diff --git a/idacheatsheet.html b/idacheatsheet.html
new file mode 100644
index 0000000..d486637
--- /dev/null
+++ b/idacheatsheet.html
@@ -0,0 +1,190 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <meta charset="utf-8">
+    <meta http-equiv="X-UA-Compatible" content="chrome=1">
+    <link rel="stylesheet" href="https://securedorg.github.io//assets/css/style.css?v=5e63b4f7f8d5ec379a428172f4517e17cf6f662e">
+</head>
+<body>
+
+
+<table>
+<tr><td>
+<h1>IDAPro</br>Cheat Sheet</h1>
+<table>
+<caption style="text-align: left;"><h3>Navigation<h3></caption>
+<tr><td>Jump to operand</td><td>Enter</td></tr>
+<tr><td>Jump in new window</td><td>Alt+Enter</td></tr>
+<tr><td>Jump to previous position</td><td>Esc</td></tr>
+<tr><td>Jump to Next position</td><td>Ctrl+Enter</td></tr>
+<tr><td>Jump to address</td><td>G</td></tr>
+<tr><td>Jump by name</td><td>Ctrl+L</td></tr>
+<tr><td>Jump to function</td><td>Ctrl+P</td></tr>
+<tr><td>Jump to segment</td><td>Ctrl+S</td></tr>
+<tr><td>Jump to segment register</td><td>Ctrl+G</td></tr>
+<tr><td>Jump to problem</td><td>Ctrl+Q</td></tr>
+<tr><td>Jump to cross reference</td><td>Ctrl+X</td></tr>
+<tr><td>Jump to xref to operand</td><td> X</td></tr>
+<tr><td>Jump to entry point</td><td>Ctrl+E</td></tr>
+<tr><td>Mark Position</td><td>Alt+M</td></tr>
+</table>
+<table>
+<caption style="text-align: left;"><h3>Search</h3></caption>
+<tr><td>Next code</td><td>Alt+C</td></tr>
+<tr><td>Next data</td><td>Ctrl+D</td></tr>
+<tr><td>Next explored</td><td>Ctrl+A</td></tr>
+<tr><td>Next unexplored</td><td>Ctrl+U</td></tr>
+<tr><td>Immediate value</td><td>Alt+I</td></tr>
+<tr><td>Next immediate value</td><td>Ctrl+I</td></tr>
+<tr><td>Text</td><td>Alt+T</td></tr>
+<tr><td>Next text</td><td>Ctrl+T</td></tr>
+<tr><td>Sequence of bytes</td><td>Alt+B</td></tr>
+<tr><td>Next sequence of bytes</td><td>Ctrl+B</td></tr>
+<tr><td>Not function</td><td>Alt+U</td></tr>
+</table>
+<table>
+<caption style="text-align: left;"><h3>Graphing</h3></caption>
+<tr><td>Flow chart</td><td>F12</td></tr>
+<tr><td>Function calls</td><td>Ctrl+F12</td></tr>
+</table>
+<table>
+<caption style="text-align: left;"><h3>Comments</h3></caption>
+<tr><td>Enter comment</td><td>Shift+; </td></tr>
+<tr><td>Enter repeatable comment</td><td>; </td></tr>
+<tr><td>Enter anterior lines</td><td>Ins </td></tr>
+<tr><td>Enter posterior lines</td><td>Shift+Ins </td></tr>
+<tr><td>Insert predefined comment</td><td>Shift+F1</td></tr>
+</table>
+<table>
+<caption style="text-align: left;"><h3>Data Format Options</h3></caption>
+<tr><td>ASCII strings style</td><td>Alt+A</td></tr>
+<tr><td>Setup data types</td><td>Alt+D</td></tr>
+</table>
+</td>
+<td>
+<table>
+<caption style="text-align: left;"><h3>Open Subviews</h3></caption>
+<tr><td>Names</td><td>Shift+F4</td></tr>
+<tr><td>Functions</td><td>Shift+F3</td></tr>
+<tr><td>Strings</td><td>Shift+F12</td></tr>
+<tr><td>Segments</td><td>Shift+F7</td></tr>
+<tr><td>Segment registers</td><td>Shift+F8</td></tr>
+<tr><td>Signatures</td><td>Shift+F5</td></tr>
+<tr><td>Type libraries</td><td>Shift+F11</td></tr>
+<tr><td>Structures</td><td>Shift+F9</td></tr>
+<tr><td>Enumerations</td><td>Shift+F10</td></tr>
+</table>
+
+
+
+<table>
+<caption style="text-align: left;"><h3>File Operations</h3></caption>
+<tr><td>Parse C header file</td><td>Ctrl+F9</td></tr>
+<tr><td>Create ASM file</td><td>Alt+F10</td></tr>
+<tr><td>Save database</td><td>Ctrl+W</td></tr>
+</table>
+
+<table>
+<caption style="text-align: left;"><h3>Debugger</h3></caption>
+<tr><td>Star process</td><td>F9</td></tr>
+<tr><td>Terminate process</td><td>Ctrl+F2</td></tr>
+<tr><td>Step into</td><td>F7</td></tr>
+<tr><td>Step over</td><td>F8</td></tr>
+<tr><td>Run until return</td><td>Ctrl+F7</td></tr>
+<tr><td>Run to cursor</td><td>F4</td></tr>
+<tr><td>Breakpoints</td></tr>
+<tr><td>Breakpoint list</td><td>Ctrl+Alt+B</td></tr>
+</table>
+
+<table>
+<caption style="text-align: left;"><h3>Watches</caption>
+<tr><td>Delete watch</td><td>Del</td></tr>
+</table>
+
+<table>
+<caption style="text-align: left;"><h3>Tracing</caption>
+<tr><td>Stack trace</td><td>Ctrl+Alt+S</td></tr>
+</table>
+
+<table>
+<caption style="text-align: left;"><h3>Miscellaneous</h3></caption>
+<tr><td>Calculator</td><td>Shift+/ </td></tr>
+<tr><td>Cycle through open views</td><td>Ctrl+Tab </td></tr>
+<tr><td>Select tab</td><td>Alt + [1…N] </td></tr>
+<tr><td>Close current view</td><td>Ctrl+F4</td></tr>
+<tr><td>Exit</td><td>Alt+X </td></tr>
+<tr><td>IDC Command</td><td>Shift+F2</td></tr>
+</table>
+
+</td>
+<td>
+<table>
+<caption style="text-align: left;"><h3>Edit (Data Types – etc)</h3></caption>
+<tr><td>Copy</td><td>Ctrl+Ins</td></tr>
+<tr><td>Begin selection</td><td>Alt+L</td></tr>
+<tr><td>Manual instruction</td><td>Alt+F2</td></tr>
+<tr><td>Code</td><td>C</td></tr>
+<tr><td>Data</td><td>D</td></tr>
+<tr><td>Struct variable</td><td>Alt+Q</td></tr>
+<tr><td>ASCII string</td><td>A</td></tr>
+<tr><td>Array</td><td>Num *</td></tr>
+<tr><td>Undefine</td><td>U</td></tr>
+<tr><td>Rename</td><td>N</td></tr>
+</table>
+
+
+<table>
+<caption style="text-align: left;"><h3>Operand Type</caption>
+<tr><td>Offset (data segment)</td><td>O</td></tr>
+<tr><td>Offset (current segment)</td><td>Ctrl+O</td></tr>
+<tr><td>Offset by (any segment)</td><td>Alt+R</td></tr>
+<tr><td>Offset (user-defined)</td><td>Ctrl+R</td></tr>
+<tr><td>Offset (struct)</td><td>T</td></tr>
+<tr><td>Number (default)</td><td>Shift+3</td></tr>
+<tr><td>Hexadecimal</td><td>Q</td></tr>
+<tr><td>Decimal</td><td>H</td></tr>
+<tr><td>Binary</td><td>B</td></tr>
+<tr><td>Character</td><td>R </td></tr>
+<tr><td>Segment</td><td>S</td></tr>
+<tr><td>Enum member</td><td>M </td></tr>
+<tr><td>Stack variable</td><td>K</td></tr>
+<tr><td>Change sign</td><td>Shift+-</td></tr>
+<tr><td>Bitwise negate</td><td> Shift+`</td></tr>
+<tr><td>Manual</td><td>Alt+F1</td></tr>
+</table>
+
+<table>
+<caption style="text-align: left;"><h3>Segments</caption>
+<tr><td>Edit segment</td><td>Alt+S</td>
+<tr><td>Change segment register value</td><td>Alt+G</td></tr>
+</table>
+
+<table>
+<caption style="text-align: left;"><h3>Structs</caption>
+<tr><td>Struct var</td><td>Alt+Q</td><tr>
+<tr><td>Force zero offset field</td><td>Ctrl+Z</td></tr>
+<tr><td>Select union member</td><td>Alt+Y</td></tr>
+</table>
+
+
+<table>
+<caption style="text-align: left;"><h3>Functions</caption>
+<tr><td>Create function</td><td>P</td></tr>
+<tr><td>Edit function</td><td>Alt+P </td></tr>
+<tr><td>Set function end</td><td>E </td></tr>
+<tr><td>Stack variables</td><td>Ctrl+K </td></tr>
+<tr><td>Change stack pointer</td><td>Alt+K</td></tr>
+<tr><td>Rename register</td><td>V</td></tr>
+<tr><td>Set function type</td><td>Y</td></tr>
+</table>
+</td>
+
+</tr>
+
+</table>
+
+
+
+</body>
+
+</html>
\ No newline at end of file
diff --git a/images/Alt-50.png b/images/Alt-50.png
new file mode 100644
index 0000000..78f6b07
Binary files /dev/null and b/images/Alt-50.png differ
diff --git a/images/Ctrl-50.png b/images/Ctrl-50.png
new file mode 100644
index 0000000..0e0d8e4
Binary files /dev/null and b/images/Ctrl-50.png differ
diff --git a/images/Enter-50.png b/images/Enter-50.png
new file mode 100644
index 0000000..e88513e
Binary files /dev/null and b/images/Enter-50.png differ
diff --git a/images/Shift-50.png b/images/Shift-50.png
new file mode 100644
index 0000000..1fbb5d8
Binary files /dev/null and b/images/Shift-50.png differ
diff --git a/malware.md b/malware.md
index 58b269a..efc1946 100644
--- a/malware.md
+++ b/malware.md
@@ -43,7 +43,7 @@ title: Malware Techniques
   * [Enigma Protector](http://www.enigmaprotector.com)
   * [EXE Bundle](http://www.webtoolmaster.com/exebundle.htm)
   * [EXE Stealth](http://www.webtoolmaster.com/exestealth.htm)
-  * [eXPressor(http://www.cgsoftlabs.ro/express.html)
+  * [eXPressor](http://www.cgsoftlabs.ro/express.html)
   * [FSG](http://xtreeme.prv.pl/)
   * [kkrunchy](http://www.farbrausch.de/~fg/kkrunchy/)
   * [MEW](https://web.archive.org/web/20070831063728/http://northfox.uw.hu/index.php?lang=eng&amp;id=dev)
@@ -58,6 +58,8 @@ title: Malware Techniques
   * [VMProtect](http://vmpsoft.com/products/vmprotect)
   * [XComp/XPack](http://soft-lab.de/JoKo)
   
+  <center>[Top^](#techniques-overview)</center>
+  
 ## Obfuscation
 
 * Deliberate act of creating obfuscated code that is difficult for humans to understand
@@ -116,15 +118,26 @@ Example: Mimikatz credential theft
 
 * Gain knowledge about the system and internal network.
 
-## Lateral Movement     
+## Lateral Movement   
+
+* Enable an adversary to access and control remote systems on a network and could  
 
 ## Execution
 
+* Techniques that result in execution of adversary-controlled code on a local or remote system
+* scripts
+* post-exploitation
+
 ## Collection
 
+* Identify and gather information, such as sensitive files, from a target network prior to exfiltration
+
 ## Exfiltration
 
+* Removing files and information
+
 ## Command and Control
 
+* Communicate with systems under their control 
 
 [x86 Assembly <- Back](https://securedorg.github.io/RE101/section1.3) | [Next -> Section 3](https://securedorg.github.io/RE101/section3)
diff --git a/retools.md b/retools.md
index 51b4ded..61e6a53 100644
--- a/retools.md
+++ b/retools.md
@@ -7,10 +7,42 @@ title: RE Tools
 
 # Section 3: Reverse Engineering (RE) Tools #
 
-* Disassembler
-* Decompilers
-* Debugger
-* Information Gathering
-* Support
+
+## Disassembler
+
+* [Ida](https://www.hex-rays.com/products/ida/)
+  * Free (Used in this worksop)
+  * Pro
+* [Radare](https://www.radare.org)
+* [Capstone](http://www.capstone-engine.org/)
+
+## Decompilers
+
+* [Snowman](https://derevenets.com/)
+* [dotPeek](https://www.jetbrains.com/decompiler/) .NET decompiler
+
+## Debuggers
+
+* [x64dbg](http://x64dbg.com/) (Used in this worksop)
+* [Immunity](https://www.immunityinc.com/products/debugger/)
+* [OllyDbg](http://www.ollydbg.de/)  (Most Popular)
+* [WinDbg](https://developer.microsoft.com/en-us/windows/hardware/windows-driver-kit)
+
+## Information Gathering
+
+* [CFF Explorer](http://www.ntcore.com/exsuite.php)
+* [Sysinternals Suite](https://technet.microsoft.com/en-us/sysinternals/bb842062.aspx)
+  * procmon
+  * procexplorer
+* [InetSim: Internet Services Simulation Suite](http://www.inetsim.org/downloads.html)
+* [Yara: pattern matching rule engine](https://virustotal.github.io/yara/)
+* [Wireshark](https://www.wireshark.org/download.html) - network sniffing
+* [API Monitor](http://www.rohitab.com/downloads)
+  
+## Support
+
+* [HxD Hex Editor](https://mh-nexus.de/en/hxd/)
+* [Python](https://www.python.org/downloads/) - used for automating tasks
+
 
 [Section 2 <- Back](https://securedorg.github.io/RE101/section2) | [Next -> Section 4](https://securedorg.github.io/RE101/section4)