diff --git a/README.md b/README.md
index f9fb8b3..41f0b73 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,55 @@
 # CTF_CheatSheet
 
+
+## Stage 1 - Lay of the Land
+
+### Scans
+
+#### Nmap
+
+
+
+
+```powershell
+nmap -sn -n --disable-arp-ping IP | grep -v "host down"
+```
+-sn : Disable port scanning. Host discovery only.
+-n : Never do DNS resolution
+
+
+```bash
+sudo nmap -sSV -p- IP -oA nmap/initial -T4
+sudo nmap -sSV -oA OUTPUTFILE -T4 -iL INPUTFILE.csv
+```
+• the flag -sSV defines the type of packet to send to the server and tells Nmap to try and determine any service on open ports
+• the -p- tells Nmap to check all 65,535 ports (by default it will only check the most popular 1,000)
+• -oA OUTPUTFILE tells Nmap to output the findings in its three major formats at once using the filename "OUTPUTFILE"
+• -iL INPUTFILE tells Nmap to use the provided file as inputs
+
+> This configuration is enough to do a basic check for a CTF VM
+```bash
+nmap -sV -sC -oA nmap/initial IP
+```
+-sV : Probe open ports to determine service/version info
+-sC : to enable the script
+-oA : to save the results
+
+After this quick command you can add "-p-" to run a full scan while you work with the previous result
+
+
+
+> Aggressive NMAP
+```bash
+nmap -A -T4 scanme.nmap.org
+• -A: Enable OS detection, version detection, script scanning, and traceroute
+• -T4: Defines the timing for the task (options are 0-5 and higher is faster)
+```
+
+#### Masscan
+
+```bash
+masscan IP -p 1-65535 --rate 100 -oX masscan.xml
+```
+
+### 
+