diff --git a/windows-ad/Post-Exploitation.md b/windows-ad/Post-Exploitation.md
index b8227cc1..2fe09cc8 100644
--- a/windows-ad/Post-Exploitation.md
+++ b/windows-ad/Post-Exploitation.md
@@ -1,6 +1,7 @@
 # Post-Exploitation
 
 * [General](#General)
+* [Information gathering](#Information-gathering)
 * [Find credentials in files](#Find-credentials-in-files)
 * [Dumping LSASS](#Dumping-LSASS)
 * [Dumping SAM](#Dumping-SAM)
@@ -10,6 +11,8 @@
 * [DPAPI](#DPAPI)
 
 ## General
+
+## Information gathering
 #### Seatbelt - Gather generic info of the host
 - https://github.com/GhostPack/Seatbelt
 ```
@@ -17,6 +20,16 @@ Seatbelt.exe -group=user
 Seatbelt.exe -group=all
 ```
 
+#### Get loggged on sessions
+```
+net logons
+```
+
+#### Get list of running processes
+```
+ps
+```
+
 ## Find credentials in files
 #### Look for SAM files
 ```