fix: typos

exploiting/linux-exploiting-basic-esp/bypassing-canary-and-pie.md

@@ -23,7 +23,7 @@
 
 {% hint style="info" %}
 Note that **`checksec`** might not find that a binary is protected by a canary if this was statically compiled and it's not capable to identify the function.\
-However, you can manually notice this if you find that a value is saved in the stack at the begging of a function call and this value is checked before exiting.
+However, you can manually notice this if you find that a value is saved in the stack at the beginning of a function call and this value is checked before exiting.
 {% endhint %}
 
 # Brute force Canary

exploiting/linux-exploiting-basic-esp/rop-leaking-libc-address/README.md

@@ -219,7 +219,7 @@ gets
 
 At this point we should know the libc library used. As we are exploiting a local binary I will use just:`/lib/x86_64-linux-gnu/libc.so.6`
 
-So, at the begging of `template.py` change the **libc** variable to: `libc = ELF("/lib/x86_64-linux-gnu/libc.so.6") #Set library path when know it`
+So, at the beginning of `template.py` change the **libc** variable to: `libc = ELF("/lib/x86_64-linux-gnu/libc.so.6") #Set library path when know it`
 
 Giving the **path** to the **libc library** the rest of the **exploit is going to be automatically calculated**.
 

forensics/basic-forensic-methodology/specific-software-file-type-tricks/.pyc.md

@@ -76,7 +76,7 @@ To fix this you need to **add the correct magic number** at the beginning of the
 '550d0d0a'
 ```
 
-The **magic number** in this case for python3.8 is **`0x550d0d0a`**, then, to fix this error you will need to **add** at the **begging** of the **.pyc file** the following bytes: `0x0d550a0d000000000000000000000000`
+The **magic number** in this case for python3.8 is **`0x550d0d0a`**, then, to fix this error you will need to **add** at the **beginning** of the **.pyc file** the following bytes: `0x0d550a0d000000000000000000000000`
 
 **Once** you have **added** that magic header, the **error should be fixed.**
 

generic-methodologies-and-resources/pentesting-network/pentesting-ipv6.md

@@ -42,7 +42,7 @@ If you **know the MAC address of a host in the same net** as you (you could just
 Suppose the **MAC address** is **`12:34:56:78:9a:bc`**
 
 1. To IPv6 notation: **`1234:5678:9abc`**
-2. Append `fe80::` at the begging and Insert `fffe` in the middle: **`fe80::`**`1234:56`**`ff:fe`**`78:9abc`
+2. Append `fe80::` at the beginning and Insert `fffe` in the middle: **`fe80::`**`1234:56`**`ff:fe`**`78:9abc`
 3. Invert seventh bit from the left, from 0001 0010 to 0001 0000: `fe80::1`**`0`**`34:56ff:fe78:9abc`
 4. `fe80::1034:56ff:fe78:9abc`
 

generic-methodologies-and-resources/python/bypass-python-sandboxes/README.md

@@ -1045,7 +1045,7 @@ function_type(code_obj, mydict, None, None, None)("secretcode")
 
 ### Bypass Defenses
 
-In previous examples at the begging of this post, you can see **how to execute any python code using the `compile` function**. This is interesting because you can **execute whole scripts** with loops and everything in a **one liner** (and we could do the same using **`exec`**).\
+In previous examples at the beginning of this post, you can see **how to execute any python code using the `compile` function**. This is interesting because you can **execute whole scripts** with loops and everything in a **one liner** (and we could do the same using **`exec`**).\
 Anyway, sometimes it could be useful to **create** a **compiled object** in a local machine and execute it in the **CTF machine** (for example because we don't have the `compiled` function in the CTF).
 
 For example, let's compile and execute manually a function that reads _./poc.py_:

mobile-pentesting/android-app-pentesting/smali-changes.md

@@ -179,7 +179,7 @@ Recommendations:
 
 ### Toasting
 
-Remember to add 3 to the number of _.locals_ at the begging of the function.
+Remember to add 3 to the number of _.locals_ at the beginning of the function.
 
 This code is prepared to be inserted in the **middle of a function** (**change** the number of the **variables** as necessary). It will take the **value of this.o**, **transform** it to **String** and them **make** a **toast** with its value.
 

network-services-pentesting/pentesting-ftp/README.md

@@ -180,7 +180,7 @@ You could also abuse this behaviour to make a FTP server interact with other pro
 The theory is easy:
 
 1. **Upload the request (inside a text file) to the vulnerable server.** Remember that if you want to talk with another HTTP or FTP server you need to change lines with `0x0d 0x0a`
-2. **Use `REST X` to avoid sending the characters you don't want to send** (maybe to upload the request inside the file you needed to put some image header at the begging)
+2. **Use `REST X` to avoid sending the characters you don't want to send** (maybe to upload the request inside the file you needed to put some image header at the beginning)
 3. **Use `PORT`to connect to the arbitrary server and service**
 4. **Use `RETR`to send the saved request to the server.**
 

network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/README.md

@@ -520,7 +520,7 @@ You can use the tool [https://github.com/teambi0s/dfunc-bypasser](https://github
 
 ### Bypassing using other system functions
 
-Just return to the begging of this page and **check if any of the command executing functions isn't disabled and available in the environment**. If you find just 1 of them, you will be able to use it to execute arbitrary system commands.
+Just return to the beginning of this page and **check if any of the command executing functions isn't disabled and available in the environment**. If you find just 1 of them, you will be able to use it to execute arbitrary system commands.
 
 ### LD\_PRELOAD bypass
 

pentesting-web/file-inclusion/lfi2rce-via-php-filters.md

@@ -16,7 +16,7 @@
 
 This [**writeup** ](https://gist.github.com/loknop/b27422d355ea1fd0d90d6dbc1e278d4d)explains that you can use **php filters to generate arbitrary content** as output. Which basically means that you can **generate arbitrary php code** for the include **without needing to write** it into a file.
 
-Basically the goal of the script is to **generate a Base64** string at the **begging** of the file that will be **finally decoded** providing the desired payload that will be **interpreted by `include`**.
+Basically the goal of the script is to **generate a Base64** string at the **beginning** of the file that will be **finally decoded** providing the desired payload that will be **interpreted by `include`**.
 
 The bases to do this are:
 

pentesting-web/http-request-smuggling/README.md

@@ -66,7 +66,7 @@ Here, the **front-end** server uses the **`Content-Length`** header and the **ba
 `GET /404 HTTP/1.1`\
 `Foo: x`
 
-Note how `Content-Length` indicate the **bodies request length is 30 bytes long** (_remember that HTTP uses as new line, so 2bytes each new line_), so the reverse proxy **will send the complete request** to the back-end, and the back-end will process the `Transfer-Encoding` header leaving the `GET /404 HTTP/1.1` as the **begging of the next request** (BTW, the next request will be appended to `Foo:x<Next request starts here>`).
+Note how `Content-Length` indicate the **bodies request length is 30 bytes long** (_remember that HTTP uses as new line, so 2bytes each new line_), so the reverse proxy **will send the complete request** to the back-end, and the back-end will process the `Transfer-Encoding` header leaving the `GET /404 HTTP/1.1` as the **beginning of the next request** (BTW, the next request will be appended to `Foo:x<Next request starts here>`).
 
 ### TE.CL vulnerabilities
 

pentesting-web/xs-search.md

@@ -905,7 +905,7 @@ However, if for whatever reason you **MUST** do it **char by char** (maybe the c
 <img src=/something loading=lazy >
 ```
 
-Therefore, what you can do is to **add a lot of junk chars** (For example **thousands of "W"s**) to **fill the web page before the secret**. We do this so the image is not loaded at the begging.
+Therefore, what you can do is to **add a lot of junk chars** (For example **thousands of "W"s**) to **fill the web page before the secret**. We do this so the image is not loaded at the beginning.
 
 However, you make the **bot access the page** with something like
 

pentesting-web/xs-search/css-injection/README.md

@@ -75,7 +75,7 @@ The attacker will f**ollow that loop until it manages to leak completely the sec
 You can find the original [**Pepe Vila's code to exploit this here**](https://gist.github.com/cgvwzq/6260f0f0a47c009c87b4d46ce3808231) or you can find almost the [**same code but commented here**.](./#css-injection)
 
 {% hint style="info" %}
-The script will try to discover 2 chars each time (from the begging and from the end) because the attribute selector allows to do things like:
+The script will try to discover 2 chars each time (from the beginning and from the end) because the attribute selector allows to do things like:
 
 ```css
 /* value^=  to match the beggining of the value*/

reversing/common-api-used-in-malware.md

@@ -149,7 +149,7 @@ The malware will unmap the legitimate code from memory of the process and load a
 * **IRP** (**I/O Request Packets**) transmit pieces of data from one component to another. Almost everything in the kernel uses IRPs and each device object has its own function table that can be hooked: DKOM (Direct Kernel Object Manipulation)
 * The **IAT** (**Import Address Table**) is useful to resolve dependencies. It's possible to hook this table in order to hijack the code that will be called.
 * **EAT** (**Export Address Table**) Hooks. This hooks can be done from **userland**. The goal is to hook exported functions by DLLs.
-* **Inline Hooks**: This type are difficult to achieve. This involve modifying the code of the functions itself. Maybe by putting a jump at the begging of this.
+* **Inline Hooks**: This type are difficult to achieve. This involve modifying the code of the functions itself. Maybe by putting a jump at the beginning of this.
 
 
 <details>