Updating conversion, creating readmes

terminal/websecurity

@@ -1,23 +1,23 @@
-                  Awesome Web Security !Awesome (https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg) (https://github.com/sindresorhus/awesome)
+                               Awesome Web Security !Awesome (https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg) (https://github.com/sindresorhus/awesome)
 
  (https://www.w3.org/TR/html5/)
 
 ▐ 🐶 Curated list of Web Security materials and resources.
 
-Needless to say, most websites suffer from various types of bugs which may eventually lead to vulnerabilities. Why would this happen so often? There can be many factors involved including misconfiguration, 
-shortage of engineers' security skills, etc. To combat this, here is a curated list of Web Security materials and resources for learning cutting edge penetration techniques, and I highly encourage you to read 
-this article "So you want to be a web security researcher? (https://portswigger.net/blog/so-you-want-to-be-a-web-security-researcher)" first.
+Needless to say, most websites suffer from various types of bugs which may eventually lead to vulnerabilities. Why would this happen so often? There can be many factors involved including misconfiguration, shortage of engineers' 
+security skills, etc. To combat this, here is a curated list of Web Security materials and resources for learning cutting edge penetration techniques, and I highly encourage you to read this article "So you want to be a web security 
+researcher? (https://portswigger.net/blog/so-you-want-to-be-a-web-security-researcher)" first.
 
 Please read the contribution guidelines (CONTRIBUTING.md) before contributing.
 
-―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
+――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
 
 
 
-―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
+――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
 
-If you enjoy this awesome list and would like to support it, check out my Patreon (https://www.patreon.com/boik) page :)Also, don't forget to check out my repos (https://github.com/qazbnm456) 🐾 or say hi on my 
-Twitter (https://twitter.com/qazbnm456)!
+If you enjoy this awesome list and would like to support it, check out my Patreon (https://www.patreon.com/boik) page :)Also, don't forget to check out my repos (https://github.com/qazbnm456) 🐾 or say hi on my Twitter 
+(https://twitter.com/qazbnm456)!
 
 Contents
 
@@ -158,8 +158,7 @@
 
 Prototype Pollution
 
-- Prototype pollution attack in NodeJS application (https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf) - Written by @HoLyVieR 
-(https://github.com/HoLyVieR).
+- Prototype pollution attack in NodeJS application (https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf) - Written by @HoLyVieR (https://github.com/HoLyVieR).
 - Exploiting prototype pollution – RCE in Kibana (CVE-2019-7609) (https://research.securitum.com/prototype-pollution-rce-kibana-cve-2019-7609/) - Written by @securitymb (https://twitter.com/securitymb).
 - Real-world JS - 1 (https://blog.p6.is/Real-World-JS-1/) - Written by @po6ix (https://twitter.com/po6ix).
 
@@ -190,16 +189,14 @@
 ORM Injection
 
 - HQL for pentesters (http://blog.h3xstream.com/2014/02/hql-for-pentesters.html) - Written by @h3xstream (https://twitter.com/h3xstream/).
-- HQL : Hyperinsane Query Language (or how to access the whole SQL API within a HQL injection ?) (https://www.synacktiv.com/ressources/hql2sql_sstic_2015_en.pdf) - Written by @_m0bius 
-(https://twitter.com/_m0bius).
+- HQL : Hyperinsane Query Language (or how to access the whole SQL API within a HQL injection ?) (https://www.synacktiv.com/ressources/hql2sql_sstic_2015_en.pdf) - Written by @_m0bius (https://twitter.com/_m0bius).
 - ORM2Pwn: Exploiting injections in Hibernate ORM (https://www.slideshare.net/0ang3el/orm2pwn-exploiting-injections-in-hibernate-orm) - Written by Mikhail Egorov (https://0ang3el.blogspot.tw/).
 - ORM Injection (https://www.slideshare.net/simone.onofri/orm-injection) - Written by Simone Onofri (https://onofri.org/).
 
 
 FTP Injection
 
-- Advisory: Java/Python FTP Injections Allow for Firewall Bypass (http://blog.blindspotsecurity.com/2017/02/advisory-javapython-ftp-injections.html) - Written by Timothy Morgan 
-(https://plus.google.com/105917618099766831589).
+- Advisory: Java/Python FTP Injections Allow for Firewall Bypass (http://blog.blindspotsecurity.com/2017/02/advisory-javapython-ftp-injections.html) - Written by Timothy Morgan (https://plus.google.com/105917618099766831589).
 - SMTP over XXE − how to send emails using Java's XML parser (https://shiftordie.de/blog/2017/02/18/smtp-over-xxe/) - Written by Alexander Klink (https://shiftordie.de/).
 
 
@@ -227,8 +224,7 @@
 SSRF - Server-Side Request Forgery
 
 - SSRF bible. Cheatsheet (https://docs.google.com/document/d/1v1TkWZtrhzRLy0bYXBcdLUedXGb9njTNIJXa3u9akHM/edit) - Written by Wallarm (https://wallarm.com/).
-- PayloadsAllTheThings - Server-Side Request Forgery (https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Server%20Side%20Request%20Forgery) - Written by @swisskyrepo 
-(https://github.com/swisskyrepo).
+- PayloadsAllTheThings - Server-Side Request Forgery (https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Server%20Side%20Request%20Forgery) - Written by @swisskyrepo (https://github.com/swisskyrepo).
 
 
 Web Cache Poisoning
@@ -239,8 +235,7 @@
 
 Relative Path Overwrite
 
-- Large-scale analysis of style injection by relative path overwrite (https://blog.acolyer.org/2018/05/28/large-scale-analysis-of-style-injection-by-relative-path-overwrite/) - Written by The Morning Paper 
-(https://blog.acolyer.org/).
+- Large-scale analysis of style injection by relative path overwrite (https://blog.acolyer.org/2018/05/28/large-scale-analysis-of-style-injection-by-relative-path-overwrite/) - Written by The Morning Paper (https://blog.acolyer.org/).
 - MBSD Technical Whitepaper - A few RPO exploitation techniques (https://www.mbsd.jp/Whitepaper/rpo.pdf) - Written by Mitsui Bussan Secure Directions, Inc. (https://www.mbsd.jp/).
 
 
@@ -255,8 +250,7 @@
 
 - How to Hunt Bugs in SAML; a Methodology - Part I (https://epi052.gitlab.io/notes-to-self/blog/2019-03-07-how-to-test-saml-a-methodology/) - Written by epi (https://epi052.gitlab.io/notes-to-self/).
 - How to Hunt Bugs in SAML; a Methodology - Part II (https://epi052.gitlab.io/notes-to-self/blog/2019-03-13-how-to-test-saml-a-methodology-part-two/) - Written by epi (https://epi052.gitlab.io/notes-to-self/).
-- How to Hunt Bugs in SAML; a Methodology - Part III (https://epi052.gitlab.io/notes-to-self/blog/2019-03-16-how-to-test-saml-a-methodology-part-three/) - Written by epi 
-(https://epi052.gitlab.io/notes-to-self/).
+- How to Hunt Bugs in SAML; a Methodology - Part III (https://epi052.gitlab.io/notes-to-self/blog/2019-03-16-how-to-test-saml-a-methodology-part-three/) - Written by epi (https://epi052.gitlab.io/notes-to-self/).
 - PayloadsAllTheThings - SAML Injection (https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/SAML%20Injection) - Written by @swisskyrepo (https://github.com/swisskyrepo).
 
 
@@ -276,8 +270,7 @@
 
 AngularJS
 
-- XSS without HTML: Client-Side Template Injection with AngularJS (http://blog.portswigger.net/2016/01/xss-without-html-client-side-template.html) - Written by Gareth Heyes 
-(https://www.blogger.com/profile/10856178524811553475).
+- XSS without HTML: Client-Side Template Injection with AngularJS (http://blog.portswigger.net/2016/01/xss-without-html-client-side-template.html) - Written by Gareth Heyes (https://www.blogger.com/profile/10856178524811553475).
 - DOM based Angular sandbox escapes (http://blog.portswigger.net/2017/05/dom-based-angularjs-sandbox-escapes.html) - Written by @garethheyes (https://twitter.com/garethheyes)
 
 
@@ -299,14 +292,13 @@
 
 NFS
 
-- NFS | PENETRATION TESTING ACADEMY (https://pentestacademy.wordpress.com/2017/09/20/nfs/?t=1&cn=ZmxleGlibGVfcmVjc18y&refsrc=email&iid=b34422ce15164e99a193fea0ccc7a02f&uid=1959680352&nid=244+289476616) - Written
-by PENETRATION ACADEMY (https://pentestacademy.wordpress.com/).
+- NFS | PENETRATION TESTING ACADEMY (https://pentestacademy.wordpress.com/2017/09/20/nfs/?t=1&cn=ZmxleGlibGVfcmVjc18y&refsrc=email&iid=b34422ce15164e99a193fea0ccc7a02f&uid=1959680352&nid=244+289476616) - Written by PENETRATION ACADEMY 
+(https://pentestacademy.wordpress.com/).
 
 
 AWS
 
-- PENETRATION TESTING AWS STORAGE: KICKING THE S3 BUCKET (https://rhinosecuritylabs.com/penetration-testing/penetration-testing-aws-storage/) - Written by Dwight Hohnstein from Rhino Security Labs 
-(https://rhinosecuritylabs.com/).
+- PENETRATION TESTING AWS STORAGE: KICKING THE S3 BUCKET (https://rhinosecuritylabs.com/penetration-testing/penetration-testing-aws-storage/) - Written by Dwight Hohnstein from Rhino Security Labs (https://rhinosecuritylabs.com/).
 - AWS PENETRATION TESTING PART 1. S3 BUCKETS (https://www.virtuesecurity.com/aws-penetration-testing-part-1-s3-buckets/) - Written by VirtueSecurity (https://www.virtuesecurity.com/).
 - AWS PENETRATION TESTING PART 2. S3, IAM, EC2 (https://www.virtuesecurity.com/aws-penetration-testing-part-2-s3-iam-ec2/) - Written by VirtueSecurity (https://www.virtuesecurity.com/).
 - Misadventures in AWS (https://labs.f-secure.com/blog/misadventures-in-aws) - Written by Christian Demko
@@ -314,10 +306,8 @@
 
 Azure
 
-- Common Azure Security Vulnerabilities and Misconfigurations (https://rhinosecuritylabs.com/cloud-security/common-azure-security-vulnerabilities/) - Written by @rhinobenjamin 
-(https://twitter.com/rhinobenjamin).
-- Cloud Security Risks (Part 1): Azure CSV Injection Vulnerability (https://rhinosecuritylabs.com/azure/cloud-security-risks-part-1-azure-csv-injection-vulnerability/) - Written by @spengietz 
-(https://twitter.com/spengietz).
+- Common Azure Security Vulnerabilities and Misconfigurations (https://rhinosecuritylabs.com/cloud-security/common-azure-security-vulnerabilities/) - Written by @rhinobenjamin (https://twitter.com/rhinobenjamin).
+- Cloud Security Risks (Part 1): Azure CSV Injection Vulnerability (https://rhinosecuritylabs.com/azure/cloud-security-risks-part-1-azure-csv-injection-vulnerability/) - Written by @spengietz (https://twitter.com/spengietz).
 
 
 Fingerprint
@@ -325,8 +315,7 @@
 
 Sub Domain Enumeration
 
-- A penetration tester’s guide to sub-domain enumeration (https://blog.appsecco.com/a-penetration-testers-guide-to-sub-domain-enumeration-7d842d5570f6) - Written by Bharath 
-(https://blog.appsecco.com/@yamakira_).
+- A penetration tester’s guide to sub-domain enumeration (https://blog.appsecco.com/a-penetration-testers-guide-to-sub-domain-enumeration-7d842d5570f6) - Written by Bharath (https://blog.appsecco.com/@yamakira_).
 - The Art of Subdomain Enumeration (https://blog.sweepatic.com/art-of-subdomain-enumeration/) - Written by Patrik Hudak (https://blog.sweepatic.com/author/patrik/).
 
 
@@ -364,23 +353,20 @@
 (https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/) - Written by @breenmachine (https://twitter.com/breenmachine).
 - Attacking .NET deserialization (https://www.youtube.com/watch?v=eDfGpu3iE4Q) - Written by @pwntester (https://twitter.com/pwntester).
 - .NET Roulette: Exploiting Insecure Deserialization in Telerik UI (https://www.youtube.com/watch?v=--6PiuvBGAU) - Written by @noperator (https://twitter.com/noperator).
-- How to exploit the DotNetNuke Cookie Deserialization (https://pentest-tools.com/blog/exploit-dotnetnuke-cookie-deserialization/) - Written by CRISTIAN CORNEA 
-(https://pentest-tools.com/blog/author/pentest-cristian/).
-- HOW TO EXPLOIT LIFERAY CVE-2020-7961 : QUICK JOURNEY TO POC (https://www.synacktiv.com/en/publications/how-to-exploit-liferay-cve-2020-7961-quick-journey-to-poc.html) - Written by @synacktiv 
-(https://twitter.com/synacktiv).
+- How to exploit the DotNetNuke Cookie Deserialization (https://pentest-tools.com/blog/exploit-dotnetnuke-cookie-deserialization/) - Written by CRISTIAN CORNEA (https://pentest-tools.com/blog/author/pentest-cristian/).
+- HOW TO EXPLOIT LIFERAY CVE-2020-7961 : QUICK JOURNEY TO POC (https://www.synacktiv.com/en/publications/how-to-exploit-liferay-cve-2020-7961-quick-journey-to-poc.html) - Written by @synacktiv (https://twitter.com/synacktiv).
 
 
 OAuth
 
 - Introduction to OAuth 2.0 and OpenID Connect (https://pragmaticwebsecurity.com/courses/introduction-oauth-oidc.html) - Written by @PhilippeDeRyck (https://twitter.com/PhilippeDeRyck).
-- What is going on with OAuth 2.0? And why you should not use it for authentication. (https://medium.com/securing/what-is-going-on-with-oauth-2-0-and-why-you-should-not-use-it-for-authentication-5f47597b2611) - 
-Written by @damianrusinek (https://medium.com/@damianrusinek).
+- What is going on with OAuth 2.0? And why you should not use it for authentication. (https://medium.com/securing/what-is-going-on-with-oauth-2-0-and-why-you-should-not-use-it-for-authentication-5f47597b2611) - Written by @damianrusinek
+(https://medium.com/@damianrusinek).
 
 
 JWT
 
-- Hardcoded secrets, unverified tokens, and other common JWT mistakes (https://r2c.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/) - Written by @ermil0v 
-(https://twitter.com/ermil0v).
+- Hardcoded secrets, unverified tokens, and other common JWT mistakes (https://r2c.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/) - Written by @ermil0v (https://twitter.com/ermil0v).
 
 Evasions
 
@@ -412,15 +398,13 @@
 
 JSMVC
 
-- JavaScript MVC and Templating Frameworks (http://www.slideshare.net/x00mario/jsmvcomfg-to-sternly-look-at-javascript-mvc-and-templating-frameworks) - Written by Mario Heiderich 
-(http://www.slideshare.net/x00mario).
+- JavaScript MVC and Templating Frameworks (http://www.slideshare.net/x00mario/jsmvcomfg-to-sternly-look-at-javascript-mvc-and-templating-frameworks) - Written by Mario Heiderich (http://www.slideshare.net/x00mario).
 
 
 Authentication
 
-- Trend Micro Threat Discovery Appliance - Session Generation Authentication Bypass (CVE-2016-8584) 
-(http://blog.malerisch.net/2017/04/trend-micro-threat-discovery-appliance-session-generation-authentication-bypass-cve-2016-8584.html) - Written by @malerisch (https://twitter.com/malerisch) and @steventseeley 
-(https://twitter.com/steventseeley).
+- Trend Micro Threat Discovery Appliance - Session Generation Authentication Bypass (CVE-2016-8584) (http://blog.malerisch.net/2017/04/trend-micro-threat-discovery-appliance-session-generation-authentication-bypass-cve-2016-8584.html) -
+Written by @malerisch (https://twitter.com/malerisch) and @steventseeley (https://twitter.com/steventseeley).
 
 Tricks
 
@@ -428,8 +412,7 @@
 CSRF
 
 - Neat tricks to bypass CSRF-protection (https://zhuanlan.zhihu.com/p/32716181) - Written by Twosecurity (https://twosecurity.io/).
-- Exploiting CSRF on JSON endpoints with Flash and redirects (https://blog.appsecco.com/exploiting-csrf-on-json-endpoints-with-flash-and-redirects-681d4ad6b31b) - Written by @riyazwalikar 
-(https://blog.appsecco.com/@riyazwalikar).
+- Exploiting CSRF on JSON endpoints with Flash and redirects (https://blog.appsecco.com/exploiting-csrf-on-json-endpoints-with-flash-and-redirects-681d4ad6b31b) - Written by @riyazwalikar (https://blog.appsecco.com/@riyazwalikar).
 - Stealing CSRF tokens with CSS injection (without iFrames) (https://github.com/dxa4481/cssInjection) - Written by @dxa4481 (https://github.com/dxa4481).
 - Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters (https://blog.securityevaluators.com/cracking-javas-rng-for-csrf-ea9cacd231d2) - Written by @rramgattie 
 (https://blog.securityevaluators.com/@rramgattie).
@@ -464,14 +447,12 @@
 - Exploiting XSS with 20 characters limitation (https://jlajara.gitlab.io/posts/2019/11/30/XSS_20_characters.html) - Written by Jorge Lajara (https://jlajara.gitlab.io/).
 - Upgrade self XSS to Exploitable XSS an 3 Ways Technic (https://www.hahwul.com/2019/11/upgrade-self-xss-to-exploitable-xss.html) - Written by HAHWUL (https://www.hahwul.com/).
 - XSS without parentheses and semi-colons (https://portswigger.net/blog/xss-without-parentheses-and-semi-colons) - Written by @garethheyes (https://twitter.com/garethheyes).
-- XSS-Auditor — the protector of unprotected and the deceiver of protected. (https://medium.com/bugbountywriteup/xss-auditor-the-protector-of-unprotected-f900a5e15b7b) - Written by @terjanq 
-(https://medium.com/@terjanq).
+- XSS-Auditor — the protector of unprotected and the deceiver of protected. (https://medium.com/bugbountywriteup/xss-auditor-the-protector-of-unprotected-f900a5e15b7b) - Written by @terjanq (https://medium.com/@terjanq).
 - Query parameter reordering causes redirect page to render unsafe URL (https://hackerone.com/reports/293689) - Written by kenziy (https://hackerone.com/kenziy).
 - ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes, and everything else (http://www.slideshare.net/x00mario/es6-en) - Written by Mario Heiderich (http://www.slideshare.net/x00mario).
-- How I found a $5,000 Google Maps XSS (by fiddling with Protobuf) (https://medium.com/@marin_m/how-i-found-a-5-000-google-maps-xss-by-fiddling-with-protobuf-963ee0d9caff#.u50nrzhas) - Written by @marin_m 
-(https://medium.com/@marin_m).
-- DON'T TRUST THE DOM: BYPASSING XSS MITIGATIONS VIA SCRIPT GADGETS (https://www.blackhat.com/docs/us-17/thursday/us-17-Lekies-Dont-Trust-The-DOM-Bypassing-XSS-Mitigations-Via-Script-Gadgets.pdf) - Written by 
-Sebastian Lekies (https://twitter.com/slekies), Krzysztof Kotowicz (https://twitter.com/kkotowicz), and Eduardo Vela (https://twitter.com/sirdarckcat).
+- How I found a $5,000 Google Maps XSS (by fiddling with Protobuf) (https://medium.com/@marin_m/how-i-found-a-5-000-google-maps-xss-by-fiddling-with-protobuf-963ee0d9caff#.u50nrzhas) - Written by @marin_m (https://medium.com/@marin_m).
+- DON'T TRUST THE DOM: BYPASSING XSS MITIGATIONS VIA SCRIPT GADGETS (https://www.blackhat.com/docs/us-17/thursday/us-17-Lekies-Dont-Trust-The-DOM-Bypassing-XSS-Mitigations-Via-Script-Gadgets.pdf) - Written by Sebastian Lekies 
+(https://twitter.com/slekies), Krzysztof Kotowicz (https://twitter.com/kkotowicz), and Eduardo Vela (https://twitter.com/sirdarckcat).
 - Uber XSS via Cookie (http://zhchbin.github.io/2017/08/30/Uber-XSS-via-Cookie/) - Written by zhchbin (http://zhchbin.github.io/).
 - DOM XSS – auth.uber.com (http://stamone-bug-bounty.blogspot.tw/2017/10/dom-xss-auth14.html) - Written by StamOne_ (http://stamone-bug-bounty.blogspot.tw/).
 - Stored XSS on Facebook (https://opnsec.com/2018/03/stored-xss-on-facebook/) - Written by Enguerran Gillier (https://opnsec.com/).
@@ -509,8 +490,7 @@
 - XML Out-Of-Band Data Retrieval (https://media.blackhat.com/eu-13/briefings/Osipov/bh-eu-13-XML-data-osipov-slides.pdf) - Written by Timur Yunusov and Alexey Osipov.
 - XXE OOB exploitation at Java 1.7+ (2014) (http://lab.onsec.ru/2014/06/xxe-oob-exploitation-at-java-17.html): Exfiltration using FTP protocol - Written by Ivan Novikov (https://twitter.com/d0znpp/).
 - XXE OOB extracting via HTTP+FTP using single opened port (https://skavans.ru/en/2017/12/02/xxe-oob-extracting-via-httpftp-using-single-opened-port/) - Written by skavans (https://skavans.ru/).
-- What You Didn't Know About XML External Entities Attacks (https://2013.appsecusa.org/2013/wp-content/uploads/2013/12/WhatYouDidntKnowAboutXXEAttacks.pdf) - Written by Timothy D. Morgan 
-(https://twitter.com/ecbftw).
+- What You Didn't Know About XML External Entities Attacks (https://2013.appsecusa.org/2013/wp-content/uploads/2013/12/WhatYouDidntKnowAboutXXEAttacks.pdf) - Written by Timothy D. Morgan (https://twitter.com/ecbftw).
 - Pre-authentication XXE vulnerability in the Services Drupal module (https://www.synacktiv.com/ressources/synacktiv_drupal_xxe_services.pdf) -  Written by Renaud Dubourguais (https://twitter.com/_m0bius).
 - Forcing XXE Reflection through Server Error Messages (https://blog.netspi.com/forcing-xxe-reflection-server-error-messages/) - Written by Antti Rantasaari (https://blog.netspi.com/author/antti-rantasaari/).
 - Exploiting XXE with local DTD files (https://mohemiv.com/all/exploiting-xxe-with-local-dtd-files/) - Written by Arseniy Sharoglazov (https://twitter.com/_mohemiv).
@@ -525,8 +505,8 @@
 - PHP SSRF Techniques (https://medium.com/secjuice/php-ssrf-techniques-9d422cb28d51) - Written by @themiddleblue (https://medium.com/@themiddleblue).
 - SSRF in https://imgur.com/vidgif/url (https://hackerone.com/reports/115748) - Written by aesteral (https://hackerone.com/aesteral).
 - All you need to know about SSRF and how may we write tools to do auto-detect (https://www.auxy.xyz/web%20security/2017/07/06/all-ssrf-knowledge.html) - Written by @Auxy233 (https://twitter.com/Auxy233).
-- A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! 
-(https://www.blackhat.com/docs/us-17/thursday/us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf) - Written by Orange (http://blog.orange.tw/).
+- A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! (https://www.blackhat.com/docs/us-17/thursday/us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf) - Written by Orange 
+(http://blog.orange.tw/).
 - SSRF Tips (http://blog.safebuff.com/2016/07/03/SSRF-Tips/) - Written by xl7dev (http://blog.safebuff.com/).
 - Into the Borg – SSRF inside Google production network (https://opnsec.com/2018/07/into-the-borg-ssrf-inside-google-production-network/) - Written by opnsec (https://opnsec.com/).
 - Piercing the Veil: Server Side Request Forgery to NIPRNet access (https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-c358fd5e249a) - Written by Alyssa Herrera 
@@ -541,8 +521,7 @@
 
 Header Injection
 
-- Java/Python FTP Injections Allow for Firewall Bypass (http://blog.blindspotsecurity.com/2017/02/advisory-javapython-ftp-injections.html) - Written by Timothy Morgan 
-(https://plus.google.com/105917618099766831589).
+- Java/Python FTP Injections Allow for Firewall Bypass (http://blog.blindspotsecurity.com/2017/02/advisory-javapython-ftp-injections.html) - Written by Timothy Morgan (https://plus.google.com/105917618099766831589).
 
 
 URL
@@ -555,8 +534,8 @@
 
 Deserialization
 
-- ASP.NET resource files (.RESX) and deserialisation issues (https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/august/aspnet-resource-files-resx-and-deserialisation-issues/) - Written by 
-@irsdl (https://twitter.com/irsdl).
+- ASP.NET resource files (.RESX) and deserialisation issues (https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/august/aspnet-resource-files-resx-and-deserialisation-issues/) - Written by @irsdl 
+(https://twitter.com/irsdl).
 
 
 OAuth
@@ -566,8 +545,8 @@
 
 Others
 
-- How I hacked Google’s bug tracking system itself for $15,600 in bounties (https://medium.com/free-code-camp/messing-with-the-google-buganizer-system-for-15-600-in-bounties-58f86cc9f9a5) - Written by 
-@alex.birsan (https://medium.com/@alex.birsan).
+- How I hacked Google’s bug tracking system itself for $15,600 in bounties (https://medium.com/free-code-camp/messing-with-the-google-buganizer-system-for-15-600-in-bounties-58f86cc9f9a5) - Written by @alex.birsan 
+(https://medium.com/@alex.birsan).
 - Some Tricks From My Secret Group (https://www.leavesongs.com/SHARE/some-tricks-from-my-secret-group.html) - Written by phithon (https://www.leavesongs.com/).
 - Inducing DNS Leaks in Onion Web Services (https://github.com/epidemics-scepticism/writing/blob/master/onion-dns-leaks.md) - Written by @epidemics-scepticism (https://github.com/epidemics-scepticism).
 - Stored XSS, and SSRF in Google using the Dataset Publishing Language (https://s1gnalcha0s.github.io/dspl/2018/03/07/Stored-XSS-and-SSRF-Google.html) - Written by @signalchaos (https://twitter.com/signalchaos).
@@ -585,11 +564,10 @@
 - IE11 Information disclosure - local file detection (https://www.facebook.com/ExploitWareLabs/photos/a.361854183878462.84544.338832389513975/1378579648872572/?type=3&theater) - Written by James Lee.
 - SOP bypass / UXSS – Stealing Credentials Pretty Fast (Edge) (https://www.brokenbrowser.com/sop-bypass-uxss-stealing-credentials-pretty-fast/) - Written by Manuel (https://twitter.com/magicmac2000).
 - Особенности Safari в client-side атаках (https://bo0om.ru/safari-client-side) - Written by Bo0oM (https://bo0om.ru/author/admin).
-- How do we Stop Spilling the Beans Across Origins? (https://docs.google.com/document/d/1cbL-X0kV_tQ5rL8XJ3lXkV-j0pt_CfTu5ZSzYrncPDc/) - Written by aaj at google.com (aaj@google.com) and mkwst at google.com 
-(mkwst@google.com).
+- How do we Stop Spilling the Beans Across Origins? (https://docs.google.com/document/d/1cbL-X0kV_tQ5rL8XJ3lXkV-j0pt_CfTu5ZSzYrncPDc/) - Written by aaj at google.com (aaj@google.com) and mkwst at google.com (mkwst@google.com).
 - Setting arbitrary request headers in Chromium via CRLF injection (https://blog.bentkowski.info/2018/06/setting-arbitrary-request-headers-in.html) - Written by Michał Bentkowski (https://blog.bentkowski.info/).
-- I’m harvesting credit card numbers and passwords from your site. Here’s how. (https://hackernoon.com/im-harvesting-credit-card-numbers-and-passwords-from-your-site-here-s-how-9a8cb347c5b5) - Written by David 
-Gilbertson (https://hackernoon.com/@david.gilbertson).
+- I’m harvesting credit card numbers and passwords from your site. Here’s how. (https://hackernoon.com/im-harvesting-credit-card-numbers-and-passwords-from-your-site-here-s-how-9a8cb347c5b5) - Written by David Gilbertson 
+(https://hackernoon.com/@david.gilbertson).
 - Sending arbitrary IPC messages via overriding Function.prototype.apply (https://hackerone.com/reports/188086) - Written by @kinugawamasato (https://twitter.com/kinugawamasato).
 - Take Advantage of Out-of-Scope Domains in Bug Bounty Programs (https://ahussam.me/Take-Advantage-of-Out-of-Scope-Domains-in-Bug-Bounty/) - Written by @Abdulahhusam (https://twitter.com/Abdulahhusam).
 
@@ -600,16 +578,13 @@
 - Three roads lead to Rome (http://blogs.360.cn/360safe/2016/11/29/three-roads-lead-to-rome-2/) - Written by @holynop (https://twitter.com/holynop).
 - Exploiting a V8 OOB write. (https://halbecaf.com/2017/05/24/exploiting-a-v8-oob-write/) - Written by @halbecaf (https://twitter.com/halbecaf).
 - SSD Advisory – Chrome Turbofan Remote Code Execution (https://blogs.securiteam.com/index.php/archives/3379) - Written by SecuriTeam Secure Disclosure (SSD) (https://blogs.securiteam.com/).
-- Look Mom, I don't use Shellcode - Browser Exploitation Case Study for Internet Explorer 11 (https://labs.bluefrostsecurity.de/files/Look_Mom_I_Dont_Use_Shellcode-WP.pdf) - Written by @moritzj 
-(http://twitter.com/moritzj).
-- PUSHING WEBKIT'S BUTTONS WITH A MOBILE PWN2OWN EXPLOIT (https://www.zerodayinitiative.com/blog/2018/2/12/pushing-webkits-buttons-with-a-mobile-pwn2own-exploit) - Written by @wanderingglitch 
-(https://twitter.com/wanderingglitch).
+- Look Mom, I don't use Shellcode - Browser Exploitation Case Study for Internet Explorer 11 (https://labs.bluefrostsecurity.de/files/Look_Mom_I_Dont_Use_Shellcode-WP.pdf) - Written by @moritzj (http://twitter.com/moritzj).
+- PUSHING WEBKIT'S BUTTONS WITH A MOBILE PWN2OWN EXPLOIT (https://www.zerodayinitiative.com/blog/2018/2/12/pushing-webkits-buttons-with-a-mobile-pwn2own-exploit) - Written by @wanderingglitch (https://twitter.com/wanderingglitch).
 - A Methodical Approach to Browser Exploitation (https://blog.ret2.io/2018/06/05/pwn2own-2018-exploit-development/) - Written by RET2 SYSTEMS, INC (https://blog.ret2.io/).
-- CVE-2017-2446 or JSC::JSGlobalObject::isHavingABadTime. (https://doar-e.github.io/blog/2018/07/14/cve-2017-2446-or-jscjsglobalobjectishavingabadtime/) - Written by Diary of a reverse-engineer 
-(https://doar-e.github.io/).
+- CVE-2017-2446 or JSC::JSGlobalObject::isHavingABadTime. (https://doar-e.github.io/blog/2018/07/14/cve-2017-2446-or-jscjsglobalobjectishavingabadtime/) - Written by Diary of a reverse-engineer (https://doar-e.github.io/).
 - CLEANLY ESCAPING THE CHROME SANDBOX (https://theori.io/research/escaping-chrome-sandbox) - Written by @tjbecker_ (https://twitter.com/tjbecker_).
-- A Methodical Approach to Browser Exploitation (https://blog.ret2.io/2018/06/05/pwn2own-2018-exploit-development/) - Written by @PatrickBiernat (https://twitter.com/PatrickBiernat), @gaasedelen 
-(https://twitter.com/gaasedelen) and @itszn13 (https://twitter.com/itszn13).
+- A Methodical Approach to Browser Exploitation (https://blog.ret2.io/2018/06/05/pwn2own-2018-exploit-development/) - Written by @PatrickBiernat (https://twitter.com/PatrickBiernat), @gaasedelen (https://twitter.com/gaasedelen) and 
+@itszn13 (https://twitter.com/itszn13).
 
 PoCs
 
@@ -661,8 +636,7 @@
 - xray (https://github.com/evilsocket/xray) - XRay is a tool for recon, mapping and OSINT gathering from public networks by @evilsocket (https://github.com/evilsocket).
 - gitrob (https://github.com/michenriksen/Gitrob) - Reconnaissance tool for GitHub organizations by @michenriksen (https://github.com/michenriksen).
 - GSIL (https://github.com/FeeiCN/GSIL) - Github Sensitive Information Leakage（Github敏感信息泄露）by @FeeiCN (https://github.com/FeeiCN).
-- raven (https://github.com/0x09AL/raven) - raven is a Linkedin information gathering tool that can be used by pentesters to gather information about an organization employees using Linkedin by @0x09AL 
-(https://github.com/0x09AL).
+- raven (https://github.com/0x09AL/raven) - raven is a Linkedin information gathering tool that can be used by pentesters to gather information about an organization employees using Linkedin by @0x09AL (https://github.com/0x09AL).
 - ReconDog (https://github.com/s0md3v/ReconDog) - Reconnaissance Swiss Army Knife by @s0md3v (https://github.com/s0md3v).
 - Databases - start.me (https://start.me/p/QRENnO/databases) - Various databases which you can use for your OSINT research by @technisette (https://twitter.com/technisette).
 - peoplefindThor (https://peoplefindthor.dk/) - the easy way to find people on Facebook by postkassen (mailto:postkassen@oejvind.dk?subject=peoplefindthor.dk comments).
@@ -681,10 +655,8 @@
 - AQUATONE (https://github.com/michenriksen/aquatone) - Tool for Domain Flyovers by @michenriksen (https://github.com/michenriksen).
 - domain_analyzer (https://github.com/eldraco/domain_analyzer) - Analyze the security of any domain by finding all the information possible by @eldraco (https://github.com/eldraco).
 - VirusTotal domain information (https://www.virustotal.com/en/documentation/searching/#getting-domain-information) - Searching for domain information by VirusTotal (https://www.virustotal.com/).
-- Certificate Transparency (https://github.com/google/certificate-transparency) - Google's Certificate Transparency project fixes several structural flaws in the SSL certificate system by @google 
-(https://github.com/google).
-- Certificate Search (https://crt.sh/) - Enter an Identity (Domain Name, Organization Name, etc), a Certificate Fingerprint (SHA-1 or SHA-256) or a crt.sh ID to search certificate(s) by @crtsh 
-(https://github.com/crtsh).
+- Certificate Transparency (https://github.com/google/certificate-transparency) - Google's Certificate Transparency project fixes several structural flaws in the SSL certificate system by @google (https://github.com/google).
+- Certificate Search (https://crt.sh/) - Enter an Identity (Domain Name, Organization Name, etc), a Certificate Fingerprint (SHA-1 or SHA-256) or a crt.sh ID to search certificate(s) by @crtsh (https://github.com/crtsh).
 - GSDF (https://github.com/We5ter/GSDF) - Domain searcher named GoogleSSLdomainFinder by @We5ter (https://github.com/We5ter).
 
 
@@ -702,8 +674,7 @@
 - domato (https://github.com/google/domato) - DOM fuzzer by @google (https://github.com/google).
 - FuzzDB (https://github.com/fuzzdb-project/fuzzdb) - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
 - dirhunt (https://github.com/Nekmo/dirhunt) - Web crawler optimized for searching and analyzing the directory structure of a site by @nekmo (https://github.com/Nekmo).
-- ssltest (https://www.ssllabs.com/ssltest/) - Online service that performs a deep analysis of the configuration of any SSL web server on the public internet. Provided by Qualys SSL Labs 
-(https://www.ssllabs.com).
+- ssltest (https://www.ssllabs.com/ssltest/) - Online service that performs a deep analysis of the configuration of any SSL web server on the public internet. Provided by Qualys SSL Labs (https://www.ssllabs.com).
 - fuzz.txt (https://github.com/Bo0oM/fuzz.txt) - Potentially dangerous files by @Bo0oM (https://github.com/Bo0oM).
 
 
@@ -784,8 +755,8 @@
 - malware-jail (https://github.com/HynekPetrak/malware-jail) - Sandbox for semi-automatic Javascript malware analysis, deobfuscation and payload extraction by @HynekPetrak (https://github.com/HynekPetrak).
 - repo-supervisor (https://github.com/auth0/repo-supervisor) - Scan your code for security misconfiguration, search for passwords and secrets.
 - bXSS (https://github.com/LewisArdern/bXSS) - bXSS is a simple Blind XSS application adapted from cure53.de/m (https://cure53.de/m) by @LewisArdern (https://github.com/LewisArdern).
-- OpenRASP (https://github.com/baidu/openrasp) - An open source RASP solution actively maintained by Baidu Inc. With context-aware detection algorithm the project achieved nearly no false positives. And less 
-than 3% performance reduction is observed under heavy server load.
+- OpenRASP (https://github.com/baidu/openrasp) - An open source RASP solution actively maintained by Baidu Inc. With context-aware detection algorithm the project achieved nearly no false positives. And less than 3% performance 
+reduction is observed under heavy server load.
 - GuardRails (https://github.com/apps/guardrails) - A GitHub App that provides security feedback in Pull Requests.
 
 
@@ -793,8 +764,7 @@
 
 - DOMPurify (https://github.com/cure53/DOMPurify) - DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG by Cure53 (https://cure53.de/).
 - js-xss (https://github.com/leizongmin/js-xss) - Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist by @leizongmin (https://github.com/leizongmin).
-- Acra (https://github.com/cossacklabs/acra) - Client-side encryption engine for SQL databases, with strong selective encryption, SQL injections prevention and intrusion detection by @cossacklabs 
-(https://www.cossacklabs.com/).
+- Acra (https://github.com/cossacklabs/acra) - Client-side encryption engine for SQL databases, with strong selective encryption, SQL injections prevention and intrusion detection by @cossacklabs (https://www.cossacklabs.com/).
 - Csper (https://csper.io) - A set of tools for building/evaluating/monitoring content-security-policy to prevent/detect cross site scripting by Csper (https://csper.io).
 
 
@@ -829,11 +799,11 @@
 
 DNS Rebinding
 
-- DNS Rebind Toolkit (https://github.com/brannondorsey/dns-rebind-toolkit) - DNS Rebind Toolkit is a frontend JavaScript framework for developing DNS Rebinding exploits against vulnerable hosts and services on a
-local area network (LAN) by @brannondorsey (https://github.com/brannondorsey)
+- DNS Rebind Toolkit (https://github.com/brannondorsey/dns-rebind-toolkit) - DNS Rebind Toolkit is a frontend JavaScript framework for developing DNS Rebinding exploits against vulnerable hosts and services on a local area network (LAN)
+by @brannondorsey (https://github.com/brannondorsey)
 - dref (https://github.com/mwrlabs/dref) - DNS Rebinding Exploitation Framework. Dref does the heavy-lifting for DNS rebinding by @mwrlabs (https://github.com/mwrlabs)
-- Singularity of Origin (https://github.com/nccgroup/singularity) - It includes the necessary components to rebind the IP address of the attack server DNS name to the target machine's IP address and to serve 
-attack payloads to exploit vulnerable software on the target machine by @nccgroup (https://github.com/nccgroup)
+- Singularity of Origin (https://github.com/nccgroup/singularity) - It includes the necessary components to rebind the IP address of the attack server DNS name to the target machine's IP address and to serve attack payloads to exploit 
+vulnerable software on the target machine by @nccgroup (https://github.com/nccgroup)
 - Whonow DNS Server (https://github.com/brannondorsey/whonow) - A malicious DNS server for executing DNS Rebinding attacks on the fly by @brannondorsey (https://github.com/brannondorsey)
 
 
@@ -880,8 +850,8 @@
 
 Application
 
-- OWASP Juice Shop (https://github.com/bkimminich/juice-shop) - Probably the most modern and sophisticated insecure web application - Written by @bkimminich (https://github.com/bkimminich) and the 
-@owasp_juiceshop (https://twitter.com/owasp_juiceshop) team.
+- OWASP Juice Shop (https://github.com/bkimminich/juice-shop) - Probably the most modern and sophisticated insecure web application - Written by @bkimminich (https://github.com/bkimminich) and the @owasp_juiceshop 
+(https://twitter.com/owasp_juiceshop) team.
 - BadLibrary (https://github.com/SecureSkyTechnology/BadLibrary) - Vulnerable web application for training - Written by @SecureSkyTechnology (https://github.com/SecureSkyTechnology).
 - Hackxor (http://hackxor.net/) - Realistic web application hacking game - Written by @albinowax (https://twitter.com/albinowax).
 - SELinux Game (http://selinuxgame.org/) - Learn SELinux by doing. Solve Puzzles, show skillz - Written by @selinuxgame (https://twitter.com/selinuxgame).
@@ -916,8 +886,7 @@
 
 - awesome-bug-bounty (https://github.com/djadmin/awesome-bug-bounty) - Comprehensive curated list of available Bug Bounty & Disclosure Programs and write-ups by @djadmin (https://github.com/djadmin).
 - bug-bounty-reference (https://github.com/ngalongc/bug-bounty-reference) - List of bug bounty write-up that is categorized by the bug nature by @ngalongc (https://github.com/ngalongc).
-- Google VRP and Unicorns (https://sites.google.com/site/bughunteruniversity/behind-the-scenes/presentations/google-vrp-and-unicorns) - Written by Daniel Stelter-Gliese 
-(https://www.linkedin.com/in/daniel-stelter-gliese-170a70a2/).
+- Google VRP and Unicorns (https://sites.google.com/site/bughunteruniversity/behind-the-scenes/presentations/google-vrp-and-unicorns) - Written by Daniel Stelter-Gliese (https://www.linkedin.com/in/daniel-stelter-gliese-170a70a2/).
 - Brute Forcing Your Facebook Email and Phone Number (http://pwndizzle.blogspot.jp/2014/02/brute-forcing-your-facebook-email-and.html) - Written by PwnDizzle (http://pwndizzle.blogspot.jp/).
 - Pentest + Exploit dev Cheatsheet wallpaper (http://i.imgur.com/Mr9pvq9.jpg) - Penetration Testing and Exploit Dev CheatSheet.
 - The Definitive Security Data Science and Machine Learning Guide (http://www.covert.io/the-definitive-security-datascience-and-machinelearning-guide/) - Written by JASON TROS.
@@ -933,25 +902,22 @@
 (https://labs.detectify.com/2018/01/12/how-i-exploited-acme-tls-sni-01-issuing-lets-encrypt-ssl-certs-for-any-domain-using-shared-hosting/) - Written by @fransrosen (https://twitter.com/fransrosen).
 - TL:DR: VPN leaks users’ IPs via WebRTC. I’ve tested seventy VPN providers and 16 of them leaks users’ IPs via WebRTC (23%) (https://voidsec.com/vpn-leak/) - Written by voidsec (https://voidsec.com/).
 - Escape and Evasion Egressing Restricted Networks (https://www.optiv.com/blog/escape-and-evasion-egressing-restricted-networks) - Written by Chris Patten, Tom Steele (info@optiv.com).
-- Be careful what you copy: Invisibly inserting usernames into text with Zero-Width Characters 
-(https://medium.com/@umpox/be-careful-what-you-copy-invisibly-inserting-usernames-into-text-with-zero-width-characters-18b4e6f17b66) - Written by @umpox (https://medium.com/@umpox).
+- Be careful what you copy: Invisibly inserting usernames into text with Zero-Width Characters (https://medium.com/@umpox/be-careful-what-you-copy-invisibly-inserting-usernames-into-text-with-zero-width-characters-18b4e6f17b66) - 
+Written by @umpox (https://medium.com/@umpox).
 - Domato Fuzzer's Generation Engine Internals (https://www.sigpwn.io/blog/2018/4/14/domato-fuzzers-generation-engine-internals) - Written by sigpwn (https://www.sigpwn.io/).
 - CSS Is So Overpowered It Can Deanonymize Facebook Users (https://www.evonide.com/side-channel-attacking-browsers-through-css3-features/) - Written by Ruslan Habalov (https://www.evonide.com/).
 - Introduction to Web Application Security (https://www.slideshare.net/nragupathy/introduction-to-web-application-security-blackhoodie-us-2018) - Written by @itsC0rg1 (https://twitter.com/itsC0rg1), @jmkeads 
 (https://twitter.com/jmkeads) and @matir (https://twitter.com/matir).
-- Finding The Real Origin IPs Hiding Behind CloudFlare or TOR (https://www.secjuice.com/finding-real-ips-of-origin-servers-behind-cloudflare-or-tor/) - Written by Paul Dannewitz 
-(https://www.secjuice.com/author/paul-dannewitz/).
+- Finding The Real Origin IPs Hiding Behind CloudFlare or TOR (https://www.secjuice.com/finding-real-ips-of-origin-servers-behind-cloudflare-or-tor/) - Written by Paul Dannewitz (https://www.secjuice.com/author/paul-dannewitz/).
 - Why Facebook's api starts with a for loop (https://dev.to/antogarand/why-facebooks-api-starts-with-a-for-loop-1eob) - Written by @AntoGarand (https://twitter.com/AntoGarand).
-- How I could have stolen your photos from Google - my first 3 bug bounty writeups (https://blog.avatao.com/How-I-could-steal-your-photos-from-Google/) - Written by @gergoturcsanyi 
-(https://twitter.com/gergoturcsanyi).
+- How I could have stolen your photos from Google - my first 3 bug bounty writeups (https://blog.avatao.com/How-I-could-steal-your-photos-from-Google/) - Written by @gergoturcsanyi (https://twitter.com/gergoturcsanyi).
 - An example why NAT is NOT security (https://0day.work/an-example-why-nat-is-not-security/) - Written by @0daywork (https://twitter.com/@0daywork).
 - WEB APPLICATION PENETRATION TESTING NOTES (https://techvomit.net/web-application-penetration-testing-notes/) - Written by Jayson (https://techvomit.net/).
 - Hacking with a Heads Up Display (https://segment.com/blog/hacking-with-a-heads-up-display/) - Written by David Scrobonia (https://segment.com/blog/authors/david-scrobonia/).
 - Alexa Top 1 Million Security - Hacking the Big Ones (https://slashcrypto.org/data/itsecx2018.pdf) - Written by @slashcrypto (https://twitter.com/slashcrypto).
 - The bug bounty program that changed my life (http://10degres.net/the-bug-bounty-program-that-changed-my-life/) - Written by Gwen (http://10degres.net/).
 - List of bug bounty writeups (https://pentester.land/list-of-bug-bounty-writeups.html) - Written by Mariem (https://pentester.land/).
-- Implications of Loading .NET Assemblies (https://threatvector.cylance.com/en_us/home/implications-of-loading-net-assemblies.html) - Written by Brian Wallace 
-(https://threatvector.cylance.com/en_us/contributors/brian-wallace.html).
+- Implications of Loading .NET Assemblies (https://threatvector.cylance.com/en_us/home/implications-of-loading-net-assemblies.html) - Written by Brian Wallace (https://threatvector.cylance.com/en_us/contributors/brian-wallace.html).
 - WCTF2019: Gyotaku The Flag (https://westerns.tokyo/wctf2019-gtf/wctf2019-gtf-slides.pdf) - Written by @t0nk42 (https://twitter.com/t0nk42).
 - How we abused Slack's TURN servers to gain access to internal services (https://www.rtcsec.com/2020/04/01-slack-webrtc-turn-compromise/) - Written by @sandrogauci (https://twitter.com/sandrogauci).
 - DOS File Path Magic Tricks (https://medium.com/walmartlabs/dos-file-path-magic-tricks-5eda7a7a85fa) - Written by @clr2of8 (https://medium.com/@clr2of8).