Pentesting - CBL.dev 🧑🏻‍🏫 Notes

# Pentesting - Comment apprendre et pratiquer 🎯 --- ## 📚 Apprendre ### Roadmaps & Cours | Ressource | Description | Lien | |----------|----------|-----| | **Cyber Security Expert** | Guide pas à pas pour devenir expert | [roadmap.sh/cyber-security](https://roadmap.sh/cyber-security) | | **GeeksforGeeks** | Portail informatique complet | [geeksforgeeks.org](https://www.geeksforgeeks.org/) | ### Wikis & Cheatsheets | Ressource | Description | Lien | |----------|----------|-----| | **HackTricks** | Trucs et techniques de hacking | [hacktricks.xyz](https://book.hacktricks.xyz/) | | **HackTricks Cloud** | CI/CD & Cloud security | [cloud.hacktricks.xyz](https://cloud.hacktricks.xyz/) | | **PayloadsAllTheThings** | Payloads web security | [swisskyrepo.github.io/PayloadsAllTheThings](https://swisskyrepo.github.io/PayloadsAllTheThings/) | | **InternalAllTheThings** | AD & Internal pentest | [swisskyrepo.github.io/InternalAllTheThings](https://swisskyrepo.github.io/InternalAllTheThings/) | | **Pentest Book** | Connaissances et scripts de pentest | [pentestbook.six2dez.com](https://pentestbook.six2dez.com/) | ### Outils & Resources | Ressource | Description | Lien | |----------|----------|-----| | **infosecstreams** | Liste de streamers InfoSec | [infosecstreams.com](https://infosecstreams.com/) | | **Reverse Shell Generator** | Générateur de reverse shells | [revshells.com](https://www.revshells.com/) | | **Exegol** | Setup professionnel de hacking | [exegol.readthedocs.io](https://exegol.readthedocs.io/) | --- ## 🏋️ Pratiquer | Ressource | Description | Lien | |----------|----------|-----| | **Hack The Box** | Où les vrais hackers se perfectionnent | [hackthebox.com](https://www.hackthebox.com/) | | **VulnHub** | VM vulnérables volontairement | [vulnhub.com](https://www.vulnhub.com/) | | **YesWeHack** | Bug bounty & gestion des vulnérabilités | [yeswehack.com](https://www.yeswehack.com/fr) | | **CTF** | Challenges de sécurité | [[CTF]] | --- ## 📝 Rapport de pentest | Ressource | Description | Lien | |----------|----------|-----| | **Public pentesting reports** | Exemples de rapports publics | [github.com/juliocesarfort/public-pentesting-reports](https://github.com/juliocesarfort/public-pentesting-reports) | --- ## 🔑 Méthodologie d'apprentissage 1. **Start basics** : HTML, Linux, networking, scripting (Bash/Python) 2. **Learn theory** : OWASP Top 10, common vulnerabilities 3. **Practice** : HTB, TryHackMe, VulnHub 4. **Specialize** : Web, Cloud, Mobile, Active Directory 5. **Certifications** : OSCP, CEH, CSPH, etc.