diff --git a/Exploits/Web/JWT.md b/Exploits/Web/JWT.md
index 4768c79..11d3625 100644
--- a/Exploits/Web/JWT.md
+++ b/Exploits/Web/JWT.md
@@ -17,6 +17,7 @@ header.payload.signature
 
 
 ## NONE Algorithm Vulnerability
+
 * Example with `alg: NONE`, so no third part is needed.
 ```sh
 eyJ0eXAiOiJKV1QiLCJhbGciOiJOT05FIn0K.eyJleHAiOjE1ODY3MDUyOTUsImlhdCI6MTU4NjcwNDk5NSwibmJmIjoxNTg2NzA0OTk1LCJpZGVudGl0eSI6MH0K.
@@ -86,3 +87,4 @@ eyJpc3MiOiJodHRwOi8vbG9jYWxob3N0IiwiaWF0IjoxNTg1MzIzNzg0LCJleHAiOjE1ODUzMjM5MDQs
 * [JWTtool](https://github.com/ticarpi/jwt_tool.git)
 * [PayloadAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/JSON%20Web%20Token)
 * https://jwt.io
+* [jwtcrack](https://github.com/Sjord/jwtcrack)
diff --git a/Exploits/Windows/DLL Hijacking.md b/Exploits/Windows/DLL Hijacking.md
index a4d29ce..cd2c83d 100644
--- a/Exploits/Windows/DLL Hijacking.md	
+++ b/Exploits/Windows/DLL Hijacking.md	
@@ -1,6 +1,8 @@
 # DLL Hijacking
 
-## Search Orders
+## Basics
+
+### Search Orders
 * __SafeDllSearchMode__ enabled searches paths in following order: 
     * __cwd__ of executable
     * System directory, `GetSystemDirectory`
@@ -17,7 +19,7 @@
     * Windows directory 
     * PATH environment variable
 
-## Template
+### Template
 ```C
 #include <windows.h>
 
@@ -40,3 +42,7 @@ sc stop dllsvc
 sc start dllsvc
 ```
 
+## LPE via StorSvc
+
+* [BlackArrowSec's repository](https://t.co/8XMvewhgFn)
+
diff --git a/Exploits/Windows/Potatoes.md b/Exploits/Windows/Potatoes.md
index 2789fe6..5d08b1c 100644
--- a/Exploits/Windows/Potatoes.md
+++ b/Exploits/Windows/Potatoes.md
@@ -5,3 +5,6 @@
 * [Lonely Potato](https://decoder.cloud/2017/12/23/the-lonely-potato/)
 * [Juicy Potato](https://ohpe.it/juicy-potato/)
 * [Rogue Potato](https://decoder.cloud/2020/05/11/no-more-juicypotato-old-story-welcome-roguepotato/)
+* [LocalPotato (CVE-2023-21746)](https://github.com/decoder-it/LocalPotato.git) works via NTLM local authentication Security Context IDs using a local SMB and start connecting a privileged and an unprivileged process at the same time. Both get a security context IDs which then will be swapped between the processes. Additionally DLL hijacking is needed to get a higher priv shell. [This is done via `SvcRebootToFlashingMode` of StorSvc and interpositioning of `SprintCSP.dll`](https://github.com/blackarrowsec/redteam-research/tree/master/LPE via StorSvc) in PATH
+    * [Original Post from James Forshaw and Elad Shamir](https://decoder.cloud/2023/02/13/localpotato-when-swapping-the-context-leads-you-to-system/)
+    * [Security Online](https://securityonline.info/poc-exploit-for-windows-ntlm-privilege-escalation-flaw-cve-2023-21746-published/)