embiggen headings

Author: DavidBuchanan314

README.md

@@ -14,7 +14,7 @@
 USAGE: python3 monomorph.py input_file output_file [payload_file]
 ```
 
-### What does it do?
+## What does it do?
 
 It packs up to 4KB of compressed shellcode into an executable binary, near-instantly. The output file will *always* have the same MD5 hash: `3cebbe60d91ce760409bbe513593e401`
 
@@ -26,13 +26,13 @@ Example usage:
 $ python3 monomorph.py bin/monomorph.linux.x86-64.benign bin/monomorph.linux.x86-64.meterpreter sample_payloads/bin/linux.x64.meterpreter.bind_tcp.bin
 ```
 
-### Why?
+## Why?
 
 People have [previously](https://www.mscs.dal.ca/~selinger/md5collision/) used single collisions to toggle a binary between "good" and "evil" modes. Monomorph takes this concept to the next level.
 
 Some people still insist on using MD5 to reference file samples, for various reasons that don't make sense to me. If any of these people end up investigating code packed using Monomorph, they're going to get very confused.
 
-### How does it work?
+## How does it work?
 
 For every bit we want to encode, a colliding MD5 block has been pre-calculated using FastColl. As summarised [here](https://github.com/corkami/collisions/tree/master/hashquines#read-an-encoded-value), each collision gives us a pair of blocks that we can swap out without changing the overall MD5 hash.
 
@@ -42,6 +42,6 @@ To speed this up, I made some small tweaks to FastColl to make it even faster in
 
 Since I've already done the pre-computation, reconfiguring the payload can be done near-instantly. Swapping the state of the pre-computed blocks is done using [a technique](https://github.com/corkami/collisions/blob/master/hashquines/scripts/collisions.py) implemented by Ange Albertini.
 
-### Is it detectable?
+## Is it detectable?
 
 Yes. It's not very stealthy at all, nor does it try to be. You can detect the collision blocks using [detectcoll](https://github.com/cr-marcstevens/hashclash/tree/collisiondetection/src/collisiondetection).