diff --git a/docs/content/reference/exploiters/PowerShell.md b/docs/content/reference/exploiters/PowerShell.md
new file mode 100644
index 000000000..5e901e93c
--- /dev/null
+++ b/docs/content/reference/exploiters/PowerShell.md
@@ -0,0 +1,55 @@
+---
+title: "PowerShell"
+date: 2021-08-24T12:19:21+03:00
+draft: false
+tags: ["exploit", "windows"]
+---
+
+### Description
+
+This exploiter uses brute-force to propagate to a victim through PowerShell
+Remoting using Windows Remote Management (WinRM).
+
+See Microsoft's documentation for more on [PowerShell Remoting
+Protocol](https://docs.microsoft.com/en-us/powershell/scripting/learn/remoting/winrmsecurity?view=powershell-7.1)
+and [Windows Remote
+Management](https://docs.microsoft.com/en-us/windows/win32/winrm/portal).
+
+
+##### Credentials used
+
+The PowerShell exploiter can be run from both Linux and Windows attackers. On
+Windows attackers, the exploiter has the ability to use the cached username
+and/or password from the current user. On both Linux and Windows attackers, the
+exploiter uses all combinations of the [user-configured usernames and
+passwords]({{< ref "/usage/configuration/basic-credentials" >}}). Different
+combinations of credentials are attempted in the following order:
+
+1. **Cached username and password (Windows attacker only)** - The exploiter will
+   use the stored credentials of the current user to attempt to log into the
+   victim machine.
+
+1. **Brute force usernames with blank passwords** - Windows allows you to
+   configure a user with a blank/empty password. The exploiter will attempt to
+   log into the victim machine using each username set in the
+   [configuration]({{< ref "/usage/configuration/basic-credentials" >}}) with a
+   blank password.
+
+   In order for the attacker to connect with a blank password, the victim must
+   have enabled basic authentication, http and no encryption.
+
+1. **Brute force usernames with cached password (Windows attacker only)** - The
+   exploiter will attempt to log into the victim machine using each username
+   set in the [configuration]({{< ref "/usage/configuration/basic-credentials"
+   >}}) and the current user's cached password.
+
+1. **Brute force usernames and passwords** - The exploiter will attempt to use
+   all combinations of usernames and passwords that were set in the
+   [configuration.]({{< ref "/usage/configuration/basic-credentials" >}})
+
+
+#### Securing PowerShell Remoting
+
+Information about how to remediate security concerns related to PowerShell
+Remoting can be found
+[here](https://docs.microsoft.com/en-us/powershell/scripting/learn/remoting/winrmsecurity?view=powershell-7.1).
diff --git a/envs/monkey_zoo/docs/fullDocs.md b/envs/monkey_zoo/docs/fullDocs.md
index 3cdc79f74..80ecf5f55 100644
--- a/envs/monkey_zoo/docs/fullDocs.md
+++ b/envs/monkey_zoo/docs/fullDocs.md
@@ -30,8 +30,11 @@ This document describes Infection Monkey’s test network, how to deploy and use
 [Nr. 22 Scan](#_Toc526517197)<br>
 [Nr. 23 Struts2](#_Toc536021476)<br>
 [Nr. 24 Struts2](#_Toc536021477)<br>
-[Nr. 250 MonkeyIsland](#_Toc536021478)<br>
-[Nr. 251 MonkeyIsland](#_Toc536021479)<br>
+[Nr. 25 Zerologon](#_Toc536021478)<br>
+[Nr. 3-45 Powershell](#_Toc536021479)<br>
+[Nr. 3-46 Powershell](#_Toc536021480)<br>
+[Nr. 250 MonkeyIsland](#_Toc536021481)<br>
+[Nr. 251 MonkeyIsland](#_Toc536021482)<br>
 [Network topography](#network-topography)<br>
 
 # Warning\!
@@ -59,9 +62,9 @@ To deploy:
 1.  Configure service account for your project:
 
     a. Create a service account (GCP website -> IAM & Admin -> Service Accounts -> + CREATE SERVICE ACCOUNT) and name it “your\_name-monkeyZoo-user”
-    
+
     b. Give these permissions to your service account:
-    
+
     **Compute Engine -> Compute Network Admin**
     and
     **Compute Engine -> Compute Instance Admin (v1)**
@@ -69,11 +72,11 @@ To deploy:
     **Compute Engine -> Compute Security Admin**
     and
     **Service Account User**
-    
+
     or
-    
+
     **Project -> Owner**
-    
+
     c. Create and download its **Service account key** in JSON and place it in **monkey_zoo/gcp_keys** as **gcp_key.json**.
 
 2.  Get these permissions in the monkeyZoo project (guardicore-22050661) for your service account (ask monkey developers to add them):
@@ -85,29 +88,29 @@ To deploy:
     link to your service account key file):
 
          provider "google" {
-         
+
          project = "test-000000" // Change to your project id
-           
+
            region  = "europe-west3" // Change to your desired region or leave default
-           
+
            zone    = "europe-west3-b" // Change to your desired zone or leave default
-           
-           credentials = "${file("../gcp_keys/gcp_key.json")}" // Change to the location and name of the service key. 
+
+           credentials = "${file("../gcp_keys/gcp_key.json")}" // Change to the location and name of the service key.
                                                                // If you followed instruction above leave it as is
-         
+
          }
-         
+
          locals {
-         
+
            resource_prefix = "" // All of the resources will have this prefix.
                                 // Only change if you want to have multiple zoo's in the same project
-           
+
            service_account_email="tester-monkeyZoo-user@testproject-000000.iam.gserviceaccount.com" // Service account email
-           
+
            monkeyzoo_project="guardicore-22050661" // Project where monkeyzoo images are kept. Leave as is.
-         
+
          }
-    
+
 4.  Run terraform init
 
 To deploy the network run:<br>
@@ -117,7 +120,7 @@ To deploy the network run:<br>
 
 # Using islands:
 
-###How to get into the islands:
+### How to get into the islands:
 
 **island-linux-250:** SSH from GCP
 
@@ -125,9 +128,9 @@ To deploy the network run:<br>
 island-windows-251. Set password for your account and then RDP into
 the island.
 
-###These are most common steps on monkey islands:
+### These are most common steps on monkey islands:
 
-####island-linux-250:
+#### island-linux-250:
 
 To run monkey island:<br>
 `sudo /usr/run\_island.sh`<br>
@@ -142,7 +145,7 @@ Update all requirements using deployment script:<br>
 1\. `cd /usr/infection_monkey/deployment_scripts`<br>
 2\. `./deploy_linux.sh "/usr/infection_monkey" "develop"`<br>
 
-####island-windows-251:
+#### island-windows-251:
 
 To run monkey island:<br>
 Execute C:\\run\_monkey\_island.bat as administrator
@@ -156,8 +159,8 @@ To update repository:<br>
 3\. `git pull` (updates develop branch)<br>
 
 Update all requirements using deployment script:<br>
-1. `cd C:\infection_monkey\deployment_scripts`<br>
-2. `./run_script.bat "C:\infection_monkey" "develop"`
+1\. `cd C:\infection_monkey\deployment_scripts`<br>
+2\. `./run_script.bat "C:\infection_monkey" "develop"`<br>
 
 # Running tests:
 
@@ -276,10 +279,6 @@ fullTest.conf is a good config to start, because it covers all machines.
 <td>Notes:</td>
 <td><a href="https://www.elastic.co/guide/en/elasticsearch/reference/1.4/_index_and_query_a_document.html">Quick</a> tutorial on how to add entries (was useful when setting up).</td>
 </tr>
-<tr class="odd">
-<td></td>
-<td></td>
-</tr>
 </tbody>
 </table>
 
@@ -357,10 +356,6 @@ fullTest.conf is a good config to start, because it covers all machines.
 <td>Notes:</td>
 <td></td>
 </tr>
-<tr class="even">
-<td></td>
-<td></td>
-</tr>
 </tbody>
 </table>
 
@@ -433,10 +428,6 @@ fullTest.conf is a good config to start, because it covers all machines.
 <td>Notes:</td>
 <td>Vulnerable app is under /cgi-bin/test.cgi</td>
 </tr>
-<tr class="even">
-<td></td>
-<td></td>
-</tr>
 </tbody>
 </table>
 
@@ -613,10 +604,6 @@ fullTest.conf is a good config to start, because it covers all machines.
 <td>Notes:</td>
 <td></td>
 </tr>
-<tr class="odd">
-<td></td>
-<td></td>
-</tr>
 </tbody>
 </table>
 
@@ -653,10 +640,6 @@ fullTest.conf is a good config to start, because it covers all machines.
 <td>Notes:</td>
 <td>Don’t add this machine’s credentials to exploit configuration.</td>
 </tr>
-<tr class="odd">
-<td></td>
-<td></td>
-</tr>
 </tbody>
 </table>
 
@@ -695,10 +678,6 @@ fullTest.conf is a good config to start, because it covers all machines.
 <td>Notes:</td>
 <td></td>
 </tr>
-<tr class="odd">
-<td></td>
-<td></td>
-</tr>
 </tbody>
 </table>
 
@@ -765,10 +744,6 @@ fullTest.conf is a good config to start, because it covers all machines.
 <td>Notes:</td>
 <td>If you change this machine’s IP it won’t get exploited.</td>
 </tr>
-<tr class="even">
-<td></td>
-<td></td>
-</tr>
 </tbody>
 </table>
 
@@ -839,10 +814,6 @@ fullTest.conf is a good config to start, because it covers all machines.
 <td>Notes:</td>
 <td></td>
 </tr>
-<tr class="even">
-<td></td>
-<td></td>
-</tr>
 </tbody>
 </table>
 
@@ -985,10 +956,6 @@ fullTest.conf is a good config to start, because it covers all machines.
 <td>Notes:</td>
 <td>Used to scan a machine that has no vulnerabilities (to evaluate scanning speed for e.g.)</td>
 </tr>
-<tr class="even">
-<td></td>
-<td></td>
-</tr>
 </tbody>
 </table>
 
@@ -1093,17 +1060,13 @@ fullTest.conf is a good config to start, because it covers all machines.
 <td>Notes:</td>
 <td></td>
 </tr>
-<tr class="even">
-<td></td>
-<td></td>
-</tr>
 </tbody>
 </table>
 
 <table>
 <thead>
 <tr class="header">
-<th><p>Nr. <strong>25</strong> ZeroLogon</p>
+<th><p><span id="_Toc536021478" class="anchor"></span>Nr. <strong>25</strong> ZeroLogon </p>
 <p>(10.2.2.25)</p></th>
 <th>(Vulnerable)</th>
 </tr>
@@ -1123,7 +1086,63 @@ fullTest.conf is a good config to start, because it covers all machines.
 <table>
 <thead>
 <tr class="header">
-<th><p><span id="_Toc536021478" class="anchor"></span>Nr. <strong>250 MonkeyIsland</strong></p>
+<th><p><span id="_Toc536021479" class="anchor"></span>Nr. <strong>3-45 Powershell</strong></p>
+<p>(10.2.3.45)</p></th>
+<th>(Vulnerable)</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td>OS:</td>
+<td><strong>Windows Server 2016 x64</strong></td>
+</tr>
+<tr class="even">
+<td>Software:</td>
+<td>WinRM service</td>
+</tr>
+<tr class="odd">
+<td>Default server’s port:</td>
+<td>-</td>
+</tr>
+<tr class="even">
+<td>Notes:</td>
+<td>User: m0nk3y, Password: Passw0rd!<br>User: m0nk3y-user, No Password.</td>
+</tr>
+</tbody>
+</table>
+
+<table>
+<thead>
+<tr class="header">
+<th><p><span id="_Toc536021480" class="anchor"></span>Nr. <strong>3-46 Powershell</strong></p>
+<p>(10.2.3.46)</p></th>
+<th>(Vulnerable)</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td>OS:</td>
+<td><strong>Windows Server 2016 x64</strong></td>
+</tr>
+<tr class="even">
+<td>Software:</td>
+<td>WinRM service</td>
+</tr>
+<tr class="odd">
+<td>Default server’s port:</td>
+<td>-</td>
+</tr>
+<tr class="even">
+<td>Notes:</td>
+<td>User: m0nk3y, Password: Passw0rd!</td>
+</tr>
+</tbody>
+</table>
+
+<table>
+<thead>
+<tr class="header">
+<th><p><span id="_Toc536021481" class="anchor"></span>Nr. <strong>250 MonkeyIsland</strong></p>
 <p>(10.2.2.250)</p></th>
 <th></th>
 </tr>
@@ -1149,20 +1168,18 @@ fullTest.conf is a good config to start, because it covers all machines.
 <td>Notes:</td>
 <td>Only accessible trough GCP</td>
 </tr>
-<tr class="even">
-<td></td>
-<td></td>
-</tr>
+</tbody>
 </table>
 
 <table>
 <thead>
 <tr class="header">
-<th><p><span id="_Toc536021478" class="anchor"></span>Nr. <strong>251 MonkeyIsland</strong></p>
+<th><p><span id="_Toc536021482" class="anchor"></span>Nr. <strong>251 MonkeyIsland</strong></p>
 <p>(10.2.2.251)</p></th>
 <th></th>
 </tr>
 </thead>
+<tbody>
 <tr class="odd">
 <td>OS:</td>
 <td><strong>Windows Server 2016 x64</strong></td>
@@ -1183,13 +1200,9 @@ fullTest.conf is a good config to start, because it covers all machines.
 <td>Notes:</td>
 <td>Only accessible trough GCP</td>
 </tr>
-<tr class="even">
-<td></td>
-<td></td>
-</tr>
 </tbody>
 </table>
 
 # Network topography:
 
-<img src="/envs/monkey_zoo/docs/images/networkTopography.jpeg" >
+<img src="/envs/monkey_zoo/docs/images/networkTopography.jpg" >