Nmap’s TCP ACK scan (-sA) method is much harder to filter for firewalls and IDS/IPS systems than regular SYN (-sS) or Connect scans (sT) because they only send a TCP packet with only the ACK flag. When a port is closed or open, the host must respond with an RST flag. Unlike outgoing connections, all connection attempts (with the SYN flag) from external networks are usually blocked by firewalls. However, the packets with the ACK flag are often passed by the firewall because the firewall cannot determine whether the connection was first established from the external network or the internal network.

When engaging in cybersecurity activities, such as penetration testing or vulnerability assessment, having a comprehensive toolkit of commands and scripts is essential. The following list provides a collection of commonly used commands across various stages of a cybersecurity engagement, including service scanning, web enumeration, exploiting public vulnerabilities, managing shells, escalating privileges, and transferring files. These commands are crucial for identifying potential vulnerabilities, exploiting them, and maintaining access to systems. They cover tools like nmap for network scanning, gobuster for web directory enumeration, Metasploit for exploiting known vulnerabilities, and netcat for establishing reverse shells.

Initial Foothold In technical workflows, efficiency often hinges on recalling precise commands, flags, or syntax. These cheatsheets condense essential tools, techniques, and workflows into actionable quick-reference guides, designed to save time and reduce friction. Whether you’re scanning networks, automating tasks, or troubleshooting systems, use this curated collection as your “initial foothold” for rapid execution—eliminating guesswork and keeping critical information at your fingertips. Bookmark, print, or memorize these shortcuts to streamline your process and stay focused on results.

Web application penetration testing is a critical security practice designed to identify and exploit vulnerabilities in web applications, simulating real-world attacks to assess their resilience against cyber threats. This method involves a thorough examination of the application’s architecture, from the user interface to the underlying codebase, to uncover potential security gaps that could be exploited by malicious actors. By mimicking the tactics, techniques, and procedures (TTPs) used by hackers, penetration testers provide actionable insights into an application’s security posture, helping organizations strengthen their defenses and comply with industry standards like PCI-DSS.

Password attacks are a pervasive threat in the digital landscape, often serving as the primary vector for cybercriminals to breach secure systems. In recent years, compromised credentials have been responsible for a significant majority of data breaches, with 81% of such incidents in 2020 attributed to weak or stolen passwords[1][2]. These attacks exploit vulnerabilities in user authentication, leveraging techniques such as phishing, man-in-the-middle attacks, brute force attempts, and credential stuffing to gain unauthorized access to sensitive information[1][2].

Penetration testing and network exploitation involve a wide array of tools and techniques designed to assess and improve the security of computer systems. These tools help identify vulnerabilities, validate user credentials, and simulate attacks to test defenses. From enumerating network shares and users to exploiting weaknesses in authentication protocols like Kerberos, each tool serves a specific purpose in the broader strategy of ethical hacking. This collection of commands and tools provides a comprehensive overview of the methods used to enumerate systems, manage credentials, gain remote access, and escalate privileges, ultimately aiding in the detection and mitigation of security threats.

Pivoting and tunneling are crucial techniques used in network security testing and penetration testing to access and navigate through internal networks that are not directly reachable from the outside. Pivoting involves using a compromised host as a pivot point to move laterally within a network, bypassing segmentation and accessing previously isolated systems. This method is essential for expanding the attack surface and discovering new targets within a network. Tunneling, on the other hand, is a subset of pivoting that encapsulates network traffic within another protocol, allowing it to traverse restricted networks undetected.

Linux privilege escalation is a critical security concern that involves exploiting vulnerabilities or misconfigurations to gain elevated access to a system. This technique can be used both by authorized users to perform administrative tasks and by attackers to compromise a system’s security. Authorized users typically use tools like sudo to temporarily elevate their privileges for specific tasks, such as system configuration or software installation. However, attackers exploit weaknesses in the system, such as kernel vulnerabilities, misconfigured services, or file permissions, to escalate their privileges from a limited user account to the powerful root account.

Windows privilege escalation is a critical security concern where users or attackers exploit vulnerabilities to gain unauthorized access to higher levels of system privileges. This process involves transitioning from a lower-level user account to a more powerful one, such as an administrator or the “NT AUTHORITY\SYSTEM” account, often by exploiting system misconfigurations or security weaknesses. Privilege escalation can be categorized into two main types: vertical escalation, where an attacker elevates their privileges within the same account, and horizontal escalation, where they gain access to another account with similar or higher privileges.