Nmap’s TCP ACK scan (-sA) method is much harder to filter for firewalls and IDS/IPS systems than regular SYN (-sS) or Connect scans (sT) because they only send a TCP packet with only the ACK flag. When a port is closed or open, the host must respond with an RST flag. Unlike outgoing connections, all connection attempts (with the SYN flag) from external networks are usually blocked by firewalls. However, the packets with the ACK flag are often passed by the firewall because the firewall cannot determine whether the connection was first established from the external network or the internal network.

When engaging in cybersecurity activities, such as penetration testing or vulnerability assessment, having a comprehensive toolkit of commands and scripts is essential. The following list provides a collection of commonly used commands across various stages of a cybersecurity engagement, including service scanning, web enumeration, exploiting public vulnerabilities, managing shells, escalating privileges, and transferring files. These commands are crucial for identifying potential vulnerabilities, exploiting them, and maintaining access to systems. They cover tools like nmap for network scanning, gobuster for web directory enumeration, Metasploit for exploiting known vulnerabilities, and netcat for establishing reverse shells. Additionally, they include methods for privilege escalation and file transfer, which are vital for post-exploitation activities. By mastering these commands, cybersecurity professionals can efficiently navigate and analyze systems to identify and address security weaknesses.

Initial Foothold

In technical workflows, efficiency often hinges on recalling precise commands, flags, or syntax. These cheatsheets condense essential tools, techniques, and workflows into actionable quick-reference guides, designed to save time and reduce friction. Whether you’re scanning networks, automating tasks, or troubleshooting systems, use this curated collection as your “initial foothold” for rapid execution—eliminating guesswork and keeping critical information at your fingertips. Bookmark, print, or memorize these shortcuts to streamline your process and stay focused on results.

Web application penetration testing is a critical security practice designed to identify and exploit vulnerabilities in web applications, simulating real-world attacks to assess their resilience against cyber threats. This method involves a thorough examination of the application’s architecture, from the user interface to the underlying codebase, to uncover potential security gaps that could be exploited by malicious actors. By mimicking the tactics, techniques, and procedures (TTPs) used by hackers, penetration testers provide actionable insights into an application’s security posture, helping organizations strengthen their defenses and comply with industry standards like PCI-DSS. This proactive approach not only enhances security but also reduces the risk of data breaches and financial losses, ensuring that sensitive data remains protected.

Password attacks are a pervasive threat in the digital landscape, often serving as the primary vector for cybercriminals to breach secure systems. In recent years, compromised credentials have been responsible for a significant majority of data breaches, with 81% of such incidents in 2020 attributed to weak or stolen passwords[1][2]. These attacks exploit vulnerabilities in user authentication, leveraging techniques such as phishing, man-in-the-middle attacks, brute force attempts, and credential stuffing to gain unauthorized access to sensitive information[1][2]. As technology advances, so too do the methods employed by hackers, making it increasingly important for individuals and organizations to implement robust security measures, including strong password policies and multi-factor authentication, to protect against these ever-evolving threats[5].

Penetration testing and network exploitation involve a wide array of tools and techniques designed to assess and improve the security of computer systems. These tools help identify vulnerabilities, validate user credentials, and simulate attacks to test defenses. From enumerating network shares and users to exploiting weaknesses in authentication protocols like Kerberos, each tool serves a specific purpose in the broader strategy of ethical hacking. This collection of commands and tools provides a comprehensive overview of the methods used to enumerate systems, manage credentials, gain remote access, and escalate privileges, ultimately aiding in the detection and mitigation of security threats. Below are organized tables detailing these tools and their applications.

Pivoting and tunneling are crucial techniques used in network security testing and penetration testing to access and navigate through internal networks that are not directly reachable from the outside. Pivoting involves using a compromised host as a pivot point to move laterally within a network, bypassing segmentation and accessing previously isolated systems. This method is essential for expanding the attack surface and discovering new targets within a network. Tunneling, on the other hand, is a subset of pivoting that encapsulates network traffic within another protocol, allowing it to traverse restricted networks undetected. Common tunneling methods include SSH tunneling, which uses encrypted connections to relay traffic, and SOCKS proxies, which route traffic through a compromised host. Both techniques are vital for red team engagements and penetration tests, enabling testers to simulate real-world attacks and assess network vulnerabilities effectively.

Linux privilege escalation is a critical security concern that involves exploiting vulnerabilities or misconfigurations to gain elevated access to a system. This technique can be used both by authorized users to perform administrative tasks and by attackers to compromise a system’s security. Authorized users typically use tools like sudo to temporarily elevate their privileges for specific tasks, such as system configuration or software installation. However, attackers exploit weaknesses in the system, such as kernel vulnerabilities, misconfigured services, or file permissions, to escalate their privileges from a limited user account to the powerful root account. This can lead to severe consequences, including data theft, malware deployment, and system damage. Understanding the methods of privilege escalation is essential for both ethical hackers and system administrators to enhance security and prevent unauthorized access.

Windows privilege escalation is a critical security concern where users or attackers exploit vulnerabilities to gain unauthorized access to higher levels of system privileges. This process involves transitioning from a lower-level user account to a more powerful one, such as an administrator or the “NT AUTHORITY\SYSTEM” account, often by exploiting system misconfigurations or security weaknesses. Privilege escalation can be categorized into two main types: vertical escalation, where an attacker elevates their privileges within the same account, and horizontal escalation, where they gain access to another account with similar or higher privileges. Understanding and managing privilege escalation is essential for both security professionals aiming to protect systems and penetration testers seeking to identify vulnerabilities. Techniques for privilege escalation include exploiting kernel vulnerabilities, abusing weak permissions, and leveraging tools like WinPEAS and PowerUp to identify potential escalation paths.