diff --git a/Forensics/memdump.md b/Forensics/memdump.md
new file mode 100644
index 0000000..256a6a7
--- /dev/null
+++ b/Forensics/memdump.md
@@ -0,0 +1,6 @@
+## memory dump
+
+```
+strings /tmp/mem.dump | grep BOOT_
+BOOT_IMAGE=/vmlinuz-3.5.0-23-generic
+```
diff --git a/Images/image.png b/Images/image.png
new file mode 100644
index 0000000..695c948
Binary files /dev/null and b/Images/image.png differ
diff --git a/Images/out_image.png b/Images/out_image.png
new file mode 100644
index 0000000..620f848
Binary files /dev/null and b/Images/out_image.png differ
diff --git a/Images/sudoku.py b/Images/sudoku.py
new file mode 100644
index 0000000..c67895c
--- /dev/null
+++ b/Images/sudoku.py
@@ -0,0 +1,27 @@
+from PIL import Image
+
+
+# solved sudoku
+sudoku = '''
+964127538
+712385694
+385496712
+491578263
+238614975
+576239841
+627843159
+153962487
+849751326
+'''
+s = sudoku.replace('\n', '')
+
+image = Image.open('image.png').convert('RGB')
+out = Image.new('RGB', image.size)
+
+for j in range(9):
+    for i in range(9):
+      img_cell = image.crop((i * 50, j * 50, i * 50 + 50, j * 50 + 50))
+      c = (int(s[j * 9 + i]) - 1) * 50
+      out.paste(img_cell, (c, j * 50))
+
+out.save('out_image.png')
diff --git a/Useful_Scripts/xor_bytes.py b/Images/xor_bytes.py
similarity index 100%
rename from Useful_Scripts/xor_bytes.py
rename to Images/xor_bytes.py
diff --git a/Useful_Scripts/xor_imag.go b/Images/xor_imag.go
similarity index 100%
rename from Useful_Scripts/xor_imag.go
rename to Images/xor_imag.go
diff --git a/Network/wireshark_stuff.md b/Network/wireshark_stuff.md
new file mode 100644
index 0000000..0d25ad0
--- /dev/null
+++ b/Network/wireshark_stuff.md
@@ -0,0 +1,14 @@
+#
+
+## Recon
+
+* Statistics -> Conversations
+	-> Some SSH, HTTP
+
+
+## Filters
+* Filer on HTTP:
+
+```
+ip.addr==172.16.133.133 && tcp.port==52694 && ip.addr==172.16.133.149 && tcp.port==80
+```
diff --git a/README.md b/README.md
index 5440ad2..59f41e8 100644
--- a/README.md
+++ b/README.md
@@ -6,3 +6,5 @@ More [here].
 
 
 [here]: https://gist.github.com/bt3gl/8e3aa9538d6122f74274
+
+![](http://i.imgur.com/4WNqTJS.png)
\ No newline at end of file
diff --git a/Useful_Scripts/bits_to_char.py b/Useful_Scripts/bits_to_char.py
new file mode 100644
index 0000000..f26f579
--- /dev/null
+++ b/Useful_Scripts/bits_to_char.py
@@ -0,0 +1,14 @@
+# read data
+data = []
+with open('hidden-message.pcap', 'rb') as f:
+data = f.read()
+
+# get bits
+bits = ''
+for i in xrange(75, len(data), 81):
+ bits += '0' if data[i:i+1]=='I' else '1'
+# convert to chars
+flag = ''
+for i in xrange(0, len(bits), 8):
+ flag += chr(int(bits[i:i+8], 2))
+print flag
diff --git a/Useful_Scripts/bytes_to_char.py b/Useful_Scripts/bytes_to_char.py
new file mode 100644
index 0000000..7b78be8
--- /dev/null
+++ b/Useful_Scripts/bytes_to_char.py
@@ -0,0 +1,2 @@
+print ''.join(map(chr, [0x20, 0x64, 0x65, 0x36, 0x38, 0x33, 0x38, 0x32, 0x35, 0x32, 0x66, 0x39, 0x35, 0x64, 0x33, 0x62, 0x39, 0x65, 0x38, 0x30, 0x33, 0x62, 0x32, 0x38, 0x64, 0x66, 0x33, 0x33, 0x62, 0x34, 0x62, 0x61, 0x61, 0x00]))
+
diff --git a/ctf_tools_1_light_sd.png b/ctf_tools_1_light_sd.png
new file mode 100644
index 0000000..6aea24d
Binary files /dev/null and b/ctf_tools_1_light_sd.png differ