diff --git a/misc/threat_intelligence/loki.md b/misc/threat_intelligence/loki.md
new file mode 100644
index 0000000..702c5b7
--- /dev/null
+++ b/misc/threat_intelligence/loki.md
@@ -0,0 +1 @@
+# Loki
diff --git a/misc/threat_intelligence/yara.md b/misc/threat_intelligence/yara.md
new file mode 100644
index 0000000..7188fa8
--- /dev/null
+++ b/misc/threat_intelligence/yara.md
@@ -0,0 +1 @@
+# Yara
diff --git a/persistence/wmi.md b/persistence/wmi.md
new file mode 100644
index 0000000..6d09ef1
--- /dev/null
+++ b/persistence/wmi.md
@@ -0,0 +1,3 @@
+# WMI Backdoor
+
+* [BlackHat 2015, Backdoor](https://github.com/mattifestation/WMI_Backdoor.git)
diff --git a/reverse_engineering/docs/firmware.md b/reverse_engineering/docs/firmware.md
new file mode 100644
index 0000000..fc7f12c
--- /dev/null
+++ b/reverse_engineering/docs/firmware.md
@@ -0,0 +1,11 @@
+# Reversing Firmware
+
+## Tools
+* binwalk
+* unlzma
+* tar
+* [fat](https://github.com/attify/firmware-analysis-toolkit.git)
+    * Create usable environment and start firmware inside it
+    ```sh
+    ./fat.py <firmware>
+    ```