Update README.md

README-jp.md

@@ -52,6 +52,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
   - [Books](#books)
   - [DNS Rebinding](#dns-rebinding)
 - [Evasions](#evasions)
+  - [XXE](#evasions-xxe)
   - [CSP](#evasions-csp)
   - [WAF](#evasions-waf)
   - [JSMVC](#evasions-jsmvc)
@@ -328,6 +329,11 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
 
 ## Evasions
 
+<a name="evasions-xxe"></a>
+### XXE
+
+- [Bypass Fix of OOB XXE Using Different encoding](https://twitter.com/SpiderSec/status/1191375472690528256) - Written by [@SpiderSec](https://twitter.com/SpiderSec).
+
 <a name="evasions-csp"></a>
 ### CSP
 
@@ -715,6 +721,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
 
 - [Dnslogger](https://wiki.skullsecurity.org/index.php?title=Dnslogger) - DNS Logger by [@iagox86](https://github.com/iagox86).
 - [CyberChef](https://github.com/gchq/CyberChef) - The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis - by [@GCHQ](https://github.com/gchq).
+- [ntlm_challenger](https://github.com/b17zr/ntlm_challenger) - Parse NTLM over HTTP challenge messages by [@b17zr](https://github.com/b17zr).
 
 ## Social Engineering Database
 

README-zh.md

@@ -52,6 +52,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
   - [Books](#books)
   - [DNS Rebinding](#dns-rebinding)
 - [Evasions](#evasions)
+  - [XXE](#evasions-xxe)
   - [CSP](#evasions-csp)
   - [WAF](#evasions-waf)
   - [JSMVC](#evasions-jsmvc)
@@ -354,6 +355,11 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
 
 ## Evasions
 
+<a name="evasions-xxe"></a>
+### XXE
+
+- [Bypass Fix of OOB XXE Using Different encoding](https://twitter.com/SpiderSec/status/1191375472690528256) - Written by [@SpiderSec](https://twitter.com/SpiderSec).
+
 <a name="evasions-csp"></a>
 ### CSP
 
@@ -759,6 +765,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
 
 - [Dnslogger](https://wiki.skullsecurity.org/index.php?title=Dnslogger) - DNS Logger by [@iagox86](https://github.com/iagox86).
 - [CyberChef](https://github.com/gchq/CyberChef) - The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis - by [@GCHQ](https://github.com/gchq).
+- [ntlm_challenger](https://github.com/b17zr/ntlm_challenger) - Parse NTLM over HTTP challenge messages by [@b17zr](https://github.com/b17zr).
 
 ## Social Engineering Database
 

README.md

@@ -52,6 +52,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
   - [Books](#books)
   - [DNS Rebinding](#dns-rebinding)
 - [Evasions](#evasions)
+  - [XXE](#evasions-xxe)
   - [CSP](#evasions-csp)
   - [WAF](#evasions-waf)
   - [JSMVC](#evasions-jsmvc)
@@ -325,6 +326,11 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
 
 ## Evasions
 
+<a name="evasions-xxe"></a>
+### XXE
+
+- [Bypass Fix of OOB XXE Using Different encoding](https://twitter.com/SpiderSec/status/1191375472690528256) - Written by [@SpiderSec](https://twitter.com/SpiderSec).
+
 <a name="evasions-csp"></a>
 ### CSP
 
@@ -710,6 +716,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
 
 - [Dnslogger](https://wiki.skullsecurity.org/index.php?title=Dnslogger) - DNS Logger by [@iagox86](https://github.com/iagox86).
 - [CyberChef](https://github.com/gchq/CyberChef) - The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis - by [@GCHQ](https://github.com/gchq).
+- [ntlm_challenger](https://github.com/b17zr/ntlm_challenger) - Parse NTLM over HTTP challenge messages by [@b17zr](https://github.com/b17zr).
 
 ## Social Engineering Database