Migrate all link shortcodes to standard markdown links (Velocidex#1237)

Since we now have Hugo validating normal markdown links, there is no
need to use shortcode links anymore. This makes the documentation easier
to migrate from Hugo, if we decide to do that in future. It also makes
it easier for people to contribute docs if they are unfamiliar with
Hugo.

Also checked and corrected:
- links missing a trailing slash
- frags with a trailing backslash
- links spanning multiple lines - they're valid markdown but make link
management trickier

Author: predictiple

.wordlist.txt

@@ -2095,3 +2095,7 @@ reindexed
 
 winlogbeat's
 yml
+
+Rewrap
+VSCode
+shortcodes

content/announcements/2021-artifact-contest/_index.md

@@ -11,7 +11,9 @@ no_edit: true
 
 ## The Contest is now closed!
 
-Check out the [submissions]({{< ref "/blog/2021/2021-10-08-contributor-contest/_index.md" >}}) and watch the winning presentation at the [SANS Threat Hunting Summit](https://www.sans.org/cyber-security-training-events/threat-hunting-and-incident-response-summit-2021/#agenda)
+Check out the [submissions](/blog/2021/2021-10-08-contributor-contest/)
+and watch the winning presentation at the
+[SANS Threat Hunting Summit](https://www.sans.org/cyber-security-training-events/threat-hunting-and-incident-response-summit-2021/#agenda).
 
 ## Goals
 

content/announcements/2022-velocon/_index.md

@@ -17,7 +17,7 @@ noTitle: true
 Thank you for joining us for the day-long virtual summit as we DIG
 DEEPER TOGETHER!
 
-[The full conference is now available!]({{< ref "/presentations/2022_velocon/" >}})
+[The full conference is now available!](/presentations/2022_velocon/)
 
 ## Agenda at a glance
 

content/announcements/advisories/CVE-2025-14728/_index.md

@@ -52,14 +52,14 @@ valid path)
 ## Recommendation
 
 This vulnerability requires upgrading the server as described in
-[Server Upgrades]({{< ref "/docs/deployment/server/upgrades/" >}}).
+[Server Upgrades](/docs/deployment/server/upgrades/).
 
 * On Windows the vulnerability is not exploitable.
 * If running the 0.75 release on a Linux server, please use the
-  [velociraptor-v0.75.6-linux-amd64]({{< ref "/downloads/" >}})
+  [velociraptor-v0.75.6-linux-amd64](/downloads/)
   release.
 * If running the 0.74 release on a Linux server, please use the
-  [velociraptor-v0.74.6-linux-amd64]({{< ref "/downloads/previous_downloads/" >}})
+  [velociraptor-v0.74.6-linux-amd64](/downloads/previous_downloads/)
   release.
 
 Older versions are vulnerable and should be upgraded immediately.

content/announcements/advisories/_index.md

@@ -14,9 +14,9 @@ outputs:
 
 The following CVEs have been noted.
 
-Please upgrade to [the current release]({{< ref "/downloads" >}}).
+Please upgrade to [the current release](/downloads/).
 
 {{% children description=true style="h4" %}}
 
-Please consider subscribing to our [Security Advisories RSS feed]({{<
-ref "/rss" >}}) to receive timely notifications.
+Please consider subscribing to our
+[Security Advisories RSS feed](/rss/) to receive timely notifications.

content/blog/2020/2020-03-07-extending-vql-plugins-7fb004cb6ec4/_index.md

@@ -16,7 +16,7 @@ For example, raw MFT parsing is provided by the parse_mft() plugin
 which emits a row for each parsed mft entry. A VQL query can then
 filter out relevant MFT entries and potentially get a copy of the
 file, or attempt to recover deleted files (as described in our
-[previous article]({{< ref "/blog/2019/2019-11-15_recovering-deleted-ntfs-files-with-velociraptor-1fcf09855311/" >}}).
+[previous article](/blog/2019/2019-11-15_recovering-deleted-ntfs-files-with-velociraptor-1fcf09855311/).
 
 ### VQL Basics
 

content/blog/2020/2020-07-13-velociraptor-in-the-tool-age-d896dfe71b9/_index.md

@@ -16,10 +16,10 @@ registry hive, prefetch files etc.
 However, as most DFIR professionals know, there are so many tools out
 there that we would love to use in our IR work. One of the strengths
 of Velociraptor is its flexibility afforded by the use of the[
-Velociraptor Query Language (VQL).]({{< ref "/docs/vql/" >}})
+Velociraptor Query Language (VQL)](/docs/vql/).
 
 We have written before on how VQL can be extended by use of short
-[PowerShell scripts]({{% ref "/blog/2020/2020-06-14-the-velociraptor-query-language-pt-1-d721bff100bf/" %}}),
+[PowerShell scripts](/blog/2020/2020-06-14-the-velociraptor-query-language-pt-1-d721bff100bf/),
 by including these scripts directly in the Artifact
 definitions. This is a great way to extend the functionality provided
 by VQL, but what if we wanted to launch a completely separate binary

content/blog/2021/2021-09-07-release-notes-0.6.1/_index.md

@@ -143,7 +143,7 @@ collection by name
 Favorites are currently stored in the GUI user's profiles so each user
 can maintain their own list of favorites. However you can save a
 favorite into your own profile using the
-[favorite_save]({{< ref "/vql_reference/server/favorites_save" >}}) VQL function,
+[favorite_save](/vql_reference/server/favorites_save/) VQL function,
 so a team may create a set of common favorites using a SERVER VQL
 artifact.
 

content/blog/2021/2021-11-09-eql2vql/_index.md

@@ -20,10 +20,11 @@ date: 2021-11-09
 {{% notice warning "Outdated content" %}}
 
 This article describes a threat detection approach that has since been
-superseded by Velociraptor's [built-in Sigma
-functionality]({{<ref "/blog/2023/2023-11-15-sigma_in_velociraptor" >}}),
-however it is retained here for historical and instructive purposes since it
-also demonstrates how the flexibility of VQL makes novel solutions possible.
+superseded by Velociraptor's
+[built-in Sigma functionality](/blog/2023/2023-11-15-sigma_in_velociraptor/),
+however it is retained here for historical and instructive purposes
+since it also demonstrates how the flexibility of VQL makes novel
+solutions possible.
 
 {{% /notice %}}
 
@@ -275,13 +276,13 @@ about real time alerting? It would be nice to receive immediate
 notification when a detection rule is triggered.
 
 Velociraptor supports real time
-[client monitoring]({{< ref "/docs/clients/monitoring/" >}})
+[client monitoring](/docs/clients/monitoring/)
 via event queries. Event queries run constantly on the endpoint
 receiving rows from events.
 
 We have previously explored how Event Queries can be used for real
 time monitoring and in particular how VQL can leverage
-[Event Tracing for Windows]({{< ref "/blog/2021/2021-08-18-velociraptor-and-etw/" >}})
+[Event Tracing for Windows](/blog/2021/2021-08-18-velociraptor-and-etw/)
 (ETW).
 
 ### Using EQL detections with real time monitoring
@@ -332,10 +333,9 @@ single row and send it to the server.
 
 
 We can escalate such detections, through a number of mechanisms,
-such as [Slack alerts]({{< ref
-"/blog/2020/2020-12-26-slack-and-velociraptor-b63803ba4b16/_index.md"
->}}), or escalate to an external case management tool like [The Hive
-](https://wlambertts.medium.com/zero-dollar-detection-and-response-orchestration-with-n8n-security-onion-thehive-and-10b5e685e2a1). See [Server Monitoring]({{< ref "/docs/server_automation/server_monitoring/" >}}) for more information.
+such as
+[Slack alerts](/blog/2020/2020-12-26-slack-and-velociraptor-b63803ba4b16/), or escalate to an external case management tool like [The Hive
+](https://wlambertts.medium.com/zero-dollar-detection-and-response-orchestration-with-n8n-security-onion-thehive-and-10b5e685e2a1). See [Server Monitoring](/docs/server_automation/server_monitoring/) for more information.
 
 We can even use the resulting VQL artifact as a base for other queries
 to provide further enrichment and response capabilities.

content/blog/2021/2021-12-11-sftp-in-aws/_index.md

@@ -11,8 +11,9 @@ author: "Mike Cohen"
 date: 2021-12-20
 ---
 
-Many people use Velociraptor's [offline collector]({{< ref
-"/docs/deployment/offline_collections/" >}}) feature to collect any artifacts without
+Many people use Velociraptor's
+[offline collector](/docs/deployment/offline_collections/)
+feature to collect any artifacts without
 having the Velociraptor client actually installed on the
 endpoint. While the offline collector feature is great to
 interactively triage a machine, the produced collection zip file is
@@ -33,9 +34,9 @@ account full write access. However, using these credentials should not
 allow anyone to list existing bucket resources, or to download
 critical triage data from other hosts!
 
-I have [previously]({{< ref
-"/blog/2019/2019-10-08_triage-with-velociraptor-pt-3-d6f63215f579/"
->}}) described how to use Google cloud's service accounts to upload to
+I have
+[previously](/blog/2019/2019-10-08_triage-with-velociraptor-pt-3-d6f63215f579/)
+described how to use Google cloud's service accounts to upload to
 a GCP bucket securely.
 
 In this post I describe how to set up Amazon's SFTP transfer service
@@ -306,8 +307,9 @@ in AWS that can safely receive triage data from the Velociraptor
 offline collector.
 
 The sftp uploading functionality is actually implemented by the
-`upload_sftp()` plugin [documented here]({{< ref
-"/vql_reference/other/upload_sftp" >}}). This means that you can use
+`upload_sftp()` plugin
+[documented here](/vql_reference/other/upload_sftp/).
+This means that you can use
 this functionality in any VQL query at all - either on the client side
 or on the server side.