diff --git a/hunts/analyze_producer_consumer_ratio.md b/hunts/analyze_producer_consumer_ratio.md
index e9c160d..0cc607a 100644
--- a/hunts/analyze_producer_consumer_ratio.md
+++ b/hunts/analyze_producer_consumer_ratio.md
@@ -1,4 +1,4 @@
-#Producer-Consumer Ratio for Detecting Data Exfiltration
+# Analyze Producer-Consumer Ratio for Detecting Data Exfiltration
 
 **Purpose**: Find changes in traffic flows that indicate exfil
 
diff --git a/hunts/beacon_detection_via_intra_request_time_deltas.md b/hunts/beacon_detection_via_intra_request_time_deltas.md
index 4d9c111..813a994 100644
--- a/hunts/beacon_detection_via_intra_request_time_deltas.md
+++ b/hunts/beacon_detection_via_intra_request_time_deltas.md
@@ -1,4 +1,4 @@
-#Beacon Detection via Intra-Request Time Deltas
+# Beacon Detection via Intra-Request Time Deltas
 
 **Purpose**: Find regular HTTP beaconing behavior which may indicate malware C2
 
diff --git a/hunts/checking-how-outsiders-see-you.md b/hunts/checking-how-outsiders-see-you.md
index d72fbdc..7a8ac0e 100644
--- a/hunts/checking-how-outsiders-see-you.md
+++ b/hunts/checking-how-outsiders-see-you.md
@@ -1,4 +1,4 @@
-#Checking How Outsiders See You
+# Checking How Outsiders See You
 
 **Purpose**: Determine whether any of your web sites are serving malware by using third party opinions
 
diff --git a/hunts/dynamic_dns_c2.md b/hunts/dynamic_dns_c2.md
index 4799c35..be9b9c1 100644
--- a/hunts/dynamic_dns_c2.md
+++ b/hunts/dynamic_dns_c2.md
@@ -1,4 +1,4 @@
-#C2 via Dynamic DNS 
+# C2 via Dynamic DNS 
 
 **Purpose**: Identify potential C2 activity
 
diff --git a/hunts/http_uri_analysis.md b/hunts/http_uri_analysis.md
index 51a1c2b..2e799a9 100644
--- a/hunts/http_uri_analysis.md
+++ b/hunts/http_uri_analysis.md
@@ -1,4 +1,4 @@
-#Finding the Unknown with HTTP URIs
+# Finding the Unknown with HTTP URIs
 
 **Purpose**: Identify things signatures have not been created for in relation to network traffic behavior. 
 
diff --git a/hunts/http_user_agent_analysis.md b/hunts/http_user_agent_analysis.md
index 236211e..6093d01 100644
--- a/hunts/http_user_agent_analysis.md
+++ b/hunts/http_user_agent_analysis.md
@@ -1,4 +1,4 @@
-#HTTP User-Agent Analysis
+# HTTP User-Agent Analysis
 
 **Purpose**: Identify malware by analyzing the User-Agent strings they present
 
diff --git a/hunts/internet_facing_http_request_analysis.md b/hunts/internet_facing_http_request_analysis.md
index 3c22f46..be15f97 100644
--- a/hunts/internet_facing_http_request_analysis.md
+++ b/hunts/internet_facing_http_request_analysis.md
@@ -1,4 +1,4 @@
-#Internet-Facing HTTP Request Analysis
+# Internet-Facing HTTP Request Analysis
 
 **Purpose**: Identify common patterns of HTTP-based attacks
 
diff --git a/hunts/lateral_movement_detection_via_process_monitoring.md b/hunts/lateral_movement_detection_via_process_monitoring.md
index 15ad0af..150922a 100644
--- a/hunts/lateral_movement_detection_via_process_monitoring.md
+++ b/hunts/lateral_movement_detection_via_process_monitoring.md
@@ -1,4 +1,4 @@
-#Lateral Movement Detection via Process Monitoring
+# Lateral Movement Detection via Process Monitoring
 
 **Purpose**
 
diff --git a/hunts/net_session_c2.md b/hunts/net_session_c2.md
index 0a1ca1d..9f1b593 100644
--- a/hunts/net_session_c2.md
+++ b/hunts/net_session_c2.md
@@ -1,4 +1,4 @@
-#Finding C2 in Network Sessions
+# Finding C2 in Network Sessions
 
 **Purpose**
 
@@ -26,4 +26,4 @@ C2 can appear anywhere in the stacked results, but as a start, it may be useful
 
 **More Info**
 
-_None at this time._
\ No newline at end of file
+_None at this time._
diff --git a/hunts/ntfs_extended_attribute_analysis.md b/hunts/ntfs_extended_attribute_analysis.md
index 1661c16..dc44afe 100644
--- a/hunts/ntfs_extended_attribute_analysis.md
+++ b/hunts/ntfs_extended_attribute_analysis.md
@@ -1,4 +1,4 @@
-#NTFS Extended Attribute Analysis
+# NTFS Extended Attribute Analysis
 
 **Purpose**: Identify data hiding in extended attributes on files in an NTFS filesystem, which are otherwise rarely used.  
 
diff --git a/hunts/privileged-group-tracking.md b/hunts/privileged-group-tracking.md
index a0ecabf..400a010 100644
--- a/hunts/privileged-group-tracking.md
+++ b/hunts/privileged-group-tracking.md
@@ -1,4 +1,4 @@
-#Privileged Group Tracking
+# Privileged Group Tracking
 
 **Purpose**
 
diff --git a/hunts/psexec-windows-events.md b/hunts/psexec-windows-events.md
index 88f938d..af12d78 100644
--- a/hunts/psexec-windows-events.md
+++ b/hunts/psexec-windows-events.md
@@ -1,4 +1,4 @@
-#Psexec Windows Events
+# Psexec Windows Events
 
 **Purpose**: 
 Find instances of psexec service (remote command execution) on Windows sytems by examining event logs pertaining to access control for remote shares.
diff --git a/hunts/ram_dumping.md b/hunts/ram_dumping.md
index f410ea6..7cfd74f 100644
--- a/hunts/ram_dumping.md
+++ b/hunts/ram_dumping.md
@@ -1,4 +1,4 @@
-#RAM Dumping
+# RAM Dumping
 
 **Purpose**: Examine memory dumps of an individual system, looking for signs of malware or other malicious activities
 
diff --git a/hunts/rdp_external_access.md b/hunts/rdp_external_access.md
index ef6e38b..f60afa8 100644
--- a/hunts/rdp_external_access.md
+++ b/hunts/rdp_external_access.md
@@ -1,4 +1,4 @@
-#RDP External Access
+# RDP External Access
 
 **Purpose**: Identify abnormal incoming RDP requests 
 
diff --git a/hunts/rogue_listeners.md b/hunts/rogue_listeners.md
index 5752623..17fcdf8 100644
--- a/hunts/rogue_listeners.md
+++ b/hunts/rogue_listeners.md
@@ -1,4 +1,4 @@
-#Search for Rogue Listeners
+# Search for Rogue Listeners
 
 **Purpose**: Find malicious programs that are listening to network ports
 
diff --git a/hunts/shimcache_amcache.md b/hunts/shimcache_amcache.md
index eabe2a1..c29548c 100644
--- a/hunts/shimcache_amcache.md
+++ b/hunts/shimcache_amcache.md
@@ -1,4 +1,4 @@
-#Shimcache/Amcache
+# Shimcache/Amcache
 
 **Purpose**: Identify potential malware by finding "rare" binaries executed across endpoints.
 
@@ -21,4 +21,4 @@ Stack count the filenames and/or directory paths to find rare files executed, ra
 - [ShimCacheParser](https://github.com/mandiant/ShimCacheParser), Mandiant
 - [amcache.py](https://gist.github.com/williballenthin/ee512eacb672320f2df5#file-amcache_py_examples-md), Will Ballenthin
 - [Intrusion Hunting for the Masses](https://www.youtube.com/watch?v=YLgycMCPo4c), David Sharpe (HackMiami 2016)
-- [ShimShady: Live Investigations of the Application Compatibility Cache](https://www.fireeye.com/blog/threat-research/2015/10/shim_shady_live_inv.html), Fred House, Claudiu Teodorescu, Andrew Davis (FireEye)
\ No newline at end of file
+- [ShimShady: Live Investigations of the Application Compatibility Cache](https://www.fireeye.com/blog/threat-research/2015/10/shim_shady_live_inv.html), Fred House, Claudiu Teodorescu, Andrew Davis (FireEye)
diff --git a/hunts/suspicious_process_creation_via_windows_event_logs.md b/hunts/suspicious_process_creation_via_windows_event_logs.md
index f815772..22a9ede 100644
--- a/hunts/suspicious_process_creation_via_windows_event_logs.md
+++ b/hunts/suspicious_process_creation_via_windows_event_logs.md
@@ -1,4 +1,4 @@
-#Suspicious Process Creation via Windows Event Logs
+# Suspicious Process Creation via Windows Event Logs
 
 **Purpose**
 
diff --git a/hunts/windows_autoruns_analysis.md b/hunts/windows_autoruns_analysis.md
index b200f67..5e160d3 100644
--- a/hunts/windows_autoruns_analysis.md
+++ b/hunts/windows_autoruns_analysis.md
@@ -1,4 +1,4 @@
-#Autoruns Analysis
+# Autoruns Analysis
 
 **Purpose**: Find malware persistence by examining common mechanisms across a network
 
diff --git a/hunts/windows_driver_analysis.md b/hunts/windows_driver_analysis.md
index 7658e69..555e9b7 100644
--- a/hunts/windows_driver_analysis.md
+++ b/hunts/windows_driver_analysis.md
@@ -1,4 +1,4 @@
-#Windows Driver Analysis
+# Windows Driver Analysis
 
 **Purpose**: Find malware running in Windows drivers across a network
 
diff --git a/hunts/windows_prefetch_cache_analysis.md b/hunts/windows_prefetch_cache_analysis.md
index 66f5840..9776c85 100644
--- a/hunts/windows_prefetch_cache_analysis.md
+++ b/hunts/windows_prefetch_cache_analysis.md
@@ -1,4 +1,4 @@
-#Windows Prefetch Cache Analysis
+# Windows Prefetch Cache Analysis
 
 **Purpose**: Identify malware or other suspicious executables that ran on a system.
 
diff --git a/hunts/windows_service_analysis.md b/hunts/windows_service_analysis.md
index 8b60692..37f1e68 100644
--- a/hunts/windows_service_analysis.md
+++ b/hunts/windows_service_analysis.md
@@ -1,4 +1,4 @@
-#Windows Service Analysis
+# Windows Service Analysis
 
 **Purpose**: Find suspicious Windows services running across a network