diff --git a/Cryptography/GPG-Cheatsheet.md b/Cryptography/GPG-Cheatsheet.md
new file mode 100644
index 0000000..2c0031e
--- /dev/null
+++ b/Cryptography/GPG-Cheatsheet.md
@@ -0,0 +1,24 @@
+# GPG Cheatsheet
+
+## Encryption via GPG
+
+* Encryption of a file via gpg 
+```sh
+gpg --symmetric --cipher-algo <algorithm> $PLAIN_TEXT
+```
+
+### Armored Encryption via GPG
+
+* ASCII armored encryption output is done via
+```sh
+gpg --armor --symmetric --cipher-algo <algorithm> $PLAIN_TEXT
+```
+
+## Decryption via GPG
+
+* Decryption of a file via gpg
+```sh
+gpg --output original_message.txt --decrypt $CIPHER
+```
+
+
diff --git a/Cryptography/Hash-Cheatsheet.md b/Cryptography/Hash-Cheatsheet.md
new file mode 100644
index 0000000..e48b4f6
--- /dev/null
+++ b/Cryptography/Hash-Cheatsheet.md
@@ -0,0 +1,18 @@
+# Hash Cheatsheet
+
+## Create Hash
+
+* Generate a SHA256 hash
+
+```sh
+sha256sum $INPUT_FILE
+```
+
+## Create MAC
+
+* Both tools produce the same MAC in the following way
+```sh
+hmac256 $KEY $INPUT_FILE
+sha256hmac $INPUT_FILE --key $KEY
+```
+
diff --git a/Hashes/Bruteforce/Patator.md b/Cryptography/Hashes/Bruteforce/Patator.md
similarity index 100%
rename from Hashes/Bruteforce/Patator.md
rename to Cryptography/Hashes/Bruteforce/Patator.md
diff --git a/Hashes/CeWL.md b/Cryptography/Hashes/CeWL.md
similarity index 100%
rename from Hashes/CeWL.md
rename to Cryptography/Hashes/CeWL.md
diff --git a/Hashes/Haiti.md b/Cryptography/Hashes/Haiti.md
similarity index 100%
rename from Hashes/Haiti.md
rename to Cryptography/Hashes/Haiti.md
diff --git a/Hashes/Hash Collisions.md b/Cryptography/Hashes/Hash Collisions.md
similarity index 100%
rename from Hashes/Hash Collisions.md
rename to Cryptography/Hashes/Hash Collisions.md
diff --git a/Hashes/Hashcat.md b/Cryptography/Hashes/Hashcat.md
similarity index 100%
rename from Hashes/Hashcat.md
rename to Cryptography/Hashes/Hashcat.md
diff --git a/Hashes/Password Cracking/Hydra.md b/Cryptography/Hashes/Password Cracking/Hydra.md
similarity index 100%
rename from Hashes/Password Cracking/Hydra.md
rename to Cryptography/Hashes/Password Cracking/Hydra.md
diff --git a/Hashes/Password Cracking/John the Ripper.md b/Cryptography/Hashes/Password Cracking/John the Ripper.md
similarity index 100%
rename from Hashes/Password Cracking/John the Ripper.md
rename to Cryptography/Hashes/Password Cracking/John the Ripper.md
diff --git a/Hashes/Password Cracking/VNC.md b/Cryptography/Hashes/Password Cracking/VNC.md
similarity index 100%
rename from Hashes/Password Cracking/VNC.md
rename to Cryptography/Hashes/Password Cracking/VNC.md
diff --git a/Hashes/Password Cracking/sucrack.md b/Cryptography/Hashes/Password Cracking/sucrack.md
similarity index 100%
rename from Hashes/Password Cracking/sucrack.md
rename to Cryptography/Hashes/Password Cracking/sucrack.md
diff --git a/Hashes/References.md b/Cryptography/Hashes/References.md
similarity index 81%
rename from Hashes/References.md
rename to Cryptography/Hashes/References.md
index f7d8efe..5eb25e5 100644
--- a/Hashes/References.md
+++ b/Cryptography/Hashes/References.md
@@ -1,5 +1,7 @@
 # Hashes References
 
+* [OWASP's Password Storage Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html)
+
 ## Hash Collisions
 
 [corkami's collisions collection](https://github.com/corkami/collisions.git)
diff --git a/Hashes/Scripts/hash-id.py b/Cryptography/Hashes/Scripts/hash-id.py
similarity index 100%
rename from Hashes/Scripts/hash-id.py
rename to Cryptography/Hashes/Scripts/hash-id.py
diff --git a/Hashes/Scripts/hash_cracker.py b/Cryptography/Hashes/Scripts/hash_cracker.py
similarity index 100%
rename from Hashes/Scripts/hash_cracker.py
rename to Cryptography/Hashes/Scripts/hash_cracker.py
diff --git a/Hashes/Wordlists.md b/Cryptography/Hashes/Wordlists.md
similarity index 100%
rename from Hashes/Wordlists.md
rename to Cryptography/Hashes/Wordlists.md
diff --git a/Cryptography/OpenSSL-Cheatsheet.md b/Cryptography/OpenSSL-Cheatsheet.md
index 16a3bd5..32f5ce2 100644
--- a/Cryptography/OpenSSL-Cheatsheet.md
+++ b/Cryptography/OpenSSL-Cheatsheet.md
@@ -1,6 +1,30 @@
 # OpenSSL Cheatsheet
 
-## Extract keys from PFX Cert
+
+## Read X.509 Certificate
+
+* A certificate can be read via
+```sh
+openssl x509 -in $CERT -text
+```
+
+## Generate CSR
+
+* A Certificate Signing Request needs a private alongside the request for a cert.
+This is done in the following way
+```sh
+openssl req -new -nodes -newkey rsa:4096 -keyout $PRIVATE_KEY -out $CERT_CSR
+```
+
+## Create an X.509 Certificate
+
+* Create a X.509 certificate via
+```sh
+openssl x509 -newkey -nodes rsa:4096 -keyout $PRIVATE_KEY -out $CERT -sha256 -days 365
+openssl req -new -x509 -keyout cert.pem -out cert.pem -days 365 -nodes
+```
+
+## Extract Keys from PFX Cert
 
 * Key and cert form PFX
 ```sh
@@ -16,29 +40,92 @@ openssl pkcs12 -in *.pfx -out temp.pem -nodes
 openssl pkcs12 -export -out *.pfx -in temp.pem
 ```
 
-## Generate Certificate
-
-```sh
-openssl req -new -x509 -keyout cert.pem -out cert.pem -days 365 -nodes
-```
 ## RSA
 
-### Decrypt RSA
+### Read Parameters of a RSA Key
 
-* Decrypt a RSA cipher with the private key
+* Show parameters of the private key
 ```sh
-openssl pkeyutl -decrypt -in $CIPHER -out $CLEAR_TEXT -inkey $PRIVATE_KEY
+openssl rsa -in $PRIVATE_KEY -text -noout
 ```
 
-* Deprecated version of RSA decryption is the following
+### Create RSA Key
+
+* Generate an OpenSSL RSA key via
 ```sh
-openssl rsautl -decrypt -in $CIPHER -out $CLEAR_TEXT -inkey $PRIVATE_KEY
+openssl genrsa -out $PRIVATE_KEY 4096
+```
+
+* Generate an OpenSSl RSA public key from a private key
+```sh
+openssl rsa -in $PRIVATE_KEY -pubout -out public-key.pem
 ```
 
 ### Encrypt RSA
 
 * Encrypt RSA current and deprecated
 ```sh
-openssl pkeyutl -encrypt -in $CLEAR_TEXT -out $CLEAR_TEXT -pubin -inkey $PRIVATE_KEY
-openssl rsautl -encrypt -in $CLEAR_TEXT -out $ENCRYPTED -pubin -inkey $PRIVATE_KEY
+openssl pkeyutl -encrypt -in $CLEAR_TEXT -out $CLEAR_TEXT -pubin -inkey $PUBLIC_KEY
+openssl rsautl -encrypt -in $CLEAR_TEXT -out $ENCRYPTED -pubin -inkey $PUBLIC_KEY
+```
+
+### Decrypt RSA
+
+* Decrypt a RSA cipher with the private key
+```sh
+openssl pkeyutl -decrypt -in $CIPHER -out $PLAIN_TEXT -inkey $PRIVATE_KEY
+```
+
+* Deprecated version of RSA decryption is the following
+```sh
+openssl rsautl -decrypt -in $CIPHER -out $PLAIN_TEXT -inkey $PRIVATE_KEY
+```
+
+## Diffie-Hellman
+
+### Read Parameters of a DH Keys
+
+* Output of a DH key is done the following way
+```sh
+openssl dhparam -in $PRIVATE_KEY  -text -noout
+```
+
+### Create DH Key
+
+* A Diffie-Hellman key can be created via
+```sh
+openssl dhparam -out $PRIVATE_KEY 4096
+```
+
+## AES
+
+### Encrypt AES
+
+* Encrypt AES
+
+```sh
+openssl aes-256-cbc -e -in $PLAIN_TEXT -out $CIPHER
+```
+
+### Decrypt AES
+
+* Decrypt AES
+```sh
+openssl aes-256-cbc -d -in $CIPHER -out $PLAIN_TEXT
+```
+
+## PBKDF2
+
+### Encrypt PBKDF2
+
+* Encrypt file via PBKDF2 with 128000 iterations
+```sh
+openssl aes-256-cbc -pbkdf2 -iter 128000 -e -in $PLAIN_TEXT -out $CIPHER
+```
+
+### Decrypt PBKDF2
+
+* Decrypt file via PBKDF2 with an iteration of 128000
+```sh
+openssl aes-256-cbc -pbkdf2 -iter 128000 -d -in $CIPHER -out $PLAIN_TEXT
 ```
diff --git a/Cryptography/References.md b/Cryptography/References.md
index e9a3b2b..1d15bea 100644
--- a/Cryptography/References.md
+++ b/Cryptography/References.md
@@ -1,6 +1,18 @@
 # Cryptography References
-
+ 
 ## Tools
 
 * [RsaCtfTool](https://github.com/RsaCtfTool/RsaCtfTool.git)
 * [featherduster](https://github.com/nccgroup/featherduster.git)
+
+### Online Tools
+
+* [quipquip](https://quipquip.com)
+* [cryptii](https://cryptii.com/)
+* [Boxentriq](https://www.boxentriq.com)
+* [dcode](https://www.dcode.fr)
+
+## Encryption Standards
+
+* [AES](https://csrc.nist.gov/publications/detail/fips/197/final)
+
diff --git a/Forensics/Volatility.md b/Forensics/Volatility.md
index 107585d..3833281 100644
--- a/Forensics/Volatility.md
+++ b/Forensics/Volatility.md
@@ -99,7 +99,6 @@ For the most part these are (` macOS.*, windows.*, linux.* `)
 
 * For example 
     * Truecryptpassphrase
-    * cmdscan, command history
     * shutdowntime
 
-
+* cmdscan, the command history is missing from volatility 3
diff --git a/Forensics/Wireshark.md b/Forensics/Wireshark.md
new file mode 100644
index 0000000..53bca98
--- /dev/null
+++ b/Forensics/Wireshark.md
@@ -0,0 +1,14 @@
+# Wireshark
+
+## Extracting USB Keystrokes
+
+* Data between USB devices and the host can be filtered via tshark in order to display just the payload, e.g. keystrokes in the following way
+```sh
+tshark -r keystrokes.pcapng -Y "usb.transfer_type==0x01 and frame.len==35 and! (usb.capdata == 00:00:00:00:00:00:00:00)" -T fields -e usbhid.data > output.txt
+```
+
+* A lookup table is needed to [convert the USBHID data to ASCII values](https://gist.github.com/ImAnEnabler/091a9e1ee2d6a0805408e009e2f4a2b5) 
+```
+python keystrokedecoder.py output.txt
+```
+