diff --git a/opsec/sensitivevm/0.png b/opsec/sensitivevm/0.png
index 0cb9d2c..beac70b 100644
Binary files a/opsec/sensitivevm/0.png and b/opsec/sensitivevm/0.png differ
diff --git a/opsec/sensitivevm/40.png b/opsec/sensitivevm/40.png
index 6014cfd..d876938 100644
Binary files a/opsec/sensitivevm/40.png and b/opsec/sensitivevm/40.png differ
diff --git a/opsec/sensitivevm/43.png b/opsec/sensitivevm/43.png
new file mode 100644
index 0000000..cb4acca
Binary files /dev/null and b/opsec/sensitivevm/43.png differ
diff --git a/opsec/sensitivevm/index.html b/opsec/sensitivevm/index.html
index 43cf0b6..6178d0e 100644
--- a/opsec/sensitivevm/index.html
+++ b/opsec/sensitivevm/index.html
@@ -85,7 +85,7 @@
 	    <div class="container">
 			<div class="row">
 				<div class="col-lg-8 col-lg-offset-2">
-          <h2><b>Deniability Requirement</b></h2> </br> </br>
+          <h2><b>Deniability Requirements</b></h2> </br> </br>
 <p>First of all as you have seen, the requirement is that we do this setup from the Host OS, in <a href="../livemode/index.html">live mode</a>. That is because we want to make sure that there is no forensic evidence to be saved on the system drive as we have explained <a href="../livemode/index.html">previously.</a> </p>
 
 <img src="../livemode/4.png" class="imgRz">
@@ -101,10 +101,39 @@
 			<div class="row">
 				<div class="col-lg-8 col-lg-offset-2">
           <h2><b>How to setup the VMs inside the Hidden Volume</b></h2> </br> </br>
-<p>So before we start, make sure you reboot the Host OS to go into live mode:</p>
-<img src="../deniability/7.png" class="imgRz">
+<p>So before we start, make sure you reboot the Host OS to go into live mode</p>
 
-<p>Then, once in live mode we're going to setup our veracrypt volumes on our 500Gb harddrive:</p>
+<img src="../deniability/7.png" class="imgRz">
+<p> <b>or boot from a usb stick that has a debian live image if you are in the usecase where the adversary can't be told you are using kicksecure packages</b>:</p>
+<img src="../livemode/9.png" class="imgRz">
+
+<p>Then, once in live mode <b>if you are in the usecase where you cannot reveal to the adversary that there is veracrypt installed on the host OS, make sure you install it everytime you boot into live mode.</b> To do speed up the installation process we're going to use the VPS we showcased <a href="../veracrypt/index.html">previously</a> to install both veracrypt and the emergency shutdown script:</p>
+
+<pre><code class="nim">
+nothing@debian:~$  scp root@65.109.30.253:/root/sensitive_scripts/vc.deb .
+root@65.109.30.253's password:
+vc.deb                                                                                                                                                                                                        100% 8995KB   1.9MB/s   00:04
+
+nothing@debian:~$  sudo dpkg -i vc.deb
+
+nothing@debian:~$  sudo apt install -f
+
+nothing@debian:~$  sudo dpkg -i vc.deb
+
+nothing@debian:~$  which veracrypt
+/usr/bin/veracrypt
+
+nothing@debian:~$  scp root@65.109.30.253:/root/sensitive_scripts/shutdown.sh .
+
+nothing@debian:~$  chmod +x shutdown.sh
+
+nothing@debian:~$  veracrypt
+</pre></code>
+<p>We briefly make sure that the shutdown.sh script is hooked up to the <b>SUPER+R</b> key to make sure we can quickly shutdown the computer in case if an adversary were to bust down our door:</p>
+<img src="../livemode/5.png" class="imgRz">
+<img src="../livemode/6.png" class="imgRz">
+
+<p>And now that we did the post-live-boot initial setup, we can start to setup our veracrypt volumes on our 500Gb harddrive:</p>
 <img src="2.png" class="imgRz">
 <img src="3.png" class="imgRz">
 <p>Here we're using a non-system drive, as we want to be able to store our veracrypt hidden volume contents in a persistent manner, accross reboots. (if we were to have the veracrypt volume on the system drive, it would be wiped off upon rebooting since the Host OS is in live mode.)</p>
@@ -335,6 +364,7 @@ Network Whonix-Internal has been undefined
 			<div class="row">
 				<div class="col-lg-8 col-lg-offset-2">
           <h2><b>Setting up the Decoy volume</b></h2> </br> </br>
+<p>If you are in the usecase where you cannot reveal to the adversary that you have veracrypt installed (meaning veracrypt will only be installed in live mode) you can skip this entire section. As the adversary won't even be aware that the non-system drive is encrypted using veracrypt.</p>
 <p>Now that we have setup the hidden volume, let's close it so that we can setup the decoy volume (dont forget to exit the drive from the commandline, otherwise veracrypt will complain that the drive is busy):</p>
 <pre><code class="nim">
 [ nowhere ] [ /dev/pts/1 ] [/mnt/veracrypt1]
@@ -581,6 +611,13 @@ kill $(pidof veracrypt)
 /sbin/shutdown -h now
 
 </pre></code>
+<p>before we continue, dont forget to update it on your VPS, so you can reuse it next time:</p>
+
+<pre><code class="nim">
+nihilist@mainpc:~$ scp shutdown.sh root@65.109.30.253:/root/sensitive_scripts/shutdown.sh
+
+</pre></code>
+
 <p>Then, we need to make sure that the shutdown.sh script can be ran with the <b>"Super+R"</b> shortcut:</p>
 <img src="41.png" class="imgRz">
 <p>And we're now all setup! So let's try it out in both scenarios (from the decoy volume, and from the hidden volume):</p>
@@ -591,11 +628,12 @@ kill $(pidof veracrypt)
 
 
   <!-- +++++ Second Post +++++ -->
-	<div id="anon1">
+	<div id="anon2">
 	    <div class="container">
 			<div class="row">
 				<div class="col-lg-8 col-lg-offset-2">
           <h2><b>Decoy Volume Scenario (watching non-sensitive content)</b></h2>
+<p>As stated before, this part is relevant only if you are in the usecase where veracrypt remains installed on the host OS outside of live mode. You can skip that part if you are keeping veracrypt installed only in live mode.</p>
 <p>So first we open the veracrypt, and open the decoy volume:</p>
 <img src="21.png" class="imgRz">
 <img src="22.png" class="imgRz">
@@ -623,18 +661,22 @@ kill $(pidof veracrypt)
 
 
   <!-- +++++ Second Post +++++ -->
-	<div id="anon2">
+	<div id="anon1">
 	    <div class="container">
 			<div class="row">
 				<div class="col-lg-8 col-lg-offset-2">
           <h2><b>In what context is there Deniability ?</b></h2>
 <p>With this setup, you have deniability the moment that the Host OS finishes shutting down, regarding the existance of the veracrypt hidden volume, and the whonix sensitive VMs that are in it. <b>Meaning that it is impossible for an adversary that seizes your computer to prove the existance of the Whonix Sensitive VMs after the Host OS finished shutting down.</b></p>
-<p>Below is all an adversary will be able to see, if he were to seize your laptop after you manage to shut it down:</p>
+<p>If you leave veracrypt and shutdown.sh on the host OS, below is all an adversary will be able to see , if he were to seize your laptop after you manage to shut it down:</p>
 <img src="40.png" class="imgRz">
 <p>Of course, if you are ever forced to, <b>ONLY give your decoy password to the adversary.</b> The existance of the hidden volume, and of the secret password thats used to reveal it must remain a secret at all costs, it must remain known only by you.</p>
 <p>If you are ever dragged into court, <b>the judge will appreciate much more if you actually hand over your laptop, and show that you are willing to cooperate with the authorities by providing your password to unlock it</b>, rather than starting to pretend you forgot your password (which can end badly like in <a href="https://lawblog.legalmatch.com/2018/07/23/florida-man-jailed-allegedly-forgetting-password-on-cell-phones/">this court case</a>, where the defendant was found to be in contempt of court, and thrown in jail for 6 months for it). </p>
 <p>If ever asked by the authorities on why you used veracrypt in your laptop, you can simply claim that it was to put your stash of adult content in it. Nothing incriminating about it, and it is plausible given that you dont want that laying around on your desktop, due to being of a private matter.</p>
 
+<p>Now in the usecase where you are not leaving veracrypt and shutdown.sh on the host OS, below is what the adversary can see:</p>
+<img src="43.png" class="imgRz">
+<p>Since there is no emergency shutdown script, nor any Veracrypt to be found. The adversary can't figure out that the non-system drive has been encrypted with Veracrypt, nor that you are hiding anything in it, all that the adversary can see is that the drive is filled with random meaningless data.</p>
+
 				</div>
 			</div><!-- /row -->
 	    </div> <!-- /container -->
diff --git a/opsec/veracrypt/index.html b/opsec/veracrypt/index.html
index 054110e..9dcc284 100644
--- a/opsec/veracrypt/index.html
+++ b/opsec/veracrypt/index.html
@@ -103,7 +103,7 @@ regarding wear leveling:
 <img src="1.png" class="imgRz">
 <pre><code class="nim">
 [ mainpc ] [ /dev/pts/1 ] [~/Downloads]
-→ wget https://launchpad.net/veracrypt/trunk/1.26.7/+download/veracrypt-1.26.7-Debian-12-amd64.deb
+→ wget https://launchpad.net/veracrypt/trunk/1.26.7/+download/veracrypt-1.26.7-Debian-12-amd64.deb -O vc.deb
 
 </code></pre>
 <p>If you are using a VPS to help speed up the initial setup everytime you boot into live mode like we have <a href="../livemode/index.html">showcased previously</a>, you can also use it to store the veracrypt .deb file for you, to make it easier to retrieve each time:</p>
@@ -153,13 +153,13 @@ vc.deb: Debian binary package (format 2.0), with control.tar.gz, data compressio
 <p>And then to install it you can do it like so:</p>
 <pre><code class="nim">
 [ mainpc ] [ /dev/pts/1 ] [~/Downloads]
-→ sudo dpkg -i veracrypt-1.26.7-Debian-12-amd64.deb
+→ sudo dpkg -i vc.deb
 
 [ mainpc ] [ /dev/pts/1 ] [~/Downloads]
 → sudo apt install -f
 
 [ mainpc ] [ /dev/pts/1 ] [~/Downloads]
-→ sudo dpkg -i veracrypt-1.26.7-Debian-12-amd64.deb
+→ sudo dpkg -i vc.deb
 	
 [ mainpc ] [ /dev/pts/1 ] [~/Downloads]
 → which veracrypt