fix

carlospolop · carlospolop · commit 816da7ad92b1 · 2025-01-26T15:48:40.000+01:00
diff --git a/src/images/arte.png b/src/images/arte.png
diff --git a/src/pentesting-cloud/aws-security/aws-services/aws-cognito-enum/cognito-identity-pools.md b/src/pentesting-cloud/aws-security/aws-services/aws-cognito-enum/cognito-identity-pools.md
@@ -88,7 +88,7 @@ For more information check https://github.com/padok-team/cognito-scanner
 The only thing an attacker need to know to **get AWS credentials** in a Cognito app as unauthenticated user is the **Identity Pool ID**, and this **ID must be hardcoded** in the web/mobile **application** for it to use it. An ID looks like this: `eu-west-1:098e5341-8364-038d-16de-1865e435da3b` (it's not bruteforceable).
 
 > [!TIP]
-> The **IAM Cognito unathenticated role created via is called** by default `Cognito_<Identity Pool name>Unauth_Role`
+> The **IAM Cognito unauthenticated role created via is called** by default `Cognito_<Identity Pool name>Unauth_Role`
 
 If you find an Identity Pools ID hardcoded and it allows unauthenticated users, you can get AWS credentials with:
 
diff --git a/src/pentesting-cloud/azure-security/az-services/vms/README.md b/src/pentesting-cloud/azure-security/az-services/vms/README.md
@@ -837,7 +837,7 @@ Invoke-AzureRmVMBulkCMD -Script Mimikatz.ps1 -Verbose -output Output.txt
 ## Unauthenticated Access
 
 {{#ref}}
-../../az-unauthenticated-enum-and-initial-entry/az-vms-unath.md
+../../az-unauthenticated-enum-and-initial-entry/az-vms-unauth.md
 {{#endref}}
 
 ## Post Exploitation
