Minor Edit in Cab Parser

README.md

@@ -14,15 +14,15 @@ So far, the only valuable resources I've seen to create a fully working generato
 
 The above resources outline a lot of the requirements needed to create a full chain. As I do not desire
 
-### Chain
-* Docx opened
-* Relationship stored in document.xml.rels points to malicious html
-* IE preview is launched to open the HTML link
-* JScript within the HTML contains an object pointing to a CAB file, and an iframe pointing to an INF file,
-  prefixed with the ".cpl:" directive
-* The cab file is opened, the INF file stored in the %TEMP%\Low directory
-* Due to a Path traversal (ZipSlip) vulnerability in the CAB, it's possible to store the INF in %TEMP%
-* Then, the INF file is opened with the ".cpl:" directive, causing the side-loading of the INF file via rundll32 
+### Exploit Chain
+1. Docx opened
+2. Relationship stored in document.xml.rels points to malicious html
+3. IE preview is launched to open the HTML link
+4. JScript within the HTML contains an object pointing to a CAB file, and an iframe pointing to an INF file,
+   prefixed with the ".cpl:" directive
+5. The cab file is opened, the INF file stored in the %TEMP%\Low directory
+6. Due to a Path traversal (ZipSlip) vulnerability in the CAB, it's possible to store the INF in %TEMP%
+7. Then, the INF file is opened with the ".cpl:" directive, causing the side-loading of the INF file via rundll32 
   (if this is a DLL)
 
 ### Overlooked Requirements