fix

src/pentesting-cloud/azure-security/az-lateral-movement-cloud-on-prem/az-cloud-kerberos-trust.md

@@ -1,6 +1,6 @@
 # Az - Cloud Kerberos Trust
 
-{{#include ../../../../banners/hacktricks-training.md}}
+{{#include ../../../banners/hacktricks-training.md}}
 
 **This post is a summary of** [**https://dirkjanm.io/obtaining-domain-admin-from-azure-ad-via-cloud-kerberos-trust/**](https://dirkjanm.io/obtaining-domain-admin-from-azure-ad-via-cloud-kerberos-trust/) **which can be checked for further information about the attack. This technique is also commented in** [**https://www.youtube.com/watch?v=AFay_58QubY**](https://www.youtube.com/watch?v=AFay_58QubY)**.**
 
@@ -82,7 +82,7 @@ This dumps all AD user password hashes, giving the attacker the KRBTGT hash (let
 
 
 
-{{#include ../../../../banners/hacktricks-training.md}}
+{{#include ../../../banners/hacktricks-training.md}}
 
 
 

src/pentesting-cloud/azure-security/az-lateral-movement-cloud-on-prem/az-cloud-sync.md

@@ -1,6 +1,6 @@
 # Az - Cloud Sync
 
-{{#include ../../../../banners/hacktricks-training.md}}
+{{#include ../../../banners/hacktricks-training.md}}
 
 
 ## Basic Information
@@ -162,5 +162,5 @@ az rest \
 
 
 
-{{#include ../../../../banners/hacktricks-training.md}}
+{{#include ../../../banners/hacktricks-training.md}}
 

src/pentesting-cloud/azure-security/az-lateral-movement-cloud-on-prem/az-connect-sync.md

@@ -1,6 +1,6 @@
 # Az - Connect Sync
 
-{{#include ../../../../banners/hacktricks-training.md}}
+{{#include ../../../banners/hacktricks-training.md}}
 
 ## Basic Information
 
@@ -213,7 +213,7 @@ seamless-sso.md
 - [https://www.silverfort.com/blog/exploiting-weaknesses-in-entra-id-account-synchronization-to-compromise-the-on-prem-environment/](https://www.silverfort.com/blog/exploiting-weaknesses-in-entra-id-account-synchronization-to-compromise-the-on-prem-environment/)
 - [https://posts.specterops.io/update-dumping-entra-connect-sync-credentials-4a9114734f71](https://posts.specterops.io/update-dumping-entra-connect-sync-credentials-4a9114734f71)
 
-{{#include ../../../../banners/hacktricks-training.md}}
+{{#include ../../../banners/hacktricks-training.md}}
 
 
 

src/pentesting-cloud/azure-security/az-lateral-movement-cloud-on-prem/az-domain-services.md

@@ -1,6 +1,6 @@
 # Az - Microsoft Entra Domain Services
 
-{{#include ../../../../banners/hacktricks-training.md}}
+{{#include ../../../banners/hacktricks-training.md}}
 
 ## Domain Services
 
@@ -87,4 +87,4 @@ while IFS=$'\t' read -r vm_name resource_group; do
 done <<< "$vm_list"
 ```
 
-{{#include ../../../../banners/hacktricks-training.md}}
+{{#include ../../../banners/hacktricks-training.md}}

src/pentesting-cloud/azure-security/az-lateral-movement-cloud-on-prem/az-federation.md

@@ -1,6 +1,6 @@
 # Az - Federation
 
-{{#include ../../../../banners/hacktricks-training.md}}
+{{#include ../../../banners/hacktricks-training.md}}
 
 ## Basic Information
 
@@ -158,7 +158,7 @@ Open-AADIntOffice365Portal -ImmutableID "aodilmsic30fugCUgHxsnK==" -Issuer http:
 - [https://learn.microsoft.com/en-us/azure/active-directory/hybrid/whatis-fed](https://learn.microsoft.com/en-us/azure/active-directory/hybrid/whatis-fed)
 - [https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps](https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps)
 
-{{#include ../../../../banners/hacktricks-training.md}}
+{{#include ../../../banners/hacktricks-training.md}}
 
 
 

src/pentesting-cloud/azure-security/az-lateral-movement-cloud-on-prem/az-hybrid-identity-misc-attacks.md

@@ -1,6 +1,6 @@
 # Hybrid Identity Miscellaneous Attacks
 
-{{#include ../../../../banners/hacktricks-training.md}}
+{{#include ../../../banners/hacktricks-training.md}}
 
 
 ## Forcing Synchronization of Entra ID users to on-prem
@@ -26,7 +26,7 @@ In order to synchronize a new user from Entra ID to the on-prem AD these are the
 - [https://activedirectorypro.com/sync-on-prem-ad-with-existing-azure-ad-users/](https://activedirectorypro.com/sync-on-prem-ad-with-existing-azure-ad-users/)
 - [https://www.orbid365.be/manually-match-on-premise-ad-user-to-existing-office365-user/](https://www.orbid365.be/manually-match-on-premise-ad-user-to-existing-office365-user/)
 
-{{#include ../../../../banners/hacktricks-training.md}}
+{{#include ../../../banners/hacktricks-training.md}}
 
 
 

src/pentesting-cloud/azure-security/az-lateral-movement-cloud-on-prem/az-pta-pass-through-authentication.md

@@ -1,6 +1,6 @@
 # Az - PTA - Pass-through Authentication
 
-{{#include ../../../../banners/hacktricks-training.md}}
+{{#include ../../../banners/hacktricks-training.md}}
 
 ## Basic Information
 
@@ -102,7 +102,7 @@ seamless-sso.md
 - [https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta](https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta)
 - [https://aadinternals.com/post/on-prem_admin/#pass-through-authentication](https://aadinternals.com/post/on-prem_admin/#pass-through-authentication)
 
-{{#include ../../../../banners/hacktricks-training.md}}
+{{#include ../../../banners/hacktricks-training.md}}
 
 
 

src/pentesting-cloud/azure-security/az-lateral-movement-cloud-on-prem/seamless-sso.md

@@ -1,6 +1,6 @@
 # Az - Seamless SSO
 
-{{#include ../../../../banners/hacktricks-training.md}}
+{{#include ../../../banners/hacktricks-training.md}}
 
 ## Basic Information
 
@@ -204,7 +204,7 @@ If the Active Directory administrators have access to Azure AD Connect, they can
 - [https://aadinternals.com/post/on-prem_admin/](https://aadinternals.com/post/on-prem_admin/)
 - [TR19: I'm in your cloud, reading everyone's emails - hacking Azure AD via Active Directory](https://www.youtube.com/watch?v=JEIR5oGCwdg)
 
-{{#include ../../../../banners/hacktricks-training.md}}
+{{#include ../../../banners/hacktricks-training.md}}