diff --git a/idacheatsheet.html b/idacheatsheet.html
index d486637..eea3900 100644
--- a/idacheatsheet.html
+++ b/idacheatsheet.html
@@ -14,86 +14,86 @@
Navigation
| Jump to operand | Enter |
-| Jump in new window | Alt+Enter |
+| Jump in new window |  + |
| Jump to previous position | Esc |
-| Jump to Next position | Ctrl+Enter |
+| Jump to Next position |  + |
| Jump to address | G |
-| Jump by name | Ctrl+L |
-| Jump to function | Ctrl+P |
-| Jump to segment | Ctrl+S |
-| Jump to segment register | Ctrl+G |
-| Jump to problem | Ctrl+Q |
-| Jump to cross reference | Ctrl+X |
+| Jump by name | +L |
+| Jump to function | +P |
+| Jump to segment | +S |
+| Jump to segment register | +G |
+| Jump to problem | +Q |
+| Jump to cross reference | +X |
| Jump to xref to operand | X |
-| Jump to entry point | Ctrl+E |
-| Mark Position | Alt+M |
+| Jump to entry point | +E |
+| Mark Position | +M |
Search
-| Next code | Alt+C |
-| Next data | Ctrl+D |
-| Next explored | Ctrl+A |
-| Next unexplored | Ctrl+U |
-| Immediate value | Alt+I |
-| Next immediate value | Ctrl+I |
-| Text | Alt+T |
-| Next text | Ctrl+T |
-| Sequence of bytes | Alt+B |
-| Next sequence of bytes | Ctrl+B |
-| Not function | Alt+U |
+| Next code | +C |
+| Next data | +D |
+| Next explored | +A |
+| Next unexplored | +U |
+| Immediate value | +I |
+| Next immediate value | +I |
+| Text | +T |
+| Next text | +T |
+| Sequence of bytes | +B |
+| Next sequence of bytes | +B |
+| Not function | +U |
Graphing
| Flow chart | F12 |
-| Function calls | Ctrl+F12 |
+| Function calls | +F12 |
Comments
-| Enter comment | Shift+; |
+| Enter comment |  +; |
| Enter repeatable comment | ; |
| Enter anterior lines | Ins |
-| Enter posterior lines | Shift+Ins |
-| Insert predefined comment | Shift+F1 |
+| Enter posterior lines | +Ins |
+| Insert predefined comment | +F1 |
Data Format Options
-| ASCII strings style | Alt+A |
-| Setup data types | Alt+D |
+| ASCII strings style | +A |
+| Setup data types | +D |
Open Subviews
-| Names | Shift+F4 |
-| Functions | Shift+F3 |
-| Strings | Shift+F12 |
-| Segments | Shift+F7 |
-| Segment registers | Shift+F8 |
-| Signatures | Shift+F5 |
-| Type libraries | Shift+F11 |
-| Structures | Shift+F9 |
-| Enumerations | Shift+F10 |
+| Names | +F4 |
+| Functions | +F3 |
+| Strings | +F12 |
+| Segments | +F7 |
+| Segment registers | +F8 |
+| Signatures | +F5 |
+| Type libraries | +F11 |
+| Structures | +F9 |
+| Enumerations | +F10 |
File Operations
-| Parse C header file | Ctrl+F9 |
-| Create ASM file | Alt+F10 |
-| Save database | Ctrl+W |
+| Parse C header file | +F9 |
+| Create ASM file | +F10 |
+| Save database | +W |
Debugger
| Star process | F9 |
-| Terminate process | Ctrl+F2 |
+| Terminate process | +F2 |
| Step into | F7 |
| Step over | F8 |
-| Run until return | Ctrl+F7 |
+| Run until return | +F7 |
| Run to cursor | F4 |
| Breakpoints |
-| Breakpoint list | Ctrl+Alt+B |
+| Breakpoint list | ++B |
@@ -103,29 +103,29 @@
Tracing
-| Stack trace | Ctrl+Alt+S |
+| Stack trace | ++S |
Miscellaneous
-| Calculator | Shift+/ |
-| Cycle through open views | Ctrl+Tab |
-| Select tab | Alt + [1…N] |
-| Close current view | Ctrl+F4 |
-| Exit | Alt+X |
-| IDC Command | Shift+F2 |
+| Calculator | +/ |
+| Cycle through open views | +Tab |
+| Select tab | + [1…N] |
+| Close current view | +F4 |
+| Exit | +X |
+| IDC Command | +F2 |
Edit (Data Types – etc)
-| Copy | Ctrl+Ins |
-| Begin selection | Alt+L |
-| Manual instruction | Alt+F2 |
+| Copy | +Ins |
+| Begin selection | +L |
+| Manual instruction | +F2 |
| Code | C |
| Data | D |
-| Struct variable | Alt+Q |
+| Struct variable | +Q |
| ASCII string | A |
| Array | Num * |
| Undefine | U |
@@ -136,11 +136,11 @@
Operand Type
| Offset (data segment) | O |
-| Offset (current segment) | Ctrl+O |
-| Offset by (any segment) | Alt+R |
-| Offset (user-defined) | Ctrl+R |
+| Offset (current segment) | +O |
+| Offset by (any segment) | +R |
+| Offset (user-defined) | +R |
| Offset (struct) | T |
-| Number (default) | Shift+3 |
+| Number (default) | +3 |
| Hexadecimal | Q |
| Decimal | H |
| Binary | B |
@@ -148,32 +148,32 @@
| Segment | S |
| Enum member | M |
| Stack variable | K |
-| Change sign | Shift+- |
-| Bitwise negate | Shift+` |
-| Manual | Alt+F1 |
+| Change sign | +- |
+| Bitwise negate | +` |
+| Manual | +F1 |
Segments
-| Edit segment | Alt+S |
- | Change segment register value | Alt+G |
+| Edit segment | +S |
+ | Change segment register value | +G |
Structs
-| Struct var | Alt+Q |
- | Force zero offset field | Ctrl+Z |
-| Select union member | Alt+Y |
+| Struct var | +Q |
+ | Force zero offset field | +Z |
+| Select union member | +Y |
Functions
| Create function | P |
-| Edit function | Alt+P |
+| Edit function | +P |
| Set function end | E |
-| Stack variables | Ctrl+K |
-| Change stack pointer | Alt+K |
+| Stack variables | +K |
+| Change stack pointer | +K |
| Rename register | V |
| Set function type | Y |
diff --git a/malware.md b/malware.md
index efc1946..2987038 100644
--- a/malware.md
+++ b/malware.md
@@ -14,18 +14,12 @@ title: Malware Techniques
|  |  |  |  |  |  |
## Techniques Overview ##
-* [Compression](#compression)
-* [Obfuscation](#obfuscation)
-* [Persistence](#persistence)
-* [Privilege Escalation](#privilege-escalation)
-* [Defense Evasion](#defense-evasion)
-* [Credential Theft](#credential-theft)
-* [Reconnaissance](#recon)
-* [Lateral Movement](#lateral-movement)
-* [Execution](#execution)
-* [Collection](#collection)
-* [Exfiltration](#exfiltration)
-* [Command and Control](#command-and-control)
+| [Compression](#compression) | [Obfuscation](#obfuscation) | [Persistence](#persistence) |
+| [Privilege Escalation](#privilege-escalation) | [Defense Evasion](#defense-evasion) | [Credential Theft](#credential-theft) |
+| [Reconnaissance](#recon) | [Lateral Movement](#lateral-movement) | [Execution](#execution) |
+| [Collection](#collection) | [Exfiltration](#exfiltration) | [Command and Control](#command-and-control) |
+
+---
## Compression
@@ -59,6 +53,8 @@ title: Malware Techniques
* [XComp/XPack](http://soft-lab.de/JoKo)
[Top^](#techniques-overview)
+
+---
## Obfuscation
@@ -70,6 +66,8 @@ title: Malware Techniques
+---
+
## Persistence
* Once malware gains access to a system, it often looks to be there for a long time.
@@ -77,6 +75,8 @@ title: Malware Techniques
+---
+
## Privilege Escalation
* Exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user.
@@ -94,6 +94,9 @@ title: Malware Techniques
Example: Dll Search Order Hijacking
+---
+
+
## Defense Evasion
* Evading detection or avoiding defenses.
* Common Techniques:
@@ -105,6 +108,8 @@ Example: Dll Search Order Hijacking
* Masquerading
* Process Hallowing
+---
+
## Credential Theft
* Going after password storage
@@ -114,28 +119,43 @@ Example: Dll Search Order Hijacking
Example: Mimikatz credential theft
+---
+
## Reconnaissance
* Gain knowledge about the system and internal network.
+---
+
## Lateral Movement
* Enable an adversary to access and control remote systems on a network and could
+---
+
## Execution
* Techniques that result in execution of adversary-controlled code on a local or remote system
* scripts
* post-exploitation
+---
+
+
## Collection
* Identify and gather information, such as sensitive files, from a target network prior to exfiltration
+---
+
+
## Exfiltration
* Removing files and information
+---
+
+
## Command and Control
* Communicate with systems under their control
| |