diff --git a/Exploits/IOT/Messaging_Protocols.md b/Exploits/IOT/Messaging_Protocols.md
new file mode 100644
index 0000000..95a364e
--- /dev/null
+++ b/Exploits/IOT/Messaging_Protocols.md
@@ -0,0 +1,21 @@
+# Message Protocols
+
+## Where to begin
+
+* __Communication Sniffing__ on unsecured connections
+* __Source code analysis__
+* __Documentation__
+
+## Message Queueing Telemetry Transport (MQTT)
+
+Queues on a Broker are used through a __publish/subscribe__ model as an asynchronous connection in the following way
+
+* Publisher sends data to a queue of the broker
+* Broker holds the message in Topics (queues) for period of time
+* Subscriber may connect and get the message from the Broker via Topics
+
+### Tools
+
+* `nmap` to list the topics
+* `mosquitto_sub -h <hostname> -t <topic>` to subscribe to topics or query the device ID
+* `mosquitto_pub -h ` to publish to topics through mentioning the device ID
diff --git a/Reverse Engineering/Portable Executable.md b/Reverse Engineering/Portable Executable.md
index 7f3d3a7..c8a8948 100644
--- a/Reverse Engineering/Portable Executable.md	
+++ b/Reverse Engineering/Portable Executable.md	
@@ -6,6 +6,23 @@ The file format consists of
     * PE Header
     * Data Sections
 
+## Headers
+
+1. IMAGE_DOS_HEADER, 0x00 to 0x63 of the binary
+    * `e_magic` as the Magic Bytes: 'MZ' -> 0x4D5A (0x5A4D in little endian)
+    * `e_lfanew` contains the starting offset of `IMAGE_NT_HEADERS` 
+2. DOS_STUB
+    * Contains `!This program cannot be run in DOS mode`
+3. .ntdata
+3. FILE_HEADER
+4. OPTIONAL_HEADER
+5. IMAGE_SECTION_HEADER
+6. IMAGE_NT_HEADERS
+    * NT_HEADERS
+        * Signature
+        * FILE_HEADER
+        * OPTIONAL_HEADER
+    
 ## Data Section
 
 The data section consists of
@@ -31,3 +48,6 @@ If a process starts, the PE is read in the following order
 4. Libraries and imports are loaded
 5. Entrypoint address of the main function is run
 
+## Tools
+
+[pe-tree](https://github.com/blackberry/pe_tree)