diff --git a/JavaScript/PwnCollegeV8Exploitation/Level6/README.md b/JavaScript/PwnCollegeV8Exploitation/Level6/README.md
index 6ac5af7..bcbdce4 100644
--- a/JavaScript/PwnCollegeV8Exploitation/Level6/README.md
+++ b/JavaScript/PwnCollegeV8Exploitation/Level6/README.md
@@ -18,3 +18,6 @@ Given a vulnerable builtin `Array.prototype.functionMap(func)`:
         - [Attacking Client-Side JIT Compilers (v2)](https://saelo.github.io/presentations/blackhat_us_18_attacking_client_side_jit_compilers.pdf#page=106)
         - [Pwn2Own 2018 CVE-2018-4233 分析](https://www.anquanke.com/post/id/244472)
     - Use this technique to construct Address Of & Fake Object primitive.
+- How to build d8 and debug them?
+    - [Building V8 from source](https://v8.dev/docs/build)
+    - [Building V8 with GN](https://v8.dev/docs/build-gn)