From 92a9bc7b123e4508a99e1d226c2da42caecdc87f Mon Sep 17 00:00:00 2001
From: HackTricks News Bot <bot@hacktricks.xyz>
Date: Sat, 12 Jul 2025 10:50:06 +0000
Subject: [PATCH] Add content from: Research Update: Enhanced
 src/todo/radio-hacking/low-power-w...

---
 .../0.-basic-llm-concepts.md                  |  4 +-
 src/AI/AI-llm-architecture/1.-tokenizing.md   |  4 +-
 .../AI-llm-architecture/2.-data-sampling.md   |  4 +-
 .../3.-token-embeddings.md                    |  4 +-
 .../4.-attention-mechanisms.md                |  5 +-
 .../5.-llm-architecture.md                    |  4 +-
 .../6.-pre-training-and-loading-models.md     |  4 +-
 .../7.0.-lora-improvements-in-fine-tuning.md  |  4 +-
 .../7.1.-fine-tuning-for-classification.md    |  4 +-
 ...7.2.-fine-tuning-to-follow-instructions.md |  4 +-
 src/AI/AI-llm-architecture/README.md          |  4 +-
 .../arbitrary-write-2-exec/README.md          |  3 +-
 .../aw2exec-sips-icc-profile.md               |  2 +-
 src/binary-exploitation/array-indexing.md     |  2 +-
 .../bf-forked-stack-canaries.md               |  2 +-
 src/binary-exploitation/ios-exploiting.md     |  4 +-
 src/binary-exploitation/libc-heap/README.md   |  4 +-
 .../libc-heap/use-after-free/first-fit.md     |  2 +-
 .../discord-invite-hijacking.md               |  2 +-
 .../threat-modeling.md                        |  5 +-
 .../macos-dangerous-entitlements.md           |  4 +-
 .../android-app-pentesting/flutter.md         |  2 +-
 .../ios-pentesting-without-jailbreak.md       |  2 +-
 .../1414-pentesting-ibmmq.md                  |  2 +-
 .../pentesting-ntp.md                         |  2 +-
 .../pentesting-web/angular.md                 |  5 +-
 .../pentesting-web/django.md                  |  4 +-
 .../pentesting-web/laravel.md                 |  5 +-
 .../pentesting-web/nodejs-express.md          |  5 +-
 .../pentesting-web/spring-actuators.md        |  4 +-
 .../dapps-DecentralizedApplications.md        |  5 +-
 .../lfi2rce-via-nginx-temp-files.md           | 18 ++--
 src/pentesting-web/idor.md                    |  4 +-
 .../xss-cross-site-scripting/README.md        |  2 +-
 .../fault_injection_attacks.md                |  4 +-
 .../hardware-hacking/side_channel_analysis.md |  4 +-
 .../README.md                                 |  5 +-
 .../modbus.md                                 |  5 +-
 src/todo/investment-terms.md                  |  4 +-
 src/todo/radio-hacking/README.md              |  3 +-
 .../radio-hacking/fissure-the-rf-framework.md |  5 +-
 .../low-power-wide-area-network.md            | 94 +++++++++++++++++--
 src/todo/rust-basics.md                       |  5 +-
 src/todo/test-llms.md                         |  5 +-
 .../TimeRoasting.md                           |  4 +-
 .../printnightmare.md                         |  4 +-
 src/windows-hardening/cobalt-strike.md        |  5 +-
 47 files changed, 174 insertions(+), 108 deletions(-)

diff --git a/src/AI/AI-llm-architecture/0.-basic-llm-concepts.md b/src/AI/AI-llm-architecture/0.-basic-llm-concepts.md
index 83ce8371c..b0d2a60e6 100644
--- a/src/AI/AI-llm-architecture/0.-basic-llm-concepts.md
+++ b/src/AI/AI-llm-architecture/0.-basic-llm-concepts.md
@@ -1,6 +1,6 @@
 # 0. Basic LLM Concepts
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
 
 ## Pretraining
 
@@ -300,4 +300,4 @@ During the backward pass:
 - **Accuracy:** Provides exact derivatives up to machine precision.
 - **Ease of Use:** Eliminates manual computation of derivatives.
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
diff --git a/src/AI/AI-llm-architecture/1.-tokenizing.md b/src/AI/AI-llm-architecture/1.-tokenizing.md
index 7e4ae9818..2c29f7c2b 100644
--- a/src/AI/AI-llm-architecture/1.-tokenizing.md
+++ b/src/AI/AI-llm-architecture/1.-tokenizing.md
@@ -1,6 +1,6 @@
 # 1. Tokenizing
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
 
 ## Tokenizing
 
@@ -99,4 +99,4 @@ print(token_ids[:50])
 - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch)
 
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
diff --git a/src/AI/AI-llm-architecture/2.-data-sampling.md b/src/AI/AI-llm-architecture/2.-data-sampling.md
index 42d43f051..658e7a834 100644
--- a/src/AI/AI-llm-architecture/2.-data-sampling.md
+++ b/src/AI/AI-llm-architecture/2.-data-sampling.md
@@ -1,6 +1,6 @@
 # 2. Data Sampling
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
 
 ## **Data Sampling**
 
@@ -241,4 +241,4 @@ tensor([[  367,  2885,  1464,  1807],
 - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch)
 
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
diff --git a/src/AI/AI-llm-architecture/3.-token-embeddings.md b/src/AI/AI-llm-architecture/3.-token-embeddings.md
index b0d34dc2e..952b9197e 100644
--- a/src/AI/AI-llm-architecture/3.-token-embeddings.md
+++ b/src/AI/AI-llm-architecture/3.-token-embeddings.md
@@ -1,6 +1,6 @@
 # 3. Token Embeddings
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
 
 ## Token Embeddings
 
@@ -219,4 +219,4 @@ print(input_embeddings.shape) # torch.Size([8, 4, 256])
 - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch)
 
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
diff --git a/src/AI/AI-llm-architecture/4.-attention-mechanisms.md b/src/AI/AI-llm-architecture/4.-attention-mechanisms.md
index 9f73a4eec..76aa936d7 100644
--- a/src/AI/AI-llm-architecture/4.-attention-mechanisms.md
+++ b/src/AI/AI-llm-architecture/4.-attention-mechanisms.md
@@ -1,6 +1,6 @@
 # 4. Attention Mechanisms
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
 
 ## Attention Mechanisms and Self-Attention in Neural Networks
 
@@ -430,5 +430,4 @@ For another compact and efficient implementation you could use the [`torch.nn.Mu
 - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch)
 
 
-{{#include /src/banners/hacktricks-training.md}}
-
+{{#include ../../banners/hacktricks-training.md}}
diff --git a/src/AI/AI-llm-architecture/5.-llm-architecture.md b/src/AI/AI-llm-architecture/5.-llm-architecture.md
index 7e375b6f6..dc8288383 100644
--- a/src/AI/AI-llm-architecture/5.-llm-architecture.md
+++ b/src/AI/AI-llm-architecture/5.-llm-architecture.md
@@ -1,6 +1,6 @@
 # 5. LLM Architecture
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
 
 ## LLM Architecture
 
@@ -702,4 +702,4 @@ print("Output length:", len(out[0]))
 - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch)
 
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
diff --git a/src/AI/AI-llm-architecture/6.-pre-training-and-loading-models.md b/src/AI/AI-llm-architecture/6.-pre-training-and-loading-models.md
index 4ebc737e9..6f430fd62 100644
--- a/src/AI/AI-llm-architecture/6.-pre-training-and-loading-models.md
+++ b/src/AI/AI-llm-architecture/6.-pre-training-and-loading-models.md
@@ -1,6 +1,6 @@
 # 6. Pre-training & Loading models
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
 
 ## Text Generation
 
@@ -971,4 +971,4 @@ There 2 quick scripts to load the GPT2 weights locally. For both you can clone t
 - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch)
 
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
diff --git a/src/AI/AI-llm-architecture/7.0.-lora-improvements-in-fine-tuning.md b/src/AI/AI-llm-architecture/7.0.-lora-improvements-in-fine-tuning.md
index 24d1f900d..3955d432a 100644
--- a/src/AI/AI-llm-architecture/7.0.-lora-improvements-in-fine-tuning.md
+++ b/src/AI/AI-llm-architecture/7.0.-lora-improvements-in-fine-tuning.md
@@ -1,6 +1,6 @@
 # 7.0. LoRA Improvements in fine-tuning
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
 
 ## LoRA Improvements
 
@@ -64,4 +64,4 @@ def replace_linear_with_lora(model, rank, alpha):
 
 - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch)
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
diff --git a/src/AI/AI-llm-architecture/7.1.-fine-tuning-for-classification.md b/src/AI/AI-llm-architecture/7.1.-fine-tuning-for-classification.md
index 98df3b564..efeba7a45 100644
--- a/src/AI/AI-llm-architecture/7.1.-fine-tuning-for-classification.md
+++ b/src/AI/AI-llm-architecture/7.1.-fine-tuning-for-classification.md
@@ -1,6 +1,6 @@
 # 7.1. Fine-Tuning for Classification
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
 
 ## What is
 
@@ -117,4 +117,4 @@ You can find all the code to fine-tune GPT2 to be a spam classifier in [https://
 
 - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch)
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
diff --git a/src/AI/AI-llm-architecture/7.2.-fine-tuning-to-follow-instructions.md b/src/AI/AI-llm-architecture/7.2.-fine-tuning-to-follow-instructions.md
index 1398b73d5..298906836 100644
--- a/src/AI/AI-llm-architecture/7.2.-fine-tuning-to-follow-instructions.md
+++ b/src/AI/AI-llm-architecture/7.2.-fine-tuning-to-follow-instructions.md
@@ -1,6 +1,6 @@
 # 7.2. Fine-Tuning to follow instructions
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
 
 > [!TIP]
 > The goal of this section is to show how to **fine-tune an already pre-trained model to follow instructions** rather than just generating text, for example, responding to tasks as a chat bot.
@@ -107,4 +107,4 @@ You can find an example of the code to perform this fine tuning in [https://gith
 
 - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch)
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
diff --git a/src/AI/AI-llm-architecture/README.md b/src/AI/AI-llm-architecture/README.md
index 8d18bf89d..b8da5e211 100644
--- a/src/AI/AI-llm-architecture/README.md
+++ b/src/AI/AI-llm-architecture/README.md
@@ -1,6 +1,6 @@
 # LLM Training - Data Preparation
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
 
 **These are my notes from the very recommended book** [**https://www.manning.com/books/build-a-large-language-model-from-scratch**](https://www.manning.com/books/build-a-large-language-model-from-scratch) **with some extra information.**
 
@@ -99,4 +99,4 @@ You should start by reading this post for some basic concepts you should know ab
 7.2.-fine-tuning-to-follow-instructions.md
 {{#endref}}
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
diff --git a/src/binary-exploitation/arbitrary-write-2-exec/README.md b/src/binary-exploitation/arbitrary-write-2-exec/README.md
index 207dbba64..750760570 100644
--- a/src/binary-exploitation/arbitrary-write-2-exec/README.md
+++ b/src/binary-exploitation/arbitrary-write-2-exec/README.md
@@ -1,6 +1,5 @@
 # Arbitrary Write 2 Exec
 
-{{#include /src/banners/hacktricks-training.md}}
-
+{{#include ../../banners/hacktricks-training.md}}
 
 
diff --git a/src/binary-exploitation/arbitrary-write-2-exec/aw2exec-sips-icc-profile.md b/src/binary-exploitation/arbitrary-write-2-exec/aw2exec-sips-icc-profile.md
index bc6d6480a..e8225d8fd 100644
--- a/src/binary-exploitation/arbitrary-write-2-exec/aw2exec-sips-icc-profile.md
+++ b/src/binary-exploitation/arbitrary-write-2-exec/aw2exec-sips-icc-profile.md
@@ -52,4 +52,4 @@ Successful exploitation results in remote arbitrary code execution at user privi
 - Apple October 2024 Security Update (patch shipping CVE-2024-44236)  
   https://support.apple.com/en-us/121564
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
diff --git a/src/binary-exploitation/array-indexing.md b/src/binary-exploitation/array-indexing.md
index 12c30102b..6c3a37e22 100644
--- a/src/binary-exploitation/array-indexing.md
+++ b/src/binary-exploitation/array-indexing.md
@@ -20,4 +20,4 @@ However he you can find some nice **examples**:
 
 
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../banners/hacktricks-training.md}}
diff --git a/src/binary-exploitation/common-binary-protections-and-bypasses/stack-canaries/bf-forked-stack-canaries.md b/src/binary-exploitation/common-binary-protections-and-bypasses/stack-canaries/bf-forked-stack-canaries.md
index 0ec3de2d3..9a852199d 100644
--- a/src/binary-exploitation/common-binary-protections-and-bypasses/stack-canaries/bf-forked-stack-canaries.md
+++ b/src/binary-exploitation/common-binary-protections-and-bypasses/stack-canaries/bf-forked-stack-canaries.md
@@ -123,4 +123,4 @@ Check also the presentation of [https://www.slideshare.net/codeblue_jp/master-ca
 
 
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../../banners/hacktricks-training.md}}
diff --git a/src/binary-exploitation/ios-exploiting.md b/src/binary-exploitation/ios-exploiting.md
index d97f353f8..953950986 100644
--- a/src/binary-exploitation/ios-exploiting.md
+++ b/src/binary-exploitation/ios-exploiting.md
@@ -1,6 +1,6 @@
 # iOS Exploiting
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../banners/hacktricks-training.md}}
 
 ## Physical use-after-free
 
@@ -213,4 +213,4 @@ void iosurface_kwrite64(uint64_t addr, uint64_t value) {
 With these primitives, the exploit provides controlled **32-bit reads** and **64-bit writes** to kernel memory. Further jailbreak steps could involve more stable read/write primitives, which may require bypassing additional protections (e.g., PPL on newer arm64e devices).
 
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../banners/hacktricks-training.md}}
diff --git a/src/binary-exploitation/libc-heap/README.md b/src/binary-exploitation/libc-heap/README.md
index 7ebab0f69..5fe3757f9 100644
--- a/src/binary-exploitation/libc-heap/README.md
+++ b/src/binary-exploitation/libc-heap/README.md
@@ -1,6 +1,6 @@
 # Libc Heap
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
 
 ## Heap Basics
 
@@ -531,4 +531,4 @@ heap-memory-functions/heap-functions-security-checks.md
 - [https://azeria-labs.com/heap-exploitation-part-2-glibc-heap-free-bins/](https://azeria-labs.com/heap-exploitation-part-2-glibc-heap-free-bins/)
 
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
diff --git a/src/binary-exploitation/libc-heap/use-after-free/first-fit.md b/src/binary-exploitation/libc-heap/use-after-free/first-fit.md
index c90112b42..d74bacb45 100644
--- a/src/binary-exploitation/libc-heap/use-after-free/first-fit.md
+++ b/src/binary-exploitation/libc-heap/use-after-free/first-fit.md
@@ -66,4 +66,4 @@ d = malloc(20);   // a
 
 
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../../banners/hacktricks-training.md}}
diff --git a/src/generic-methodologies-and-resources/phishing-methodology/discord-invite-hijacking.md b/src/generic-methodologies-and-resources/phishing-methodology/discord-invite-hijacking.md
index 5fa7203cf..a7b5f902f 100644
--- a/src/generic-methodologies-and-resources/phishing-methodology/discord-invite-hijacking.md
+++ b/src/generic-methodologies-and-resources/phishing-methodology/discord-invite-hijacking.md
@@ -60,4 +60,4 @@ This approach avoids direct file downloads and leverages familiar UI elements to
 - From Trust to Threat: Hijacked Discord Invites Used for Multi-Stage Malware Delivery – https://research.checkpoint.com/2025/from-trust-to-threat-hijacked-discord-invites-used-for-multi-stage-malware-delivery/
 - Discord Custom Invite Link Documentation – https://support.discord.com/hc/en-us/articles/115001542132-Custom-Invite-Link
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
diff --git a/src/generic-methodologies-and-resources/threat-modeling.md b/src/generic-methodologies-and-resources/threat-modeling.md
index 3ed08bd94..87bf50c2a 100644
--- a/src/generic-methodologies-and-resources/threat-modeling.md
+++ b/src/generic-methodologies-and-resources/threat-modeling.md
@@ -1,6 +1,6 @@
 # Threat Modeling
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../banners/hacktricks-training.md}}
 
 ## Threat Modeling
 
@@ -113,5 +113,4 @@ Now your finished model should look something like this. And this is how you mak
 This is a free tool from Microsoft that helps in finding threats in the design phase of software projects. It uses the STRIDE methodology and is particularly suitable for those developing on Microsoft's stack.
 
 
-{{#include /src/banners/hacktricks-training.md}}
-
+{{#include ../banners/hacktricks-training.md}}
diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-dangerous-entitlements.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-dangerous-entitlements.md
index cf4dd992e..629d72108 100644
--- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-dangerous-entitlements.md
+++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-dangerous-entitlements.md
@@ -166,11 +166,11 @@ Allow the process to **ask for all the TCC permissions**.
 
 ### **`kTCCServicePostEvent`**
 
-{{#include ../../../banners/hacktricks-training.md}}
+
 
 </details>
 
 
 
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../../banners/hacktricks-training.md}}
diff --git a/src/mobile-pentesting/android-app-pentesting/flutter.md b/src/mobile-pentesting/android-app-pentesting/flutter.md
index 907176652..20ae431fc 100644
--- a/src/mobile-pentesting/android-app-pentesting/flutter.md
+++ b/src/mobile-pentesting/android-app-pentesting/flutter.md
@@ -80,4 +80,4 @@ Flutter itself **ignores device proxy settings**. Easiest options:
 - [https://sensepost.com/blog/2025/intercepting-https-communication-in-flutter-going-full-hardcore-mode-with-frida/](https://sensepost.com/blog/2025/intercepting-https-communication-in-flutter-going-full-hardcore-mode-with-frida/)
 
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
diff --git a/src/mobile-pentesting/ios-pentesting/ios-pentesting-without-jailbreak.md b/src/mobile-pentesting/ios-pentesting/ios-pentesting-without-jailbreak.md
index 791da2761..1f226fae0 100644
--- a/src/mobile-pentesting/ios-pentesting/ios-pentesting-without-jailbreak.md
+++ b/src/mobile-pentesting/ios-pentesting/ios-pentesting-without-jailbreak.md
@@ -106,7 +106,7 @@ Recent Frida releases (>=16) automatically handle pointer authentication and oth
 
 ### Automated dynamic analysis with MobSF (no jailbreak)
 
-[MobSF](https://mobsf.github.io/Mobile-Security-Framework-MobSF/) can instrument a dev-signed IPA on a real device using the same technique (`get_task_allow`) and provides a web UI with filesystem browser, traffic capture and Frida console【†L2-L3】. The quickest way is to run MobSF in Docker and then plug your iPhone via USB:
+[MobSF](https://mobsf.github.io/Mobile-Security-Framework-MobSF/) can instrument a dev-signed IPA on a real device using the same technique (`get_task_allow`) and provides a web UI with filesystem browser, traffic capture and Frida console【】. The quickest way is to run MobSF in Docker and then plug your iPhone via USB:
 
 ```bash
 docker pull opensecurity/mobile-security-framework-mobsf:latest
diff --git a/src/network-services-pentesting/1414-pentesting-ibmmq.md b/src/network-services-pentesting/1414-pentesting-ibmmq.md
index 68aab11f2..64eef8b2c 100644
--- a/src/network-services-pentesting/1414-pentesting-ibmmq.md
+++ b/src/network-services-pentesting/1414-pentesting-ibmmq.md
@@ -364,4 +364,4 @@ CONTAINER ID   IMAGE                                COMMAND                  CRE
 
 
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../banners/hacktricks-training.md}}
diff --git a/src/network-services-pentesting/pentesting-ntp.md b/src/network-services-pentesting/pentesting-ntp.md
index c330fe2e9..bfc1e6851 100644
--- a/src/network-services-pentesting/pentesting-ntp.md
+++ b/src/network-services-pentesting/pentesting-ntp.md
@@ -195,4 +195,4 @@ Entry_2:
 - Khronos/Chronos draft (time-shift mitigation) 
 - chronyc manual/examples for remote monitoring 
 - zgrab2 ntp module docs 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../banners/hacktricks-training.md}}
diff --git a/src/network-services-pentesting/pentesting-web/angular.md b/src/network-services-pentesting/pentesting-web/angular.md
index ff1648acb..9a8042d7c 100644
--- a/src/network-services-pentesting/pentesting-web/angular.md
+++ b/src/network-services-pentesting/pentesting-web/angular.md
@@ -1,6 +1,6 @@
 # Angular
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
 
 ## The Checklist
 
@@ -616,5 +616,4 @@ According to the W3C documentation, the `window.location` and `document.location
 
 
 
-{{#include /src/banners/hacktricks-training.md}}
-
+{{#include ../../banners/hacktricks-training.md}}
diff --git a/src/network-services-pentesting/pentesting-web/django.md b/src/network-services-pentesting/pentesting-web/django.md
index febaec344..90c75a794 100644
--- a/src/network-services-pentesting/pentesting-web/django.md
+++ b/src/network-services-pentesting/pentesting-web/django.md
@@ -1,6 +1,6 @@
 # Django
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
 
 ## Cache Manipulation to RCE
 Django's default cache storage method is [Python pickles](https://docs.python.org/3/library/pickle.html), which can lead to RCE if [untrusted input is unpickled](https://media.blackhat.com/bh-us-11/Slaviero/BH_US_11_Slaviero_Sour_Pickles_Slides.pdf). **If an attacker can gain write access to the cache, they can escalate this vulnerability to RCE on the underlying server**.
@@ -76,4 +76,4 @@ Always fingerprint the exact framework version via the `X-Frame-Options` error p
 * Django security release – "Django 5.2.2, 5.1.10, 4.2.22 address CVE-2025-48432" – 4 Jun 2025. 
 * OP-Innovate: "Django releases security updates to address SQL injection flaw CVE-2024-42005" – 11 Aug 2024. 
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
diff --git a/src/network-services-pentesting/pentesting-web/laravel.md b/src/network-services-pentesting/pentesting-web/laravel.md
index ecf2c580d..62d5c4097 100644
--- a/src/network-services-pentesting/pentesting-web/laravel.md
+++ b/src/network-services-pentesting/pentesting-web/laravel.md
@@ -1,6 +1,6 @@
 # Laravel
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
 
 ### Laravel SQLInjection
 
@@ -91,7 +91,7 @@ The private Go tool **nounours** pushes AES-CBC/GCM bruteforce throughput to ~1.
 * [PHPGGC – PHP Generic Gadget Chains](https://github.com/ambionics/phpggc)
 * [CVE-2018-15133 write-up (WithSecure)](https://labs.withsecure.com/archive/laravel-cookie-forgery-decryption-and-rce)
 
-{{#include ../../banners/hacktricks-training.md}}
+
 
 
 ## Laravel Tricks
@@ -283,4 +283,3 @@ The private Go tool **nounours** pushes AES-CBC/GCM bruteforce throughput to ~1.
 
 {{#include ../../banners/hacktricks-training.md}}
 
-
diff --git a/src/network-services-pentesting/pentesting-web/nodejs-express.md b/src/network-services-pentesting/pentesting-web/nodejs-express.md
index cd0d1c66b..f51ed42c6 100644
--- a/src/network-services-pentesting/pentesting-web/nodejs-express.md
+++ b/src/network-services-pentesting/pentesting-web/nodejs-express.md
@@ -1,6 +1,6 @@
 # NodeJS Express
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
 
 ## Cookie Signature
 
@@ -39,5 +39,4 @@ cookie-monster -e -f new_cookie.json -k secret
 ```
 
 
-{{#include /src/banners/hacktricks-training.md}}
-
+{{#include ../../banners/hacktricks-training.md}}
diff --git a/src/network-services-pentesting/pentesting-web/spring-actuators.md b/src/network-services-pentesting/pentesting-web/spring-actuators.md
index 164be26bf..1c02371ee 100644
--- a/src/network-services-pentesting/pentesting-web/spring-actuators.md
+++ b/src/network-services-pentesting/pentesting-web/spring-actuators.md
@@ -63,9 +63,9 @@ Host: target.com
 Connection: close
 ```
 
-    {{#include ../../banners/hacktricks-training.md}}
 
 
 
 
-{{#include /src/banners/hacktricks-training.md}}
+
+{{#include ../../banners/hacktricks-training.md}}
diff --git a/src/pentesting-web/dapps-DecentralizedApplications.md b/src/pentesting-web/dapps-DecentralizedApplications.md
index 6d2e3871b..21626d3b2 100644
--- a/src/pentesting-web/dapps-DecentralizedApplications.md
+++ b/src/pentesting-web/dapps-DecentralizedApplications.md
@@ -1,6 +1,6 @@
 # DApps - Decentralized Applications
 
-{{#include ../../banners/hacktricks-training.md}}
+{{#include ../banners/hacktricks-training.md}}
 
 ## What is a DApp?
 
@@ -79,6 +79,5 @@ In the scenario **`Mishandling of Asset Classes`**, is explained that the backen
 - [https://www.certik.com/resources/blog/web2-meets-web3-hacking-decentralized-applications](https://www.certik.com/resources/blog/web2-meets-web3-hacking-decentralized-applications)
 
 
-{{#include ../../banners/hacktricks-training.md}}
-
+{{#include ../banners/hacktricks-training.md}}
 
diff --git a/src/pentesting-web/file-inclusion/lfi2rce-via-nginx-temp-files.md b/src/pentesting-web/file-inclusion/lfi2rce-via-nginx-temp-files.md
index 4ba103e46..8862b2f93 100644
--- a/src/pentesting-web/file-inclusion/lfi2rce-via-nginx-temp-files.md
+++ b/src/pentesting-web/file-inclusion/lfi2rce-via-nginx-temp-files.md
@@ -47,13 +47,13 @@ if **name** == "**main**": print('\[DEBUG] Creating requests session') requests\
 
 - [https://bierbaumer.net/security/php-lfi-with-nginx-assistance/](https://bierbaumer.net/security/php-lfi-with-nginx-assistance/)
 
+
+
+```
+
+```
+
+
+
+
 {{#include ../../banners/hacktricks-training.md}}
-
-```
-
-```
-
-
-
-
-{{#include /src/banners/hacktricks-training.md}}
diff --git a/src/pentesting-web/idor.md b/src/pentesting-web/idor.md
index 32ef75d5d..e0f95bfdf 100644
--- a/src/pentesting-web/idor.md
+++ b/src/pentesting-web/idor.md
@@ -80,10 +80,10 @@ Combined with **default admin credentials** (`123456:123456`) that granted acces
 * **OWASP ZAP**: Auth Matrix, Forced Browse.  
 * **Github projects**: `bwapp-idor-scanner`, `Blindy` (bulk IDOR hunting).
 
-{{#include ../banners/hacktricks-training.md}}
+
 
 ## References
 * [McHire Chatbot Platform: Default Credentials and IDOR Expose 64M Applicants’ PII](https://ian.sh/mcdonalds)
 * [OWASP Top 10 – Broken Access Control](https://owasp.org/Top10/A01_2021-Broken_Access_Control/)
 * [How to Find More IDORs – Vickie Li](https://medium.com/@vickieli/how-to-find-more-idors-ae2db67c9489)
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../banners/hacktricks-training.md}}
diff --git a/src/pentesting-web/xss-cross-site-scripting/README.md b/src/pentesting-web/xss-cross-site-scripting/README.md
index d690529aa..e82d29aba 100644
--- a/src/pentesting-web/xss-cross-site-scripting/README.md
+++ b/src/pentesting-web/xss-cross-site-scripting/README.md
@@ -1,6 +1,6 @@
 # XSS (Cross Site Scripting)
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
 
 ## Methodology
 
diff --git a/src/todo/hardware-hacking/fault_injection_attacks.md b/src/todo/hardware-hacking/fault_injection_attacks.md
index 96ff08913..ab7a47a7c 100644
--- a/src/todo/hardware-hacking/fault_injection_attacks.md
+++ b/src/todo/hardware-hacking/fault_injection_attacks.md
@@ -1,6 +1,6 @@
 # Fault Injection Attacks 
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
 
 Fault injections attacks includes introducing external distrubance in electronic circuits to influence it's behaviour, resulting to disclose information or even bypass certian restrictions in the circuit. This attacks opens a lot of possibilities for attacking electronic circuits. This attack is also referred as glitching of electronic circuits.
 
@@ -8,4 +8,4 @@ There are a lot of methods and mediums for injecting fault into an electronic ci
 
 
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
diff --git a/src/todo/hardware-hacking/side_channel_analysis.md b/src/todo/hardware-hacking/side_channel_analysis.md
index 6ac9fa741..b312f8ed1 100644
--- a/src/todo/hardware-hacking/side_channel_analysis.md
+++ b/src/todo/hardware-hacking/side_channel_analysis.md
@@ -1,6 +1,6 @@
 # Side Channel Analysis Attacks 
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
 
 Side Channel Analysis Attacks refers to determining the information from a device or entity by some other channel or source that has an indirect influence on it and information can be extracted from it. This can be explained better with an example: 
 
@@ -10,4 +10,4 @@ These attacks are very popular in case of leaking data such as private keys or f
 
 
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
diff --git a/src/todo/industrial-control-systems-hacking/README.md b/src/todo/industrial-control-systems-hacking/README.md
index a09ea2c1f..ad736fc4c 100644
--- a/src/todo/industrial-control-systems-hacking/README.md
+++ b/src/todo/industrial-control-systems-hacking/README.md
@@ -1,6 +1,6 @@
 # Industrial Control Systems Hacking 
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
 
 ## About this Section
 
@@ -18,5 +18,4 @@ These techniques can also be used to protect against attacks and blue teaming fo
 
 
 
-{{#include /src/banners/hacktricks-training.md}}
-
+{{#include ../../banners/hacktricks-training.md}}
diff --git a/src/todo/industrial-control-systems-hacking/modbus.md b/src/todo/industrial-control-systems-hacking/modbus.md
index 9f044e573..24bea668e 100644
--- a/src/todo/industrial-control-systems-hacking/modbus.md
+++ b/src/todo/industrial-control-systems-hacking/modbus.md
@@ -1,6 +1,6 @@
 # The Modbus Protocol 
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
 
 ## Introduction to Modbus Protocol 
 
@@ -34,6 +34,5 @@ Due to it's large scale use and lack of upgradations, attacking Modbus provides
 
 
 
-{{#include /src/banners/hacktricks-training.md}}
-
+{{#include ../../banners/hacktricks-training.md}}
 
diff --git a/src/todo/investment-terms.md b/src/todo/investment-terms.md
index 2added321..51e5db7a8 100644
--- a/src/todo/investment-terms.md
+++ b/src/todo/investment-terms.md
@@ -1,6 +1,6 @@
 # Investment Terms
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../banners/hacktricks-training.md}}
 
 ## Spot
 
@@ -71,4 +71,4 @@ However, the buyer will be paying some fee to the seller for opening the option
 
 
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../banners/hacktricks-training.md}}
diff --git a/src/todo/radio-hacking/README.md b/src/todo/radio-hacking/README.md
index 42011e5a4..3322ace68 100644
--- a/src/todo/radio-hacking/README.md
+++ b/src/todo/radio-hacking/README.md
@@ -1,6 +1,5 @@
 # Radio Hacking
 
-{{#include /src/banners/hacktricks-training.md}}
-
+{{#include ../../banners/hacktricks-training.md}}
 
 
diff --git a/src/todo/radio-hacking/fissure-the-rf-framework.md b/src/todo/radio-hacking/fissure-the-rf-framework.md
index f9cfc1334..09dc92b7e 100644
--- a/src/todo/radio-hacking/fissure-the-rf-framework.md
+++ b/src/todo/radio-hacking/fissure-the-rf-framework.md
@@ -1,6 +1,6 @@
 # FISSURE - The RF Framework
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
 
 **Frequency Independent SDR-based Signal Understanding and Reverse Engineering**
 
@@ -187,5 +187,4 @@ Special thanks to Dr. Samuel Mantravadi and Joseph Reith for their contributions
 
 
 
-{{#include /src/banners/hacktricks-training.md}}
-
+{{#include ../../banners/hacktricks-training.md}}
diff --git a/src/todo/radio-hacking/low-power-wide-area-network.md b/src/todo/radio-hacking/low-power-wide-area-network.md
index 5dd51512d..e33e95c62 100644
--- a/src/todo/radio-hacking/low-power-wide-area-network.md
+++ b/src/todo/radio-hacking/low-power-wide-area-network.md
@@ -4,16 +4,96 @@
 
 ## Introduction
 
-**Low-Power Wide Area Network** (LPWAN) is a group of wireless, low-power, wide area network technologies designed for **long-range communications** at a low bit rate.\
+**Low-Power Wide Area Network** (LPWAN) is a group of wireless, low-power, wide-area network technologies designed for **long-range communications** at a low bit rate.
 They can reach more than **six miles** and their **batteries** can last up to **20 years**.
 
-Long Range (**LoRa**) it’s popular in multiple countries and has an open source specification called **LoRaWAN**.
+Long Range (**LoRa**) is currently the most deployed LPWAN physical layer and its open MAC-layer specification is **LoRaWAN**.
 
-### LPWAN, LoRa, and LoRaWAN
+---
 
-[https://github.com/IOActive/laf](https://github.com/IOActive/laf)
+## LPWAN, LoRa, and LoRaWAN
 
+* LoRa – Chirp Spread Spectrum (CSS) physical layer developed by Semtech (proprietary but documented).
+* LoRaWAN – Open MAC/Network layer maintained by the LoRa-Alliance. Versions 1.0.x and 1.1 are common in the field.
+* Typical architecture: *end-device → gateway (packet-forwarder) → network-server → application-server*.
+
+> The **security model** relies on two AES-128 root keys (AppKey/NwkKey) that derive session keys during the *join* procedure (OTAA) or are hard-coded (ABP). If any key leaks the attacker gains full read/write capability over the corresponding traffic.
+
+---
+
+## Attack surface summary
+
+| Layer | Weakness | Practical impact |
+|-------|----------|------------------|
+| PHY | Reactive / selective jamming | 100 % packet loss demonstrated with single SDR and <1 W output |
+| MAC | Join-Accept & data-frame replay (nonce reuse, ABP counter rollover) | Device spoofing, message injection, DoS |
+| Network-Server | Insecure packet-forwarder, weak MQTT/UDP filters, outdated gateway firmware | RCE on gateways → pivot into OT/IT network |
+| Application | Hard-coded or predictable AppKeys | Brute-force/decrypt traffic, impersonate sensors |
+
+---
+
+## Recent vulnerabilities (2023-2025)
+
+* **CVE-2024-29862** – *ChirpStack gateway-bridge & mqtt-forwarder* accepted TCP packets that bypassed stateful firewall rules on Kerlink gateways, allowing remote management interface exposure. Fixed in 4.0.11 / 4.2.1 respectively .
+* **Dragino LG01/LG308 series** – Multiple 2022-2024 CVEs (e.g. 2022-45227 directory traversal, 2022-45228 CSRF) still observed unpatched in 2025; enable unauthenticated firmware dump or config overwrite on thousands of public gateways .
+* Semtech *packet-forwarder UDP* overflow (unreleased advisory, patched 2023-10): crafted uplink larger than 255 B triggered stack-smash ‑> RCE on SX130x reference gateways (found by Black Hat EU 2023 “LoRa Exploitation Reloaded”).
+
+---
+
+## Practical attack techniques
+
+### 1. Sniff & Decrypt traffic
+
+```bash
+# Capture all channels around 868.3 MHz with an SDR (USRP B205)
+python3 lorattack/sniffer.py \
+    --freq 868.3e6 --bw 125e3 --rate 1e6 --sf 7 --session smartcity
+
+# Bruteforce AppKey from captured OTAA join-request/accept pairs
+python3 lorapwn/bruteforce_join.py --pcap smartcity.pcap --wordlist top1m.txt
+```
+
+### 2. OTAA join-replay (DevNonce reuse)
+
+1. Capture a legitimate **JoinRequest**.
+2. Immediately retransmit it (or increment RSSI) before the original device transmits again.
+3. The network-server allocates a new DevAddr & session keys while the target device continues with the old session → attacker owns vacant session and can inject forged uplinks.
+
+### 3. Adaptive Data-Rate (ADR) downgrading
+
+Force SF12/125 kHz to increase airtime → exhaust duty-cycle of gateway (denial-of-service) while keeping battery impact low on attacker (just send network-level MAC commands).
+
+### 4. Reactive jamming
+
+*HackRF One* running GNU Radio flowgraph triggers a wide-band chirp whenever preamble detected – blocks all spreading factors with ≤200 mW TX; full outage measured at 2 km range .
+
+---
+
+## Offensive tooling (2025)
+
+| Tool | Purpose | Notes |
+|------|---------|-------|
+| **LoRaWAN Auditing Framework (LAF)** | Craft/parse/attack LoRaWAN frames, DB-backed analyzers, brute-forcer | Docker image, supports Semtech UDP input |
+| **LoRaPWN** | Trend Micro Python utility to brute OTAA, generate downlinks, decrypt payloads | Demo released 2023, SDR-agnostic |
+| **LoRAttack** | Multi-channel sniffer + replay with USRP; exports PCAP/LoRaTap | Good Wireshark integration |
+| **gr-lora / gr-lorawan** | GNU Radio OOT blocks for baseband TX/RX | Foundation for custom attacks |
+
+---
+
+## Defensive recommendations (pentester checklist)
+
+1. Prefer **OTAA** devices with truly random DevNonce; monitor duplicates.
+2. Enforce **LoRaWAN 1.1**: 32-bit frame counters, distinct FNwkSIntKey / SNwkSIntKey.
+3. Store frame-counter in non-volatile memory (**ABP**) or migrate to OTAA.
+4. Deploy **secure-element** (ATECC608A/SX1262-TRX-SE) to protect root keys against firmware extraction.
+5. Disable remote UDP packet-forwarder ports (1700/1701) or restrict with WireGuard/VPN.
+6. Keep gateways updated; Kerlink/Dragino provide 2024-patched images.
+7. Implement **traffic anomaly detection** (e.g., LAF analyzer) – flag counter resets, duplicate joins, sudden ADR changes.
+
+
+
+## References
+
+* LoRaWAN Auditing Framework (LAF) – https://github.com/IOActive/laf
+* Trend Micro LoRaPWN overview – https://www.hackster.io/news/trend-micro-finds-lorawan-security-lacking-develops-lorapwn-python-utility-bba60c27d57a
 {{#include ../../banners/hacktricks-training.md}}
-
-
-
diff --git a/src/todo/rust-basics.md b/src/todo/rust-basics.md
index 5f78a9154..4340a663a 100644
--- a/src/todo/rust-basics.md
+++ b/src/todo/rust-basics.md
@@ -1,6 +1,6 @@
 # Rust Basics
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../banners/hacktricks-training.md}}
 
 ### Generic Types
 
@@ -320,5 +320,4 @@ fn main() {
 ```
 
 
-{{#include /src/banners/hacktricks-training.md}}
-
+{{#include ../banners/hacktricks-training.md}}
diff --git a/src/todo/test-llms.md b/src/todo/test-llms.md
index 751db9fd9..63b8eb6d4 100644
--- a/src/todo/test-llms.md
+++ b/src/todo/test-llms.md
@@ -1,6 +1,6 @@
 # Test LLMs
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../banners/hacktricks-training.md}}
 
 ## Run & train models locally
 
@@ -52,5 +52,4 @@ It offers several sections like:
 * **API Access:** Simple APIs for running models the enable developers to deploy and scale models effortlessly within their own applications.
 
 
-{{#include /src/banners/hacktricks-training.md}}
-
+{{#include ../banners/hacktricks-training.md}}
diff --git a/src/windows-hardening/active-directory-methodology/TimeRoasting.md b/src/windows-hardening/active-directory-methodology/TimeRoasting.md
index d92f0064b..8d142baeb 100644
--- a/src/windows-hardening/active-directory-methodology/TimeRoasting.md
+++ b/src/windows-hardening/active-directory-methodology/TimeRoasting.md
@@ -1,6 +1,6 @@
 # TimeRoasting
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
 
 timeRoasting, the main cause is the outdated authentication mechanism left by Microsoft in its extension to NTP servers, known as MS-SNTP. In this mechanism, clients can directly use any computer account's Relative Identifier (RID), and the domain controller will use the computer account's NTLM hash (generated by MD4) as the key to generate the **Message Authentication Code (MAC)** of the response packet.
 
@@ -39,4 +39,4 @@ sudo ./timeroast.py 10.0.0.42 | tee ntp-hashes.txt
 hashcat -m 31300 ntp-hashes.txt
 ```
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
diff --git a/src/windows-hardening/active-directory-methodology/printnightmare.md b/src/windows-hardening/active-directory-methodology/printnightmare.md
index 212f04ab1..52d308aae 100644
--- a/src/windows-hardening/active-directory-methodology/printnightmare.md
+++ b/src/windows-hardening/active-directory-methodology/printnightmare.md
@@ -95,7 +95,7 @@ Import-Module .\SpoolFool.ps1 ; Invoke-SpoolFool -dll add_user.dll
 
 **More reading (external):** Check the 2024 walk-through blog post – [Understanding PrintNightmare Vulnerability](https://www.hackingarticles.in/understanding-printnightmare-vulnerability/)
 
-{{#include ../../banners/hacktricks-training.md}}
+
 
 ## References
 
@@ -103,4 +103,4 @@ Import-Module .\SpoolFool.ps1 ; Invoke-SpoolFool -dll add_user.dll
   <https://support.microsoft.com/en-us/topic/kb5005652-manage-new-point-and-print-default-driver-installation-behavior-cve-2021-34481-873642bf-2634-49c5-a23b-6d8e9a302872>
 * Oliver Lyak – *SpoolFool: CVE-2022-21999*  
   <https://github.com/ly4k/SpoolFool>
-{{#include /banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
diff --git a/src/windows-hardening/cobalt-strike.md b/src/windows-hardening/cobalt-strike.md
index 94e4cf8a3..16f733a37 100644
--- a/src/windows-hardening/cobalt-strike.md
+++ b/src/windows-hardening/cobalt-strike.md
@@ -1,6 +1,6 @@
 # Cobalt Strike
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../banners/hacktricks-training.md}}
 
 ### Listeners
 
@@ -371,5 +371,4 @@ pscp -r root@kali:/opt/cobaltstrike/artifact-kit/dist-pipe .
 ```
 
 
-{{#include /src/banners/hacktricks-training.md}}
-
+{{#include ../banners/hacktricks-training.md}}