diff --git a/content/Etudiants/zz2-f5-websec.md b/content/Etudiants/zz2-f5-websec.md
index 13e63e6f933f90866eac0b44c5ef34147ee8fc5a..5bdb9a514b9dd309b6987e35b42744869df25178 100644
--- a/content/Etudiants/zz2-f5-websec.md
+++ b/content/Etudiants/zz2-f5-websec.md
@@ -7,25 +7,18 @@ Tags: cours
## Contexte
+* [lab](slides/1337/lab.html)
* [Souveraineté](slides/privacy/sovereignty.html)
* [Mots de passes](slides/privacy/passwords.html)
* [HTTP](slides/1337/http.html)
* [HTTPS](slides/privacy/tls.html#/0/52)
+ * [Heartbleed](slides/1337/heartbleed.html)
* [JS](slides/1337/js.html)
* [tracking](slides/privacy/tracking.html)
-## Pentesting
-
-* [Collecter](slides/1337/gathering.html)
-* [Détecter](slides/1337/detecting.html)
- * [Heartbleed](slides/1337/heartbleed.html)
-
-## Mécanisme
-
-* [Authentification](slides/1337/authentication.html)
-
## Vulnérabilités communes
+* [Authentification](slides/1337/authentication.html)
* [Command execution](slides/1337/cmdi.html)
* [Shellshock](slides/1337/shellshock.html)
* [Upload](slides/1337/upload.html)
@@ -35,6 +28,11 @@ Tags: cours
* [SQLi](slides/1337/sqli.html)
* [Drupalgeddon](slides/1337/drupalgeddon.html)
+## Pentesting
+
+* [Collecter](slides/1337/gathering.html)
+* [Détecter](slides/1337/detecting.html)
+
## Se protéger
* [Top10](slides/1337/top10.html)
diff --git a/content/slides/1337/authentication.html b/content/slides/1337/authentication.html
index 96338c5a1be4bd703b9861a704d2de132bf874d3..a9da91e6b39cb3b351f30908134fcbe53dccb5c8 100644
--- a/content/slides/1337/authentication.html
+++ b/content/slides/1337/authentication.html
@@ -7,11 +7,11 @@
<title>authentification</title>
<link rel="stylesheet" href="../../node_modules/reveal.js/css/reveal.css">
- <link rel="stylesheet" href="../../node_modules/reveal.js/css/theme/white.css">
+ <link rel="stylesheet" href="../../node_modules/reveal.js/css/theme/black.css">
<!-- Theme used for syntax highlighting of code -->
<link rel="stylesheet" href="../../node_modules/reveal.js/lib/css/zenburn.css">
- <link rel="stylesheet" href="../../node_modules/font-awesome/css/font-awesome.min.css">
+ <link rel="stylesheet" href="../../node_modules/@fortawesome/fontawesome-free/css/all.min.css">
<link rel="stylesheet" href="../main.css">
<!-- Printing and PDF exports -->
@@ -35,7 +35,7 @@
</div>
</div>
- <script src="../../node_modules/reveal.js/lib/js/head.min.js"></script>
+ <!-- script src="../../node_modules/reveal.js/lib/js/head.min.js"></script -->
<script src="../../node_modules/reveal.js/js/reveal.js"></script>
<script>
diff --git a/content/slides/1337/images/authentication/dvwa-auth-high-capture-request.png b/content/slides/1337/images/authentication/dvwa-auth-high-capture-request.png
new file mode 100644
index 0000000000000000000000000000000000000000..1d238856f6892d6d134f236f7e55df1370f11d37
Binary files /dev/null and b/content/slides/1337/images/authentication/dvwa-auth-high-capture-request.png differ
diff --git a/content/slides/1337/images/authentication/dvwa-auth-high-define-grep-extract.png b/content/slides/1337/images/authentication/dvwa-auth-high-define-grep-extract.png
new file mode 100644
index 0000000000000000000000000000000000000000..c2b564c6b7610107115f9180ab21781971006464
Binary files /dev/null and b/content/slides/1337/images/authentication/dvwa-auth-high-define-grep-extract.png differ
diff --git a/content/slides/1337/images/authentication/dvwa-auth-high-intruder-clean.png b/content/slides/1337/images/authentication/dvwa-auth-high-intruder-clean.png
new file mode 100644
index 0000000000000000000000000000000000000000..c772b4544b1004e0b2bd629059f1588b9eea6d38
Binary files /dev/null and b/content/slides/1337/images/authentication/dvwa-auth-high-intruder-clean.png differ
diff --git a/content/slides/1337/images/authentication/dvwa-auth-high-resolved.png b/content/slides/1337/images/authentication/dvwa-auth-high-resolved.png
new file mode 100644
index 0000000000000000000000000000000000000000..adbb3ac4e647b00563d900e19fd88830ce64050d
Binary files /dev/null and b/content/slides/1337/images/authentication/dvwa-auth-high-resolved.png differ
diff --git a/content/slides/1337/images/authentication/dvwa-auth-high-ressources.png b/content/slides/1337/images/authentication/dvwa-auth-high-ressources.png
new file mode 100644
index 0000000000000000000000000000000000000000..f968619269a913a0fa0c6395819d74ffdd45bc1e
Binary files /dev/null and b/content/slides/1337/images/authentication/dvwa-auth-high-ressources.png differ
diff --git a/content/slides/1337/images/authentication/dvwa-auth-high-send-intruder.png b/content/slides/1337/images/authentication/dvwa-auth-high-send-intruder.png
new file mode 100644
index 0000000000000000000000000000000000000000..3f430d4e07934a5b6509317877ab0c48bcf86d4b
Binary files /dev/null and b/content/slides/1337/images/authentication/dvwa-auth-high-send-intruder.png differ
diff --git a/content/slides/1337/images/authentication/dvwa-auth-high-simple-list.png b/content/slides/1337/images/authentication/dvwa-auth-high-simple-list.png
new file mode 100644
index 0000000000000000000000000000000000000000..f580a30f0d9999a3d02be02bf261641ac45e4e7b
Binary files /dev/null and b/content/slides/1337/images/authentication/dvwa-auth-high-simple-list.png differ
diff --git a/content/slides/1337/images/lab/burp.png b/content/slides/1337/images/lab/burp.png
new file mode 100644
index 0000000000000000000000000000000000000000..b94e64d700c5027e257b1004aea67d528623c985
Binary files /dev/null and b/content/slides/1337/images/lab/burp.png differ
diff --git a/content/slides/1337/images/lab/connexion.png b/content/slides/1337/images/lab/connexion.png
new file mode 100644
index 0000000000000000000000000000000000000000..92d71981b07116bb7195a53fdc2ace1657078c4a
Binary files /dev/null and b/content/slides/1337/images/lab/connexion.png differ
diff --git a/content/slides/1337/images/lab/debian.gif b/content/slides/1337/images/lab/debian.gif
new file mode 100644
index 0000000000000000000000000000000000000000..48eeea8f9824b2f990c4e08ae4d93240de4254b0
Binary files /dev/null and b/content/slides/1337/images/lab/debian.gif differ
diff --git a/content/slides/1337/images/lab/ff-burp.png b/content/slides/1337/images/lab/ff-burp.png
new file mode 100644
index 0000000000000000000000000000000000000000..02c17ec0bd12f42d52d5ab2f7adc576f493443dc
Binary files /dev/null and b/content/slides/1337/images/lab/ff-burp.png differ
diff --git a/content/slides/1337/images/lab/ff-proxy-step-1.png b/content/slides/1337/images/lab/ff-proxy-step-1.png
new file mode 100644
index 0000000000000000000000000000000000000000..1a37f4bb19d8b4741fede273a41099881f018270
Binary files /dev/null and b/content/slides/1337/images/lab/ff-proxy-step-1.png differ
diff --git a/content/slides/1337/images/lab/ff-proxy-step-2.png b/content/slides/1337/images/lab/ff-proxy-step-2.png
new file mode 100644
index 0000000000000000000000000000000000000000..44099456e293dfc5a9f15ebf558eb925c4724061
Binary files /dev/null and b/content/slides/1337/images/lab/ff-proxy-step-2.png differ
diff --git a/content/slides/1337/images/lab/ff-proxy-step-3.png b/content/slides/1337/images/lab/ff-proxy-step-3.png
new file mode 100644
index 0000000000000000000000000000000000000000..42b1df95b3ea50f0cbc0fcc3c056ccb9ecc86086
Binary files /dev/null and b/content/slides/1337/images/lab/ff-proxy-step-3.png differ
diff --git a/content/slides/1337/images/lab/ff-proxy-step-4.png b/content/slides/1337/images/lab/ff-proxy-step-4.png
new file mode 100644
index 0000000000000000000000000000000000000000..8ed166d453c83666839131adc66b280600aa9d72
Binary files /dev/null and b/content/slides/1337/images/lab/ff-proxy-step-4.png differ
diff --git a/content/slides/1337/images/lab/ff-proxy-step-5.png b/content/slides/1337/images/lab/ff-proxy-step-5.png
new file mode 100644
index 0000000000000000000000000000000000000000..6e193242376beed414773e2903f53f9de2df5415
Binary files /dev/null and b/content/slides/1337/images/lab/ff-proxy-step-5.png differ
diff --git a/content/slides/1337/images/lab/ff-proxy-step-6.png b/content/slides/1337/images/lab/ff-proxy-step-6.png
new file mode 100644
index 0000000000000000000000000000000000000000..ae5272b060b5901ad2d4b060ebc1707596b82b18
Binary files /dev/null and b/content/slides/1337/images/lab/ff-proxy-step-6.png differ
diff --git a/content/slides/1337/images/lab/kali.svg b/content/slides/1337/images/lab/kali.svg
new file mode 100644
index 0000000000000000000000000000000000000000..a030eef088ae414f2f4888c26c81fbbac790bf61
--- /dev/null
+++ b/content/slides/1337/images/lab/kali.svg
@@ -0,0 +1 @@
+<svg version="1.1" viewBox="0 0 451.14 367.25" xmlns="http://www.w3.org/2000/svg"><defs><filter id="g" x="-.15324" y="-.15324" width="1.3065" height="1.3065" color-interpolation-filters="sRGB"><feGaussianBlur stdDeviation="16.015677"/></filter></defs><filter id="a" x="-.041716" y="-.056514" width="1.0834" height="1.113" color-interpolation-filters="sRGB"><feGaussianBlur stdDeviation="7.088655"/></filter><filter id="b" x="-.009083" y="-.017677" width="1.0182" height="1.0354" color-interpolation-filters="sRGB"><feGaussianBlur stdDeviation=".94932635"/></filter><filter id="c" x="-.009083" y="-.017678" width="1.0182" height="1.0354" color-interpolation-filters="sRGB"><feGaussianBlur stdDeviation=".94930265"/></filter><filter id="d" x="-.192" y="-.192" width="1.384" height="1.384" color-interpolation-filters="sRGB"><feGaussianBlur stdDeviation="20.067549"/></filter><linearGradient id="e" x1="165.32" x2="320.01" y1="151.05" y2="300.71" gradientUnits="userSpaceOnUse"><stop stop-color="#23bac2" offset="0"/><stop stop-color="#2777ff" offset="1"/></linearGradient><filter id="f" x="-.010418" y="-.014149" width="1.0208" height="1.0283" color-interpolation-filters="sRGB"><feGaussianBlur stdDeviation="1.7572093"/></filter><path d="m88.955 49.197c-29.422.0336-48.857 2.4022-49.018 2.4219-.00066.00008-.11132.01-.11132.01-1.9208.22095-1.6766 3.0824.2539 2.9746 0 0 106.98-5.0542 192.73 29.41 3.0595 13.089 11.139 33.152 15.912 43.816-6.4977 4.4595-13.468 8.9863-19.203 16.17-6.0198 7.5407-10.569 17.947-11.781 33.859-2.4573 32.277 25.225 60.533 59.463 61.404 31.749 1.6903 53.335 1.9234 79.613 15.543 12.272 6.7936 23.702 20.759 32.238 37.818 8.5411 17.068 14.208 37.205 15.225 56.195.0953 1.8662 2.8387 1.9003 2.9805.0371.005-.0578-.002-.13723.002-.19531 1.1026-14.541-1.0448-37.049-9.7617-58.461-7.3013-17.935-19.364-35.01-37.91-45.719 26.655 7.2789 41.914 20.807 50.686 33.168 10.065 14.183 11.551 26.806 11.543 26.736.21183 1.7846 2.8153 1.7434 2.9707-.0469 0 0 1.3231-15.473-9.3535-32.521-10.677-17.048-33.342-35.683-80.594-42.617-11.969-1.7561-27.074-3.1058-42.381-3.1445-.008-.00006-.0156-.00006-.0234 0-37.042.48976-55.716-20.623-58.623-42.279-1.4537-10.828 1.0887-21.796 7.3789-30.295 6.2903-8.4988 16.301-14.584 30.094-15.662h.006c22.647-1.8687 50.269 10.379 77.432 23.018-.027 3.1387.25112 6.3048 2.5449 9.1719 1.5359 1.9198 4.3068 3.2538 7.127 4.5859 2.8195 1.3318 5.7216 2.5388 6.873 3.1992 2.6176 1.5025 11.349 7.1032 16.496 13.803.66067.86123 1.9903.75224 2.502-.20508.0267-.05.80919-.9524 1.8418-1.8164 1.0326-.86401 2.3429-1.8488 3.6191-2.7676 2.5524-1.8375 4.9688-3.4121 4.9688-3.4121 1.2578-.81978.65535-2.7746-.8457-2.7441 0 0-.36678.0207-1.5391-.20313-1.1723-.22385-3.0361-.69459-5.6875-1.6855-2.4401-.91186-5.355-2.8865-7.6035-4.6719-1.1243-.89269-2.0919-1.7367-2.7754-2.3691-.0817-.0756-.11608-.11241-.18945-.18164.71444-.64282.81228-1.6703.66797-2.3164-.14752-.66029-.4352-1.1955-.75782-1.7168-.64468-1.0417-1.4644-1.9704-2.0312-2.5371l-.002-.002c.0821.0819-.16776-.20989-.41992-.57812-.25313-.36964-.57883-.86898-.94532-1.4453-.73297-1.1527-1.6317-2.6184-2.5058-4.0625-1.7483-2.8882-3.3259-5.5727-3.4785-5.8281-.002-.004-.37979-.7993-1.1133-1.2891-.1154-.0769-.24096-.13741-.37305-.17969-.82802-.26627-1.4844-.20389-2.334-.16015-.84955.0437-1.7923.1437-2.6856.25781-1.4943.19089-2.4216.35926-2.8262.42969-1.0103-.53287-8.9072-4.9072-11.809-13.82-.53531-1.6348-2.955-1.2177-2.9121.50196.0158.58562-.87006 2.3306-.67774 4.9707-3.5086-2.1141-6.527-5.4732-9.1562-12.393-.48274-1.276-2.2828-1.2899-2.7852-.0215-1.0069 2.5321-1.0677 4.6507-.86329 6.293-3.3327-1.5671-8.7895-5.0153-9.9785-11.869-.25503-1.4664-2.2636-1.698-2.8457-.32812-.98011 2.3107-1.0671 4.2231-.90235 5.7637-6.2107-2.6638-23.316-8.893-48.844-9.0312-4.927-.4525-8.8427-2.918-12.059-6.6152-3.2163-3.6977-5.659-8.6263-7.3887-13.73-1.7297-5.1042-2.7521-10.38-3.2148-14.732-.46272-4.3524-.2681-7.9507.0547-8.9824.21555-.6878-.0909-1.4314-.72852-1.7676 0 0-31.217-16.422-92.244-23.641-22.882-2.7067-44.211-3.5339-61.938-3.5137zm71.268 32.521c-9.2988.0701-19.28.41666-29.768 1.1621-56.026 3.9823-112.43 23.557-112.43 23.557-1.8043.62272-.9969 3.3276.85352 2.8594 0 0 115.04-28.873 211.14-11.949.0851.0153.17136.0231.25781.0234h.004c1.0058-.00041 1.7236-.97485 1.4258-1.9356l-2.5117-8.1055c-.16523-.5344-.61525-.93165-1.166-1.0293 0 0-27.515-4.8845-67.803-4.582-.004-.00002-.008-.00002-.0117 0zm68.311 17.264c-9.8882-.0418-40.315 1.204-86.016 15.504-57.354 17.946-89.998 43.459-89.998 43.459-1.4384 1.1375.04323 3.3653 1.6484 2.4785 0 0 84.923-47.363 180.56-50.051.99906-.0288 1.6884-1.0119 1.375-1.9609l-2.748-8.3184c-.19067-.57703-.712-.98095-1.3184-1.0215 0 0-1.2177-.0802-3.5-.0899zm62.531-.13867c-1.4649.0214-2.0262 1.9197-.8086 2.7344h.002c.0877.0585.18128.10765.27929.14648 26.227 10.663 48.975 24.757 66.609 44.131.0159.0173.0321.0342.0488.0508l.002.002c.30389.30352.72375.4615 1.1523.43359l4.2793-.2793c1.214-.0799 1.8281-1.5003 1.0547-2.4394 0 0-24.778-30.028-72.021-44.662-.005-.002-.0101-.006-.0156-.008-.0239-.009-.048-.0175-.0723-.0254-.0136-.005-.0273-.009-.041-.0137-.15151-.0482-.30975-.072-.46875-.0703zm74.68 63.225c.858.17286 2.4764 3.3569 3.9629 5.6309.1305.18477.26337.38161.38867.53711 0 .0138.002.0235.0117.0371.1679.23967.33529.48794.49609.6875.081.47558.21622.76606-.89648.53711-.094-.48886-.25391-.63086-.25391-.63086s-2.6864-1.5969-3.5098-2.7305c-.8241-1.1335-.9681-3.1153-.5664-3.8672.0971-.16808.22119-.22899.36719-.20118z" filter="url(#a)" opacity=".2"/><g transform="translate(-4.7508 -89.176)" stroke-width=".55744"><circle cx="293.07" cy="275.87" r="125.42" fill="#153f86" filter="url(#g)"/><circle cx="282.31" cy="262.76" r="125.42" fill="url(#e)" filter="url(#d)" opacity=".59533"/><circle cx="282.31" cy="262.76" r="125.42" fill="url(#e)"/><path d="m407.61 259.3a125.42 125.42 0 0 1-125.3 122.97 125.42 125.42 0 0 1-125.3-121.96 125.42 125.42 0 0 0-0.1224 2.4536 125.42 125.42 0 0 0 125.42 125.42 125.42 125.42 0 0 0 125.42-125.42 125.42 125.42 0 0 0-0.12239-3.464z" filter="url(#b)" opacity=".1"/><path d="m282.31 137.34a125.42 125.42 0 0 0-125.42 125.42 125.42 125.42 0 0 0 0.1224 3.4582 125.42 125.42 0 0 1 125.3-122.97 125.42 125.42 0 0 1 125.3 121.96 125.42 125.42 0 0 0 0.12239-2.4479 125.42 125.42 0 0 0-125.42-125.42z" fill="#fff" filter="url(#c)" opacity=".1"/></g><path d="m88.955 49.197c-29.422.0336-48.857 2.4022-49.018 2.4219-.00066.00008-.11132.01-.11132.01-1.9208.22095-1.6766 3.0824.2539 2.9746 0 0 106.98-5.0542 192.73 29.41 3.0595 13.089 11.139 33.152 15.912 43.816-6.4977 4.4595-13.468 8.9863-19.203 16.17-6.0198 7.5407-10.569 17.947-11.781 33.859-2.4573 32.277 25.225 60.533 59.463 61.404 31.749 1.6903 53.335 1.9234 79.613 15.543 12.272 6.7936 23.702 20.759 32.238 37.818 8.5411 17.068 14.208 37.205 15.225 56.195.0953 1.8662 2.8387 1.9003 2.9805.0371.005-.0578-.002-.13723.002-.19531 1.1026-14.541-1.0448-37.049-9.7617-58.461-7.3013-17.935-19.364-35.01-37.91-45.719 26.655 7.2789 41.914 20.807 50.686 33.168 10.065 14.183 11.551 26.806 11.543 26.736.21183 1.7846 2.8153 1.7434 2.9707-.0469 0 0 1.3231-15.473-9.3535-32.521-10.677-17.048-33.342-35.683-80.594-42.617-11.969-1.7561-27.074-3.1058-42.381-3.1445-.008-.00006-.0156-.00006-.0234 0-37.042.48976-55.716-20.623-58.623-42.279-1.4537-10.828 1.0887-21.796 7.3789-30.295 6.2903-8.4988 16.301-14.584 30.094-15.662h.006c22.647-1.8687 50.269 10.379 77.432 23.018-.027 3.1387.25112 6.3048 2.5449 9.1719 1.5359 1.9198 4.3068 3.2538 7.127 4.5859 2.8195 1.3318 5.7216 2.5388 6.873 3.1992 2.6176 1.5025 11.349 7.1032 16.496 13.803.66067.86123 1.9903.75224 2.502-.20508.0267-.05.80919-.9524 1.8418-1.8164 1.0326-.86401 2.3429-1.8488 3.6191-2.7676 2.5524-1.8375 4.9688-3.4121 4.9688-3.4121 1.2578-.81978.65535-2.7746-.8457-2.7441 0 0-.36678.0207-1.5391-.20313-1.1723-.22385-3.0361-.69459-5.6875-1.6855-2.4401-.91186-5.355-2.8865-7.6035-4.6719-1.1243-.89269-2.0919-1.7367-2.7754-2.3691-.0817-.0756-.11608-.11241-.18945-.18164.71444-.64282.81228-1.6703.66797-2.3164-.14752-.66029-.4352-1.1955-.75782-1.7168-.64468-1.0417-1.4644-1.9704-2.0312-2.5371l-.002-.002c.0821.0819-.16776-.20989-.41992-.57812-.25313-.36964-.57883-.86898-.94532-1.4453-.73297-1.1527-1.6317-2.6184-2.5058-4.0625-1.7483-2.8882-3.3259-5.5727-3.4785-5.8281-.002-.004-.37979-.7993-1.1133-1.2891-.1154-.0769-.24096-.13741-.37305-.17969-.82802-.26627-1.4844-.20389-2.334-.16015-.84955.0437-1.7923.1437-2.6856.25781-1.4943.19089-2.4216.35926-2.8262.42969-1.0103-.53287-8.9072-4.9072-11.809-13.82-.53531-1.6348-2.955-1.2177-2.9121.50196.0158.58562-.87006 2.3306-.67774 4.9707-3.5086-2.1141-6.527-5.4732-9.1562-12.393-.48274-1.276-2.2828-1.2899-2.7852-.0215-1.0069 2.5321-1.0677 4.6507-.86329 6.293-3.3327-1.5671-8.7895-5.0153-9.9785-11.869-.25503-1.4664-2.2636-1.698-2.8457-.32812-.98011 2.3107-1.0671 4.2231-.90235 5.7637-6.2107-2.6638-23.316-8.893-48.844-9.0312-4.927-.4525-8.8427-2.918-12.059-6.6152-3.2163-3.6977-5.659-8.6263-7.3887-13.73-1.7297-5.1042-2.7521-10.38-3.2148-14.732-.46272-4.3524-.2681-7.9507.0547-8.9824.21555-.6878-.0909-1.4314-.72852-1.7676 0 0-31.217-16.422-92.244-23.641-22.882-2.7067-44.211-3.5339-61.938-3.5137zm71.268 32.521c-9.2988.0701-19.28.41666-29.768 1.1621-56.026 3.9823-112.43 23.557-112.43 23.557-1.8043.62272-.9969 3.3276.85352 2.8594 0 0 115.04-28.873 211.14-11.949.0851.0153.17136.0231.25781.0234h.004c1.0058-.00041 1.7236-.97485 1.4258-1.9356l-2.5117-8.1055c-.16523-.5344-.61525-.93165-1.166-1.0293 0 0-27.515-4.8845-67.803-4.582-.004-.00002-.008-.00002-.0117 0zm68.311 17.264c-9.8882-.0418-40.315 1.204-86.016 15.504-57.354 17.946-89.998 43.459-89.998 43.459-1.4384 1.1375.04323 3.3653 1.6484 2.4785 0 0 84.923-47.363 180.56-50.051.99906-.0288 1.6884-1.0119 1.375-1.9609l-2.748-8.3184c-.19067-.57703-.712-.98095-1.3184-1.0215 0 0-1.2177-.0802-3.5-.0899zm62.531-.13867c-1.4649.0214-2.0262 1.9197-.8086 2.7344h.002c.0877.0585.18128.10765.27929.14648 26.227 10.663 48.975 24.757 66.609 44.131.0159.0173.0321.0342.0488.0508l.002.002c.30389.30352.72375.4615 1.1523.43359l4.2793-.2793c1.214-.0799 1.8281-1.5003 1.0547-2.4394 0 0-24.778-30.028-72.021-44.662-.005-.002-.0101-.006-.0156-.008-.0239-.009-.048-.0175-.0723-.0254-.0136-.005-.0273-.009-.041-.0137-.15151-.0482-.30975-.072-.46875-.0703zm74.68 63.225c.858.17286 2.4764 3.3569 3.9629 5.6309.1305.18477.26337.38161.38867.53711 0 .0138.002.0235.0117.0371.1679.23967.33529.48794.49609.6875.081.47558.21622.76606-.89648.53711-.094-.48886-.25391-.63086-.25391-.63086s-2.6864-1.5969-3.5098-2.7305c-.8241-1.1335-.9681-3.1153-.5664-3.8672.0971-.16808.22119-.22899.36719-.20118z" filter="url(#a)" opacity=".2"/><g transform="translate(11.028 -89.023)" fill="#fff"><path d="m69.929 127.71c-29.464.0337-48.949 2.4206-48.949 2.4206s107.73-5.1706 194.03 29.769c2.9338 13.122 11.759 34.976 16.513 45.481-13.602 9.4041-28.94 18.249-31.328 49.612-2.3877 31.362 24.576 58.947 58.013 59.798 31.751 1.6913 53.688 1.9323 80.277 15.718 25.38 14.034 46.192 56.794 48.251 95.252 2.2244-28.534-8.4845-89.895-58.453-108.53 69.826 12.219 75.982 63.973 75.984 63.994 0 0 5.2056-59.754-88.677-73.531-11.899-1.7458-26.947-3.0899-42.168-3.1283-75.246.99487-77.989-86.786-21.288-91.218 23.499-1.9389 51.556 10.738 78.986 23.512-.10182 3.4068.0404 6.4339 2.2787 9.2314 2.2375 2.7966 10.832 5.8474 13.579 7.4233 2.7464 1.5764 11.545 7.1715 16.937 14.189 1.1692-2.1872 10.933-8.5432 10.933-8.5432s-2.3391.0507-7.781-1.9832c-5.4426-2.0339-11.9-8.1876-12.053-8.5432-.15246-.35625-.25501-.91601 1.0169-1.1705.96572-.81305-1.2209-3.4575-2.1873-4.4232-.96572-.96636-7.4247-11.95-7.5769-12.204-.15245-.25447-.20376-.50931-.66105-.81465-1.4244-.45805-7.6799.66106-7.6799.66106s-9.6211-4.7252-12.937-14.913c.0482 1.7844-1.6497 3.734 0 7.8335-5.0162-2.122-9.325-5.7416-12.723-14.685-2.0227 5.0868 0 8.3215 0 8.3215s-11.811-3.3016-13.701-14.195c-2.0742 4.8902 0 7.8316 0 7.8316s-19.258-10.048-51.255-10.194c-21.422-1.965-25.882-39.65-23.897-45.994 0 0-30.899-16.285-91.723-23.479-22.809-2.6982-44.081-3.5238-61.76-3.5036zm71.276 32.521c-9.2697.0699-19.22.41577-29.674 1.1588-55.751 3.9628-112.04 23.477-112.04 23.477s115.18-28.98 211.77-11.971h.002l-2.512-8.1057s-27.373-4.5594-67.542-4.5594zm68.293 17.263c-9.75-.0412-40.02 1.1848-85.564 15.436-57.124 17.874-89.522 43.21-89.522 43.21s85.141-47.539 181.24-50.24l-2.7492-8.3176s-1.1564-.0779-3.4064-.0875zm62.559-.13932c26.38 10.723 49.34 24.931 67.165 44.514l.002.002 4.2794-.27998s-24.518-29.746-71.446-44.236zm74.662 61.731c.85796.17286 2.4779 3.3567 3.9644 5.6306.13054.18477.26356.38112.38886.53662.002.0138.003.0234.006.037.16796.23967.33693.4887.49774.68826.0812.47558.21641.76558-.89631.53663-.0936-.48886-.25471-.62995-.25471-.62995s-2.686-1.5982-3.5094-2.7317c-.82408-1.1335-.96948-3.1153-.56774-3.8672.0978-.16967.2236-.23004.37137-.20027z" filter="url(#f)" opacity=".5"/><path d="m69.929 127.71c-29.464.0337-48.949 2.4206-48.949 2.4206s107.73-5.1706 194.03 29.769c2.9338 13.122 11.759 34.976 16.513 45.481-13.602 9.4041-28.94 18.249-31.328 49.612-2.3877 31.362 24.576 58.947 58.013 59.798 31.751 1.6913 53.688 1.9323 80.277 15.718 25.38 14.034 46.192 56.794 48.251 95.252 2.2244-28.534-8.4845-89.895-58.453-108.53 69.826 12.219 75.982 63.973 75.984 63.994 0 0 5.2056-59.754-88.677-73.531-11.899-1.7458-26.947-3.0899-42.168-3.1283-75.246.99487-77.989-86.786-21.288-91.218 23.499-1.9389 51.556 10.738 78.986 23.512-.10182 3.4068.0404 6.4339 2.2787 9.2314 2.2375 2.7966 10.832 5.8474 13.579 7.4233 2.7464 1.5764 11.545 7.1715 16.937 14.189 1.1692-2.1872 10.933-8.5432 10.933-8.5432s-2.3391.0507-7.781-1.9832c-5.4426-2.0339-11.9-8.1876-12.053-8.5432-.15246-.35625-.25501-.91601 1.0169-1.1705.96572-.81305-1.2209-3.4575-2.1873-4.4232-.96572-.96636-7.4247-11.95-7.5769-12.204-.15245-.25447-.20376-.50931-.66105-.81465-1.4244-.45805-7.6799.66106-7.6799.66106s-9.6211-4.7252-12.937-14.913c.0482 1.7844-1.6497 3.734 0 7.8335-5.0162-2.122-9.325-5.7416-12.723-14.685-2.0227 5.0868 0 8.3215 0 8.3215s-11.811-3.3016-13.701-14.195c-2.0742 4.8902 0 7.8316 0 7.8316s-19.258-10.048-51.255-10.194c-21.422-1.965-25.882-39.65-23.897-45.994 0 0-30.899-16.285-91.723-23.479-22.809-2.6982-44.081-3.5238-61.76-3.5036zm71.276 32.521c-9.2697.0699-19.22.41577-29.674 1.1588-55.751 3.9628-112.04 23.477-112.04 23.477s115.18-28.98 211.77-11.971h.002l-2.512-8.1057s-27.373-4.5594-67.542-4.5594zm68.293 17.263c-9.75-.0412-40.02 1.1848-85.564 15.436-57.124 17.874-89.522 43.21-89.522 43.21s85.141-47.539 181.24-50.24l-2.7492-8.3176s-1.1564-.0779-3.4064-.0875zm62.559-.13932c26.38 10.723 49.34 24.931 67.165 44.514l.002.002 4.2794-.27998s-24.518-29.746-71.446-44.236zm74.662 61.731c.85796.17286 2.4779 3.3567 3.9644 5.6306.13054.18477.26356.38112.38886.53662.002.0138.003.0234.006.037.16796.23967.33693.4887.49774.68826.0812.47558.21641.76558-.89631.53663-.0936-.48886-.25471-.62995-.25471-.62995s-2.686-1.5982-3.5094-2.7317c-.82408-1.1335-.96948-3.1153-.56774-3.8672.0978-.16967.2236-.23004.37137-.20027z"/></g></svg>
\ No newline at end of file
diff --git a/content/slides/1337/images/lab/keyboard.png b/content/slides/1337/images/lab/keyboard.png
new file mode 100644
index 0000000000000000000000000000000000000000..fa4eb167ca2c86bed1ad9a8862f386f2f13af4b2
Binary files /dev/null and b/content/slides/1337/images/lab/keyboard.png differ
diff --git a/content/slides/1337/images/lab/lab.jpg b/content/slides/1337/images/lab/lab.jpg
new file mode 100644
index 0000000000000000000000000000000000000000..294c94b154a991ae70ceea3030bf6a39ecebfc9e
Binary files /dev/null and b/content/slides/1337/images/lab/lab.jpg differ
diff --git a/content/slides/1337/images/lab/mapping.png b/content/slides/1337/images/lab/mapping.png
new file mode 100644
index 0000000000000000000000000000000000000000..52c7c8fced8a07d9502e014dad12f7a1c80720b1
Binary files /dev/null and b/content/slides/1337/images/lab/mapping.png differ
diff --git a/content/slides/1337/images/lab/sudo.png b/content/slides/1337/images/lab/sudo.png
new file mode 100644
index 0000000000000000000000000000000000000000..b1abd53784ca2be88fb212c08c63cac33f7ab473
Binary files /dev/null and b/content/slides/1337/images/lab/sudo.png differ
diff --git a/content/slides/1337/images/lab/vim.png b/content/slides/1337/images/lab/vim.png
new file mode 100644
index 0000000000000000000000000000000000000000..b28cb0a5021189ee505959e80572341012f04e70
Binary files /dev/null and b/content/slides/1337/images/lab/vim.png differ
diff --git a/content/slides/1337/images/lab/virtualbox.png b/content/slides/1337/images/lab/virtualbox.png
new file mode 100644
index 0000000000000000000000000000000000000000..4ca6957efab0a830d6e1e512ed0ee353ac6ae80e
Binary files /dev/null and b/content/slides/1337/images/lab/virtualbox.png differ
diff --git a/content/slides/1337/lab.html b/content/slides/1337/lab.html
new file mode 100644
index 0000000000000000000000000000000000000000..e1651207ff81a39c57468f5563a315af4a04881d
--- /dev/null
+++ b/content/slides/1337/lab.html
@@ -0,0 +1,70 @@
+<!doctype html>
+<html>
+ <head>
+ <meta charset="utf-8">
+ <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
+
+ <title>Web Sec Lab</title>
+
+ <link rel="stylesheet" href="../../node_modules/reveal.js/css/reveal.css">
+ <link rel="stylesheet" href="../../node_modules/reveal.js/css/theme/black.css">
+
+ <!-- Theme used for syntax highlighting of code -->
+ <link rel="stylesheet" href="../../node_modules/reveal.js/lib/css/zenburn.css">
+ <link rel="stylesheet" href="../../node_modules/@fortawesome/fontawesome-free/css/all.min.css">
+ <link rel="stylesheet" href="../main.css">
+
+ <!-- Printing and PDF exports -->
+ <script>
+ var link = document.createElement( 'link' );
+ link.rel = 'stylesheet';
+ link.type = 'text/css';
+ link.href = window.location.search.match( /print-pdf/gi ) ? '../../node_modules/reveal.js/css/print/pdf.css' : '../../node_modules/reveal.js/css/print/paper.css';
+ document.getElementsByTagName( 'head' )[0].appendChild( link );
+ </script>
+ </head>
+ <body>
+ <div class="reveal">
+ <div class="slides">
+ <section data-markdown="md/lab.md"
+ data-separator="^\n\n\n"
+ data-separator-vertical="^\n\n"
+ data-separator-notes="^Note:"
+ data-charset="utf-8">
+ </section>
+ </div>
+ </div>
+
+ <!-- script src="../../node_modules/reveal.js/lib/js/head.min.js"></script -->
+ <script src="../../node_modules/reveal.js/js/reveal.js"></script>
+
+ <script>
+ // More info about config & dependencies:
+ // - https://github.com/hakimel/reveal.js#configuration
+ // - https://github.com/hakimel/reveal.js#dependencies
+ Reveal.initialize({
+ controls: true,
+ progress: true,
+ history: true,
+ center: false,
+ dependencies: [
+ { src: '../../node_modules/reveal.js/plugin/markdown/marked.js' },
+ { src: '../../node_modules/reveal.js/plugin/markdown/markdown.js',
+ condition: function() { return !!document.querySelector( '[data-markdown]' ); },
+ callback: function() {
+ Array.prototype.forEach.call(document.querySelectorAll('section > li'), function(ele){
+ var fragIndex = ele.innerHTML.indexOf("--")
+ if (fragIndex != -1){
+ ele.innerHTML = ele.innerHTML.replace("--", "");
+ ele.className = 'fragment';
+ }
+ });
+ }
+ },
+ { src: '../../node_modules/reveal.js/plugin/notes/notes.js', async: true },
+ { src: '../../node_modules/reveal.js/plugin/highlight/highlight.js', async: true, callback: function() { hljs.initHighlightingOnLoad(); } }
+ ]
+ });
+ </script>
+ </body>
+</html>
diff --git a/content/slides/1337/md/authentication.md b/content/slides/1337/md/authentication.md
index 8d73ace8483eb3bf6c1e546f767cfd247a84b6e4..4a630e68914bc7815863f7b45e39050e3f9508d6 100644
--- a/content/slides/1337/md/authentication.md
+++ b/content/slides/1337/md/authentication.md
@@ -1,6 +1,8 @@
## authentification
-"<i class="fa fa-wikipedia-w" aria-hidden="true"></i> processus permettant à un système de s'assurer de la légitimité de la demande d'accès faite par une entité (être humain ou un autre système...) afin d'autoriser l'accès de cette entité à des ressources du système (systèmes, réseaux, applications…) conformément au paramétrage du contrôle d'accès ."
+"processus permettant à un système de s'assurer de la légitimité de la demande d'accès faite par une entité (être humain ou un autre système...) afin d'autoriser l'accès de cette entité à des ressources du système (systèmes, réseaux, applications…) conformément au paramétrage du contrôle d'accès ."
+
+<i class="fa-brands fa-wikipedia-w"></i>ikipédia
## 3 concepts
@@ -153,7 +155,7 @@ $ sudo service apache2 reload
## auth digest
-
+<!-- .element style="background-color: white" -->
## auth digest .htaccess
@@ -347,11 +349,49 @@ patator http_fuzz method=GET follow=0 accept_cookie=0 --threads=1 --rate-li
```
* [patator](https://github.com/lanjelot/patator)
- * resolv= -> buggy version https://bytemeta.vip/repo/lanjelot/patator/issues/174
+ * resolv= -> [buggy version](https://bytemeta.vip/repo/lanjelot/patator/issues/174)
+
+
+## Brute force [hard]
+capturer la soumission du formulaire
+<!-- .element style="width: 90%" -->
+
+
+## Brute force [hard]
+envoyer la requête dans *Intruder*
+<!-- .element style="width: 90%" -->
+
+
+## Brute force [hard]
+* onglet *Intruder*
+ * *attack type* -> *pitchfork*
+ * ne laisser que password et user_token en paramètres
+<!-- .element style="width: 90%" -->
## Brute force [hard]
+* onglet *Payloads*
+ * *Payload set*: 1 (mot de passe) -> *Simple list*
+ * *Payload settings [Simple list]* -> *load* -> */usr/share/wordslists/fasttrack.txt*
+<!-- .element style="width: 90%" -->
+
+
+## Brute force [hard]
+ * *Payload set*: 2 (token anti CSRF) -> *Recursive grep*
+* onglet *Settings*
+ * *Grep - Extract* -> *add*
+<!-- .element style="width: 90%" -->
+
+
+## Brute force [hard]
+* onglet *Resource pool*
+ * cocher *create new resource pool*
+<!-- .element style="width: 90%" -->
+
+
+## Brute force [hard]
+<!-- .element style="width: 90%" -->
## attaques offline
@@ -412,8 +452,5 @@ unshadow /etc/passwd /etc/shadow > mypasswd
* instaurer des règles de durcissement au moment du choix du mot de passe
* pas contournable côté client ;)
* sensibilisez vos utilisateurs
- * [<i class="fa fa-desktop"></i> Se protéger avec de bons mots de passe](http://doc.m4z3.me/_/bpu/se_proteger_avec_de_bons_mots_de_passe.htm#/cover)
- * [<i class="fa fa-video-camera"></i> Se protéger avec de bons mots de passe](http://webtv.u-clermont1.fr/media-MEDIA150410174414391)
-
* mettre en place un deuxième facteur d'authentification
* utiliser la crypto asymétrique
diff --git a/content/slides/1337/md/lab.md b/content/slides/1337/md/lab.md
new file mode 100644
index 0000000000000000000000000000000000000000..a144eae6a4d9e1922a61050c746490dfc371cc0b
--- /dev/null
+++ b/content/slides/1337/md/lab.md
@@ -0,0 +1,111 @@
+## web sec lab
+
+
+
+### h4PpY H4Ck1nG
+
+
+## VirtualBox
+
+
+
+
+## Kali
+
+<!-- .element style="width: 50%" -->
+
+* [<i class="fa-solid fa-download"></i> get kali](https://www.kali.org/get-kali)
+* [<i class="fa fa-video-camera"></i> tongues of kali](https://www.youtube.com/watch?v=dH9wCRQFVR0) <- rien à voir ;)
+
+
+## Keyboard Mapping
+
+<!-- .element style="width: 70%" -->
+
+
+## Connexion
+
+
+
+* username:password
+ * kali:kali
+
+
+## Definitive Keyboard Mapping
+
+
+
+* `sudo vi /etc/default/keyboard`
+ * replace `"us"`
+ * by `"fr"`
+
+
+## sudo without password
+
+
+
+* `sudo vi /etc/sudoers`
+ * replace `%sudo ALL=(ALL:ALL) ALL`
+ * by `%sudo ALL=(ALL) NOPASSWD:ALL`
+* see although `/etc/group`
+
+
+## Vim
+
+<!-- .element style="width: 40%" -->
+
+#### [<i class="fa-solid fa-gift"></i> survival cheatsheet](https://ryanstutorials.net/linuxtutorial/cheatsheetvi.php)
+
+
+## burp suite
+
+* next / next / accept / ...
+* Proxy -> proxy settings
+
+<!-- .element style="width: 80%" -->
+
+
+## toggle FF proxy
+
+install [Proxy Switcher and Manager](https://addons.mozilla.org/fr/firefox/addon/proxy-switcher-and-manager/)
+
+<!-- .element style="width: 30%" -->
+
+
+## toggle FF proxy
+
+<!-- .element style="width: 50%" -->
+
+
+## toggle FF proxy
+
+
+
+
+## toggle FF proxy
+
+
+
+
+## toggle FF proxy
+
+<!-- .element style="width: 80%" -->
+
+
+## toggle FF proxy
+
+
+
+
+## DVWA
+
+* htaccess to protect vm
+
+
+## Debian
+
+<!-- .element style="width: 30%" -->
+
+* https://www.osboxes.org/debian
+* username:password
+ * osboxes:osboxes.org
diff --git a/content/slides/main.css b/content/slides/main.css
index 124d86e121c372d7c14c9bf68c4a5e797fac92a0..2c772d23b2f91fbdb2e766c1e701f803b2e1495c 100644
--- a/content/slides/main.css
+++ b/content/slides/main.css
@@ -24,3 +24,7 @@
padding: 0.2em 0.5em 0.2em 0.5em;
border-bottom: 1px solid;
}
+
+reveal code {
+ background-color: gray;
+}
\ No newline at end of file