diff --git a/.gitbook/assets/image (1) (2) (2) (1).png b/.gitbook/assets/image (1) (2) (2) (1).png
new file mode 100644
index 00000000..03b2fa6b
Binary files /dev/null and b/.gitbook/assets/image (1) (2) (2) (1).png differ
diff --git a/.gitbook/assets/image (1) (2) (2).png b/.gitbook/assets/image (1) (2) (2).png
index 03b2fa6b..357f8f6e 100644
Binary files a/.gitbook/assets/image (1) (2) (2).png and b/.gitbook/assets/image (1) (2) (2).png differ
diff --git a/.gitbook/assets/image (1) (2).png b/.gitbook/assets/image (1) (2).png
index 357f8f6e..a10d6ba1 100644
Binary files a/.gitbook/assets/image (1) (2).png and b/.gitbook/assets/image (1) (2).png differ
diff --git a/.gitbook/assets/image (1).png b/.gitbook/assets/image (1).png
index a10d6ba1..9b4be1f5 100644
Binary files a/.gitbook/assets/image (1).png and b/.gitbook/assets/image (1).png differ
diff --git a/.gitbook/assets/image (4) (1) (3).png b/.gitbook/assets/image (4) (1) (3).png
new file mode 100644
index 00000000..769cb6b2
Binary files /dev/null and b/.gitbook/assets/image (4) (1) (3).png differ
diff --git a/.gitbook/assets/image (4) (1).png b/.gitbook/assets/image (4) (1).png
index 769cb6b2..6c4e73dc 100644
Binary files a/.gitbook/assets/image (4) (1).png and b/.gitbook/assets/image (4) (1).png differ
diff --git a/.gitbook/assets/image (4).png b/.gitbook/assets/image (4).png
index 6c4e73dc..f08703cb 100644
Binary files a/.gitbook/assets/image (4).png and b/.gitbook/assets/image (4).png differ
diff --git a/.gitbook/assets/image.png b/.gitbook/assets/image.png
index 9b4be1f5..f08703cb 100644
Binary files a/.gitbook/assets/image.png and b/.gitbook/assets/image.png differ
diff --git a/README.md b/README.md
index effe7095..3fbf5ada 100644
--- a/README.md
+++ b/README.md
@@ -40,7 +40,7 @@ You can check their **blog** in [**https://blog.stmcyber.com**](https://blog.stm
### [RootedCON](https://www.rootedcon.com/)
-
+
[**RootedCON**](https://www.rootedcon.com) is the most relevant cybersecurity event in **Spain** and one of the most important in **Europe**. With **the mission of promoting technical knowledge**, this congress is a boiling meeting point for technology and cybersecurity professionals in every discipline.
@@ -61,11 +61,34 @@ You can check their **blog** in [**https://blog.stmcyber.com**](https://blog.stm
\
-Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
+Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.
+
Get Access Today:
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+### [HACKEN PROFF](https://hackenproof.com/)
+
+
+
+HackenProof is home to all **crypto** bug **bounties**.
+
+* **Get rewarded without delays**
+
+HackenProof bounties launch only when their customers **deposit the reward budget**. You'll get the reward after the bug is verified.
+
+* **Get experience in web3 pentesting**
+
+Blockchain protocols and smart contracts are the new Internet! **Master web3 security** at its rising days.
+
+* **Become the web3 hacker legend**
+
+Gain reputation points with each verified bug and conquer the top of the **weekly leaderboard**.
+
+[**Sign up on HackenProof**](https://hackenproof.com/register) to start earning from your hacks!
+
+{% embed url="https://hackenproof.com/register" %}
+
### [WebSec](https://websec.nl/)
diff --git a/network-services-pentesting/pentesting-postgresql.md b/network-services-pentesting/pentesting-postgresql.md
index fc83df4a..dba48386 100644
--- a/network-services-pentesting/pentesting-postgresql.md
+++ b/network-services-pentesting/pentesting-postgresql.md
@@ -244,7 +244,7 @@ In[ this **writeup**](https://www.wiz.io/blog/the-cloud-has-an-isolation-problem
When you try to **make another user owner of a table** you should get an **error** preventing it, but apparently GCP gave that **option to the not-superuser postgres user** in GCP:
-
+
Joining this idea with the fact that when the **INSERT/UPDATE/**[**ANALYZE**](https://www.postgresql.org/docs/13/sql-analyze.html) commands are executed on a **table with an index function**, the **function** is **called** as part of the command with the **table** **owner’s permissions**. It's possible to create an index with a function and give owner permissions to a **super user** over that table, and then run ANALYZE over the table with the malicious function that will be able to execute commands because it's using the privileges of the owner.
diff --git a/pentesting-web/http-request-smuggling/browser-http-request-smuggling.md b/pentesting-web/http-request-smuggling/browser-http-request-smuggling.md
index 2ed24391..c972da8a 100644
--- a/pentesting-web/http-request-smuggling/browser-http-request-smuggling.md
+++ b/pentesting-web/http-request-smuggling/browser-http-request-smuggling.md
@@ -45,7 +45,7 @@ Secondly, the request must be **triggerable in a web-browser cross-domain**. Bro
The way to test this missconfig is to **send 2 requests and smuggle one** in the **middle**. If the **smuggled** connection **affected** the response of the **second** **request**, it means that it's **vulnerable**:
- (2) (2).png>)
+ (2) (2) (1).png>)
{% hint style="warning" %}
Note that you **cannot** test this vuln by just sending a **Content-Length bigger** than the one sent and **looking for a timeout** because some servers **respond** even if they **didn't receive the whole body**.
diff --git a/pentesting-web/sql-injection/README.md b/pentesting-web/sql-injection/README.md
index 8e51369c..41fd482e 100644
--- a/pentesting-web/sql-injection/README.md
+++ b/pentesting-web/sql-injection/README.md
@@ -12,8 +12,6 @@
-
-
[**RootedCON**](https://www.rootedcon.com/) is the most relevant cybersecurity event in **Spain** and one of the most important in **Europe**. With **the mission of promoting technical knowledge**, this congress is a boiling meeting point for technology and cybersecurity professionals in every discipline.
diff --git a/pentesting-web/ssti-server-side-template-injection/README.md b/pentesting-web/ssti-server-side-template-injection/README.md
index a3f4160c..b6fdf07f 100644
--- a/pentesting-web/ssti-server-side-template-injection/README.md
+++ b/pentesting-web/ssti-server-side-template-injection/README.md
@@ -12,7 +12,7 @@
-
+
[**RootedCON**](https://www.rootedcon.com) is the most relevant cybersecurity event in **Spain** and one of the most important in **Europe**. With **the mission of promoting technical knowledge**, this congress is a boiling meeting point for technology and cybersecurity professionals in every discipline.
diff --git a/windows-hardening/active-directory-methodology/ad-certificates/domain-escalation.md b/windows-hardening/active-directory-methodology/ad-certificates/domain-escalation.md
index a60b9adb..27720bdf 100644
--- a/windows-hardening/active-directory-methodology/ad-certificates/domain-escalation.md
+++ b/windows-hardening/active-directory-methodology/ad-certificates/domain-escalation.md
@@ -489,11 +489,11 @@ Notice that the `userPrincipalName` in the certificate is `Administrator` and th
Then, we change back the `userPrincipalName` of `Jane` to be something else, like her original `userPrincipalName` `Jane@corp.local`.
-
+
Now, if we try to authenticate with the certificate, we will receive the NT hash of the `Administrator@corp.local` user. You will need to add `-domain ` to your command line since there is no domain specified in the certificate.
-
+
## Weak Certificate Mappings - ESC10
.png)
 (1) (2).png)
.png)
 (1).png)
.png)
 (1).png)
 (1) (3).png)
 (2).png)
 (2) (2).png)