diff --git a/README.md b/README.md
index 7b1e810..16f0412 100644
--- a/README.md
+++ b/README.md
@@ -28,7 +28,7 @@ Check out my [repos](https://github.com/qazbnm456) 🐾 or say *hi* on my [Twitt
   - [ORM Injection](#orm-injection)
   - [FTP Injection](#ftp-injection)
   - [XXE](#xxe---xml-external-entity)
-  - [CSRF](##csrf---cross-site-request-forgery)
+  - [CSRF](#csrf---cross-site-request-forgery)
   - [SSRF](#ssrf---server-side-request-forgery)
   - [Rails](#rails)
   - [AngularJS](#angularjs)
@@ -46,6 +46,7 @@ Check out my [repos](https://github.com/qazbnm456) 🐾 or say *hi* on my [Twitt
   - [JSMVC](#evasions-jsmvc)
   - [Authentication](#evasions-authentication)
 - [Tricks](#tricks)
+  - [CSRF](#tricks-csrf)
   - [Remote Code Execution](#tricks-rce)
   - [XSS](#tricks-xss)
   - [SQL Injection](#tricks-sql-injection)
@@ -250,6 +251,11 @@ Check out my [repos](https://github.com/qazbnm456) 🐾 or say *hi* on my [Twitt
 
 ## Tricks
 
+<a name="tricks-csrf"></a>
+### CSRF
+
+* [Neat tricks to bypass CSRF-protection](https://zhuanlan.zhihu.com/p/32716181) - Written by [Twosecurity](https://twosecurity.io/).
+
 <a name="tricks-rce"></a>
 ### Remote Code Execution