diff --git a/Exploits/IoT/Messaging_Protocols.md b/Exploits/IoT/Messaging_Protocols.md
index 95a364e..3050fcc 100644
--- a/Exploits/IoT/Messaging_Protocols.md
+++ b/Exploits/IoT/Messaging_Protocols.md
@@ -14,8 +14,13 @@ Queues on a Broker are used through a __publish/subscribe__ model as an asynchro
 * Broker holds the message in Topics (queues) for period of time
 * Subscriber may connect and get the message from the Broker via Topics
 
-### Tools
+### Tools & Usage
 
 * `nmap` to list the topics
-* `mosquitto_sub -h <hostname> -t <topic>` to subscribe to topics or query the device ID
-* `mosquitto_pub -h ` to publish to topics through mentioning the device ID
+* Use `MQTT-Explorer` for intel
+* `mosquitto_sub -h <hostname> -t <topic>` to subscribe to topics or query the device ID. Listen to all topics via
+```sh
+mosquitto_sub -h <hostname> -t '#'
+```
+* `mosquitto_pub -h ` to publish to topics through mentioning the device ID. Can be send as raw, xml or json. `-f` for file sending
+    * Base64 encoding