalent Privacy
- x Charge ICMP
- x ARP Spoofing - Écoute active
- x XMPP - Authentification
- x RF - Transmission satellite
- x WPA2 - Enterprise
- x ARP Spoofing - L’homme du milieu
- x RF - Bande L
- x RIPv1 - no authentication
- x WPA3 - SAE
9%
Stéganographie
15 Points2 / 23
- o EXIF - Metadata
- o Point à la ligne
- x Steganomobile
- x Twitter Secret Messages
- x TXT - George et Alfred
- x WAV - Analyse de bruit
- x Poem from Space
- x Points jaunes
- x EXIF - Miniature
- x Mimic - Dummy sight
- x WAV - Analyse spectrale
- x APNG - Just A PNG
- x Crypt-art
- x ELF x64 - Duality
- x PDF - Embedded
- x Genius ID
- x Kitty spy
- x PNG - Least Significant Bit
- x PNG - Pixel Indicator Technique
- x PNG - Pixel Value Differencing
- x Angecryption
- x Base Jumper
- x Hide and seek
21%
Web - Client
105 Points9 / 42
- o HTML - boutons désactivés
- o Javascript - Authentification
- o Javascript - Source
- o Javascript - Authentification 2
- o Javascript - Obfuscation 1
- o Javascript - Obfuscation 2
- o Javascript - Native code
- o Javascript - Webpack
- x Javascript - Obfuscation 3
- o XSS - Stockée 1
- x AST - Deobfuscation
- x CSP Bypass - Inline code
- x CSP Bypass - Nonce 2
- x CSRF - 0 protection
- x Web Socket - 0 protection
- x XSS DOM Based - Introduction
- x Flash - Authentification
- x XSS DOM Based - AngularJS
- x XSS DOM Based - Eval
- x CSP Bypass - Dangling markup
- x CSP Bypass - JSONP
- x CSRF - contournement de jeton
- x XSS - Volatile
- x CSP Bypass - Dangling markup 2
- x CSP Bypass - Nonce
- x CSS - Exfiltration
- x Javascript - Obfuscation 4
- x Relative Path Overwrite
- x XSS - Stockée 2
- x XSS DOM Based - Filters Bypass
- x Self XSS - DOM Secrets
- x CSPT - The Ruler
- x DOM Clobbering
- x Javascript - Obfuscation 6
- x Self XSS - Race Condition
- x Browser - bfcache / disk cache
- x HTTP Response Splitting
- x Javascript - Obfuscation 5
- x XS Leaks
- x XSS - Stored - contournement de filtres
- x XSS - DOM Based
- x Same Origin Method Execution
40%
Web - Serveur
820 Points38 / 96
- o HTML - Code source
- o HTTP - Contournement de filtrage IP
- o HTTP - Open redirect
- o HTTP - User-agent
- o Mot de passe faible
- o PHP - Injection de commande
- x API - Broken Access
- o Fichier de sauvegarde
- o HTTP - Directory indexing
- o HTTP - Headers
- o HTTP - POST
- o HTTP - Redirection invalide
- o HTTP - Verb tampering
- o Install files
- o Nginx - Alias Misconfiguration
- o Nginx - Root Location Misconfiguration
- x API - Mass Assignment
- o CRLF
- o File upload - Double extensions
- o File upload - Type MIME
- x Flask - Unsecure session
- x GraphQL - Introspection
- o HTTP - Cookies
- o Insecure Code Management
- o JWT - Introduction
- x XSS - Server Side
- o Directory traversal
- o File upload - Null byte
- x JWT - Jeton révoqué
- x JWT - Secret faible
- x JWT - Unsecure File Signature
- o PHP - assert()
- x PHP - Configuration Apache
- o PHP - Filters
- x PHP - Register globals
- x PHP - Remote Xdebug
- o Python - Server-side Template Injection Introduction
- x File upload - ZIP
- x Flask - Development server
- x GraphQL - Injection
- x Injection de commande - Contournement de filtre
- o Java - Server-side Template Injection
- x JWT - Clé publique
- x JWT - Header Injection
- o Local File Inclusion
- o Local File Inclusion - Double encoding
- x Nginx - SSRF Misconfiguration
- x Node - Eval
- o PHP - Loose Comparison
- o PHP - preg_replace()
- x PHP - Type juggling
- o Remote File Inclusion
- o SQL injection - Authentification
- o SQL injection - Authentification - GBK
- o SQL injection - String
- x XSLT - Exécution de code
- x Elixir - EEx
- x JWT - Unsecure Key Handling
- x LDAP injection - Authentification
- x Node - Serialize
- x NoSQL injection - Authentification
- x PHP - Path Truncation
- x PHP - Sérialisation
- x SQL injection - Numérique
- x SQL Injection - Routed
- x SQL Truncation
- x XML External Entity
- o XPath injection - Authentification
- x Yaml - Deserialization
- x API - Broken Access 2
- x GraphQL - Backend injection
- x GraphQL - Mutation
- x Java - Spring Boot
- x Local File Inclusion - Wrappers
- o PHP - Eval
- x PHP - Eval - Contournement de filtres avancés
- x SQL injection - Error
- x SQL injection - Insert
- x SQL injection - Lecture de fichiers
- o XPath injection - String
- x File upload - Polyglot
- x NodeJS - Prototype Pollution Bypass
- x NoSQL injection - En aveugle
- x SQL injection - Time based
- x Java - Custom gadget deserialisation
- x NodeJS - vm escape
- x Server Side Request Forgery
- x SQL injection - En aveugle
- x LDAP injection - En aveugle
- x PHP - Unserialize overflow
- x PHP - Unserialize Pop Chain
- x SQL Injection - Second Order
- x Python dotenv
- x Python - SSTI contournement de filtres en aveugle
- x XPath injection - En aveugle
- x SQL injection - Contournement de filtres