sar 
86
Place
13230
Points
323
Challenges
8
Compromissions
36%
App - Script
315 Points12 / 33
- o Bash - System 1
- o sudo - faiblesse de configuration
- o Bash - System 2
- x LaTeX - Input
- x Powershell - Command injection
- x AppArmor - Jail Introduction
- x Bash - unquoted expression injection
- x Docker - I am groot
- o Perl - Command injection
- x Powershell - SecureString
- o Bash - cron
- x LaTeX - Execution de commandes
- o Python - input()
- x R : exécution de code
- x Powershell - Basic jail
- o Python - pickle
- x Bash - quoted expression injection
- x Docker - Sys-Admin’s Docker
- x Shared Objects hijacking
- o SSH - Agent Hijacking
- x AppArmor - Jail Medium
- x Bash - race condition
- x Docker - Talk through me
- x Python - format string
- o Python - PyJail 1
- x PHP - Jail
- o Python - PyJail 2
- o Python - Jail - Exec
- x Javascript - Jail
- x Python - Jail - Garbage collector
- o Bash - Shells restreints
- x Python - Eval Is Evil
- x Deep learning - Modèle malveillant
85%
App - Système
5450 Points79 / 93
- o ELF x86 - Stack buffer overflow basic 1
- o ELF x64 - Basic heap overflow
- o ELF x86 - Stack buffer overflow basic 2
- o PE32 - Stack buffer overflow basic
- o ELF x86 - Format string bug basic 1
- o ELF x64 - Stack buffer overflow - basic
- o ELF x86 - Format string bug basic 2
- o ELF x86 - Race condition
- o ELF ARM - Stack buffer overflow - basic
- o ELF MIPS - Stack buffer overflow - No NX
- o ELF x64 - Double free
- o ELF x86 - Stack buffer overflow basic 3
- o ELF x86 - Use After Free - basic
- o ELF ARM - Stack Spraying
- o ELF x64 - Stack buffer overflow - PIE
- o ELF x86 - BSS buffer overflow
- o ELF x86 - Stack buffer overflow basic 4
- o ELF x86 - Stack buffer overflow basic 6
- o ELF x86 - Format String Bug Basic 3
- o PE32 - Stack buffer overflow avancé
- o ELF ARM - Basic ROP
- o ELF MIPS - Basic ROP
- o ELF RISC-V - Intro - let’s do the ROP
- o ELF x64 - Stack buffer overflow - Stack pivot
- o ELF x86 - Stack buffer overflow - C++ vtables
- o PE32+ Format string bug
- o ELF x64 - Logic bug
- o ELF x86 - Bug Hunting - Plusieurs problèmes
- o ELF x86 - Stack buffer and integer overflow
- o ELF x86 - Stack buffer overflow - ret2dl_resolve
- o ELF x86 - Stack buffer overflow basic 5
- o ELF x64 - Stack buffer overflow - avancé
- o ELF MIPS - Format String Glitch
- o ELF x64 - Heap Filling
- o ELF x86 - Information leakage with Stack Smashing Protector
- o ELF x64 - File Structure Hacking
- o ELF ARM - Race condition
- o ELF x64 - Browser exploit - Intro
- o ELF x64 - Buggy VM
- o ELF x64 - Heap Safe-Linking Bypass
- o ELF x64 - ret2dl_init
- o ELF x86 - Out of bounds attack - French Paradox
- o ELF x86 - Remote BSS buffer overflow
- o ELF x86 - Remote Format String bug
- o PE32+ Basic ROP
- o ELF x64 - Remote heap buffer overflow - tcache
- o ELF x86 - Blind remote format string bug
- o LinKern ARM - syscall vulnérable
- o LinKern x86 - Buffer overflow basic 1
- o ELF x64 - Sigreturn Oriented Programming
- o LinKern x86 - Null pointer dereference
- o ELF x64 - Syscall chaining
- o LinKern x64 - Race condition
- o ELF ARM - Shellcode alphanumérique
- o ELF MIPS - URLEncoded Format String bug
- o ELF x64 - Blind SROP
- x ELF x64 - Heap Hop
- o ELF x86 - Hardened binary 1
- o ELF x86 - Hardened binary 2
- o ELF x86 - Hardened binary 3
- o ELF x86 - Hardened binary 4
- o LinKern MIPSel - Vulnerable ioctl
- o LinKern x64 - code réentrant
- o ELF ARM - Heap format string bug
- o ELF ARM - Format String bug
- o ELF ARM - Use After Free
- x ELF x64 - FILE structure hijacking
- o ELF x64 - Heap feng-shui
- o ELF x64 - Off-by-one bug
- o ELF x86 - Hardened binary 5
- o LinKern ARM - Stack Overflow
- o LinKern x86 - basic ROP
- x ELF ARM - Heap Off-by-One
- x ELF x64 - Advanced blind format string exploitation
- o ELF x64 - Remote Heap buffer overflow 1
- o ELF x86 - Hardened binary 6
- o ELF x86 - Hardened binary 7
- o ELF x86 - Remote stack buffer overflow - Hardened
- o LinKern x64 - RowHammer
- x LinKern x64 - SLUB off-by-one
- x ELF ARM - Heap buffer overflow - Wilderness
- x ELF ARM - Heap Overflow
- x ELF ARM64 - Heap Underflow
- x ELF x64 - Seccomp Whitelist
- o ELF x86 - Blind ROP
- o LinKern x64 - Memory exploration
- x WinKern x64 - Stack buffer overflow avancé - ROP
- x WinKern x64 - Use After Free
- o ELF x64 - Remote Heap buffer overflow 2
- x ELF x64 - Advanced Heap Exploitation - Heap Leakless & Fortified
- o ELF x64 - Blind ROP
- x ELF x64 - Browser exploit - BitString
- x ELF ARM64 - Multithreading
76%
Cracking
1890 Points50 / 66
- o ELF x86 - 0 protection
- o ELF x86 - Basique
- o PE x86 - 0 protection
- o ELF C++ - 0 protection
- o Godot - 0 protection
- o PE DotNet - 0 protection
- x APK - Introduction
- o ELF MIPS - Basic Crackme
- o ELF x64 - Golang basique
- o ELF x86 - Fake Instructions
- o ELF x86 - Ptrace
- o Godot - Bytecode
- o WASM - Introduction
- x APK - Flutter Debug
- o ELF ARM - Basic Crackme
- o ELF x64 - Basic KeygenMe
- x Gestion de sauvegarde sous Unity3D
- x Godot - Mono
- o PE DotNet - Basic Anti-Debug
- o PE DotNet - Basic Crackme
- o PYC - ByteCode
- o ELF x86 - Pas de points d’arrêt logiciels
- o Lua - Bytecode
- o MachO x64 - keygenme or not
- o ELF ARM - crackme 1337
- o ELF x86 - CrackPass
- o ELF x86 - ExploitMe
- o ELF x86 - Random Crackme
- o GB - Basic GameBoy crackme
- o PDF - Javascript
- o PE x86 - Xor Madness
- o Powershell DeObfuscation
- o ELF ARM - Crypted
- o ELF x64 - Automatisation du crackme
- x Godot - Modèle 3D
- x NRO ARM - Switch homebrew
- o PE x86 - SEHVEH
- o APK - Anti-debug
- o APK - Insomni’Droid
- x ELF x64 - Rust backdoor
- x ELF x64 - Rust Crackme
- x PE x64 - UEFI Secure Boot
- o APK - Root My Droid
- o ELF x64 - Nanomites - Introduction
- o ELF x86 - Anti-debug
- o PE DotNet - KeygenMe
- x PE x64 - Bazar dans les tables
- o PE x86 - AutoPE
- x PYC - Self Modifying (Byte)Code
- x PYC - Snakeygen
- o ELF x86 - KeygenMe
- x HackerMan
- x Unity - Mono - Basic Game Hacking
- o WASM - Trouvez le PNJ
- o Bash - VM
- o ELF x64 - KeyGenMe
- o ELF x64 - Anti-debug et equations
- x Unity - IL2CPP - Basic Game Hacking
- o ELF x64 - Nanomites
- o ELF x86 - Packed
- o PE x86 - RunPE
- o ELF x86 - VM
- o ELF x64 - Hidden Control Flow
- o Ringgit
- x Voracious Nanomites
- o White-Box Cryptography #2
50%
Cryptanalyse
900 Points35 / 70
- o Encodage - ASCII
- o Encodage - UU
- x Hash - DCC
- x Hash - DCC2
- x Hash - LM
- o Hash - Message Digest 5
- x Hash - NT
- o Hash - SHA-2
- o Chiffrement par décalage
- x CISCO - Salted Password
- o Décomposition pixelisée
- o ELF64 - Chiffrement avec le PID
- o Fichier - PKZIP
- o Substitution monoalphabétique - César
- x Circular Bit Shift
- o Clair connu - XOR
- o Code - Pseudo Random Number Generator
- x Encodage - Codebook
- x Fichier - PKZIP 2
- o File - Insecure storage 1
- o Substitution polyalphabétique - Vigenère
- o Système - Android lock pattern
- o Transposition - Rail Fence
- o AES - CBC - Bit-Flipping Attack
- o AES - ECB
- x AES - ECB - Copy Paste
- o LFSR - Clair connu
- o RSA - Factorisation
- o RSA - Oracle de déchiffrement
- o Service - Timing attack
- o Substitution monoalphabétique - Polybe
- x Twisted secret
- o Vecteur d’initialisation
- x Chiffre de Hill
- o GEDEFU
- x OTP - Erreur d’implémentation
- x RSA - Clé privée corrompue 1
- o RSA - Fractions continues
- o RSA - Modules communs
- o Service - Hash length extension attack
- x Shamir Secret Sharing - Introduction
- x AES - 4 tours
- x ECDSA - Introduction
- o RSA - Padding
- o RSA - Signature
- x Shamir Secret Sharing - Traitor
- o AES128 - CTR
- x PHP - mt_rand
- o Problème du logarithme discret
- x RSA - Clé privée corrompue 2
- x RSA - Clé privée corrompue 3
- o RSA - Multiples destinataires
- x AES - Attaque par fautes #1
- x FEAL - Cryptanalyse différentielle
- x Machine Enigma
- x Side Channel - AES : CPA
- o ECDHE
- x RSA - H-rabin
- x RSA - Lee cooper
- o Service - CBC Padding
- x Side Channel - AES : premier round
- o Substitution polyalphabétique - Masque jetable
- x White-Box Cryptography
- x AES - Variante affaiblie
- x Shamir Secret Sharing - Reduction
- x Hash - SHA-3
- x AES - Attaque par fautes #2
- x Shamir Secret Sharing - Irreductible ?
- x AES-PMAC
- x ECDSA - Erreur d’implémentation
41%
Forensic
645 Points18 / 44
- x Fichier supprimé
- x Capture moi ça
- o Command & Control - niveau 2
- x MasterKee
- x Oh My Grub
- x Docker layers
- x Windows - LDAP User KerbeRoastable
- x Windows - NTDS Extraction de secrets
- o Analyse de logs - attaque web
- o Command & Control - niveau 5
- x Supply chain attack - Docker
- o Trouvez le chat
- o Vilain petit canard
- x Windows - LDAP User ASRepRoastable
- o Active Directory - GPO
- o Command & Control - niveau 3
- o Exfiltration DNS
- x Open My Vault
- x Web3 - Mets ton masque - Etape 1
- x C2 Mythic
- o Command & Control - niveau 4
- o Entretien à l’ANSSI
- o Keylogger maison
- x macOS - Keychain
- o Macro Word malveillante
- o Ransomware Android
- x Supply chain attack - Python
- x Exfiltration air-gap
- x iOS - Introduction
- x The Artist
- x Multi-devices
- o Command & Control - niveau 6
- o Find me
- x Rootkit - Cold case
- o Second entretien à l’ANSSI
- x Web3 - Mets ton masque - Etape 2
- o Find me again
- x Find me back
- x Find me on Android
- o Zeus Bot
- x Try again
- x The Lost Case - Investigation Mobile
- x Remote Support
- x Try again 2
21%
Programmation
230 Points6 / 29
- x TCP - Retour au collège
- x TCP - Chaîne encodée
- x TCP - La roue romaine
- x TCP - Uncompress Me
- o CAPTCHA me if you can
- x Deep Learning - Introduction
- x Ethereum - Tutoreum
- o Suite mathématique
- o ELF x64 - Shellcoding - Sheep warmup
- x Ethereum - tx.origin
- x Solveur de polynômes du second degré
- x Ethereum - Takeover
- x Multiples encodages
- x Apprenti Scraper
- x ARM - Shellcoding - Egg hunter
- x Ethereum - Bunker
- x Ethereum - NotSoPriv8
- x Adversarial Attack - GAN
- x Deep Learning - Captcha
- x ELF x64 - Shellcoding - Polymorphism
- x Ethereum - Architecte
- x Ethereum - Reentrancy
- o Quick Response Code
- x WinKern x64 - shellcoding : vol de token
- x Ethereum - BadStack
- o ELF x64 - Sandbox shellcoding
- x Ethereum - King of the EVM
- o ELF x86 - Shellcoding - Alphanumeric
- x Adversarial Attack - Prison Break
32%
Réaliste
870 Points19 / 60
- o Eh oui, parfois
- x End Droid
- x Windows - KerbeRoast
- x ComCyber - Challenge
- o P0wn3d
- x Windows - ASRepRoast
- x Windows - Group Policy Preferences Passwords
- o The h@ckers l4b
- x Windows - ZeroLogon
- o Néonazi à l’intérieur
- x Windows - krbtgt history
- x Windows - sAMAccountName spoofing
- x Mersenne with 2
- x Bash/Awk - parsing netstat
- x Breaking Root-Me like it’s 2020
- o PyRat Enchères
- o Root them
- o IPBX - call me maybe
- o Marabout
- o Root-We
- o Starbug Bounty
- o Ultra Upload
- x Well-known
- x A bittersweet shellfony
- x Bash - System Disaster
- x Django unchained
- o Imagick
- o MALab
- x SSHocker
- o Web TV
- x DasBox1 : du Rififi chez les hommes-lézards
- o SamBox v2
- o SamCMS
- x BBQ Factory - First Flirt
- x Extractor
- x Getting root Over it !
- x reCOINier
- x Texode
- x BBQ Factory - Back To The Grill
- x Dans ton Kube
- x DjangocatZ
- o Red Pills
- x Root Me, for real
- o SamBox v1
- x SAP Pentest 007
- o Crypto Secure
- x Hôpital Bozobe
- x SamBox v3
- x ARM FTP Box
- x Bohemian RhapC2
- x I’m a Bl4ck H4t
- x SAP Pentest 000
- x Texode Back
- x Bluebox 2 - Pentest
- x Nodeful
- x Matrix terminal
- x Bluebox - Pentest
- x C comme C-curisé
- x Highway to shell
- x SamBox v4
55%
Réseau
400 Points18 / 33
- o FTP - Authentification
- o TELNET - authentification
- o ETHERNET - trame
- x Kerberos - Authentification
- x NTLM - Authentification
- o Authentification twitter
- o Bluetooth - Fichier inconnu
- o CISCO - mot de passe
- o DNS - transfert de zone
- o IP - Time To Live
- o LDAP - null bind
- x OSPF - Authentification
- x POP - APOP
- x RF - AM Transmission
- x Extraction de données
- x RF - FM Transmission
- x RF - Key Fixed Code
- o SIP - Authentification
- o ETHERNET - Transmission altérée
- o Trafic Global System for Mobile communications
- x HTTP - DNS Rebinding
- o SSL - échange HTTP
- o Netfilter - erreurs courantes
- o SNMP - Authentification
- o Wired Equivalent Privacy
- o Charge ICMP
- x ARP Spoofing - Écoute active
- o XMPP - Authentification
- x RF - Transmission satellite
- x WPA2 - Enterprise
- x ARP Spoofing - L’homme du milieu
- x RF - Bande L
- x WPA3 - SAE
52%
Stéganographie
235 Points12 / 23
- x EXIF - Metadata
- o Point à la ligne
- o Steganomobile
- o Twitter Secret Messages
- o TXT - George et Alfred
- o WAV - Analyse de bruit
- x Poem from Space
- x Points jaunes
- o EXIF - Miniature
- x Mimic - Dummy sight
- o WAV - Analyse spectrale
- x APNG - Just A PNG
- o Crypt-art
- x ELF x64 - Duality
- o PDF - Embedded
- x Genius ID
- x Kitty spy
- o PNG - Least Significant Bit
- o PNG - Pixel Indicator Technique
- x PNG - Pixel Value Differencing
- o Angecryption
- x Base Jumper
- x Hide and seek
43%
Web - Client
605 Points18 / 42
- o HTML - boutons désactivés
- o Javascript - Authentification
- o Javascript - Source
- o Javascript - Authentification 2
- o Javascript - Obfuscation 1
- o Javascript - Obfuscation 2
- o Javascript - Native code
- x Javascript - Webpack
- o Javascript - Obfuscation 3
- o XSS - Stockée 1
- x AST - Deobfuscation
- x CSP Bypass - Inline code
- x CSP Bypass - Nonce 2
- o CSRF - 0 protection
- x Web Socket - 0 protection
- x XSS DOM Based - Introduction
- o Flash - Authentification
- x XSS DOM Based - AngularJS
- x XSS DOM Based - Eval
- x CSP Bypass - Dangling markup
- x CSP Bypass - JSONP
- o CSRF - contournement de jeton
- o XSS - Volatile
- x CSP Bypass - Dangling markup 2
- x CSP Bypass - Nonce
- x CSS - Exfiltration
- o Javascript - Obfuscation 4
- x Relative Path Overwrite
- o XSS - Stockée 2
- x XSS DOM Based - Filters Bypass
- x Self XSS - DOM Secrets
- x CSPT - The Ruler
- x DOM Clobbering
- x Javascript - Obfuscation 6
- x Self XSS - Race Condition
- x Browser - bfcache / disk cache
- o HTTP Response Splitting
- o Javascript - Obfuscation 5
- x XS Leaks
- o XSS - Stored - contournement de filtres
- x XSS - DOM Based
- x Same Origin Method Execution
58%
Web - Serveur
1690 Points56 / 96
- o HTML - Code source
- x HTTP - Contournement de filtrage IP
- o HTTP - Open redirect
- o HTTP - User-agent
- o Mot de passe faible
- o PHP - Injection de commande
- x API - Broken Access
- o Fichier de sauvegarde
- o HTTP - Directory indexing
- o HTTP - Headers
- o HTTP - POST
- o HTTP - Redirection invalide
- o HTTP - Verb tampering
- o Install files
- x Nginx - Alias Misconfiguration
- x Nginx - Root Location Misconfiguration
- x API - Mass Assignment
- o CRLF
- o File upload - Double extensions
- o File upload - Type MIME
- x Flask - Unsecure session
- x GraphQL - Introspection
- o HTTP - Cookies
- x Insecure Code Management
- x JWT - Introduction
- x XSS - Server Side
- o Directory traversal
- o File upload - Null byte
- x JWT - Jeton révoqué
- x JWT - Secret faible
- x JWT - Unsecure File Signature
- o PHP - assert()
- x PHP - Configuration Apache
- o PHP - Filters
- o PHP - Register globals
- x PHP - Remote Xdebug
- x Python - Server-side Template Injection Introduction
- o File upload - ZIP
- x Flask - Development server
- x GraphQL - Injection
- o Injection de commande - Contournement de filtre
- o Java - Server-side Template Injection
- x JWT - Clé publique
- x JWT - Header Injection
- o Local File Inclusion
- o Local File Inclusion - Double encoding
- x Nginx - SSRF Misconfiguration
- x Node - Eval
- o PHP - Loose Comparison
- o PHP - preg_replace()
- o PHP - Type juggling
- o Remote File Inclusion
- o SQL injection - Authentification
- o SQL injection - Authentification - GBK
- o SQL injection - String
- o XSLT - Exécution de code
- x Elixir - EEx
- x JWT - Unsecure Key Handling
- o LDAP injection - Authentification
- x Node - Serialize
- o NoSQL injection - Authentification
- o PHP - Path Truncation
- o PHP - Sérialisation
- o SQL injection - Numérique
- o SQL Injection - Routed
- o SQL Truncation
- o XML External Entity
- o XPath injection - Authentification
- x Yaml - Deserialization
- x API - Broken Access 2
- x GraphQL - Backend injection
- x GraphQL - Mutation
- o Java - Spring Boot
- o Local File Inclusion - Wrappers
- o PHP - Eval
- x PHP - Eval - Contournement de filtres avancés
- o SQL injection - Error
- o SQL injection - Insert
- o SQL injection - Lecture de fichiers
- o XPath injection - String
- x File upload - Polyglot
- x NodeJS - Prototype Pollution Bypass
- o NoSQL injection - En aveugle
- o SQL injection - Time based
- x Java - Custom gadget deserialisation
- x NodeJS - vm escape
- x Server Side Request Forgery
- o SQL injection - En aveugle
- o LDAP injection - En aveugle
- x PHP - Unserialize overflow
- x PHP - Unserialize Pop Chain
- x SQL Injection - Second Order
- x Python dotenv
- x Python - SSTI contournement de filtres en aveugle
- o XPath injection - En aveugle
- o SQL injection - Contournement de filtres