No terms match your search.

Claude Code is the CLI and agent harness built by Anthropic. This sheet covers the desktop/CLI experience: commands, keyboard shortcuts, and prompting tips for offensive security and development work.

Key vocabulary
Model
The model itself has no persistent memory between API calls. Any memory comes from the surrounding application (chat history, memory features, projects, uploaded files, etc.). Any "memory" comes from the surrounding application.
Harness
The execution layer that calls the model, runs its tool calls, and decides when to stop. It's what makes the thing run.
Agent
A model plus everything around it that lets it act, not just respond. Observe → act → observe → repeat.
Scaffolding
The behavior layer: system prompt, tool descriptions, output format, memory. Separate from the model weights.
Context Window
The model's working memory for one run, measured in tokens. Everything competes for space here.
Tokens
The chunks models actually read — ~¾ of an English word on average. You pay per token in and out.
Skills
Reusable packages of knowledge for a task. A tool does one action; a skill bundles everything to reach a goal.
CLAUDE.md
Project-level instructions that persist across sessions. Lives in your repo root. Keep it lean — it burns context every turn.
MCP
Model Context Protocol — connects Claude to external tools, data sources, and APIs. Configured in .mcp.json.
Permission Modes
default → acceptEdits → plan. Cycle with Shift+Tab. Plan mode lets Claude think without executing.
Context Rot
When the context window fills with noise, quality quietly drops and the model drifts. Fix: /compact or fresh session.
Effort Level
Controls reasoning depth: off / low / medium / high / max. Higher = slower, better on hard problems, more tokens.
Keyboard shortcuts
Shift+TabCycle permission modes: default → acceptEdits → plan
EscInterrupt Claude mid-response
Esc, EscOpen rewind / checkpoint menu
Ctrl+CCancel input or exit on empty prompt
Ctrl+RReverse search prompt history
Ctrl+LClear / redraw the terminal screen
Ctrl+OToggle transcript view (detailed tool usage)
Ctrl+VPaste image directly into prompt
↑ / ↓Scroll through prompt history
@ + pathReference a file or directory inline
/Open slash command menu
CLI flags & headless
  • claude "prompt"Interactive session with starting prompt
  • claude -p "prompt"Headless / non-interactive — pipe-friendly
  • claude -rResume last session
  • claude -cContinue most recent conversation
  • --model <id>Specify model (e.g. claude-sonnet-4-6)
  • --session-id <id>Resume a specific session by UUID
  • --add-dir <path>Add working directory
  • --output-formatjson / text / stream-json
  • --max-turns NLimit agent turns
  • --allowedToolsPre-approve specific tools
  • --verboseFull transcript output
  • --agent <type>Use specific agent (Explore, Plan…)
  • cat f | claude -pPipe file content as input
Slash commands
Session
  • /clearWipe conversation history
  • /compact [focus]Summarize context, optionally with keyword
  • /resumeResume or switch session
  • /rename [name]Name current session
  • /branchFork current conversation
  • /rewindRoll back to earlier checkpoint
  • /exportSave conversation to file/clipboard
Config
  • /model [model]Switch model
  • /effort [level]off / low / med / high / max
  • /permissionsView/update tool approvals
  • /vimToggle vim keybindings
  • /color [color]Set prompt bar color
  • /keybindingsConfigure shortcuts
Context & cost
  • /costToken usage and session spend
  • /contextVisualize context window usage
  • /diffInteractive diff of uncommitted changes
  • /statusAccount, model, directory, version
Tools & workspace
  • /initExplore codebase, create CLAUDE.md
  • /memoryView/edit CLAUDE.md files
  • /mcpManage MCP servers
  • /skillsList available skills
  • /agentsManage agents
  • /add-dir <path>Add working directory
  • /chromeChrome browser integration
Built-in skills
  • /reviewCode review via 3 parallel agents
  • /security-reviewSecurity analysis of pending changes
  • /debug [desc]Troubleshoot from debug log
  • /loop [interval]Recurring scheduled task
  • /batchLarge parallel changes across worktrees
  • /plan [desc]Plan a feature or task
  • /simplifyReview and simplify changed code
Prompting · Coding
  • 4-part prompt: Role + Goal → Context (relevant code only) → Constraints (language, what NOT to do) → Output shape (format, examples)
  • Right-size the model: Sonnet for routine work, Opus for hard multi-step or reasoning tasks
  • Negative constraints: "Do not redesign the architecture", "Don't touch unrelated files", "Don't explain basics"
  • Plan then build: Explore and decide in session 1, capture to markdown, open a fresh session to implement — planning fills context with dead ends
  • Kill bad runs early: A derailed agent burns tokens fast. Stop, diagnose the gap, rephrase — don't reroll the same prompt
  • Pipe tool output: cat nmap.txt | claude -p "analyze for attack surface"
  • Pack codebase context: Use repomix or codesight to bundle cleanly before feeding
  • Convert docs first: PDFs and webpages carry formatting overhead — feed plain text or markdown
  • Compact proactively: Run /compact before the context rots, not after
Prompting · Cybersecurity research
  • Frame as a reviewer: "You're reviewing an AD config for privilege-escalation paths. Return: finding title, risk rating, affected hosts, repro steps, remediation."
  • Feed raw tool output: Paste nmap, BloodHound, Nessus, or Burp output and ask for prioritized findings with severity rationale
  • Ask for the kill chain: "Given these open ports and service versions, describe the most likely attack paths ranked by exploitability"
  • Cross-check findings: Ask Claude to analyze, then have Gemini or GPT verify. Agreement = confidence; disagreement = dig in
  • Run /security-review before committing any tool or exploit code you had Claude write
  • Scrub before shipping: "Review this finding for AI tells: em dashes, puffery, weasel words, promotional tone"
  • Structured report output: Specify the exact format — "Return: finding title, CVSS score, affected asset, evidence, remediation. No fluff."
  • Don't trust AI-generated URLs or CVE refs — verify every citation directly
Do's & Don'ts
Do
  • Give full context before hitting enter — role, goal, constraints, output shape
  • Right-size the model to the task complexity
  • Use negative constraints to stop scope creep
  • Kill a derailed run early and rephrase with a cleaner prompt
  • Verify security findings independently before putting them in a report
  • Use /compact before context fills up
  • Plan in one session, build in a clean one
  • Keep CLAUDE.md lean — no large docs, no task-specific state
  • Use /security-review before committing Claude-generated code
Don't
  • Stuff the context window with noise — it actively degrades output quality
  • Reroll the same prompt expecting different results — diagnose the gap first
  • Anthropomorphize — it's predicting tokens, not understanding your intent
  • Trust AI-generated URLs, CVE refs, or tool output without verification
  • Put client data, secrets, or PII in prompts — assume they may be logged
  • Treat alignment as a security boundary — a model can be jailbroken
  • Let an agent touch production without human-in-the-loop review
  • Leave large documentation files in CLAUDE.md — they burn context every turn

Gemini is Google's primary model family. Best for Google Workspace integration, large context windows (up to 1M tokens), multimodal input, and Deep Research. This sheet covers Gemini Advanced and the Google AI Studio / gemini.google.com interface.

Key vocabulary
Gems
Custom AI personas with persistent instructions, tools, and context — equivalent to Custom GPTs or Claude Projects. Create once, reuse across sessions.
Deep Research
A multi-step web research agent that autonomously browses, synthesizes, and returns a cited report. Better than asking for a summary of one source.
Grounding
Connecting Gemini to real-time or private data — Google Search, Drive files, or custom data sources — to anchor responses in current facts.
Extensions
Integrations with Google Workspace, YouTube, Flights, Hotels, Maps, and third-party services. Enable in Settings → Extensions.
Flash / Pro
Model tiers: Flash = fast and cheap; Pro = the most capable, for harder reasoning and coding. Paid plans (Google AI Pro / Ultra) raise usage limits and unlock features like Deep Research.
NotebookLM
Google's research notebook. Upload sources and ask questions grounded entirely in your documents. Good for report and finding synthesis.
Imagen / Veo
Gemini's image (Imagen) and video (Veo) generation models, accessible via Advanced.
1M context window
Gemini models support up to a 1M-token context window, though practical limits can vary depending on the interface and workflow. Available on Flash and Pro.
Keyboard shortcuts · gemini.google.com
EnterSubmit prompt
Shift + EnterNew line without submitting

Gemini's web app has very few native keyboard shortcuts beyond these basics and Google may add or change shortcuts over time. Power users add a browser extension for model switching, search, and theme toggles.

Workspace @ references
  • @DriveReference a Google Drive file by name
  • @GmailReference an email thread
  • @DocsReference a Google Doc
  • @SheetsReference a Google Sheet
  • @SlidesReference a Google Slides deck
  • @CalendarReference calendar events
  • @YouTubeReference a YouTube video transcript
Key features & how to invoke them
  • Deep ResearchClick "Deep Research" button before submitting — triggers multi-step web research with citations
  • GemsMenu → Gems → New gem — create reusable personas with instructions and tools
  • Code executionClick Run on any code block (Advanced) — runs Python in-session
  • CanvasSay "Open in canvas" or click the canvas icon for collaborative doc/code editing
  • Export to DocsClick ⋮ → Export to Google Docs on any long response
  • Image genAsk "Generate an image of..." — uses Imagen
  • NotebookLMnotebooklm.google.com — upload sources, ask grounded questions
  • AI Studioaistudio.google.com — direct API access, system prompts, model selection, adjustable safety settings
  • 1M contextUpload files or paste large docs — no chunking needed on Pro/Flash
Prompting · Coding
  • Paste the whole codebase: With 1M tokens, you can feed an entire repo. Ask holistic questions: "Identify all authentication pathways and flag any missing authorization checks"
  • Walk then analyze: "Walk me through what this code does, then identify security issues" — combines explanation with analysis in one pass
  • Use Deep Research for library research: Before implementing, have Gemini research the library's current API, known CVEs, and best practices
  • Ground in your Drive docs: @Drive [your spec doc] then "Implement this feature based on the spec" — keeps context in your own materials
  • Security-focused code review: "Review this Python function for injection vulnerabilities, hardcoded secrets, and insecure deserialization. Output as a numbered list."
  • Code execution for validation: "Write a script to parse this log format, then run it on this sample and show the output"
  • Use AI Studio for clean API testing: No chat history overhead — test system prompts and raw model behavior directly
Prompting · Cybersecurity research
  • Deep Research for threat intel: "Research recent CVEs affecting Apache 2.4.x — summarize exploitation methods, available PoCs, and detection opportunities"
  • Ground in internal docs: @Drive [pentest methodology] → "Apply this methodology to the following scope and generate a testing checklist"
  • NotebookLM for report synthesis: Upload multiple recon outputs, findings, and notes — ask for a unified executive summary grounded only in your data
  • OSINT synthesis: Upload screenshots, paste text, feed multiple sources — ask for a consolidated profile with confidence ratings
  • Log analysis at scale: Paste large log files (1M context) and ask "Identify anomalous patterns, failed auth attempts, and unusual egress — summarize by host"
  • Structured finding generation: "Draft a pentest finding. Format: Title | CVSS | Affected Systems | Technical Detail | Remediation. Tone: technical, no puffery."
  • Verify Deep Research citations: Gemini browses the web but can still hallucinate. Click through every source before putting it in a deliverable.
Do's & Don'ts
Do
  • Use Deep Research for any multi-source, citation-required research task
  • Use the 1M token window for large file and codebase analysis
  • Create Gems for repeated workflows — AD review, log analysis, report generation
  • Ground in your Drive docs for project-specific context
  • Use @Workspace references to pull in live data without copy-pasting
  • Use NotebookLM when you need answers grounded strictly in your own documents
  • Use AI Studio for raw model access without chat overhead
Don't
  • Assume Deep Research citations are accurate — always click through to the source
  • Use the free tier for sensitive work — use Advanced with appropriate data privacy settings
  • Rely on Gemini alone for security-critical findings
  • Skip output format instructions — Gemini can be verbose without constraints
  • Feed raw binary or complex PDFs — convert to text or use Drive integration instead
  • Neglect to verify @Workspace data is current — cached docs may be stale

ChatGPT is OpenAI's consumer-facing AI product powered by GPT-series multimodal models and reasoning-focused models. Best for iterative writing, Canvas collaboration, Code Interpreter data analysis, and the largest library of Custom GPTs.

Key vocabulary
Custom GPTs
Specialized AI personas with custom instructions, uploaded knowledge files, and tool access. Browse or build at chatgpt.com/gpts.
Canvas
Collaborative document/code editing mode that opens a side panel. Lets you highlight sections for targeted edits without rewriting the whole thing.
Memory
Facts ChatGPT retains across all your conversations. Check Settings → Personalization → Memory. Can be per-conversation or persistent.
Code Interpreter
Also called Advanced Data Analysis. Runs Python in-session, analyzes files, generates charts. Attach any CSV, log, or code file.
Projects
Persistent workspaces with uploaded files and custom instructions. Share context across multiple chats on the same engagement.
GPT-4o
OpenAI's fast multimodal model. GPT-4o supports text, vision, voice, and image generation. Best for speed and everyday tasks.
o3 / o4-mini
OpenAI's reasoning models — think through problems step-by-step before responding. Slower and more expensive, but noticeably better on hard logic, math, and analysis.
Sycophancy
ChatGPT's tendency to agree with whatever you say, even when you're wrong. Push back explicitly: "What's wrong with this approach?" or "Critique this."
Keyboard shortcuts
Ctrl/Cmd + Shift + ONew chat
Ctrl/Cmd + Shift + SToggle sidebar
Ctrl/Cmd + Shift + CCopy last response
Ctrl/Cmd + Shift + ;Copy last code block
Ctrl/Cmd + Shift + ISet custom instructions
Ctrl/Cmd + Shift + BackspaceDelete current chat
Shift + EscFocus the prompt input
Ctrl/Cmd + /Show all keyboard shortcuts
Key features & how to invoke them
  • CanvasClick canvas icon or say "Open in canvas" — opens side-by-side editor
  • Code InterpreterAttach a file (CSV, log, code) — ChatGPT auto-enables analysis mode
  • Image generationSay "Generate an image of..." or click the image icon — uses DALL-E 3
  • Web searchClick the search icon or ask "Search the web for..." — pulls live results with citations
  • Voice modeClick the headphone icon — real-time voice conversation with GPT-4o
  • MemorySettings → Personalization → Memory — view, edit, or delete what it knows
  • Custom GPTschatgpt.com/gpts — browse store or click your name → My GPTs to build
  • ProjectsLeft sidebar → + New project — persistent files + custom instructions per project
  • o3 modelModel picker → o3 — reasoning model for complex analysis and hard problems
Prompting · Coding
  • Canvas for long code: "Open in canvas, write a Python script that..." — then highlight specific sections and say "refactor this part to use async"
  • Code Interpreter for data: Attach a CSV or log file: "Clean this data, identify anomalies, and plot the key trends as charts"
  • Structured iteration: "Write the function. Now add error handling. Now write unit tests." — step-by-step beats a single mega-prompt
  • Senior reviewer framing: "You are a senior Python developer. Review this code for security issues, bugs, and performance problems. Output as a numbered list with severity."
  • Criticize then rewrite: "Criticize this implementation. Then rewrite it." — forces critique before it starts agreeing with you
  • Use o3 for hard problems: Algorithm design, complex logic, architecture decisions — reasoning models think before they answer
  • Projects for ongoing work: Upload your codebase, README, and style guide once — reference them across every session
Prompting · Cybersecurity research
  • Red team operator framing: "You are a red team operator. Given this network diagram [paste], identify the most likely attack paths and rank by exploitability."
  • Code Interpreter for log analysis: Attach .log or .csv files: "Identify failed auth attempts, unusual egress, and lateral movement indicators. Summarize by source IP."
  • CVE analysis: "Summarize this CVE [paste full text] and write a detection rule for Splunk that would catch this behavior"
  • Structured finding output: "Draft a pentest finding. Format: Title | CVSS | Affected Systems | Technical Detail | Remediation. No em dashes, no puffery, no weasel words."
  • Compare and prioritize: "Compare these two findings and identify which is higher priority. Use this CVSS context: [paste]. Justify your ranking."
  • Persistent methodology: Use Projects — upload your pentest methodology doc and custom instructions. Every new chat in the project inherits the context.
  • Force pushback: Ask "What's wrong with this approach?" or "What am I missing?" — ChatGPT's default is to agree; you have to explicitly ask for critique
Do's & Don'ts
Do
  • Use Projects for ongoing engagements — persistent files and custom instructions
  • Use Code Interpreter for file analysis instead of copy-pasting raw data
  • Use Canvas for long-form report writing and iterative code editing
  • Pick o3 for complex reasoning (logic, architecture, hard analysis)
  • Use GPT-4o for fast, multimodal, everyday tasks
  • Explicitly ask for critique — "What's wrong with this?", "Criticize this approach"
  • Check Memory settings — it may retain more than you expect across sessions
  • Set custom instructions once with your role and preferences instead of repeating per-prompt
Don't
  • Upload client data or PII without checking your data privacy settings first
  • Trust Browse results without clicking through to the original source
  • Use one model for everything — match the model to the task
  • Assume Memory is accurate — it can misremember; verify with "What do you know about me?"
  • Accept the first answer as final — ChatGPT is trained to please, not to be right
  • Use ChatGPT's web search for security-critical research without source verification
  • Put sensitive engagement details into a shared or default GPT — use Projects with appropriate privacy settings

Where to go next — the resources from the talk plus courses, channels, and hands-on challenges for going deeper on AI, prompting, and agentic engineering.