fix links

src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-cloudformation-privesc/README.md

@@ -57,7 +57,7 @@ The `cloudformation:SetStackPolicy` permission can be used to **give yourself `U
 
 An attacker with permissions to **pass a role and create & execute a ChangeSet** can **create/update a new cloudformation stack abuse the cloudformation service roles** just like with the CreateStack or UpdateStack.
 
-The following exploit is a **variation of the**[ **CreateStack one**](./#iam-passrole-cloudformation-createstack) using the **ChangeSet permissions** to create a stack.
+The following exploit is a **variation of the**[ **CreateStack one**](#iam-passrole-cloudformation-createstack) using the **ChangeSet permissions** to create a stack.
 
 ```bash
 aws cloudformation create-change-set \

src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-cognito-privesc.md

@@ -14,7 +14,7 @@ For more info about Cognito check:
 
 As Cognito can grant **IAM role credentials** to both **authenticated** an **unauthenticated** **users**, if you locate the **Identity Pool ID** of an application (should be hardcoded on it) you can obtain new credentials and therefore privesc (inside an AWS account where you probably didn't even have any credential previously).
 
-For more information [**check this page**](../aws-unauthenticated-enum-access/#cognito).
+For more information [**check this page**](../aws-unauthenticated-enum-access/index.html#cognito).
 
 **Potential Impact:** Direct privesc to the services role attached to unauth users (and probably to the one attached to auth users).
 
@@ -269,7 +269,7 @@ aws cognito-idp create-identity-provider \
 This is a very common permission by default in roles of Cognito Identity Pools. Even if a wildcard in a permissions always looks bad (specially coming from AWS), the **given permissions aren't super useful from an attackers perspective**.
 
 This permission allows to read use information of Identity Pools and Identity IDs inside Identity Pools (which isn't sensitive info).\
-Identity IDs might have [**Datasets**](https://docs.aws.amazon.com/cognitosync/latest/APIReference/API_Dataset.html) assigned to them, which are information of the sessions (AWS define it like a **saved game**). It might be possible that this contain some kind of sensitive information (but the probability is pretty low). You can find in the [**enumeration page**](../aws-services/aws-cognito-enum/) how to access this information.
+Identity IDs might have [**Datasets**](https://docs.aws.amazon.com/cognitosync/latest/APIReference/API_Dataset.html) assigned to them, which are information of the sessions (AWS define it like a **saved game**). It might be possible that this contain some kind of sensitive information (but the probability is pretty low). You can find in the [**enumeration page**](../aws-services/aws-cognito-enum/index.html) how to access this information.
 
 An attacker could also use these permissions to **enroll himself to a Cognito stream that publish changes** on these datases or a **lambda that triggers on cognito events**. I haven't seen this being used, and I wouldn't expect sensitive information here, but it isn't impossible.
 

src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-organizations-prinvesc.md

@@ -13,7 +13,7 @@ For more information check:
 ## From management Account to children accounts
 
 If you compromise the root/management account, chances are you can compromise all the children accounts.\
-To [**learn how check this page**](../#compromising-the-organization).
+To [**learn how check this page**](../index.html#compromising-the-organization).
 
 {{#include ../../../banners/hacktricks-training.md}}