• [x ] Scan TCP avec Nmap • [ ] Scan UDP avec Nmap • [ ] Service & version detection • [ ] OS fingerprinting • [ ] Banner grabbing manuel • [ ] DNS enumeration (zone transfer) • [ ] DNS brute-force • [ ] Subdomain enumeration • [ ] SMB enumeration (shares) • [ ] SMB enumeration (users) • [ ] LDAP enumeration • [ ] RPC enumeration • [ ] SNMP enumeration • [ ] NFS enumeration • [ ] FTP enumeration • [ ] SSH enumeration • [ ] HTTP header analysis • [ ] Robots.txt & sitemap discovery • [ ] Directory brute-forcing • [ ] Parameter discovery • [ ] Virtual host discovery • [ ] Exploitation de services vulnérables • [ ] Exploit public adaptation • [ ] Manual exploit modification • [ ] Remote Code Execution (RCE) • [ ] Command injection • [ ] Reverse shell • [ ] Bind shell • [ ] Web shell deployment • [ ] Password brute-force services • [ ] Credential stuffing • [ ] Exploitation de mauvaises configurations • [ ] Cleartext credentials abuse • [ ] Exploitation de services legacy • [ ] SQL Injection error-based • [ ] SQL Injection union-based • [ ] Blind SQL Injection • [ ] Time-based SQL Injection • [ ] Local File Inclusion (LFI) • [ ] Remote File Inclusion (RFI) • [ ] File upload vulnerabilities • [ ] Authentication bypass • [ ] Session fixation • [ ] Session hijacking • [ ] Cross-Site Scripting (reflected) • [ ] Cross-Site Scripting (stored) • [ ] IDOR • [ ] CSRF • [ ] HTTP verb tampering • [ ] API endpoint abuse • [ ] Business logic flaws • [ ] Password reset flaws • [ ] XXE injection • [ ] Linux enumeration • [ ] SUID binaries abuse • [ ] Sudo misconfigurations • [ ] Cron jobs abuse • [ ] PATH hijacking • [ ] Capabilities abuse • [ ] Kernel exploits (Linux) • [ ] Credential harvesting • [ ] Windows enumeration • [ ] Unquoted service path • [ ] Weak service permissions • [ ] Registry privilege escalation • [ ] Token impersonation • [ ] DLL hijacking • [ ] Scheduled tasks abuse • [ ] AD user enumeration • [ ] AD group enumeration • [ ] Kerberoasting • [ ] AS-REP Roasting • [ ] Password spraying • [ ] NTLM relay • [ ] Pass-the-Hash • [ ] Pass-the-Ticket • [ ] Golden Ticket • [ ] Silver Ticket • [ ] DCSync attack • [ ] Lateral movement (SMB, WinRM) • [ ] Privilege escalation in AD • [ ] GPO abuse • [ ] Delegation abuse • [ ] Internal network discovery • [ ] Pivoting with SSH tunnels • [ ] Port forwarding • [ ] SOCKS proxy setup • [ ] Credential reuse • [ ] Persistence techniques • [ ] Scheduled persistence • [ ] Cleanup & log removal • [ ] OPSEC basics • [ ] Attack path documentation • [ ] Proof of compromise collection • [ ] Screenshot & evidence management • [ ] Risk rating (CVSS basics) • [ ] Technical remediation writing • [ ] Executive summary writing • [ ] Time management during exam