docs(cibersecurity): add cibersecurity branch subjects to public

2 years ago · 52b4b5545b
27 changed files with 920 additions and 0 deletions
--- a/subjects/cybersecurity/README.md
+++ b/subjects/cybersecurity/README.md
@ -0,0 +1,26 @@
 # :shield: IT Security
 :warning: | **In compliance with the laws.**
 _The methods and tools cited in these courses are used for educational and preventive purposes only, and for private use._
 _The necessary precautions have been put in place to ensure legal learning without risk to others._
 _It is your responsibility to check the laws applicable in your country and the rules in force._
 _By integrating this program, you thus declare yourself solely responsible for your actions, and no responsibility on the part of 01 or the instructor will be engaged for the misuse of the content._
 ---
 By downloading or consulting this document, the user accepts the user license attached to it, as detailed in the following provisions, and undertakes to fully respect it.
 The right of use defined by the license is limited to use in an exclusively private setting. This right includes:
 - The right to reproduce the document for storage for the purpose of representation on a single computer terminal
 - The right to reproduce the document in one copy for backup or printing
 No modification of the document in its content, form or presentation nor any redistribution in whole or in part, in any form and medium whatsoever (and in particular by networking) are authorized.
 The statements relating to the source of the document and-or its author must be kept in their entirety.
 The right of use defined by the license is personal and non-exclusive. Any other use than those provided for by the license is subject to the prior authorization of the author.
--- a/subjects/cybersecurity/active/README.md
+++ b/subjects/cybersecurity/active/README.md
@ -0,0 +1,44 @@
 # Active
 ### Objective
 In this project you will have to make a simple port scanner, which will tell you if the port is open or closed.
 You must create the project from scratch.
 ### Advice
 https://en.wikipedia.org/wiki/Nmap
 ### Bonus
 Show the name of the service that uses the port
 ### Usage
 ```console
 $>  tinyscanner --help
 Usage: tinyscanner [OPTIONS] [HOST] [PORT]
 Options:
  -p               Range of ports to scan
  -u               UDP scan
  -t               TCP scan
  --help           Show this message and exit.
 $>  tinyscanner -u 20.78.06.364 -p 80
 Port 80 is open
 $> tinyscanner -t 127.0.0.1 -p 1604
 Port 1604 is closed
 $> tinyscanner -t 10.53.224.5 -p 80-83
 Port 80 is open
 Port 81 is open
 Port 82 is close
 Port 83 is open
 ```
 ### Submission and audit
 Files that must be inside your repository:
 - Your program source code.
 - a README.md file, Which clearly explains how to use the program.
 Don’t hesitate to double check the names of your folders and files to ensure they are correct!
--- a/subjects/cybersecurity/active/audit/README.md
+++ b/subjects/cybersecurity/active/audit/README.md
@ -0,0 +1,71 @@
 #### General
 Knowledge-Check:
 ###### Is the student able to explain clearly what port means?
 ###### Is the student able to explain clearly what ports scanning means?
 ###### Is the student able to explain clearly why the ports scanning is important in the pentesting?
 ###### Is the student able to explain clearly how his program works?
 ##### Check the Repo content
 Files that must be inside your repository:
 - Your program source code.
 - a README.md file, Which clearly explains how to use the program.
 ###### Does the required files present?
 ##### Evaluate the student's submission
 The student must launch his program by passing the IP address of a website as the first argument and as the second argument "80" which corresponds to port 80, open to all IP addresses using the HTTP protocol. Port 80 is therefore open on all HTTP sites.
 21 FTP  
 22 SSH  
 23 Telnet  
 25 SMTP  
 53 DNS  
 80 HTTP  
 110 POP3  
 115 SFTP  
 135 PRC  
 139 NetBIOS  
 143 IMAP  
 194 CRI  
 443 SSL  
 445 SMB  
 1433 MSSQL  
 3306 mysql  
 3389 Remote Desktop  
 5632 PCAnywhere  
 5900 VNC  
 25565 Minecraft
 Run `tinyscanner -p 127.0.0.1 -t 80`
 ###### Does port 80 show as open?
 Run a local server using udp protocole with the port 8080 and run `tinyscanner -p 127.0.0.1 -u 80`
 ###### Does port 80 show as open?
 Run `tinyscanner --help`
 ```console
 $>  tinyscanner --help
 Usage: tinyscanner [OPTIONS] [HOST] [PORT]
 Options:
  -p               Range of ports to scan
  -u               UDP scan
  -t               TCP scan
  --help           Show this message and exit.
 ```
 ###### Is the program display an output similar to that?
 #### Bonus
 ###### +Is the service name displayed?
--- a/subjects/cybersecurity/evasion/README.md
+++ b/subjects/cybersecurity/evasion/README.md
@ -0,0 +1,28 @@
 # Evasion
 ### Objective  
 The goal of this project is to understand the methods of hackers who bypass anti-viruses, so also to understand how antivirus works in a little more advanced way than mal-track.
 ### Guidelines
 You will need to develop a windows program  
 The windows program will have to give us the possibility to encrypt another program  
 Increase its size by 101mb  
 Add an increment of an int to 100001  
 Look at the time, do a sleep of 101 seconds, look at the time to check that 101 seconds has passed, if the 101 seconds have not elapsed, do not decrypt the binary and do not execute it  
 This project is carried out on a virtual machine (in your malware analysis lab).
 You are free to choose your virtual machine, it must be windows-based. (but in the audit you will use an official windows virtual machine!)
 You are free to choose the programming language for your program.
 ### Advice
 https://wikileaks.org/ciav7p1/cms/files/BypassAVDynamics.pdf   
 https://0x00sec.org/c/cryptology/
 ### Submission and audit
 Files that must be inside your  repository:
 - Your program source code.
 - a README.md file, Which clearly explains how to use the program.
 Don’t hesitate to double check the names of your folders and files to ensure they are correct!
--- a/subjects/cybersecurity/evasion/audit/README.md
+++ b/subjects/cybersecurity/evasion/audit/README.md
@ -0,0 +1,50 @@
 #### General
 Knowledge-Check:
 ###### Is the student able to explain how the Anti-Viruses detect the viruses?
 ###### Is the student able to explain clearly how he can bypass the Anti-Viruses?
 ###### Is the student able to explain clearly how his program works?
 Open the student program in an official Windows virtual machine and add as argument a simple program that you can find on your Windows (calc.exe, ...)
 ##### Check the Repo content
 Files that must be inside your repository:
 - Your program source code.
 - a README.md file, Which clearly explains how to use the program.
 ###### Does the required files present?
 ##### Evaluate the student's submission
 Open the student program in a Windows system and add as argument a simple program that you can find on your Windows (calc.exe, ...)
 Compare the hash with a checker, before and after binary encryption
 ###### Has the signature of the binary argument been modified by the student's program?
 Open the program with a hex editor or disassembler  
 Compare binary argument before and after binary encryption
 ###### Has the form of the program been modified?
 Launch the program that has just been encrypted
 ###### Does the program run normally after 101 seconds?
 #### Bonus
 Add [mal-track.exe](</res/mal-track(Fynloski%20sample%2C%20ON%20VM%20ONLY).zip>) as an argument to the student project without running it.
 It is a program that is currently detected by 61/68 antivirus.
 https://www.virustotal.com/gui/file/a164abbb6778e1378af208b4a3d4833c2b226c68452d2151fb14e2e01a578fdd?nocache=1
 Add mal-track.exe as an argument to the student program, and upload the new encrypted version of mal-track.exe to an online Virus Scanner.
 The student can refuse to have his program uploaded to VirusTotal and therefore choose another scanner that does not send samples to preserve his algorithm.
 ###### +Does the new encrypted version of the binary upgrade to at least 40/68?
--- a/subjects/cybersecurity/hole-in-bin/README.md
+++ b/subjects/cybersecurity/hole-in-bin/README.md
@ -0,0 +1,24 @@
 # Hole in Bin
 ### Objective
 The objective of the project is that you are comfortable in reverse engineering on a windows environment, because many systems (Bank ATMs, SCADA..) can run on windows.
 ### Guidelines
 You will have the exercise of creating a patch that will bypass the security of the [program](./resources/hole-in-bin.exe) and display "please withdraw your money" in the color green, rather than an error message..
 ### Advice
 https://ghidra-sre.org/  
 http://www.ollydbg.de/  
 https://www.softpedia.com/get/Programming/Packers-Crypters-Protectors/PEiD-updated.shtml  
 https://www.red-gate.com/products/dotnet-development/reflector/
 ### Submission and audit
 Files that must be inside your repository:
 - a README.md file, Which explains all the steps you went through in order to bypass the program.
 Don’t hesitate to double check the names of your folders and files to ensure they are correct!
--- a/subjects/cybersecurity/hole-in-bin/audit/README.md
+++ b/subjects/cybersecurity/hole-in-bin/audit/README.md
@ -0,0 +1,29 @@
 #### General
 Knowledge-Check:
 ###### Is the student able to explain clearly what reverse engineering means?
 ###### Is the student able to explain clearly what is the difference between decompilation and disassembly and hex-editor?
 ###### Is the student able to explain clearly how he patch the program?
 ###### Is the student able to explain clearly how the "hole-in-bin" program works and how he pass the verification?
 ##### Check the Repo content
 Files that must be inside your repository:
 - a README.md file, Which explains all the steps you went through in order to bypass the program.
 ###### Does the required files present?
 ##### Evaluate the student's submission
 Start a Windows operating system, x32 or 64 bits(INTEL or AMD).
 Run the program [hole-in-bin](../resources/hole-in-bin.exe)  
 Run Student Patch
 ###### Does the patch developed by the student circumvent the security of the program and allow the display in green color of the text: please withdraw your money?
 ###### Can the student perform this same task again manually with a decompiler-disassembler or hex editor?
--- a/subjects/cybersecurity/hole-in-bin/resources/hole-in-bin.exe
+++ b/subjects/cybersecurity/hole-in-bin/resources/hole-in-bin.exe
--- a/subjects/cybersecurity/injector/README.md
+++ b/subjects/cybersecurity/injector/README.md
@ -0,0 +1,41 @@
 # Injector
 ### Introduction
 In this project you will see the binary headers.
 You will choose the operating system and the architecture, the goal of this project is to develop a binder that merges two programs into one.
 ### Guidelines
 Your program will need to merge the target program to an other
 ### Advice
 https://en.wikipedia.org/wiki/File_binder  
 https://en.wikipedia.org/wiki/Entry_point  
 https://en.wikipedia.org/wiki/Mach-O  
 https://en.wikipedia.org/wiki/Executable_and_Linkable_Format  
 https://en.wikipedia.org/wiki/Portable_Executable
 ### Usage
 ```
 $>  bin
 01
 $>  injector bin helloworld
 $>  bin
 01
 hello world
 ```
 ### Submission and audit
 Files that must be inside your repository:
 - Your program source code.
 - a README.md file, Which clearly explains how to use the program.
 Don’t hesitate to double check the names of your folders and files to ensure they are correct!
--- a/subjects/cybersecurity/injector/audit/README.md
+++ b/subjects/cybersecurity/injector/audit/README.md
@ -0,0 +1,22 @@
 #### General
 ##### Check the Repo content
 Files that must be inside your repository:
 - Your program source code.
 - a README.md file, Which clearly explains how to use the program.
 ###### Does the required files present?
 ##### Evaluate the student's submission
 Knowledge-Check:
 ###### Is the student able to explain clearly how we can merge 2 programs?
 ###### Is the student able to explain clearly how his program works?
 Create two simple binaries
 ###### Verify that the student's program can paste the two binaries in arguments into one binary?
--- a/subjects/cybersecurity/inspector-image/README.md
+++ b/subjects/cybersecurity/inspector-image/README.md
@ -0,0 +1,79 @@
 # Inspector Image
 ![](image.jpeg)
 ### Objective
 Discover a new method of passive analysis
 Discover some basic image recognition approaches
 See what steganography is, and what information an image can hide
 ### Advice
 I strongly advise to do this project in Python  
 https://en.wikipedia.org/wiki/Steganography  
 https://en.wikipedia.org/wiki/Exif
 ### Instructions
 Your program should show the pgp key which is hidden in the image
 The location where this photo was taken
 - The project has to be written in an interpreted language (I highly recommend Python).
 This project will help you discover:
 - Image recognition
 - Steganography
 - Metadata
 ### Bonus
 You can add more features in this order:
 - Added more steganography methods
 - Added GUI (Tkinter, QT and GTK are allowed)
 - Facial recognition on two images compared(OpenCV is allowed)
 - Other advanced features.
 ### Usage
 ```
 $>  image -map image.jpeg
 Lat/Lon:	(13.731) / (-1.1373)
 $> image -steg image.jpeg
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 Version: 01
 mQENBGIwpy4BCACFayWXCgHH2QqXkicbqD1ZlMUALpyGxDFiWh1SErFUPJOO/CgU
 2688bAd26kxDSGShiL9YUOQJ6MS+zJ0KlBkeKPoQlPHRBVpH7vjcRbZNgDxd82uE
 7mhM6AH+W3fAim/PhU3lm661UGMCHM3YLupa/N0Dhhmfimtg+0AimCoXk6Q6WJxg
 ao8XY1Wqacd2L0ssASY5EkMahNgtX0Ri8snbTlImd5Jq/sC4buZq96IlxyhtX0ew
 zD/md0U++8SxG9+gi+uuImqV8Wq1YHvJH5BtIbfcNG9V00+03ikEX9tppKxCkhzx
 9rSqvyH6Uirs3FVhFtoXUSg8IeYgSH6p5tsVABEBAAG0CDAxQDAxLjAxiQEcBBAB
 AgAGBQJiMKcuAAoJEAJuInmYDhhbO3gIAITZhEtLBj524y1oeBKI5fZDwgCQum6B
 D9ZaUq1+dI98HsiRAiUqw1YbuJQgeUVGCmqXeC3E7VTPCPZsaCLfWWZVeosRIqB8
 PwGxcY6vXHYR4S6T8rHwsNASw+Vo2pmQIGn4tABmtyappqJbwSz+5yg73DjYXiX/
 e/f6i9nrFFsfMjjKd71cAyHjV8u0z7fGDXpR22vo7CdloXMxsZRyHjd/4ofUgvu0
 6hWYG2zBWTXpwaYRU9u1NCr1gfKnukm8gbILSSgjr8pQ3OLWHleJXc0sCEJFKSbg
 +I0KJP7Ccrxy0MaKYk0T0tYbBrvqQCzXqzAqcjn+1GoDDS1J8WBJopM=
 =N8hc
 -----END PGP PUBLIC KEY BLOCK-----
 $>
 ```
 ### Submission and audit
 Files that must be inside your repository:
 - Your program source code.
 - a README.md file, Which clearly explains how to use the program.
 Don’t hesitate to double check the names of your folders and files to ensure they are correct!
--- a/subjects/cybersecurity/inspector-image/audit/README.md
+++ b/subjects/cybersecurity/inspector-image/audit/README.md
@ -0,0 +1,40 @@
 #### General
 Knowledge-Check:
 ###### Is the student able to explain clearly what steganography means?
 ###### Is the student able to explain clearly how some information can be hidden in normal files?
 ###### Is the student able to explain clearly how his program works?
 ##### Check the Repo content
 Files that must be inside your repository:
 - Your program source code.
 - a README.md file, Which clearly explains how to use the program.
 ###### Does the required files present?
 ##### Evaluate the student's submission
 The student must run his program with the first argument -map, and the second argument the image.jpeg file. You can find that [here](../resources/image.jpeg).
 ###### Compare the result to that of an online exif metadata viewer, does the result correspond to 32 Latitude, and 34 Longitude?
 The executant must execute his program again, with the argument -steg instead of -map, and a PGP key should be displayed
 A PGP key begins with  
 -----BEGIN PGP PUBLIC KEY BLOCK-----  
 and ends with  
 -----END PGP PUBLIC KEY BLOCK-----
 ###### Is the PGP key exactly the same as you can see in the topic?
 #### Bonus
 ###### +Was the student able to introduce you to other methods of steganography?
 ###### +Does the student program have a graphical interface?
 ###### +Can the student program compare two images?
--- a/subjects/cybersecurity/inspector-image/image.jpeg
+++ b/subjects/cybersecurity/inspector-image/image.jpeg
--- a/subjects/cybersecurity/local/README.md
+++ b/subjects/cybersecurity/local/README.md
@ -0,0 +1,27 @@
 # Local
 ### Guideline
 In this project you will learn about Privilege escalation We will provide a VM 01-Local1.ova.
 You have to install it locally in VirtualBox And then found a way to go inside it and get root access.
 There will be no visible IP address, you must find a way to get it.
 You have to become root and get the flag.
 - [01-Local1.ova](https://assets.01-edu.org/cybersecurity/localI/01-Local1.ova)
 - SHA1: f3422f3364fd38e8183740f8f57fa951d3f6e0bf
 - The modification in GRUB or in the VM to get the root access is forbidden!
 ### Advice
 https://en.wikipedia.org/wiki/Privilege_escalation
 ### Submission and audit
 - Virtual box must be installed in your machine for the audit!
 Files that must be inside your repository:
 - a README.md file, Which explains all the steps you went through in order to reach root access.
 Don’t hesitate to double check the names of your folders and files to ensure they are correct!
--- a/subjects/cybersecurity/local/audit/README.md
+++ b/subjects/cybersecurity/local/audit/README.md
@ -0,0 +1,42 @@
 #### General
 ##### Check the Repo content
 Files that must be inside your repository:
 - a README.md file, Which explains all the steps you went through in order to reach root access.
 ###### Does the required files present?
 ##### Evaluate the student's submission
 Knowledge-Check:
 ###### Is the student able to explain clearly what Privilege Escalation means?
 Please install 01-Local1.ova in VirtualBox and check the SHA1 if it's correct.
 - 01-Local1.ova: https://assets.01-edu.org/cybersecurity/local1/01-Local1.ova
 - SHA1: f3422f3364fd38e8183740f8f57fa951d3f6e0bf
 If it's already downloaded in the student machine, please check the SHA1:
 $> sha1sum 01-Local1.ova
 f3422f3364fd38e8183740f8f57fa951d3f6e0bf 01-Local1.ova
 ##### Ask the student to get the IP address.
 ###### Can the student explain all the steps?
 ##### Ask the student to become root.
 > The modification in GRUB or in the VM to get the root access is forbidden!
 ###### Can the student explain all the steps?
 ##### Ask the student to show the flag.
 ###### Can the student explain all the steps?
 ##### Ask the student to explain clearly each exploit and how we can fix it!
 ###### DOES the student explain clearly what are the steps taken to fix each vulnerability?
--- a/subjects/cybersecurity/mal-track/README.md
+++ b/subjects/cybersecurity/mal-track/README.md
@ -0,0 +1,27 @@
 # Mal Track
 "Even the lion has to defend himself against flies"
 ### Objective  
 The goal of this project is to understand the basic operation of a computer virus on a Windows environment and simple methods to eradicate them.
 ### Guidelines
 The purpose of this project is to create a program that will kill the [malware](./resources/mal-track(Fynloski%20sample%2C%20ON%20VM%20ONLY).zip), remove its execution from the startup of the machine, stops and removes it from the virtual machine and display the ip address of the attacker.
 This project is carried out on a virtual machine (in your malware analysis lab).
 You are free to choose your virtual machine, it must be windows-based. (but in the audit you will use an official windows virtual machine!)
 You are free to choose the programming language for your program.
 ### Advice
 https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32%2fFynloski
 ### Submission and audit
 Files that must be inside your  repository:
 - Your program source code.
 - a README.md file, Which clearly explains how to use the program.
 - Don’t hesitate to double check the names of your folders and files to ensure they are correct!
--- a/subjects/cybersecurity/mal-track/audit/README.md
+++ b/subjects/cybersecurity/mal-track/audit/README.md
@ -0,0 +1,50 @@
 #### General
 Knowledge-Check:
 ###### Is the student able to explain clearly how we can manage the startup programs in windows?
 ###### Is the student able to explain clearly how he get the ip of the attacker from the malware?
 ###### Is the student able to explain clearly how his program works?
 Create an offical Windows virtual machine.
 ##### Check the Repo content
 Files that must be inside your repository:
 - Your program source code.
 - a README.md file, Which clearly explains how to use the program.
 ###### Does the required files present?
 ##### Evaluate the student's submission
 Create a Windows virtual machine
 Add [mal-track.exe](<../resources/mal-track(Fynloski%20sample%2C%20ON%20VM%20ONLY).zip>) to anti-virus exceptions
 Launch the mal-track.exe program check if it's exist in the task manager, then launch the student program
 We are going to verify that the program developed by the student kills the malware process.
 Open task manager CTRL+ALT+DEL or Windows key+R -> msconfig.
 ###### Has mal-track.exe been killed from task manager?
 We are going to verify that the program developed by the student removes our malware from the start of the machine
 Open Registry Editor Windows key+R -> regedit
 ###### maltrack not located in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run?
 ###### maltrack not located in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce?
 ###### maltrack not located in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run?
 ###### maltrack not located in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce?
 The attacker's IP address is "127.0.0.1"
 ###### Does the student program display the attacker's IP address?
 ###### Can the student trace the IP address of the attacker manually with an hexadecimal editor?
--- a/subjects/cybersecurity/mal-track/resources/mal-track(Fynloski
+++ b/subjects/cybersecurity/mal-track/resources/mal-track(Fynloski
--- a/subjects/cybersecurity/malware/README.md
+++ b/subjects/cybersecurity/malware/README.md
@ -0,0 +1,37 @@
 # Malware
 ### Introduction
 The best way to understand malware is to be a Malware Developer.
 Its time to thing like black hat to understand how the ransomware work like (WannaCry).
 ### Guidelines
 You need to develop a ransomware that encrypt all the files with your extension and add a text file in the desktop with "All of your files have been encrypted,To unlock them contact me with your encrption code in this email@email.com, your encrption code is : {xxxxxxxxxxxxxxx}".
 a random encryption code must be placed in the text file, you must use this encryption code to provide an decrypting program.
 a decryption program is generated for each victim using the number generated after the encrypting (the encryption code).
 Your Malware and decryption program must be developed to work in Windows environment.
 The programs should not detect with Windows Defender and in more than 80% of Security vendors in [virustotal](https://www.virustotal.com/), yes it's hard but your program will be useless if it's detected!
 This project is carried out on a virtual machine (in your malware analysis lab).
 You are free to choose your virtual machine, it must be windows-based. (but in the audit you will use an official windows virtual machine!)
 You are free to choose the programming language for your programs.
 ### Advice
 > Avoid developing this malware in your own operating system or you will cry lonely in the corner!
 > This program is for educational use only, Do not use it for evil purposes, If you do this, we will not visit you in prison!
 https://docs.microsoft.com/en-us/windows/win32/api/bcrypt/
 https://docs.microsoft.com/en-us/windows/win32/fileio/file-management-functions
 ### Submission and audit
 Files that must be inside your repository:
 - Your program source code.
 - a README.md file, Which clearly explains how to use the program.
 - Don’t hesitate to double check the names of your folders and files to ensure they are correct!
--- a/subjects/cybersecurity/malware/audit/README.md
+++ b/subjects/cybersecurity/malware/audit/README.md
@ -0,0 +1,49 @@
 #### General
 Knowledge-Check:
 Ask the students for explain how the ransomware work and the impact of it.
 ###### Is the student able to explain clearly what ransomware means?
 ###### Is the student able to explain clearly how he can bypass the Anti-Viruses?
 ###### Is the student able to explain clearly how his ransomware works?
 ###### Is the student able to explain clearly how his decrypting program works?
 ##### Check the Repo content
 Files that must be inside your repository:
 - Your program source code.
 - a README.md file, Which clearly explains how to use the program.
 ###### Does the required files present?
 ##### Evaluate the student's submission
 Create an official Windows virtual machine.
 Scan the student ransomware in windows defender.
 ###### Does the program bypass the windows defender without any detection?
 Scan the student ransomware in [virustotal](https://www.virustotal.com/).
 ###### Does the program bypass more than 80% of Security vendors in [virustotal](https://www.virustotal.com/)?
 Create some files with random data in the machine and run the program.
 ###### Does the program change all files in the machine with the student extension(encrypt)?
 ###### Does the program add a text file with contact info and the encryption code (to recover the data)?
 Imagine that they are your files and try to decrypt them without the help of the student.
 ###### They are no way to decrtpy the files?
 Ask the student to create a decryption program by using the encryption code.
 Run the decryption program.
 ###### Do the files restore with their data?
 ###### Does the decryption program is usage unique for each victim?
--- a/subjects/cybersecurity/obfuscator/README.md
+++ b/subjects/cybersecurity/obfuscator/README.md
@ -0,0 +1,24 @@
 # Obfuscator
 ### Objective
 The goal of this project is to understand polymorphic encryption. Principle used by computer virus developers to change the signature of their programs.
 ### Guidelines
 You need to develop a program that self-modifies on form, but that will keep these same features, a simple SSH reverse shell. You have the choice of architecture, operating system and language.
 ### Advice
 https://en.wikipedia.org/wiki/Netcat  
 https://www.vx-underground.org/  
 http://z0mbie.daemonlab.org/pgames.txt
 ### Submission and audit
 Files that must be inside your repository:
 - Your program source code.
 - a README.md file, Which clearly explains how to use the program.
 Don’t hesitate to double check the names of your folders and files to ensure they are correct!
--- a/subjects/cybersecurity/obfuscator/audit/README.md
+++ b/subjects/cybersecurity/obfuscator/audit/README.md
@ -0,0 +1,26 @@
 #### General
 Knowledge-Check:
 ###### Is the student able to explain clearly what polymorphic encryption means?
 ###### Is the student able to explain clearly how he change the signature with each execution?
 ###### Is the student able to explain clearly how his program works?
 ##### Check the Repo content
 Files that must be inside your repository:
 - Your program source code.
 - a README.md file, Which clearly explains how to use the program.
 ###### Does the required files present?
 ##### Evaluate the student's submission
 Launch the student's program on the OS he wants
 ###### Does the program change signature with each execution?
 ###### Can the student connect to the shell via SSH through his program (reverse shell)?
--- a/subjects/cybersecurity/passive/README.md
+++ b/subjects/cybersecurity/passive/README.md
@ -0,0 +1,78 @@
 # Passive
 ### Introduction
 Information gathering is one of the most important steps during a pentest, it can be considered the longest step.
 ### Objective
 The goal of this project is for you to become more comfortable with open source investigative methods
 ### Advice
 Before asking help, ask yourself if you have really thought about all the possibilities.  
 https://en.kali.tools/all/?category=recon  
 https://github.com/topics/osint-tools  
 https://en.wikipedia.org/wiki/Open-source_intelligence  
 https://en.wikipedia.org/wiki/Doxing
 ### Guidelines
 You are going here to create your first passive recognition tool, you have the choice of language, however your program will have to recognize the information entered (FULL NAME, IP, @login).
 For the case of the full name, it will have to recognize the entry:
 Last name First Name,
 then look in the directories for the telephone number and the address.
 If it is the ip address, your tool should display at least the city and the name of the internet service provider.
 If it is an username, your tool will have to check if this username is used in at least 5 known social networks.
 The result should be stored in a result.txt file (result2.txt if the file already exists)
 ### Bonus
 You can add more API features
 ### Usage
 ```
 $> passive --help
 Welcome to passive v1.0.0
 OPTIONS:
    -fn         Search with full-name
    -ip         Search with ip address
    -u          Search with username
 $>  passive -fn "Jean Dupont"
 First name: John
 Name: Dupont
 Address: 7 rue du Progrès
 75016 Paris
 Number: +33601010101
 Saved in result.txt
 $>  passive -ip 127.0.0.1
 ISP: FSociety, S.A.
 City Lat/Lon:	(13.731) / (-1.1373)
 Saved in result2.txt
 $>  passive -u "@user01"
 Facebook : yes
 Twitter : yes
 Linkedin : yes
 Instagram : no
 Skype : yes
 Saved in result3.txt
 ```
 ### Submission and audit
 Files that must be inside your repository:
 - Your program source code.
 - a README.md file, Which clearly explains how to use the program.
 Don’t hesitate to double check the names of your folders and files to ensure they are correct!
--- a/subjects/cybersecurity/passive/audit/README.md
+++ b/subjects/cybersecurity/passive/audit/README.md
@ -0,0 +1,55 @@
 #### General
 Knowledge-Check:
 ###### Is the student able to explain clearly the used investigative methods?
 ###### Is the student able to explain clearly what OSINT means?
 ###### Is the student able to explain clearly how his program works?
 ##### Check the Repo content
 Files that must be inside your repository:
 - Your program source code.
 - a README.md file, Which clearly explains how to use the program.
 ###### Does the required files present?
 ##### Evaluate the student's submission
 Ask the student to present his program to you by doing 3 tests
 Ask the student to present his program to you by doing 3 tests
 The information entered as an argument must be a full name, an IP address, and an user name.
 ##### Try flag "-fn"
 example:
 - passive -fn Jean Dupont
 ###### Does the program display the address, and the telephone number for the full name entered?
 ##### Try flag "-ip"
 example:
 - passive -ip 127.0.0.1
 ###### Does the program display the ISP, and position for the entered IP address?
 ##### Try flag "-u"
 example:
 - passive -u "@user01"
 ###### Does the program check if the user entered is present in is present in at least 5 social networks?
 ###### Does the program retrieve this information from a public source?
 ###### Does the program save the result of each command in a result.txt file?
 ###### If the result.txt file already exists, does the program overwrite the result file, or is a new file created?
--- a/subjects/cybersecurity/web-hack/README.md
+++ b/subjects/cybersecurity/web-hack/README.md
@ -0,0 +1,18 @@
 # Web Hack
 ### Objective
 To validate the project you will have to deploy the [web platform](./resources/webhack.zip), find at least 3 vulnerabilities and develop a c99, r57 type shell. Your php shell should allow you to add a file, delete a file, and execute a command.
 ### Advice
 https://owasp.org/  
 https://en.wikipedia.org/wiki/Web_shell
 ### Submission and audit
 Files that must be inside your repository:
 - a README.md file, Which explains all the steps you went through in order to benefit from the all vulnerabilities and how to fix all of them.
 Don’t hesitate to double check the names of your folders and files to ensure they are correct!
--- a/subjects/cybersecurity/web-hack/audit/README.md
+++ b/subjects/cybersecurity/web-hack/audit/README.md
@ -0,0 +1,33 @@
 #### General
 Knowledge-Check:
 ###### Is the student able to explain clearly What are these 3 vulnerabilities?
 ###### Is the student able to explain clearly how he use each vulnerability?
 ###### Is the student able to explain clearly how he resolve each vulnerability?
 ##### Check the Repo content
 Files that must be inside your repository:
 - a README.md file, Which explains all the steps you went through in order to benefit from the all vulnerabilities and how to fix all of them.
 ###### Does the required files present?
 ##### Evaluate the student's submission
 Deploy the [web platform](../resources/webhack.zip) locally
 ###### Does the student have the ability to exploit 3 vulnerabilities?
 ###### Can the student's webshell at least add a file, and delete it in its current directory?
 ###### Can the student webshell execute commands on the terminal?
 ###### Is the webshell developed in PHP?
 #### Bonus
 ###### +Have all vulnerabilities been resolved?
--- a/subjects/cybersecurity/web-hack/resources/webhack.zip
+++ b/subjects/cybersecurity/web-hack/resources/webhack.zip