diff --git a/src/network-services-pentesting/pentesting-web/README.md b/src/network-services-pentesting/pentesting-web/README.md
index 4676a9ccc54..00f69adce9b 100644
--- a/src/network-services-pentesting/pentesting-web/README.md
+++ b/src/network-services-pentesting/pentesting-web/README.md
@@ -86,7 +86,7 @@ Some **tricks** for **finding vulnerabilities** in different well known **techno
 - [**IIS tricks**](iis-internet-information-services.md)
 - [**Microsoft SharePoint**](microsoft-sharepoint.md)
 - [**JBOSS**](jboss.md)
-- [**Jenkins**](<[https:/github.com/carlospolop/hacktricks/blob/master/network-services-pentesting/pentesting-web/broken-reference/README.md](https:/github.com/HackTricks-wiki/hacktricks-cloud/tree/master/pentesting-ci-cd/jenkins-security)/>)
+- [**Jenkins (CI/CD)**](https://cloud.hacktricks.wiki/en/pentesting-ci-cd/jenkins-security.html)
 - [**Jira**](jira.md)
 - [**Joomla**](joomla.md)
 - [**JSP**](jsp.md)
@@ -282,6 +282,40 @@ Tools:
 
 _Note that anytime a new directory is discovered during brute-forcing or spidering, it should be Brute-Forced._
 
+### Web fuzzing result triage with Burp/Turbo Intruder Anomaly Rank
+
+For large fuzzing sets, manual sorting by status/length is noisy. In Burp Suite 2025.10+, Anomaly Rank automatically surfaces outliers; Turbo Intruder auto-sorts by this score when the attack completes.
+
+How it works (stability-weighted diffing):
+
+- Extract attributes per response: status, content type, word/line counts, hashes, notable byte sequences.
+- Weight attributes by stability across the batch: few unique values = higher weight; invariant or unique-per-response ≈ zero weight.
+- Score each response by how rare its value is on high-stability attributes.
+
+Worked example:
+
+```text
+Payload       | Status | Content-Type | Word-count | CRC32
+administrator | 403    | text/html    | 812        | d753916d
+admin         | 403    | text/html    | 812        | 5129f3bd
+sales         | 503    | text/html    | 97         | 710639db
+accounting    | 200    | text/html    | 812        | 3978f20f
+ADMIN         | 403    | text/html    | 811        | 9fa1cbc1
+root          | 503    | text/html    | 97         | 27df2486
+test          | 403    | text/html    | 812        | e45449e7
+```
+
+ADMIN ranks highest due to a unique word count (811) among otherwise stable attributes.
+
+Why it works on noisy pages:
+
+- It downweights invariant or per-response-unique attributes and emphasizes stable-but-different ones, highlighting subtle, meaningful differences.
+
+Operational tips:
+
+- Requires Burp 2025.10+. Turbo Intruder computes and applies the ordering when the attack finishes.
+- Triage: Review top-ranked items first. Look for a lone 200 among 403s, or off-by-one word/line counts indicating auth edges, error paths, or parsing quirks.
+
 ### What to check on each file found
 
 - [**Broken link checker**](https://github.com/stevenvachon/broken-link-checker): Find broken links inside HTMLs that may be prone to takeovers
@@ -428,4 +462,9 @@ Entry_12:
   Command: ffuf -w {Subdomain_List}:FUZZ -u {Web_Proto}://{Domain_Name} -H "Host:FUZZ.{Domain_Name}" -c -mc all {Ffuf_Filters}
 ```
 
-{{#include ../../banners/hacktricks-training.md}}
\ No newline at end of file
+## References
+
+- [Introducing HTTP Anomaly Rank](https://portswigger.net/research/introducing-http-anomaly-rank)
+- [Turbo Intruder: Embracing the billion-request attack](https://portswigger.net/research/turbo-intruder-embracing-the-billion-request-attack)
+
+{{#include ../../banners/hacktricks-training.md}}
diff --git a/src/pentesting-web/xs-search/css-injection/less-code-injection.md b/src/pentesting-web/xs-search/css-injection/less-code-injection.md
index b9d599deb30..6d338df2b68 100644
--- a/src/pentesting-web/xs-search/css-injection/less-code-injection.md
+++ b/src/pentesting-web/xs-search/css-injection/less-code-injection.md
@@ -1,4 +1,6 @@
-## LESS Code Injection leading to SSRF & Local File Read
+# LESS Code Injection leading to SSRF & Local File Read
+
+{{#include ../../../banners/hacktricks-training.md}}
 
 LESS is a popular CSS pre-processor that adds variables, mixins, functions and the powerful `@import` directive.  During compilation the LESS engine will **fetch the resources referenced in `@import`** statements and embed ("inline") their contents into the resulting CSS when the `(inline)` option is used.
 
@@ -59,4 +61,5 @@ curl -sk "${TARGET}rest/v10/css/preview?baseUrl=1&lm=${INJ}" | \
 
 * [SugarCRM ≤ 14.0.0 (css/preview) LESS Code Injection Vulnerability](https://karmainsecurity.com/KIS-2025-04)
 * [SugarCRM Security Advisory SA-2024-059](https://support.sugarcrm.com/resources/security/sugarcrm-sa-2024-059/)
-* [CVE-2024-58258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58258)
\ No newline at end of file
+* [CVE-2024-58258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58258)
+{{#include ../../../banners/hacktricks-training.md}}