diff --git a/TopDog.pdf b/TopDog.pdf
index b32b8ef1ac1a91eb470df7c6cc4d3707ff7353c2..6547adb5c4c43350896552e8a25c472dc6309435 100644
Binary files a/TopDog.pdf and b/TopDog.pdf differ
diff --git a/TopDog.tex b/TopDog.tex
index 422ec5d1ebc58692dc8b9ce2a41a95a3aebc68dc..7fa9e8f2dc4eab3ecfdd3d8d62a2049f135ee95e 100644
--- a/TopDog.tex
+++ b/TopDog.tex
@@ -6,7 +6,6 @@
 \usepackage[utf8]{inputenc}
 \usepackage{lmodern}
 \usepackage{csquotes}
-\usepackage{todonotes}
 \usepackage{savesym}
 \usepackage{pdflscape}
 \usepackage{rotating}
@@ -29,18 +28,10 @@
 \usepackage[colorlinks=true,linkcolor=blue,urlcolor=blue,citecolor=blue]{hyperref}
 \usepackage{comment}
 \usepackage{lmodern}
-\usepackage[style=numeric-comp,url=false,backend=biber,%
-firstinits=true,sorting=none,sortfirstinits=true,clearlang=true,%
-maxnames=3,minnames=1,uniquename=false,%
-maxbibnames=10
-]{biblatex}
-\pdfminorversion=6
 \restoresymbol{HR}{pdfbookmark}
 \usepackage{cleveref}
 \graphicspath{{./images/}}
 
-\addbibresource{references.bib}
-
 \definecolor{theWhite}{gray}{0.9}
 \definecolor{theBlack}{gray}{0.2}
 
@@ -61,12 +52,11 @@ maxbibnames=10
 \begin{document}
 \date{\today}
 \author{Jonathan Jogenfors\\Niklas Johansson\\ Guilherme Xavier\\
-    %\href{mailto:jonathan.jogenfors@liu.se}{\texttt{\small{jonathan.jogenfors@liu.se}}}\\
     \small{Information Coding Group}\\\small{Department of Electrical
-        Engineering, Linköping University}
+    Engineering, Linköping University}
 }
-\title{LiU TopDog Hacking Challenge \\~\\ \large{TSIT01, TSIT02
-Computer Security\\ Linköping University}}
+\title{TopDog Hacking Challenge: \\ A Good Offense is the Best Defense \\~\\ \large{TSIT01, TSIT02
+Computer Security}}
 
 \maketitle
 
@@ -89,11 +79,12 @@ practical security work and understand some common pitfalls when developing web
 applications. After the lab you should be well-equipped to avoid these security
 issues whenever you develop your own web application.
 
-\section{Lab organization}\label{sec:lab_organization}
-This lab will run from the starting date to the end of the exam period. The lab system is
-publicly available and you can work on the assignments in your own time on the
-lab computers or your personal laptops. The progress will be stored on the
-server so you can come back at any time.
+\section{Lab Organization}\label{sec:lab_organization}
+This lab will run from the starting date until it closes. The lab
+system is publicly available and you can work on the assignments in your own
+time on the lab computers or your personal laptops. As the server is reachable
+from the Internet, you can also work from home if you so choose. The progress
+will be stored on the server so you can come back at any time.
 
 There are scheduled sessions where the assistant will be available at his or her
 office to provide assistance. Plan carefully, because time will be limited for
@@ -102,20 +93,23 @@ Think drop-in, so no booking is required.
 
 For other questions please see \cref{sec:contact}.
 
-\section{Deadlines}\label{sec:deadline} 
-The lab must be finished before the end
-of the exam period. Shortly after, the TopDog server will be shut down, so you
-can't do the lab after this date. If you don't complete the assignments before
-the deadline, you will have to do the lab next year. 
+\section{Deadlines}\label{sec:deadline}
+The lab starts on the $22^{nd}$ of November 2019 at (TBA o'clock). The lab must
+be finished before the end date (TBA, January 2020). At this time, the
+assignments will be disabled an no more progress can be done. If you haven't
+finished the lab by this date you will have to re-take the lab next year.
 
-Winner of the competition
-will be the leader of the scoreboard by 5 pm the day before the (first) guest lecture (the scoreboard will lock at this point).
+There is also another, soft deadline. At 5 PM on the $9^{th}$ of December 2019
+the competitive part of the lab ends and the scoreboard will lock. No more
+points or medals will be awarded at this point. The next day, just before the
+guest lecture, there will be a small ceremony for the winners.
 
-\section{Disciplinary stuff}
-You are expected to do the lab in your own.
-Co-operation is allowed and encouraged. You are expected to understand and
-follow the university-wide rules for disciplinary matters, as for any other
-examination you are not allowed to cheat.
+\section{Disciplinary Stuff}
+Each individual student is expected to perform the lab in order to pass.
+However,  you are allowed (and encouraged!) to cooperate is allowed and
+encouraged. You are expected to understand and follow the university-wide rules
+for disciplinary matters, as for any other examination you are not allowed to
+cheat.
 
 \section{Ethics}
 This lab and what you learn is for educational purposes only. Do not attempt to
@@ -123,7 +117,7 @@ use these techniques without authorization. If you are caught engaging in
 unauthorized hacking, most companies will take legal action. \textbf{Claiming that you
 were doing security research will not protect you.}
 
-\section{Contact information}\label{sec:contact}
+\section{Contact Information}\label{sec:contact}
 To get in touch with the lab assistant, please send e-mail to the e-mail address
 below corresponding to your course. The course homepage always contains the
 latest version of this document, so be sure to check it out regularly.
@@ -131,113 +125,82 @@ latest version of this document, so be sure to check it out regularly.
 \subsection{TSIT01 Datasäkerhetsmetoder}
 \begin{description}
     \item[Course homepage:] \url{http://www.icg.isy.liu.se/courses/tsit01/}
-    \item[Lab E-mail:] \href{mailto:tsit01-lab@isy.liu.se}{\texttt{tsit01-lab@isy.liu.se}}
+    \item[Lab e-mail:] \href{mailto:tsit01-lab@isy.liu.se}{\texttt{tsit01-lab@isy.liu.se}}
 \end{description}
 
 \subsection{TSIT02 Computer Security}
 \begin{description}
     \item[Course homepage:] \url{http://www.icg.isy.liu.se/courses/tsit02/}
-    \item[Lab E-mail:] \href{mailto:tsit02-lab@isy.liu.se}{\texttt{tsit02-lab@isy.liu.se}}
+    \item[Lab e-mail:] \href{mailto:tsit02-lab@isy.liu.se}{\texttt{tsit02-lab@isy.liu.se}}
 \end{description}
 
 \chapter{Preparing for the lab}
 \textbf{Begin by reading through the entire lab PM}. Remember to regularly check the
 course homepage to see if we updated the PM, as we continuously improve the lab.
-%
-%\section{Lab group}
-%First, you need to find a partner to work with. All students are expected to
-%work in groups of two. If this is not possible, please contact the lab
-%assistant. When you have somebody to work with you will need to choose a
-%username and password to use on the TopDog server. Each group of two
-%will have an account, so you will need to choose a username and password for the
-%group. Please note the following:
-%\begin{enumerate}
-%    \item Your username (not password) is public and will be shown to to the
-%        entire university on the scoreboard (which is shown on monitors around
-%        the campus).
-%    \item We reserve the right to ban stupid and/or offensive usernames for any
-%        reason.
-%    \item Both of you will have the password, so choose a password you don't use
-%        anywhere else.
-%    \item The password storage in TopDog is hashed and salted, however do not
-%        use a password that you care about.
-%\end{enumerate}
-%Tip: Generate a random password
-%and write it down on a note in your wallet, or use a password manager!
-
-\section{User accounts}\label{sec:register}
-If you are register to the course, you will automatically have an account. If you are not registered, you need to contact a \href{https://www.lith.liu.se/studievagledning?l=en\&sc=true}{study chancellor}.
-
-Now go to
-\href{http://snickerboa.it.liu.se}{http://snickerboa.it.liu.se} and click on "login via SAML" and login with your LiU-id. If you don't wish your LiU-id to show on the scoreboard, you can change to a name of your choosing (at first login, if you want to change it again you need to contact us). However, we reserve the right to ban stupid and/or offensive user names for any reason.
-%register an account, see \cref{fig:login}. Note that the registration link is
-%hidden and must be typed just like that. The registration screen is shown in
-%\cref{fig:register}. Note that registration requires you to type in the correct
-%\texttt{passcode}, which is found in Lisam. The passcode is to discourage people
-%outside the course to do the lab and appear on the scoreboard. Please do not
-%share the passcode.
-%\begin{figure}
-%    \centering
-%    \includegraphics[width=.9\linewidth]{register.png}
-%    \caption{The TopDog registration page.\label{fig:register}}
-%\end{figure}
-%
-%Next, return to the login screen and login with your credentials. If you
-%succeeded, you will be greeted with \enquote{Let's get
-%started!}. This means you logged in. If the login fails, please double-check the
-%login username and password before contacting us (see \cref{sec:contact}).
-%
-%\begin{figure}
-%    \centering
-%    \includegraphics[width=.9\linewidth]{login.png}
-%    \caption{The TopDog login page.\label{fig:login}}
-%\end{figure}
 
+\section{Logging In}\label{sec:register}
+If you are registered for the course, you will automatically have an account. If
+you are not registered, you need to contact a
+\href{https://www.lith.liu.se/studievagledning?l=en\&sc=true}{study counselor}.
+Note that course registration is compulsory for all examination, not just the
+lab!
+
+Now go to \href{http://snickerboa.it.liu.se}{http://snickerboa.it.liu.se} and
+click on \enquote{Login via SAML} and login with your LiU-id. In the next step
+you are free to choose how your name will be displayed on the scoreboard. The
+scoreboard is publicly available and is also displayed on screens around campus,
+so it can be a good idea not to use your real name. Note that once this name is
+set you can not change it again\footnote{If you really want to change it, please
+contact us.}. We reserve the right to ban stupid and/or offensive user names for
+any reason.
 
 \chapter{Performing the Lab}
-TopDog contains a number of modules that cover different topics in
-web pentesting. 
+The lab contains a number of modules that cover different topics in web
+penetration testing.
 
 \section{Assignments}\label{sec:assignments}
-In order to pass the lab, you are required to finish all 21 assignments (see \cref{sec:list_of_ass}). In
-order to prepare yourself for the assignments, there are also lessons which give
-a gentle introduction to the topic at hand. You can solve the assignments in any
-order you want.
-
-There are also challenges which can be performed if you wish to try your luck.
-Note that the lab assistant will not help you with the challenges, you have to
-do your own research here.
+In order to pass the lab, you are required to finish all 21 assignments (see
+\cref{sec:list_of_ass}). In order to prepare yourself for the assignments, there
+are also lessons which give a gentle introduction to the topic at hand. You can
+solve the assignments in any order you want.
 
-\section{Result keys}
+There are also extra challenges, beyond what we require for a passing grade, if
+you wish to try your skill. Note that the lab assistant will not help you with
+the challenges, you have to do your own research here.
 
+\section{Result Keys}
 For each lesson and challenge your goal is to retrieve the so-called
-\enquote{result key}. When you finish a lesson or challenge, TopDog
+\enquote{result key}. When you finish a lesson or challenge, the server
 detects that \enquote{it has been hacked} and gives you the key. Paste this key
 into the box on top, shown in \cref{fig:resultkey}. Depending on
-the module the format of the result key can vary, but it might look something
+the assignment at hand, the format of the result key can vary, but it might look something
 like the following:
 \commandline{resultkey.txt}
 
-\begin{figure}[b]
+\begin{figure}
     \centering
     \includegraphics[width=.8\linewidth]{resultkey.png}
     \caption{Example of result key and where to paste it.}\label{fig:resultkey}
 \end{figure}
 
 Whenever you receive a result key, paste it to the \enquote{Submit Result Key
-Here} box on the top of the screen.
+Here} box on the top of the screen. Don't even think of brute-forcing the key,
+there are detection mechanisms in place and this can be considered cheating.
+Also, each student will get an individual result key, and sharing keys with your
+friends is easily detected and not allowed.
 
 \section{Best Practices}
 It is a good idea to keep notes of how you pass each challenge. While your
-progress on the server is backed up frequently we can never be too sure. Save
-your notes so you can get back to where you were in case of a catastrophic
-server failure.
+progress on the server is backed up frequently we can never be too sure. An
+important part of computer security is to have a disaster recovery plan, and if
+the database was affected by corruption some written notes can help you recover
+faster.
 
 \section{Scoreboard}
 Whenever you finish a lesson, assignment, or challenge, it will show up on the
-LiU TopDog scoreboard. The scoreboard is public, and anybody can see the
+scoreboard. The scoreboard is public, and anybody can see the
 progress of the participants. In addition, the scoreboard will be displayed
-on monitors around café java.
+on monitors around campus, especially around Cafe Java in the B-building.
 
 The scoreboard is just for fun, and in order to pass you are only required to
 finish the assignments. If you have finished the assignments and want more
@@ -248,12 +211,14 @@ will receive points, so the more challenges you finish, the more bragging rights
 you have. Also, harder challenges give more points.
 
 Your name will not appear on the scoreboard until you have finished your first
-challenge. There is also a small bonus for being the first student to
-finish a given lesson or challenge in the form of medals. A gold medal is
-awarded to a group who finishes a lesson or challenge nobody else has finished
-yet. A silver medal is given to the second one, and bronze to the third. In the
-scoreboard there will therefore be users with medals in addition to the normal
-point score. These medals are not worth any points, but will be used as tiebreakers!
+challenge. Also, there are medals! A gold medal is awarded to the student who
+finishes a lesson or challenge nobody else has finished yet. A silver medal is
+given to the second one, and bronze to the third. In the scoreboard there will
+therefore be users with medals in addition to the normal point score. These
+medals are not worth any points, but will be used as tiebreakers in the
+competition. In order to break a tie, we first count the gold medals, then the
+silver medals, and then the bronze medals. After this, we will draw lots if
+needed.
 
 But remember, the scoreboard is just for fun. It has nothing to do with actually
 passing the lab.
@@ -261,12 +226,12 @@ passing the lab.
     \begin{figure}
         \centering
         \includegraphics[width=.9\linewidth]{scoreboard.png}
-        \caption{The TopDog scoreboard from 2016. Note the medals on some of the usernames.}
-        \label{fig:scoreboard}
+        \caption{The TopDog scoreboard from 2016. Note the medals on some of the
+        usernames.\label{fig:scoreboard}}
     \end{figure}
 \end{landscape}
 
-\section{List of lessons}
+\section{List of Lessons}
 The following lessons are available:
 \begin{description}\label{sec:lessons}
     \item[Broken Session Management]
@@ -281,7 +246,7 @@ The following lessons are available:
     \item[Unvalidated Redirects and Forwards]
 \end{description}
 
-\section{List of assignments}\label{sec:list_of_ass}
+\section{List of Assignments}\label{sec:list_of_ass}
 Below are the required assignments (there are hidden hints!):
 \begin{description}
     \item[Session Management Challenge 1]
@@ -294,7 +259,8 @@ Below are the required assignments (there are hidden hints!):
     \item[Session Management Challenge 3]
     \item[SQL Injection 1]
     \item[SQL Injection 2]
-        {\color{white}The server first checks if the query contains \emph{one} @ before processing it!}
+        {\color{white}The server first checks if the query contains \emph{one} @
+        before processing it!}
     \item[Insecure Cryptographic Storage Challenge 1]
     \item[Insecure Cryptographic Storage Challenge 2]
         {\color{white}Here, \enquote{2d cipher} refers to the
@@ -308,79 +274,94 @@ Below are the required assignments (there are hidden hints!):
     \item[Failure to Restrict URL Access 1]
     \item[CSRF 1]
     \item[Cross Site Scripting 2]
-        {\color{white}Now the XSS filter is getting more clever,
-            but it's not perfect. Check the source code of the HTML returned from
-            the server to see which commands are filtered and which are not. Use the
-        hints from the slides.}
+        {\color{white}Now the XSS filter is getting more clever, but it's not
+            perfect. Check the source code of the HTML returned from the server
+            to see which commands are filtered and which are not. Use the hints
+        from the slides.}
     \item[Session Management Challenge 4]
-        {\color{white}Can you guess a Session ID? It should
+        {\color{white}Can you guess a Session ID\@? It should
         be somewhat larger than 20.}
     \item[Failure to Restrict URL Access 2]
     \item[Cross Site Scripting 3]
     \item[Insecure Cryptographic Storage Challenge 3]
-        {\color{white}There are a number of ways
-            to defeat the crypto and get the encryption key in this challenge. The
-        quickest way is to submit base64 encoded spaces.}
+        {\color{white}There are a number of ways to defeat the crypto and get
+            the encryption key in this challenge. The quickest way is to submit
+        base64 encoded spaces.}
     \item[SQL Injection 3]
         {\color{white}To complete this challenge, you must craft a second
             statement to return Mary Martin's credit card number as the current
-            statement only returns the customerName attribute. Note that the UNION
-        statement isn't filtered!}
+            statement only returns the customerName attribute. Note that the
+            UNION statement isn't filtered!}
     \item[Insecure Direct Object Reference Bank]
         {\color{white}To complete this challenge you
-            must first register an account. The account must have a unique name. The
-            next step is to click the refresh balance button. Capture this request, and
-            replay it with different account numbers until you find one with cash. If
-            you are the first person to attempt this challenge, the account number 1
-            should have 10 million in it. You should be able to figure out the rest.
-        See \cref{sec:faq-bank} if there's not enough money anywhere!}
+            must first register an account. The account must have a unique name.
+            The next step is to click the refresh balance button. Capture this
+            request, and replay it with different account numbers until you find
+            one with cash. If you are the first person to attempt this
+            challenge, the account number 1 should have 10 million in it. You
+            should be able to figure out the rest. See \cref{sec:faq-bank} if
+        there's not enough money anywhere!}
 \end{description}
 
 \chapter{Contributing to the lab}
-We think the CTF lab is a great way to teach, and want to encourage you to submit your ideas and feedback to us. Do visit our \href{https://gitlab.liu.se/topdog/ctf-lab-pm}{internal project page}, where you can help us out! This is the LiU GitLab server, and you can file an issue by clicking on the issues link shown in \cref{fig:issues}.
-
-
-    \begin{figure}
-        \centering
-        \includegraphics[width=.9\linewidth]{issues.png}
-        \caption{Click on Issues to file an issue report.}
-        \label{fig:issues}
-    \end{figure}
-
-
+We think that this lab is a great way to teach important concepts in information
+security, and want to encourage you to
+submit your ideas and feedback to us. Do visit our
+\href{https://gitlab.liu.se/topdog/ctf-lab-pm}{internal project page}, where you
+can help us out! This is the LiU GitLab server, and there are several ways of
+helping out.
+
+\section{Submit a Bug Report}
+If you run into a bug, you are encouraged either to contact us directly, or file
+a bug report on \href{https://gitlab.liu.se/topdog/ctf-lab-pm}{gitlab}. Click
+the link shown in \cref{fig:issues} and fill out the details. The more specific
+you can be, the more you will be able to help us
+out!
+
+\section{Ideas for Enhancements}
+You can file more than just bug reports! If you feel something is missing, or
+something could be done better, you can also submit enhancement ideas.
+
+\section{Fork It!}
+Are you familiar with git? If yes, then you can contribute even more! Fork the
+\href{https://gitlab.liu.se/topdog/ctf-lab-pm}{repository}, commit your own changes, and then send us a merge request
+(sometimes called a pull request). If you need help, please see the
+\href{https://docs.gitlab.com/ee/user/project/repository/forking_workflow.html}{official
+documentation}.
 
+\begin{figure}
+    \centering
+    \includegraphics[width=.8\linewidth]{issues.png}
+    \caption{Click on Issues to file an issue report.\label{fig:issues}}
+\end{figure}
 
 \chapter{Frequently Asked Questions (FAQ)}
 This section will be updated with frequently asked questions about the lab.
 
-\section{I'm stuck, what should I do?}
-First make sure you have read through the whole lab PM. Second, consult and discuss with a friend (this is the best way of getting new ideas). Lastly, use the assistances drop-in time slot (see \cref{sec:lab_organization}).
+\section{I am Stuck, What Should I Do?}
+First make sure you have read through the whole lab PM\@. Second, consult and
+discuss with a friend (this is the best way of getting new ideas). Lastly, use
+the assistances drop-in time slot (see \cref{sec:lab_organization}).
 
-
-\section{There is something wrong with the server!}
+\section{There is Something Wrong With the Server!}
 First check that your Internet connection is working and that your attack proxy
-isn't giving you problems. If the TopDog server is unavailable, or if there's some
-\emph{technical} issue with it that has nothing to do with the lab itself, first
-wait a few minutes. If it doesn't come back it might be an outage (planned or
-unplanned). If we are doing some planned work on the server this will be posted
-on Lisam.
+isn't giving you problems. If the TopDog server is unavailable, or if there's
+some \emph{technical} issue with it that has nothing to do with the lab itself,
+first wait a few minutes. If it doesn't come back it might be an outage (planned
+or unplanned). If we are doing some planned work on the server this will be
+posted on Lisam.
 
 If the server is still down and there's nothing on Lisam saying it's a planned
 outage, the server might be down. Please send an e-mail to the lab assistant,
 see \cref{sec:contact}.
 
-%\section{How do I create a TopDog account?}
-%
-%
-%See \cref{sec:register}.
-
-\section{Can I get bonus points for the exam?}
+\section{Can I Get Bonus Points For the Exam?}
 The scoreboard and its points, bonus points, and medals is for fun only. They
 have absolutely nothing to do with passing the lab or with the examination of
 the course. The lab assistant can see how many assignments you have finished,
 independently of the scoreboard.
 
-\section{What happens if I can't go to the coaching session?}
+\section{What Happens If I Can't Go to the Coaching Session?}
 The coaching sessions are not a compulsory part of the course. If you can't
 attend, there is no penalty. However, the sessions can be valuable as you have
 the opportunity to get coaching and ask questions about the lab. Also, you must
@@ -394,8 +375,9 @@ Try your skills on the challenges! If this is still not enough, check out
 \section{I don't get a result key, only \enquote{Key Should be here! Please
         refresh the home page and try again! If that doesn't work, sign in and out
 again!}}
-This is a bug that sometimes happens. Contact us (\cref{sec:contact}) and we'll
-help you.
+This is a bug that sometimes happens. We \emph{hope} that this issue has now
+been solved, but if it does happen, please contact us (\cref{sec:contact}) and
+we'll help you.
 
 \section{The result key in insecure crypto challenges isn't working!}
 Make sure you check that you've got UPPERCASE/lowercase correctly. Some online
@@ -405,49 +387,26 @@ calculators will mess this up. Also make sure it handles spaces correctly.
 money left}\label{sec:faq-bank}
 It can happen that the total amount of money is too small to pass the lab. In
 this case, contact us at \cref{sec:contact} and we'll fill up bank with some
-more money to steal :)
+more money to steal!
 
 \section{I love computer security and I am looking for thesis work!}
-Don't hesitate to contact us at the Information Coding Group\footnote{https://liu.se/en/organisation/liu/isy/icg}. Also, if you like crypto we
-highly recommend the course TSIT03
+Don't hesitate to contact us at the Information Coding
+Group\footnote{https://liu.se/en/organisation/liu/isy/icg}. Also, if you like
+crypto we highly recommend the course TSIT03
 Cryptology\footnote{http://www.icg.isy.liu.se/courses/tsit03/} that is given in
 HT1 every year.
 
-\section*{About this document}
-This lab memo is intended for students of the computer security courses \texttt{TSIT01} and
-\texttt{TSIT02} at Linköping University.
-\section*{Changelog}
-\begin{description}
-		\item[2019] Adaption to the new registration procedure.
-    \item[2017] Revised for the 2017 course.
-    \item[2016] Initial version.
-\end{description}
-\section*{Acknowledgements}
-This lab owes its existence to Anders Märak Leffler who brought this software to
-my attention back in 2015. I also want to thank the OWASP Foundation and the
-OWASP chapter in Gothenburg for help with getting started. Thanks to the LiU IT
-department who was willing to set up and support a web application server that,
-contrary to all common sense and in violation of
-probably a dozen IT policies, contains all kinds of web vulnerabilities. Also
-thanks to Niklas Johansson for helping me get all the lab details straight and,
-of course, prof. Jan-Åke Larsson, who gave us the go-ahead to build what is
-probably going to be a very interesting lab course.
-\bigskip
-
-\noindent
-Linköping, November 2016\\
-\emph{Jonathan Jogenfors}
 
 \appendix
 \chapter{Tools}\label{sec:tools}
 Penetration testing requires you to have a large and diverse toolbox. In this
 lab, you will mostly use online tools (that you'll have to find yourself) and
-one offline tool: ZAP. The online tools can be things such as online
+one offline tool: ZAP\@. The online tools can be things such as online
 calculators, hex-to-dec-converters, decryption tools for cryptographic
 algorithms etc. Use Google! Also, the slides from the lab preparation lecture
 will be of use to you.
 
-\section{Viewing the source code}
+\section{Viewing the Source Code}
 The first step in most web attacks is usually to look at the source code. This
 will show you the raw HTML/CSS/JavaScript that builds up the page. For a quick
 reference on what the HTML tags do, check out the W3 HTML
@@ -471,18 +430,16 @@ source code of TopDog itself and not the module.
 \begin{figure}
     \centering
     \includegraphics[width=\linewidth]{sourcecode.png}
-    \caption{An example of a source code of a module.}
-    \label{fig:source}
+    \caption{An example of a source code of a module.\label{fig:source}}
 \end{figure}
 \begin{figure}
     \centering
     \includegraphics[width=\linewidth]{frame-source}
     \caption{How to view only the source of the \texttt{iframe} containing the
-    module.}
-    \label{fig:frame-source}
+    module.\label{fig:frame-source}}
 \end{figure}
 
-\section{The Zed Attack proxy (ZAP)}
+\section{The Zed Attack Proxy (ZAP)}
 ZAP is the Zed Attack Proxy by
 OWASP\footnote{\url{https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project}}.
 You will use this tool to modify HTTP packets sent between your web browser and
@@ -503,8 +460,7 @@ Windows, Linux and OSX and requires Java 7 or higher.
         edit them.
         5. Information Window – Displays details of the automated and manual tools.
         6. Footer – Displays a summary of the alerts found and the status of the main
-    automated tools.}
-    \label{fig:zap}
+    automated tools.\label{fig:zap}}
 \end{figure}
 Installing ZAP is easy. If you don't have Java, the installer will help you
 download and install it. If you have any trouble, check the ZAP Quick Start
@@ -517,14 +473,13 @@ safe to say yes. After starting up, you will see the ZAP interface as shown in
 \begin{figure}
     \centering
     \includegraphics[width=\linewidth]{proxy.png}
-    \caption{Schematic of the attack proxy}
-    \label{fig:proxy}
+    \caption{Schematic of the attack proxy\label{fig:proxy}}
 \end{figure}
 In order to use the attack proxy, you will need to configure your web browser to
 connect through it. Here, it is recommended that you download and install a
 secondary web browser to your computer, so that you have one normal browser (for
 googling and general browsing) and one \enquote{attack browser} for use with
-TopDog. Otherwise, ZAP will intercept all your HTTPS sessions (i.e. also your
+TopDog. Otherwise, ZAP will intercept all your HTTPS sessions (i.e.\ also your
 general web browsing), which
 is very annoying.
 
@@ -536,8 +491,7 @@ as the proxy configuration for HTTP and HTTPS protocols.
     \centering
     \includegraphics[width=.6\linewidth]{firefox-proxy.png}
     \caption{Firefox proxy configuration (Preferences -> Advanced -> Network ->
-    Settings)}
-    \label{fig:firefox-proxy}
+    Settings).\label{fig:firefox-proxy}}
 \end{figure}
 
 For instance, the configuration\footnote{http://www.wikihow.com/Enter-Proxy-Settings-in-Firefox} for Firefox is shown in
@@ -546,8 +500,8 @@ Chrome can be found here: \url{https://support.google.com/chrome/answer/96815}.
 \begin{figure}
     \centering
     \includegraphics[width=.6\linewidth]{maninthemiddle.png}
-    \caption{Schematic diagram of ZAP when dealing with HTTPS traffic}
-    \label{fig:maninthemiddle}
+    \caption{Schematic diagram of ZAP when dealing with HTTPS
+    traffic.\label{fig:maninthemiddle}}
 \end{figure}
 
 Now, using the attack browser, go to the TopDog page:
@@ -557,9 +511,9 @@ HTTPS traffic (see \cref{fig:maninthemiddle}). Remember that we talked about
 this in the lecture. You will have to accept the ZAP
 certificate and add it as an exception to the attack browser.
 
-\subsection{Intercepting HTTP(S) traffic with ZAP}
+\subsection{Intercepting HTTP(S) Traffic With ZAP}  %chktex 36
 Now you can browse around in TopDog and see that the traffic appears
-in ZAP. In the left-hand pane you see \texttt{Sites}. Expand it and you see the
+in ZAP\@. In the left-hand pane you see \texttt{Sites}. Expand it and you see the
 site \texttt{https://snickerboa.it.liu.se}. Inside, you see the different
 requests (mainly \texttt{GET} and \texttt{POST}) that were made to the server.
 
@@ -578,16 +532,14 @@ an example of a response package.
         for cross-site scripting. In
         the lower right side you can see \texttt{userdata=99}, which means that
         the request contains POST data from a form with the varaible
-    \texttt{userdata} set to the value 99.}
-    \label{fig:request}
+    \texttt{userdata} set to the value 99.\label{fig:request}}
 \end{figure}
 \begin{figure}
     \centering
     \includegraphics[width=\linewidth]{lesson-response.png}
     \caption{ZAP showing a response packet from the web server to the web
         browser. The body of the response shows a HTML-encoded text saying that
-    \enquote{the number 99 is a valid number}.}
-    \label{fig:response}
+    \enquote{the number 99 is a valid number}.\label{fig:response}}
 \end{figure}
 
 Now we want to capture a HTTP response for ourselves. Begin by pressing the
@@ -615,8 +567,7 @@ destinations.
     \centering
     \includegraphics{step.png}
     \caption{The important Break, Step, and Play buttons in ZAP (the three
-    leftmost buttons)}
-    \label{fig:step}
+    leftmost buttons)\label{fig:step}}
 \end{figure}
 
 \chapter{Capturing The Flag}\label{sec:ctf}
@@ -630,5 +581,30 @@ who finish first.
 If you found this lab course interesting and want more CTF challenges, check out
 this list: \url{https://captf.com/practice-ctf/}.
 
+\chapter{About This Document}
+This lab memo is intended for students of the computer security courses
+\texttt{TSIT01} and \texttt{TSIT02} at Linköping University.
+
+\section{Changelog}
+\begin{description}
+    \item[2019] Lab has now been integrated with LiU-ID login.
+    \item[2017] Revised for the 2017 course.
+    \item[2016] Initial version.
+\end{description}
+\section{Acknowledgements}
+This lab owes its existence to Anders Märak Leffler who brought this software to
+my attention back in 2015. I also want to thank the OWASP Foundation and the
+OWASP chapter in Gothenburg for help with getting started. Thanks to the LiU IT
+department who was willing to set up and support a web application server that,
+contrary to all common sense and in violation of
+probably a dozen IT policies, contains all kinds of web vulnerabilities. Also
+thanks to Niklas Johansson for helping me get all the lab details straight and,
+of course, prof. Jan-Åke Larsson, who gave us the go-ahead to build what is
+probably going to be a very interesting lab course.
+\bigskip
+
+\noindent
+Linköping, November 2016\\
+\emph{Jonathan Jogenfors}
 
 \end{document}