Merge pull request #153 from IgorSasovets/fix_typo

Fixed typos in several tutorials

cloud-security/cloud-security-review.md

@@ -93,7 +93,8 @@ azscan #Run, login before with `az login`
 ![](../.gitbook/assets/image%20%2889%29.png)
 
 * **Standard tier** is recommended instead of free tier \(see the tier being used in _Pricing & Settings_ or in [https://portal.azure.com/\#blade/Microsoft\_Azure\_Security/SecurityMenuBlade/24](https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/24)\)
-* **Periodic SQL servers scans**: 
  _Select the SQL server_ --> _Make sure that 'Advanced data security' is set to 'On'_ --> _Under 'Vulnerability assessment settings', set 'Periodic recurring scans' to 'On', and configure a storage account for storing vulnerability assessment scan results_ --> _Click Save_
+* **Periodic SQL servers scans**: 
+  _Select the SQL server_ --> _Make sure that 'Advanced data security' is set to 'On'_ --> _Under 'Vulnerability assessment settings', set 'Periodic recurring scans' to 'On', and configure a storage account for storing vulnerability assessment scan results_ --> _Click Save_
 * **Lack of App Services restrictions**: Look for "App Services" in Azure \([https://portal.azure.com/\#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites)\) and check if anyone is being used. In that case check go through each App checking for "Access Restrictions" and there aren't rules, report it. The access to the app service should be restricted according to the needs.
 
 ## Office365
@@ -102,7 +103,7 @@ You need **Global Admin** or at least **Global Admin Reader** \(but note that Gl
 
 ## AWS
 
-Get objets in graph: [https://github.com/FSecureLABS/awspx](https://github.com/FSecureLABS/awspx)
+Get objects in graph: [https://github.com/FSecureLABS/awspx](https://github.com/FSecureLABS/awspx)
 
 
 

mobile-apps-pentesting/android-app-pentesting/README.md

@@ -430,7 +430,7 @@ docker pull opensecurity/mobile-security-framework-mobsf
 docker run -it -p 8000:8000 opensecurity/mobile-security-framework-mobsf:latest
 ```
 
-Notice that MobSF can analyse **Andoid**\(apk\)**, IOS**\(ipa\) **and Windows**\(apx\) applications \(_Windows applications must be analyzed from a MobSF installed in a Windows host_\).  
+Notice that MobSF can analyse **Android**\(apk\)**, IOS**\(ipa\) **and Windows**\(apx\) applications \(_Windows applications must be analyzed from a MobSF installed in a Windows host_\).  
 Also, if you create a **ZIP** file with the source code if an **Android** or an **IOS** app \(go to the root folder of the application, select everything and create a ZIPfile\), it will be able to analyse it also.
 
 MobSF also allows you to **diff/Compare** analysis and to integrate **VirusTotal** \(you will need to set your API key in _MobSF/settings.py_ and enable it: `VT_ENABLED = TRUE`  `VT_API_KEY = <Your API key>`  `VT_UPLOAD = TRUE`\). You can also set `VT_UPLOAD` to `False`, then the **hash** will be **upload** instead of the file.
@@ -444,7 +444,7 @@ The **MobSF dynamic analyser** can:
 * Capture **HTTPS traffic**
 * Use **Frida** to obtain **runtime** **information**
 
-From android **versions &gt; 5**, it will **automatically start Friday** and will set global **proxy** settings to **capture** traffic. It will only capture traffic from the tested application.
+From android **versions &gt; 5**, it will **automatically start Frida** and will set global **proxy** settings to **capture** traffic. It will only capture traffic from the tested application.
 
 **Frida**
 
@@ -514,7 +514,7 @@ This tool is designed to look for several **security related Android application
 
 ```bash
 pip3 install --user qark  # --user is only needed if not using a virtualenv
-qark --apk path /to/my.apk
+qark --apk path/to/my.apk
 qark --java path/to/parent/java/folder
 qark --java path/to/specific/java/file.java
 ```

phishing-methodology/README.md

@@ -440,7 +440,7 @@ However, there are other ways to know if the victim is **actively looking for su
 
 {% page-ref page="detecting-phising.md" %}
 
-You can **buy a domain with a very similar name** to the victims domain **and/or generate a certificate** for a **subdomain** of a domain controlled by you **containing** the **keyword** of the victim's domain. If the **victim** perform any kind of **DNS or HTTP interaction** with them, you will now that **he is actively looking** for suspicious domains and you will need to very very stealth.
+You can **buy a domain with a very similar name** to the victims domain **and/or generate a certificate** for a **subdomain** of a domain controlled by you **containing** the **keyword** of the victim's domain. If the **victim** perform any kind of **DNS or HTTP interaction** with them, you will know that **he is actively looking** for suspicious domains and you will need to be very stealth.
 
 ## References