Some of these I hit face-first in a lab session. Others I thought I understood, until I had to explain them out loud and realized I actually didn't. Here's a taste of what's covered: Netcat is just a pipe. It wires your terminal's stdin/stdout to a socket. Everything else, shells, file transfers, is a consequence of that one primitive. Once you get that, broken shells start making sense. The MTU trap. nmap finds open ports. VPN is up. curl hangs forever. It's almost always MTU: large packets get silently fragmented and dropped through the tunnel while small nmap probes squeeze through just fine. One command fixes it. SUID isn't magic. It runs the binary as the file's owner , not you. The design is intentional and scoped. The abuse happens when flexible Unix utilities run as root and nobody told them not to spawn a shell. dash vs bash. LinPEAS turns your terminal red with sed errors and you assume the target is cursed. It's not. /bin/sh points to dash on minimal systems. One word fixes it: bash .…