diff --git a/_cases/2024/DIVD-2024-00044.md b/_cases/2024/DIVD-2024-00044.md
index 4f43291a..acd0d136 100644
--- a/_cases/2024/DIVD-2024-00044.md
+++ b/_cases/2024/DIVD-2024-00044.md
@@ -45,6 +45,9 @@ timeline:
 ## Summary
 A missing authentication for critical function vulnerability [CWE-306] in FortiManager fgfmd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests. Reports have shown this vulnerability is exploited in the wild.
 
+## Vulnerability detection
+In our fingerprint we check for open 541 ports from the internet that run the Fortimanger software and using default fortinet client-certificates to build up a secure connection to the device. After the connection is established, we trigger a specially function that allow us to check if this FortiManager software version is vulnerabile to  give full shell access without authentication what can result in execution of arbitrary code or Remote code executions (RCE).
+
 ## Recommendations
 Upgrade to a non-vulnerable version according to the FortiGuard advisory FG-IR-24-423. We recommend restricting public access to your instance when you are unable to either patch or apply the workaround provided by Fortinet. We also recommend checking your FortiManager for unrecognised serial numbers and perform forensics on your instance when you do find unrecognised serial numbers. Fortinet provides recovery methods in their FortiGuard advisory.