HackTricks-wiki · carlospolop · Jul 12, 2025 · Jul 12, 2025
diff --git a/src/AI/AI-llm-architecture/0.-basic-llm-concepts.md b/src/AI/AI-llm-architecture/0.-basic-llm-concepts.md
@@ -1,6 +1,6 @@
 # 0. Basic LLM Concepts
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
 
 ## Pretraining
 
@@ -300,4 +300,4 @@ During the backward pass:
 - **Accuracy:** Provides exact derivatives up to machine precision.
 - **Ease of Use:** Eliminates manual computation of derivatives.
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
diff --git a/src/AI/AI-llm-architecture/1.-tokenizing.md b/src/AI/AI-llm-architecture/1.-tokenizing.md
@@ -1,6 +1,6 @@
 # 1. Tokenizing
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
 
 ## Tokenizing
 
@@ -99,4 +99,4 @@ print(token_ids[:50])
 - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch)
 
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
diff --git a/src/AI/AI-llm-architecture/2.-data-sampling.md b/src/AI/AI-llm-architecture/2.-data-sampling.md
@@ -1,6 +1,6 @@
 # 2. Data Sampling
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
 
 ## **Data Sampling**
 
@@ -241,4 +241,4 @@ tensor([[  367,  2885,  1464,  1807],
 - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch)
 
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
diff --git a/src/AI/AI-llm-architecture/3.-token-embeddings.md b/src/AI/AI-llm-architecture/3.-token-embeddings.md
@@ -1,6 +1,6 @@
 # 3. Token Embeddings
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
 
 ## Token Embeddings
 
@@ -219,4 +219,4 @@ print(input_embeddings.shape) # torch.Size([8, 4, 256])
 - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch)
 
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
diff --git a/src/AI/AI-llm-architecture/4.-attention-mechanisms.md b/src/AI/AI-llm-architecture/4.-attention-mechanisms.md
@@ -1,6 +1,6 @@
 # 4. Attention Mechanisms
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
 
 ## Attention Mechanisms and Self-Attention in Neural Networks
 
@@ -430,5 +430,4 @@ For another compact and efficient implementation you could use the [`torch.nn.Mu
 - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch)
 
 
-{{#include /src/banners/hacktricks-training.md}}
-
+{{#include ../../banners/hacktricks-training.md}}
diff --git a/src/AI/AI-llm-architecture/5.-llm-architecture.md b/src/AI/AI-llm-architecture/5.-llm-architecture.md
@@ -1,6 +1,6 @@
 # 5. LLM Architecture
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
 
 ## LLM Architecture
 
@@ -702,4 +702,4 @@ print("Output length:", len(out[0]))
 - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch)
 
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
diff --git a/src/AI/AI-llm-architecture/6.-pre-training-and-loading-models.md b/src/AI/AI-llm-architecture/6.-pre-training-and-loading-models.md
@@ -1,6 +1,6 @@
 # 6. Pre-training & Loading models
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
 
 ## Text Generation
 
@@ -971,4 +971,4 @@ There 2 quick scripts to load the GPT2 weights locally. For both you can clone t
 - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch)
 
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
diff --git a/src/AI/AI-llm-architecture/7.0.-lora-improvements-in-fine-tuning.md b/src/AI/AI-llm-architecture/7.0.-lora-improvements-in-fine-tuning.md
@@ -1,6 +1,6 @@
 # 7.0. LoRA Improvements in fine-tuning
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
 
 ## LoRA Improvements
 
@@ -64,4 +64,4 @@ def replace_linear_with_lora(model, rank, alpha):
 
 - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch)
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
diff --git a/src/AI/AI-llm-architecture/7.1.-fine-tuning-for-classification.md b/src/AI/AI-llm-architecture/7.1.-fine-tuning-for-classification.md
@@ -1,6 +1,6 @@
 # 7.1. Fine-Tuning for Classification
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
 
 ## What is
 
@@ -117,4 +117,4 @@ You can find all the code to fine-tune GPT2 to be a spam classifier in [https://
 
 - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch)
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
diff --git a/src/AI/AI-llm-architecture/7.2.-fine-tuning-to-follow-instructions.md b/src/AI/AI-llm-architecture/7.2.-fine-tuning-to-follow-instructions.md
@@ -1,6 +1,6 @@
 # 7.2. Fine-Tuning to follow instructions
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
 
 > [!TIP]
 > The goal of this section is to show how to **fine-tune an already pre-trained model to follow instructions** rather than just generating text, for example, responding to tasks as a chat bot.
@@ -107,4 +107,4 @@ You can find an example of the code to perform this fine tuning in [https://gith
 
 - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch)
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
diff --git a/src/AI/AI-llm-architecture/README.md b/src/AI/AI-llm-architecture/README.md
@@ -1,6 +1,6 @@
 # LLM Training - Data Preparation
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
 
 **These are my notes from the very recommended book** [**https://www.manning.com/books/build-a-large-language-model-from-scratch**](https://www.manning.com/books/build-a-large-language-model-from-scratch) **with some extra information.**
 
@@ -99,4 +99,4 @@ You should start by reading this post for some basic concepts you should know ab
 7.2.-fine-tuning-to-follow-instructions.md
 {{#endref}}
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
diff --git a/src/binary-exploitation/arbitrary-write-2-exec/README.md b/src/binary-exploitation/arbitrary-write-2-exec/README.md
@@ -1,6 +1,5 @@
 # Arbitrary Write 2 Exec
 
-{{#include /src/banners/hacktricks-training.md}}
-
+{{#include ../../banners/hacktricks-training.md}}
 
 
diff --git a/src/binary-exploitation/arbitrary-write-2-exec/aw2exec-sips-icc-profile.md b/src/binary-exploitation/arbitrary-write-2-exec/aw2exec-sips-icc-profile.md
@@ -52,4 +52,4 @@ Successful exploitation results in remote arbitrary code execution at user privi
 - Apple October 2024 Security Update (patch shipping CVE-2024-44236)  
   https://support.apple.com/en-us/121564
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
diff --git a/src/binary-exploitation/array-indexing.md b/src/binary-exploitation/array-indexing.md
@@ -20,4 +20,4 @@ However he you can find some nice **examples**:
 
 
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../banners/hacktricks-training.md}}
diff --git a/...mmon-binary-protections-and-bypasses/stack-canaries/bf-forked-stack-canaries.md b/...mmon-binary-protections-and-bypasses/stack-canaries/bf-forked-stack-canaries.md
@@ -123,4 +123,4 @@ Check also the presentation of [https://www.slideshare.net/codeblue_jp/master-ca
 
 
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../../banners/hacktricks-training.md}}
diff --git a/src/binary-exploitation/ios-exploiting.md b/src/binary-exploitation/ios-exploiting.md
@@ -1,6 +1,6 @@
 # iOS Exploiting
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../banners/hacktricks-training.md}}
 
 ## Physical use-after-free
 
@@ -213,4 +213,4 @@ void iosurface_kwrite64(uint64_t addr, uint64_t value) {
 With these primitives, the exploit provides controlled **32-bit reads** and **64-bit writes** to kernel memory. Further jailbreak steps could involve more stable read/write primitives, which may require bypassing additional protections (e.g., PPL on newer arm64e devices).
 
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../banners/hacktricks-training.md}}
diff --git a/src/binary-exploitation/libc-heap/README.md b/src/binary-exploitation/libc-heap/README.md
@@ -1,6 +1,6 @@
 # Libc Heap
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
 
 ## Heap Basics
 
@@ -531,4 +531,4 @@ heap-memory-functions/heap-functions-security-checks.md
 - [https://azeria-labs.com/heap-exploitation-part-2-glibc-heap-free-bins/](https://azeria-labs.com/heap-exploitation-part-2-glibc-heap-free-bins/)
 
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
diff --git a/src/binary-exploitation/libc-heap/use-after-free/first-fit.md b/src/binary-exploitation/libc-heap/use-after-free/first-fit.md
@@ -66,4 +66,4 @@ d = malloc(20);   // a
 
 
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../../banners/hacktricks-training.md}}
diff --git a/...ic-methodologies-and-resources/phishing-methodology/discord-invite-hijacking.md b/...ic-methodologies-and-resources/phishing-methodology/discord-invite-hijacking.md
@@ -60,4 +60,4 @@ This approach avoids direct file downloads and leverages familiar UI elements to
 - From Trust to Threat: Hijacked Discord Invites Used for Multi-Stage Malware Delivery – https://research.checkpoint.com/2025/from-trust-to-threat-hijacked-discord-invites-used-for-multi-stage-malware-delivery/
 - Discord Custom Invite Link Documentation – https://support.discord.com/hc/en-us/articles/115001542132-Custom-Invite-Link
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
diff --git a/src/generic-methodologies-and-resources/threat-modeling.md b/src/generic-methodologies-and-resources/threat-modeling.md
@@ -1,6 +1,6 @@
 # Threat Modeling
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../banners/hacktricks-training.md}}
 
 ## Threat Modeling
 
@@ -113,5 +113,4 @@ Now your finished model should look something like this. And this is how you mak
 This is a free tool from Microsoft that helps in finding threats in the design phase of software projects. It uses the STRIDE methodology and is particularly suitable for those developing on Microsoft's stack.
 
 
-{{#include /src/banners/hacktricks-training.md}}
-
+{{#include ../banners/hacktricks-training.md}}
diff --git a/...privilege-escalation/macos-security-protections/macos-dangerous-entitlements.md b/...privilege-escalation/macos-security-protections/macos-dangerous-entitlements.md
@@ -166,11 +166,11 @@ Allow the process to **ask for all the TCC permissions**.
 
 ### **`kTCCServicePostEvent`**
 
-{{#include ../../../banners/hacktricks-training.md}}
+
 
 </details>
 
 
 
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../../banners/hacktricks-training.md}}
diff --git a/src/mobile-pentesting/android-app-pentesting/flutter.md b/src/mobile-pentesting/android-app-pentesting/flutter.md
@@ -80,4 +80,4 @@ Flutter itself **ignores device proxy settings**. Easiest options:
 - [https://sensepost.com/blog/2025/intercepting-https-communication-in-flutter-going-full-hardcore-mode-with-frida/](https://sensepost.com/blog/2025/intercepting-https-communication-in-flutter-going-full-hardcore-mode-with-frida/)
 
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
diff --git a/src/mobile-pentesting/ios-pentesting/ios-pentesting-without-jailbreak.md b/src/mobile-pentesting/ios-pentesting/ios-pentesting-without-jailbreak.md
@@ -106,7 +106,7 @@ Recent Frida releases (>=16) automatically handle pointer authentication and oth
 
 ### Automated dynamic analysis with MobSF (no jailbreak)
 
-[MobSF](https://mobsf.github.io/Mobile-Security-Framework-MobSF/) can instrument a dev-signed IPA on a real device using the same technique (`get_task_allow`) and provides a web UI with filesystem browser, traffic capture and Frida console【†L2-L3】. The quickest way is to run MobSF in Docker and then plug your iPhone via USB:
+[MobSF](https://mobsf.github.io/Mobile-Security-Framework-MobSF/) can instrument a dev-signed IPA on a real device using the same technique (`get_task_allow`) and provides a web UI with filesystem browser, traffic capture and Frida console【】. The quickest way is to run MobSF in Docker and then plug your iPhone via USB:
 
 ```bash
 docker pull opensecurity/mobile-security-framework-mobsf:latest

diff --git a/src/network-services-pentesting/1414-pentesting-ibmmq.md b/src/network-services-pentesting/1414-pentesting-ibmmq.md
@@ -364,4 +364,4 @@ CONTAINER ID   IMAGE                                COMMAND                  CRE
 
 
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../banners/hacktricks-training.md}}
diff --git a/src/network-services-pentesting/pentesting-ntp.md b/src/network-services-pentesting/pentesting-ntp.md
@@ -195,4 +195,4 @@ Entry_2:
 - Khronos/Chronos draft (time-shift mitigation) 
 - chronyc manual/examples for remote monitoring 
 - zgrab2 ntp module docs 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../banners/hacktricks-training.md}}
diff --git a/src/network-services-pentesting/pentesting-web/angular.md b/src/network-services-pentesting/pentesting-web/angular.md
@@ -1,6 +1,6 @@
 # Angular
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
 
 ## The Checklist
 
@@ -616,5 +616,4 @@ According to the W3C documentation, the `window.___location` and `document.___location
 
 
 
-{{#include /src/banners/hacktricks-training.md}}
-
+{{#include ../../banners/hacktricks-training.md}}
diff --git a/src/network-services-pentesting/pentesting-web/django.md b/src/network-services-pentesting/pentesting-web/django.md
@@ -1,6 +1,6 @@
 # Django
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
 
 ## Cache Manipulation to RCE
 Django's default cache storage method is [Python pickles](https://docs.python.org/3/library/pickle.html), which can lead to RCE if [untrusted input is unpickled](https://media.blackhat.com/bh-us-11/Slaviero/BH_US_11_Slaviero_Sour_Pickles_Slides.pdf). **If an attacker can gain write access to the cache, they can escalate this vulnerability to RCE on the underlying server**.
@@ -76,4 +76,4 @@ Always fingerprint the exact framework version via the `X-Frame-Options` error p
 * Django security release – "Django 5.2.2, 5.1.10, 4.2.22 address CVE-2025-48432" – 4 Jun 2025. 
 * OP-Innovate: "Django releases security updates to address SQL injection flaw CVE-2024-42005" – 11 Aug 2024. 
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
diff --git a/src/network-services-pentesting/pentesting-web/laravel.md b/src/network-services-pentesting/pentesting-web/laravel.md
@@ -1,6 +1,6 @@
 # Laravel
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
 
 ### Laravel SQLInjection
 
@@ -91,7 +91,7 @@ The private Go tool **nounours** pushes AES-CBC/GCM bruteforce throughput to ~1.
 * [PHPGGC – PHP Generic Gadget Chains](https://github.com/ambionics/phpggc)
 * [CVE-2018-15133 write-up (WithSecure)](https://labs.withsecure.com/archive/laravel-cookie-forgery-decryption-and-rce)
 
-{{#include ../../banners/hacktricks-training.md}}
+
 
 
 ## Laravel Tricks
@@ -283,4 +283,3 @@ The private Go tool **nounours** pushes AES-CBC/GCM bruteforce throughput to ~1.
 
 {{#include ../../banners/hacktricks-training.md}}
 
-
diff --git a/src/network-services-pentesting/pentesting-web/nodejs-express.md b/src/network-services-pentesting/pentesting-web/nodejs-express.md
@@ -1,6 +1,6 @@
 # NodeJS Express
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
 
 ## Cookie Signature
 
@@ -39,5 +39,4 @@ cookie-monster -e -f new_cookie.json -k secret
 ```
 
 
-{{#include /src/banners/hacktricks-training.md}}
-
+{{#include ../../banners/hacktricks-training.md}}
diff --git a/src/network-services-pentesting/pentesting-web/spring-actuators.md b/src/network-services-pentesting/pentesting-web/spring-actuators.md
@@ -63,9 +63,9 @@ Host: target.com
 Connection: close
 ```
 
-    {{#include ../../banners/hacktricks-training.md}}
 
 
 
 
-{{#include /src/banners/hacktricks-training.md}}
+
+{{#include ../../banners/hacktricks-training.md}}
diff --git a/src/pentesting-web/dapps-DecentralizedApplications.md b/src/pentesting-web/dapps-DecentralizedApplications.md
@@ -1,6 +1,6 @@
 # DApps - Decentralized Applications
 
-{{#include ../../banners/hacktricks-training.md}}
+{{#include ../banners/hacktricks-training.md}}
 
 ## What is a DApp?
 
@@ -79,6 +79,5 @@ In the scenario **`Mishandling of Asset Classes`**, is explained that the backen
 - [https://www.certik.com/resources/blog/web2-meets-web3-hacking-decentralized-applications](https://www.certik.com/resources/blog/web2-meets-web3-hacking-decentralized-applications)
 
 
-{{#include ../../banners/hacktricks-training.md}}
-
+{{#include ../banners/hacktricks-training.md}}
 
diff --git a/src/pentesting-web/file-inclusion/lfi2rce-via-nginx-temp-files.md b/src/pentesting-web/file-inclusion/lfi2rce-via-nginx-temp-files.md
@@ -47,7 +47,7 @@ if **name** == "**main**": print('\[DEBUG] Creating requests session') requests\
 
 - [https://bierbaumer.net/security/php-lfi-with-nginx-assistance/](https://bierbaumer.net/security/php-lfi-with-nginx-assistance/)
 
-{{#include ../../banners/hacktricks-training.md}}
+
 
 ```
 
@@ -56,4 +56,4 @@ if **name** == "**main**": print('\[DEBUG] Creating requests session') requests\
 
 
 
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}
diff --git a/src/pentesting-web/idor.md b/src/pentesting-web/idor.md
@@ -80,10 +80,10 @@ Combined with **default admin credentials** (`123456:123456`) that granted acces
 * **OWASP ZAP**: Auth Matrix, Forced Browse.  
 * **Github projects**: `bwapp-idor-scanner`, `Blindy` (bulk IDOR hunting).
 
-{{#include ../banners/hacktricks-training.md}}
+
 
 ## References
 * [McHire Chatbot Platform: Default Credentials and IDOR Expose 64M Applicants’ PII](https://ian.sh/mcdonalds)
 * [OWASP Top 10 – Broken Access Control](https://owasp.org/Top10/A01_2021-Broken_Access_Control/)
 * [How to Find More IDORs – Vickie Li](https://medium.com/@vickieli/how-to-find-more-idors-ae2db67c9489)
-{{#include /src/banners/hacktricks-training.md}}
+{{#include ../banners/hacktricks-training.md}}
Original file line number	Diff line number	Diff line change
Expand Up		@@ -20,4 +20,4 @@ However he you can find some nice examples:



		{{#include /src/banners/hacktricks-training.md}}
		{{#include ../banners/hacktricks-training.md}}
Original file line number	Diff line number	Diff line change
Expand Up		@@ -123,4 +123,4 @@ Check also the presentation of [https://www.slideshare.net/codeblue_jp/master-ca



		{{#include /src/banners/hacktricks-training.md}}
		{{#include ../../../banners/hacktricks-training.md}}
Original file line number	Diff line number	Diff line change
Expand Up		@@ -66,4 +66,4 @@ d = malloc(20); // a



		{{#include /src/banners/hacktricks-training.md}}
		{{#include ../../../banners/hacktricks-training.md}}
Original file line number	Diff line number	Diff line change
Expand Up		@@ -80,4 +80,4 @@ Flutter itself ignores device proxy settings. Easiest options:
		- [https://sensepost.com/blog/2025/intercepting-https-communication-in-flutter-going-full-hardcore-mode-with-frida/](https://sensepost.com/blog/2025/intercepting-https-communication-in-flutter-going-full-hardcore-mode-with-frida/)


		{{#include /src/banners/hacktricks-training.md}}
		{{#include ../../banners/hacktricks-training.md}}
Original file line number	Diff line number	Diff line change
Expand Up		@@ -364,4 +364,4 @@ CONTAINER ID IMAGE COMMAND CRE



		{{#include /src/banners/hacktricks-training.md}}
		{{#include ../banners/hacktricks-training.md}}