diff --git a/exploit/binaries/r2.md b/exploit/binaries/r2.md
new file mode 100644
index 0000000..7a21014
--- /dev/null
+++ b/exploit/binaries/r2.md
@@ -0,0 +1,31 @@
+# Radare2
+
+## Usage
+### Dynamic
+```sh
+r2 -d <binary>
+```
+* Analyze
+```sh
+aaa
+```
+* Show main
+```sh
+pdf @main
+```
+* Breakpoint
+```sh
+db 0xdeadbeef
+```
+* Show rbp-0x4
+```sh
+px @rbp-0x4
+```
+* Continue
+```sh
+dc
+``` 
+* Show registers
+```sh
+dr
+```
diff --git a/exploit/web/php/command_injection.md b/exploit/web/php/command_injection.md
index 9036825..1eb1b00 100644
--- a/exploit/web/php/command_injection.md
+++ b/exploit/web/php/command_injection.md
@@ -1,6 +1,8 @@
 # PHP Command Injection
 Injecting commands to execute code on the server side via php.
 
+* [Hacktricks](https://book.hackstricks.xyz/pentesting-web/file-upload)
+
 ## Blind Command Injection
 Attacker does not register a direct response.