diff --git a/README.md b/README.md
index 7b1e810..16f0412 100644
--- a/README.md
+++ b/README.md
@@ -28,7 +28,7 @@ Check out my [repos](https://github.com/qazbnm456) 🐾 or say *hi* on my [Twitt
- [ORM Injection](#orm-injection)
- [FTP Injection](#ftp-injection)
- [XXE](#xxe---xml-external-entity)
- - [CSRF](##csrf---cross-site-request-forgery)
+ - [CSRF](#csrf---cross-site-request-forgery)
- [SSRF](#ssrf---server-side-request-forgery)
- [Rails](#rails)
- [AngularJS](#angularjs)
@@ -46,6 +46,7 @@ Check out my [repos](https://github.com/qazbnm456) 🐾 or say *hi* on my [Twitt
- [JSMVC](#evasions-jsmvc)
- [Authentication](#evasions-authentication)
- [Tricks](#tricks)
+ - [CSRF](#tricks-csrf)
- [Remote Code Execution](#tricks-rce)
- [XSS](#tricks-xss)
- [SQL Injection](#tricks-sql-injection)
@@ -250,6 +251,11 @@ Check out my [repos](https://github.com/qazbnm456) 🐾 or say *hi* on my [Twitt
## Tricks
+
+### CSRF
+
+* [Neat tricks to bypass CSRF-protection](https://zhuanlan.zhihu.com/p/32716181) - Written by [Twosecurity](https://twosecurity.io/).
+
### Remote Code Execution