Availability: Assurance that the systems responsible for delivering, storing, and processing information are accessible when required by the authorized users.
Authenticity: Refers to the characteristic of a communication, document, or any data that ensures the quality of being genuine.
AI-Driven Ethical Hacking: AI-driven ethical hacking is a modern approach to cybersecurity where artificial intelligence (AI) technologies are used to enhance the capabilities of ethical hackers.
AutoGPT: AutoGPT is an AI-powered tool designed to automate task execution and data processing.
Active Attacks: Active attacks tamper with the data in transit or disrupt communication or services between the systems to bypass or break into secured systems.
Adversary Behavioral Identification: Adversary behavioral identification involves the identification of the common methods or techniques followed by an adversary to launch attacks on or to penetrate an organization’s network.
Active Footprinting: Active footprinting involves gathering information about the target with direct interaction.
ARP Ping Scan: Attackers send ARP request probes to target hosts, and an ARP response indicates that the host is active.
ACK Flag Probe Scan: Attackers send TCP probe packets set with an ACK flag to a remote device, and then analyze the header information (TTL and WINDOW field) of received RST packets to determine if the port is open or closed.
Anonymizer: An anonymizer is an intermediate server placed between you as the end user and the website to access the website on your behalf and make your web surfing activities untraceable.
Application Vulnerability Scanning: Tests and analyzes all elements of the web infrastructure for any misconfiguration, outdated content, or known vulnerabilities.
Automated Vulnerability Scanning: Uses automated software tools such as Nessus, Qualys, and GFI LanGuard to systematically identify, evaluate, and report security vulnerabilities.
Audio Spyware: Audio spyware is a sound surveillance program designed to record sound onto a computer.
Anti-Keyloggers: Anti-keyloggers, also called anti-keystroke loggers, detect and disable keystroke logger software.
Application Flaws: Application flaws are vulnerabilities in applications that are exploited by attackers.
Audio Steganography: Audio steganography refers to hiding secret information in audio files such as .MP3, .RM, and .WAV.
Advanced Persistent Threats: Advanced persistent threats (APTs) are defined as a type of network attack, where an attacker gains unauthorized access to a target network and remains undetected for a long period of time.
Antivirus Sensor System: An antivirus sensor system is a collection of computer software that detects and analyzes malicious code threats such as viruses, worms, and Trojans.
Adware: A software or a program that supports advertisements and generates unsolicited ads and pop-ups.
API Calls: Application programming interfaces (APIs) are parts of the Windows OS that allow external applications to access OS information such as file systems, threads, errors, registry, kernel, buttons, mouse pointer, network services, web, and the Internet.
Anti-Trojan Software: Anti-Trojan software is a tool or program that is designed to identify and prevent malicious Trojans or malware from infecting computer systems or electronic devices.
Angler Phishing: Angler phishing is a cyber phishing fraud in which attackers target disgruntled users or customers over social media platforms.
Active Sniffing: Active sniffing involves injecting Address Resolution Packets (ARP) into the network to flood the switch’s Content Addressable Memory (CAM) table, which keeps track of host-port connections.
Address Resolution Protocol (ARP): Address Resolution Protocol (ARP) is a stateless protocol used for resolving IP addresses to machine (MAC) addresses.
ARP Spoofing Attack: ARP spoofing involves constructing many forged ARP request and reply packets to overload the switch.
Application-Level Hijacking: Application-level hijacking refers to gaining control over the HTTP’s user session by obtaining the session IDs.
Anomaly Detection: It detects the intrusion based on the fixed behavioral characteristics of the users and components in a computer system.
Application-Level Firewall: Application-level gateways (proxies) can filter packets at the application layer of the OSI model (or the application layer of TCP/IP).
Application Proxy: An application-level proxy works as a proxy server and filters connections for specific services.
API DDoS Attack: The DDoS attack involves saturating an API with a huge volume of traffic from multiple infected computers (botnet) to delay API services to legitimate users.
Automated Web Application Security Testing: It is a technique employed for automating the testing process. These testing methods and procedures are incorporated into each stage of development to report feedback constantly.
Application Whitelisting: Application whitelisting contains a list of application components such as software libraries, plugins, extensions, and configuration files, which can be permitted to execute in the system.
Application Blacklisting: Application blacklisting contains a list of malicious applications or software that are not permitted to be executed in the system or the network.
Access point (AP): An AP is used to connect wireless devices to a wireless/wired network.
Association: It refers to the process of connecting a wireless device to an AP.
Agent Smith Attack: Agent Smith attacks are carried out by luring victims into downloading and installing malicious apps designed and published by attackers in the form of games, photo editors, or other attractive tools from third-party app stores such as 9Apps.
Android Rooting: Rooting process involves exploiting security vulnerabilities in the device firmware and copying the SU binary to a location in the current process’s PATH (e.g., /system/xbin/su) and granting it executable permissions with the chmod command.
Anything-as-a-Service (XaaS): Anything as a service or everything as a service (XaaS) is a cloud-computing and remote-access service that offers anything as a service over the Internet based on the user’s demand.
AWS Cognito: AWS Cognito is a service provided by Amazon Web Services that streamlines the authentication, authorization, and user management of web and mobile applications.
Asymmetric Encryption: Asymmetric encryption (public-key) uses different encryption keys, which are called public and private keys for encryption and decryption, respectively.
Advanced Encryption Standard (AES): The Advanced Encryption Standard (AES) is a National Institute of Standards and Technology (NIST) specification for the encryption of electronic data.
B
Behavioral Indicators: Behavioral indicators of compromise are used to identify specific behavior related to malicious activities.
Black Hats: Black hats are individuals who use their extraordinary computing skills for illegal or malicious purposes.
Blue Hat: Blue hats are contract-based cybersecurity professionals hired by organizations to evaluate systems or software for vulnerabilities.
BugBountyGPT: BugBountyGPT is tailored for bug bounty hunters and provides tools and insights for identifying and reporting security vulnerabilities.
BugHunterGPT: BugHunterGPT assists security researchers in identifying and reporting bugs and vulnerabilities.
Brute-Force Attack: In a brute-force attack, attackers try every combination of characters until the password is broken.
Buffer Overflow: Buffer overflow or overrun is a common vulnerability in an application or program that accepts more data than the allocated buffer.
Backdoor Trojans: A backdoor is a program that can bypass the standard system authentication or conventional system mechanisms such as IDS and firewalls, without being detected.
Botnet Trojans: Attackers use botnet Trojans to infect a large number of computers throughout a large geographical area to create a network of bots that can achieve control via a command-and-control (C&C) center.
Baiting: Baiting is a technique in which attackers offer end users something alluring in exchange for important information such as login details and other sensitive data.
Botnet: A botnet is a huge network of compromised systems and can be used by an attacker to launch denial-of-service attacks.
Broken Access Control: Broken access control is a method in which an attacker identifies a flaw related to access control and bypasses the authentication, which allows them to compromise the network.
Base64 Encoding: The Base64 encoding scheme represents any binary data using only printable ASCII characters.
Blind/Inferential SQL Injection: In blind SQL injection, an attacker poses a true or false question to the database to determine whether the application is vulnerable to SQL injection.
Blacklist Validation: Blacklist validation rejects all the malicious inputs that have been disapproved for protected access.
Bandwidth: It describes the amount of information that may be broadcast over a connection.
Basic service set identifier (BSSID): It is the media access control (MAC) address of an access point (AP) or base station that has set up a basic service set (BSS).
Bluesnarfing: Bluesnarfing is the theft of information from a wireless device through a Bluetooth connection, often between phones, desktops, laptops, PDAs, and other devices.
Bluebugging: Bluebugging involves gaining remote access to a target Bluetooth-enabled device and using its features without the victim’s knowledge or consent.
BYOD: Bring your own device (BYOD) refers to a policy that allows an employee to bring their personal devices, such as laptops, smartphones, and tablets, to their workplace and use them to access the organization’s resources by following the access privileges.
BlueBorne Attack: A BlueBorne attack is performed on Bluetooth connections to gain access and take full control of the target device.
Business Network: It comprises a network of systems that offer information infrastructure to the business.
Basic Process Control System (BPCS): A BPCS is responsible for process control and monitoring of the industrial infrastructure.
Blowfish: Blowfish is a type of symmetric block cipher algorithm designed to replace DES or IDEA algorithms.
Blockchain: A blockchain, also referred to as distributed ledger technology (DLT), is used to record and store the history of transactions in the form of blocks.
C
CEH Hacking Methodology (CHM): EC-council’s CEH hacking methodology (CHM) defines the step-by-step process to perform ethical hacking.
Confidentiality: Assurance that the information is accessible only to those authorized to have access.
ChaosGPT: ChaosGPT is an AI tool designed to simulate and understand chaotic and unpredictable behaviors.
CybGPT: CybGPT is a comprehensive AI tool for cybersecurity professionals that offers a wide range of features for enhancing security operations.
Close-in Attacks: Close-in attacks are performed when the attacker is in close physical proximity with the target system or network in order to gather, modify, or disrupt access to information.
Cyber Kill Chain Methodology: The cyber kill chain methodology is a component of intelligence-driven defense for the identification and prevention of malicious intrusion activities.
Cyber Terrorists: Cyber terrorists are individuals with a wide range of skills, motivated by religious or political beliefs, to create fear of large-scale disruption of computer networks.
Criminal Syndicates: Groups of individuals that are involved in organized, planned, and prolonged criminal activities. They illegally embezzle money by performing sophisticated cyber-attacks.
Clearing Tracks: Clearing tracks refers to the activities carried out by an attacker to hide malicious acts.
Cyber Threat Intelligence: Cyber Threat Intelligence (CTI) is defined as the collection and analysis of information about threats and adversaries and the drawing of patterns that provide the ability to make knowledgeable decisions for preparedness, prevention, and response actions against various cyber-attacks.
Threat Intelligence Lifecycle: The threat intelligence lifecycle is a continuous process of developing intelligence from raw data that supports organizations to develop defensive mechanisms to thwart emerging risks and threats.
Competitive Intelligence Gathering: Competitive intelligence gathering is the process of identifying, gathering, analyzing, verifying, and using information about your competitors from resources, such as the Internet.
Common Vulnerability Scoring System (CVSS): CVSS is a published standard that provides an open framework for communicating the characteristics and impacts of IT vulnerabilities.
Common Vulnerabilities and Exposures (CVE): CVE® is a publicly available and free-to-use list or dictionary of standardized identifiers for common software vulnerabilities and exposures.
Common Weakness Enumeration (CWE): Common Weakness Enumeration (CWE) is a category system for software vulnerabilities and weaknesses.
Credentialed/Authenticated Vulnerability Scanning: Credentialed vulnerability scanning is a security testing method in which the scanner logs into the target system using valid credentials to perform a more thorough and comprehensive scan.
Cloud-based Vulnerability Scanning: This type of assessment focuses on evaluating the overall security of the cloud infrastructure according to the cloud service provider’s best practices or guidelines.
Component Object Model (COM): The Component Object Model (COM) is an interface module in Windows environments that enables a software component to interact with another software component’s code without being aware of their actual implementation.
Child-Monitoring Spyware: Child-monitoring spyware allows you to track and monitor what children are doing on the computer, both online and offline.
Combinator Attack: Attackers combine the entries of the first dictionary with those of the second dictionary to generate a new wordlist to crack the password of the target system.
Crypter: Software that protects malware from undergoing reverse engineering or analysis, thus making the task of the security mechanism harder in its detection.
Computer Worms: Computer worms are malicious programs that independently replicate, execute, and spread across the network connections, thus consuming available computing resources without human interaction.
Consent Phishing: Consent phishing is a type of social engineering attack that exploits the OAuth authentication protocol used by web services such as Google, Facebook, and Microsoft.
Chain Letters: Emails that offer free gifts such as money and software on condition that the user forwards the mail to a specified number of people.
Catfishing Attack: A catfishing attack is an online phishing scam in which attackers target a person on social media platforms and perform identity theft.
CRIME Attack: Compression Ratio Info-Leak Made Easy (CRIME) is a client-side attack that exploits the vulnerabilities present in the data compression feature of protocols, such as SSL/TLS, SPDY, and HTTPS.
Circuit-Level Gateway Firewall: Circuit-level gateways monitor requests to create sessions and determine if those sessions will be allowed.
Cross-Site Scripting (XSS) Attacks: Cross-site scripting (‘XSS’ or ‘CSS’) attacks exploit vulnerabilities in dynamically generated web pages, enabling malicious attackers to inject client-side scripts into web pages viewed by other users.
Cross-Site Request Forgery (CSRF) Attack: Cross-Site Request Forgery (CSRF) attacks exploit web page vulnerabilities that allow an attacker to force an unsuspecting user’s browser to send malicious requests they did not intend.
Clickjacking Attack: Attackers perform clickjacking attacks by tricking the victim into clicking on any malicious web page element that is placed transparently on the top of any trusted web page.
Cookie Poisoning: It is a type of parameter tampering attack in which the attacker modifies the cookie contents to draw unauthorized information about a user and thus perform identity theft.
Code Analysis: Code analysis or code review is the most effective technique for identifying vulnerabilities or flaws in the code.
Call Spoofing: Call spoofing is a technique used by attackers to manipulate the caller ID information displayed on a recipient’s phone when they receive a call.
CoAP: Constrained Application Protocol (CoAP) is a web transfer protocol used to transfer messages between constrained nodes and IoT networks.
Cookie Sniffing: It is a technique in which an attacker sniffs a cookie containing the session ID of the victim who has logged in to a target website and uses the cookie to bypass the authentication process and log in to the victim’s account.
Cookie Replay: It is a technique used to impersonate a legitimate user by replaying the session/cookie that contains the session ID of that user (as long as he/she remains logged in).
Camfecting Attack: A camfecting attack is a webcam capturing attack that is performed to gain access to the camera of a target’s computer or mobile device.
Critical Infrastructure: A collection of physical or logical systems and assets that the failure or destruction of which will severely impact the security, safety, economy, or public health.
Cloud Computing: Cloud computing is an on-demand delivery of IT capabilities where IT infrastructure and applications are provided to subscribers as a metered service over a network.
Container-as-a-Service (CaaS): It provides services such as virtualization of container engines, management of containers, applications, and clusters through a web portal, or an API.
Community Cloud: It is a multi-tenant infrastructure shared among organizations from a specific community with common computing concerns, such as security, regulatory compliance, performance requirements, and jurisdiction.
Cloud Consumer: A person or organization that uses cloud computing services.
Cloud Provider: A person or organization providing services to interested parties.
Cloud Carrier: An intermediary for providing connectivity and transport services between cloud consumers and providers.
Cloud Auditor: A party for making independent assessments of cloud service controls and taking an opinion thereon.
Cloud Broker: An entity that manages cloud services in terms of use, performance, and delivery, and maintains the relationship between cloud providers and consumers.
Container: A container is a package of an application/software including all its dependencies such as library files, configuration files, binaries, and other resources that run independently of other processes in the cloud environment.
Container Orchestration: Container orchestration is an automated process of managing the lifecycles of software containers and their dynamic environments.
Cluster: A cluster refers to a set of two or more connected nodes that run parallelly to complete a task.
Cloud Cryptojacking: Cryptojacking is the unauthorized use of the victim’s computer to stealthily mine digital currency.
Cloudborne Attack: Cloudborne is a vulnerability residing in a bare-metal cloud server that enables the attackers to implant a malicious backdoor in its firmware.
Cache Poisoned Denial of Service (CPDoS): In CPDoS, attackers create malformed or oversized HTTP requests to trick the origin web server into responding with malicious or error content, which is cached at the CDN servers.
Cloud Snooper Attack: Cloud snooper attacks are triggered at AWS security groups (SGs) to compromise the target server and extract sensitive data stealthily.
Cloud Application Security: It is a set of rules, processes, policies, controls, and techniques used to administer all the data exchange between collaborative cloud platforms.
Cloud Integration: Cloud integration is the process of grouping multiple cloud environments together in the form of a public or hybrid cloud.
Cloud Auditing: Cloud auditing is the process of analyzing the services offered by cloud providers and verifying the conformity to requirements for privacy, security, etc.
Cloud Security Alliance (CSA): CSA is a nonprofit global organization that provides rising awareness and promotes best practices and security policies to help and secure the cloud environment.
CASB: Cloud Access Security Brokers (CASBs) are on-premise or cloud-hosted solutions responsible for enforcing security, compliance, and governance policies for the cloud applications.
Cryptography: Cryptography is the conversion of data into a scrambled code that is encrypted and sent across a private or public network.
Ciphers: In cryptography, a cipher is an algorithm (a series of well-defined steps) for performing encryption and decryption.
CAST-128: CAST-128, also called CAST5, is a symmetric-key block cipher having a classical 12-or 16-round Feistel network with a block size of 64 bits.
Camellia: Camellia is a symmetric-key block cipher having either 18 rounds (for 128-bit keys) or 24 rounds (for 256-bit keys).
CHAP: The Challenge-Handshake Authentication Protocol (CHAP) is an authentication mechanism used by Point-to-Point Protocol (PPP) servers to authenticate or validate the identity of remote clients or network hosts.
Cryptanalysis: Cryptanalysis is the study of ciphers, ciphertext, or cryptosystems with the ability to identify vulnerabilities in them and thus extract plaintext from ciphertext even if the cryptographic key or algorithm used to encrypt the plaintext is unknown.
D
Distribution Attacks: Distribution attacks occur when attackers tamper with hardware or software prior to installation.
Defense-in-Depth: Defense-in-depth is a security strategy in which several protection layers are placed throughout an information system.
Diamond Model: The Diamond Model offers a framework for identifying the clusters of events that are correlated on any of the systems in an organization.
Deep Web: It consists of web pages and contents that are hidden and unindexed and cannot be located using traditional web browsers and search engines.
Dark Web or Darknet: It is the subset of the deep web that enables anyone to navigate anonymously without being traced.
Dumpster Diving: This uncouth technique, also known as trashing, involves the attacker rummaging for information in garbage bins.
DNS Cache Snooping: DNS cache snooping is a DNS enumeration technique whereby an attacker queries the DNS server for a specific cached DNS record.
DNSSEC Zone Walking: DNSSEC zone walking is a DNS enumeration technique where an attacker attempts to obtain internal records of the DNS server if the DNS zone is not properly configured.
Database Vulnerability Scanning: A database scan focuses on testing databases for the presence of any misconfiguration or known vulnerabilities.
Dictionary Attack: In this type of attack, a dictionary file is loaded into a cracking application that runs against user accounts.
Distributed Network Attack: A Distributed Network Attack (DNA) technique is used for recovering passwords from hashes or password-protected files using the unused processing power of machines across the network.
DCSync Attack: In a DCSync attack, an attacker initially compromises and obtains privileged account access with domain replication rights and activates replication protocols to create a virtual domain controller (DC) similar to the original AD.
Document Steganography: Document steganography is the technique of hiding secret messages transferred in the form of documents.
Domain Dominance: Domain dominance is a process of taking control over critical assets such as domain controllers on a target system and gaining access to other networked resources.
Data Protection API (DPAPI): DPAPI is a unified location in Windows environments where all the cryptographically secured files, passwords of browsers, and other critical data are stored.
Downloader: A type of Trojan that downloads other malware from the Internet onto the PC. Usually, attackers install downloader software when they first gain access to a system.
Dropper: A type of Trojan that covertly installs other malware files onto the system.
Dynamic Malware Analysis: It involves executing the malware code to know how it interacts with the host system and its impact on the system after infection.
DHCP Starvation Attack: This is a denial-of-service (DoS) attack on the DHCP servers where the attacker broadcasts forged DHCP requests and tries to lease all the DHCP addresses available in the DHCP scope.
DNS Poisoning: DNS poisoning is a technique that tricks a DNS server into believing that it has received authentic information when it has not received any.
DNS Cache Poisoning: DNS cache poisoning refers to altering or adding forged DNS records into the DNS resolver cache so that a DNS query is redirected to a malicious site.
Diversion Theft: The attacker tricks a person responsible for making a genuine delivery into delivering the consignment to a location other than the intended location.
Deepfake Attack: A deepfake attack is a type of phishing attack in which attackers create false media of a person they target using advanced technologies such as ML and AI.
DoS Attack: Denial-of-Service (DoS) is an attack on a computer or network that reduces, restricts, or prevents accessibility of system resources to its legitimate users.
DDoS Attack: Distributed denial-of-service (DDoS) is a coordinated attack that involves a multitude of compromised systems (Botnet) attacking a single target, thereby denying service to users of the targeted system.
Distributed Reflection Denial-of-Service (DRDoS) Attack: A distributed reflected denial-of-service attack (DRDoS), also known as a spoofed attack, involves the use of multiple intermediary and secondary machines that contribute to the actual DDoS attack against the target machine or application.
DNS over HTTPS: DNS over HTTPS (DoH) is an enhanced version of the DNS protocol, which is used to prevent snooping of user’s web activities or DNS queries during the DNS lookup process.
Demilitarized Zone (DMZ): The demilitarized zone (DMZ) is an area that hosts computer(s) or a small sub-network placed as a neutral zone between a particular company’s internal network and an untrusted external network to prevent outsider access to a company’s private data.
Database Honeypots: Database honeypots employ fake databases that are vulnerable to perform database-related attacks such as SQL injection and database enumeration.
DNS Server Hijacking: Attacker compromises the DNS server and changes the DNS settings so that all the requests coming towards the target web server are redirected to his/her own malicious server.
Directory Traversal: Directory traversal allows attackers to access restricted directories, including application source code, configuration, and critical system files to execute commands outside the web server’s root application directory.
DNS Rebinding Attack: Attackers use the DNS rebinding technique to bypass the same-origin policy’s security constraints, allowing the malicious web page to communicate with or make arbitrary requests to local domains.
Dynamic Application Security Testing (DAST): It is also known as a black-box testing approach and is performed directly on running code to identify issues related to interfaces, requests/responses, sessions, scripts, authentication processes, code injections, etc.
Direct-Sequence Spread Spectrum (DSSS): DSSS is a spread spectrum technique that multiplies the original data signal with a pseudo-random noise-spreading code.
Directional Antenna: A directional antenna can broadcast and receive radio waves from a single direction.
Dipole Antenna: A dipole antenna is a straight electrical conductor measuring half a wavelength from end to end, and it is connected at the center of the radio frequency (RF) feed line.
Disassociation Attack: In a disassociation attack, the attacker makes the victim unavailable to other wireless devices by destroying the connectivity between the AP and client.
De-authentication Attack: In a de-authentication attack, the attacker floods station(s) with forged de-authenticates or disassociates to disconnect users from an AP.
Distributed Control System (DCS): DCS is a highly engineered and large-scale control system that is often used to perform industry-specific tasks.
Desktop-as-a-Service (DaaS): This cloud computing service offers on-demand virtual desktops and apps to subscribers.
Docker: Docker is an open-source technology used for developing, packaging, and running applications and all its dependencies in the form of containers, to ensure that the application works in a seamless environment.
Data Encryption Standard (DES): DES is designed to encipher and decipher blocks of data consisting of 64 bits under control of a 56-bit key.
DSA: The Digital Signature Algorithm (DSA) is a Federal Information Processing Standard for digital signatures.
Diffie–Hellman: It is a cryptographic protocol that allows two parties to establish a shared key over an insecure channel.
Digital Signature: Digital signature uses asymmetric cryptography to simulate the security properties of a signature in digital rather than written form.
DUHK Attack: DUHK (Don’t Use Hard-Coded Keys) is a cryptographic vulnerability that allows an attacker to obtain encryption keys used to secure VPNs and web sessions.
DROWN Attack: A DROWN attack is a cross-protocol weakness that can communicate and initiate an attack on servers that support recent SSLv3/TLS protocol suites.
DeFi Sandwich Attack: A decentralized finance (DeFi) sandwich attack is a blockchain attack targeting decentralized exchanges (DEXs) and automated market makers (AMMs) to manipulate market dynamics.
E
Email Indicators: Email indicators are used to send malicious data to the target organization or individual.
Ethical Hacking: Ethical hacking involves the use of hacking tools, tricks, and techniques to identify vulnerabilities and ensure system security.
Eavesdropping: Eavesdropping is the act of secretly listening to the conversations of people over a phone or video conference without their consent.
Enumeration: Enumeration is the process of extracting usernames, machine names, network resources, shares, and services from a system or network.
External Vulnerability Scanning: External scanning examines the network from a hacker’s point of view to identify exploits and vulnerabilities accessible to the outside world.
Exploit: A malicious code that breaches the system security via software vulnerabilities to access information or install malware.
Exploit Chaining: Exploit chaining, also referred to as vulnerability chaining, is a cyberattack that combines various exploits or vulnerabilities to infiltrate and compromise the target from its root level.
Email Spyware: Email spyware is a program that monitors, records, and forwards all incoming and outgoing emails.
Exploit Kit: An exploit kit or crimeware toolkit is a platform to deliver exploits and payloads such as Trojans, spywares, backdoors, bots, and buffer overflow scripts to the target system.
Elicitation: Attackers extract information from the victim by engaging him/her in normal and disarming conversations.
E-wallet Phishing: An attacker targets users of electronic wallets by sending a phishing email or messages to potential victims, posing as a legitimate e-wallet provider.
Egress Filtering: Egress filtering scans the headers of IP packets leaving a network.
Email Honeypots: Email honeypots are also called email traps. They are nothing but fake email addresses that are specifically used to attract fake and malicious emails from adversaries.
Error Based SQL Injection: Error based SQL Injection forces the database to perform some operation in which the result will be an error.
Evil Twin: An evil twin is a wireless AP that pretends to be a legitimate AP by imitating its SSID.
Edge Computing: Edge computing is a distributed decentralized computing model in which data processing is performed close to edge devices.
EC2 Instances: Amazon EC2 (Elastic Compute Cloud) is a web service that provides resizable computing capacity in the cloud and is designed to make web-scale cloud computing easier for developers.
Elliptic Curve Cryptography: ECC is a modern public-key cryptography developed to avoid larger cryptographic key usage.
Eclipse Attack: An Eclipse attack is a type of blockchain attack in which an attacker isolates a target node from the rest of the network by surrounding it with malicious nodes, thereby effectively controlling the node’s view of the blockchain.
F
FreedomGPT: FreedomGPT is an AI tool designed to provide ethical hackers with unrestricted access to AI.
FraudGPT: FraudGPT is an AI tool specifically designed to detect and prevent fraudulent activities.
Federal Information Security Management Act (FISMA): The FISMA provides a comprehensive framework for ensuring the effectiveness of information security controls over information resources that support Federal operations and assets.
Footprinting: Footprinting is the first step of any attack on information systems in which an attacker collects information about a target network to identify various ways to intrude into the system.
Fingerprint Attack: Attackers break down the passphrase into fingerprints comprising single and multi-character combinations to crack complex passwords.
Folder Steganography: In folder steganography, files are hidden and encrypted within a folder and do not appear to normal Windows applications, including Windows Explorer.
Fileless Malware: Fileless malware, also known as non-malware, infects legitimate software, applications, and other protocols existing in the system to perform various malicious activities.
File Fingerprinting: File fingerprinting is the process of computing the hash value for a given binary code.
Forbidden Attack: A forbidden attack is a type of man-in-the-middle attack used to hijack HTTPS sessions.
Firewall: Firewalls are hardware and/or software designed to prevent unauthorized access to or from a private network.
Flooding: The attacker sends loads of unnecessary traffic to produce noise, and if the IDS does not analyze the noise traffic well, then the true attack traffic may go undetected.
Firewalking: Firewalking is a technique that uses TTL values to determine gateway ACL filters and it maps networks by analyzing the IP packet responses.
Frontjacking Attack: Front jacking is a type of web server attack in which an attacker injects or manipulates the front-end components of a web application, such as scripts or HTML elements, to hijack a user interface or user interactions.
File Injection Attack: A file injection attack is a technique used to exploit “dynamic file include” mechanisms in web applications.
Frequency-Hopping Spread Spectrum (FHSS): FHSS, also known as frequency-hopping code-division multiple access (FH-CDMA), is a method of transmitting radio signals by rapidly switching a carrier among many frequency channels.
Fault Injection Attacks: Fault injection attacks, also known as Perturbation attacks, occur when a perpetrator injects any faulty or malicious program into the system to compromise the system security.
Function-as-a-Service (FaaS): This cloud computing service provides a platform for developing, running, and managing application functionalities without the complexity of building and maintaining necessary infrastructure (serverless architecture).
Firewalls-as-a-Service (FWaaS): This cloud computing service protects users and organizations from both internal and external threats by filtering the network traffic.
Fog Computing: Fog computing is a distributed and independent digital environment in which applications and data storage are positioned between data sources (devices generating data) and a cloud service.
Finney Attack: A Finney attack is a type of blockchain attack that involves an attacker leveraging the time delays between the broadcasting and confirmation of transactions in cryptocurrency networks to reverse the transactions before they are confirmed.
51% Attack: A 51% attack, also known as a majority attack, occurs when an attacker or group of attackers gains control of more than 50% of the computational power (hash rate) or stacking power in a blockchain network.
G
Gray Hats: Gray hats are the individuals who work both offensively and defensively at various times.
Green Hat Hackers: Green hat hackers are individuals motivated by the desire to become skilled professionals in the field of cybersecurity.
Gaining Access: Gaining access refers to the point where the attacker obtains access to the operating system or applications on the target computer or network.
Google Hacking Database: The Google Hacking Database (GHDB) is an authoritative source for querying the ever-widening reach of the Google search engine.
Golden Ticket Attack: A golden ticket attack is a post-exploitation technique implemented by attackers to gain complete control over the entire Active Directory (AD).
Ghostwriting: Ghostwriting is a bypass technique that involves modifying the structure of the malware code without effecting its functionality.
Global System for Mobile Communications (GSM): It is a universal system used for mobile data transmission in wireless networks worldwide.
Golden SAML Attack: Golden SAML attacks are performed to target identity providers on cloud networks such as the ADFS, which utilizes the SAML protocol for the authentication and authorization of users.
Government Access to Keys (GAK): Government Access to Keys (GAK) refers to the statutory obligation of individuals and organizations to disclose their cryptographic keys to government agencies.
GOST Block Cipher: The GOST (Government Standard) block cipher, also called Magma, is a symmetric-key block cipher having a 32-round Feistel network working on 64-bit blocks with a 256-bit key length.
GNU Privacy Guard: GPG is a software replacement of PGP and free implementation of the OpenPGP standard.
H
Hacker Teams: A consortium of skilled hackers having their own resources and funding. They work together in synergy for researching the state-of-the-art technologies.
Host-Based Indicators: Host-based indicators are found by performing an analysis of the infected system within the organizational network.
Hacking: Hacking refers to exploiting system vulnerabilities and compromising security controls to gain unauthorized or inappropriate access to a system’s resources.
Hacker: A hacker is a person who breaks into a system or network without authorization to destroy, steal sensitive data, or perform malicious attacks.
Hacktivist: Individuals who promote a political agenda by hacking, especially by defacing or disabling websites.
HackerGPT: HackerGPT is an AI-driven tool designed to assist ethical hackers in identifying vulnerabilities.
Health Insurance Portability and Accountability Act (HIPAA): The HIPAA Privacy Rule provides federal protections for the individually identifiable health information held by covered entities and their business associates and gives patients an array of rights to that information.
Host-based Vulnerability Scanning: Conducts a configuration-level check to identify system configurations, user directories, file systems, registry settings, etc., to evaluate the possibility of compromise.
Hash Injection/Pass-the-Hash (PtH) Attack: A hash injection/PtH attack allows an attacker to inject a compromised hash into a local session and use the hash to validate network resources.
Heap Spraying: Heap spraying attack involves flooding the free space of a target process’s memory heap by writing multiple copies of malicious code into specific memory locations by exploiting existing vulnerabilities such as buffer overflows.
Host Integrity Monitoring: Host integrity monitoring involves taking a snapshot of the system state using the same tools before and after analysis, to detect changes made to the entities residing on the system.
Hardware Protocol Analyzer: A hardware protocol analyzer is a piece of equipment that captures signals without altering the traffic in a cable segment.
Honey Trap: The honey trap is a technique where an attacker targets a person online by pretending to be an attractive person and then begins a fake online relationship to obtain confidential information about the target company.
Hoax Letters: Emails that issue warnings to the user about new viruses, Trojans, or worms that may harm the user’s system.
HTTP GET/POST Attack: In an HTTP GET attack, attackers use a time-delayed HTTP header to maintain HTTP connections and exhaust web server resources.
HTTP Strict Transport Security (HSTS): HTTP Strict Transport Security (HSTS) is a web security policy that protects HTTPS websites against MITM attacks.
Honeypot: A honeypot is an information system resource that is expressly set up to attract and trap people who attempt to penetrate an organization’s network.
High-Interaction Honeypots: Unlike their low-and medium-interaction counterparts, high-interaction honeypots do not emulate anything; they run actual vulnerable services or software on production systems with real OS and applications.
Honeynets: Honeynets are networks of honeypots. They are very effective in determining the entire capabilities of the adversaries.
HTTP Response-Splitting Attack: An HTTP response-splitting attack is a web-based attack in which the attacker tricks the server by injecting new lines into response headers, along with arbitrary code.
HTML Smuggling: HTML smuggling is a type of web attack in which an attacker injects malicious code into an HTML script to compromise a web page.
HTTP/2 Continuation Flood Attack: The HTTP/2 continuation flood attack involves exploiting the handling mechanism of HTTP/2 CONTINUATION frames to exhaust the target Apache server.
Hotfixes: Hotfixes are an update to fix a specific customer issue and not always distributed outside the customer organization.
HTML Encoding: An HTML encoding scheme is used to represent unusual characters so that they can be safely combined within an HTML document.
Hex Encoding: The HTML encoding scheme uses the hex value of every character to represent a collection of characters for transmitting binary data.
Hotspot: Hotspots refer to areas with Wi-Fi availability, where users can enable Wi-Fi on their devices and connect to the Internet.
Hybrid Cloud: It is a cloud environment comprised of two or more clouds (private, public, or community) that remain unique entities but are bound together to offer the benefits of multiple deployment models.
HMAC: HMAC is a type of message authentication code (MAC) that combines a cryptographic key with a cryptographic hash function.
Homomorphic Encryption: Homomorphic encryption allows users to secure and leave their data in an encrypted format even while it is being processed or manipulated.
Hardware-Based Encryption: Hardware-based encryption uses computer hardware for assisting or replacing the software when the data encryption process is underway.
HSM: Hardware security module (HSM) is an additional external security device that is used in a system for crypto-processing and can be used for managing, generating, and securely storing cryptographic keys.
Hard Drive Encryption: Hard drive encryption is a technology where the data stored in the hardware can be encrypted using a wide range of encryption options.
Hash Collision Attack: A hash collision attack is performed by finding two different input messages that result in the same hash output.
I
Integrity: The trustworthiness of data or resources in terms of preventing improper or unauthorized changes.
Information Warfare: The term information warfare or InfoWar refers to the use of information and communication technologies (ICT) to gain competitive advantages over an opponent.
Indicators of Compromise (IoCs): Indicators of Compromise (IoCs) are the clues, artifacts, and pieces of forensic data found on the network or operating system of an organization that indicate a potential intrusion or malicious activity in the organization’s infrastructure.
Industrial Spies: Individuals who perform corporate espionage by illegally spying on competitor organizations and focus on stealing information such as blueprints and formulas.
Information Assurance (IA): IA refers to the assurance that the integrity, availability, confidentiality, and authenticity of information and information systems is protected during the usage, processing, storage, and transmission of information.
Incident Management: Incident management is a set of defined processes to identify, analyze, prioritize, and resolve security incidents to restore normal service operations as quickly as possible and prevent future recurrence of the incident.
Incident Handling and Response: Incident handling and response (IH&R) is the process of taking organized and careful steps when reacting to a security incident or cyberattack.
ISO/IEC 27701:2022: Specifies the requirements and framework for establishing, implementing, maintaining, and continually improving an ISMS to ensure confidentiality, integrity, and availability of information.
ISO/IEC 27701:2019: ISO/IEC 27701:2019 extends the ISO/IEC 27001 framework to include privacy management, specifically focusing on protecting personally identifiable information (PII).
ISO/IEC 27002:2022: ISO/IEC 27002:2022 outlines the best practices and control objectives for critical cybersecurity areas such as access control, cryptography, and security personnel.
ISO/IEC 27005:2022: ISO/IEC 27005:2022 provides comprehensive guidelines for information security risk management and supports the ISMS requirements specified in ISO/IEC 27001.
ISO/IEC 27032:2023: ISO/IEC 27032:2023 explains the relationship among the Internet, Web, network security, and cybersecurity, providing a comprehensive overview of Internet security and identifying key stakeholders and their roles.
ISO/IEC 27040:2024: ISO/IEC 27040:2024 provides the detailed technical requirements and guidance for achieving data storage security through careful planning, design, documentation, and implementation.
Impersonation: Pretending to be a legitimate or authorized person and using the phone or other communication medium to mislead targets and trick them into revealing information.
ICMP ECHO Ping Scan: ICMP ECHO ping scans involve sending ICMP ECHO requests to a host. If the host is live, it will return an ICMP ECHO reply.
ICMP ECHO Ping Sweep: Ping sweep is used to determine the live hosts from a range of IP addresses by sending ICMP ECHO requests to multiple hosts. If a host is alive, it will return an ICMP ECHO reply.
ICMP Address Mask Ping Scan: ICMP address mask ping is another alternative to the traditional ICMP ECHO ping, where the attackers send an ICMP address mask query to the target host to acquire information related to the subnet mask.
Inverse TCP Flag Scan: Attackers send TCP probe packets with a TCP flag (FIN, URG, PSH) set or with no flags, where no response implies that the port is open, whereas an RST response means that the port is closed.
IDLE/IPID Header Scan: The IDLE/IPID header scan is a TCP port scan method that can be used to send a spoofed source address to a computer to determine what services are available.
IP Address Decoy: IP address decoy technique refers to generating or manually specifying the IP addresses of decoys in order to evade an IDS or firewall.
IP Address Spoofing: IP spoofing refers to changing the source IP addresses so that the attack appears to be coming from someone else.
Internal Vulnerability Scanning: Internal scanning involves scrutinizing the internal network to find exploits and vulnerabilities.
Integer Overflow: An integer overflow occurs when an arithmetic function generates and attempts to store an integer value larger than the maximum value that the allocated memory space can store.
Image Steganography: In image steganography, the information is hidden in image files of different formats such as .PNG, .JPG, and .BMP.
Injector: A program that injects its code into other vulnerable running processes and changes how they execute to hide or prevent its removal.
IRDP Spoofing: The attacker sends a spoofed IRDP router advertisement message to the host on the subnet, causing it to change its default router to whatever the attacker chooses.
Insider Attack: An insider attack involves using privileged access to intentionally violate rules or cause threat to the organization’s information or information systems in any form.
Identity Theft: Identity theft is a crime in which an imposter steals your personally identifiable information such as name, credit card number, social security or driver’s license numbers, etc. to commit fraud or other crimes.
ICMP Flood Attack: ICMP flood attacks are a type of attack in which attackers send large volumes of ICMP echo request packets to a victim system directly or through reflection networks.
Ingress Filtering: Ingress filtering prevents the source address spoofing of Internet traffic.
IPSec: IPSec is a protocol suite developed by the IETF for securing IP communications by authenticating and encrypting each IP packet of a communication session.
IoT Device Vulnerability Scanning: IoT device vulnerability scanning provides insights into weaknesses across IoT devices and systems that are exposed to or connected to the Internet.
Intrusion Detection System (IDS): An intrusion detection system (IDS) is a software system or hardware device that inspects all inbound and outbound network traffic for suspicious patterns that may indicate a network or system security breach.
Intrusion Prevention System (IPS): IPS are continuous monitoring systems that often sit behind firewalls as an additional layer of protection.
Insertion Attack: Insertion is the process by which the attacker confuses the IDS by forcing it to read invalid packets.
Injection Flaws: Injection flaws are web application vulnerabilities that allow untrusted data to be interpreted and executed as part of a command or query.
In-band SQL Injection: An attacker uses the same communication channel to perform the attack and retrieve the results.
Input Validation: Input validation helps developers to prevent user-supplied data influencing the logic of the code.
Industrial, Scientific, and Medical (ISM) Band: This band is a set of frequencies used by the international industrial, scientific, and medical communities.
Inter-Chip Privilege Escalation Attack: The inter-chip privilege escalation attack exploits the underlying vulnerabilities in wireless chips that handle wireless communications such as Bluetooth and Wi-Fi.
iOS Trustjacking: iOS Trustjacking is a vulnerability that can be exploited by an attacker to read messages and emails and capture sensitive information from a remote location without the victim’s knowledge.
iOS Method Swizzling: Method swizzling, also known as monkey patching, is a technique that involves modifying the existing methods or adding new functionality at runtime.
IoT: Internet of Things (IoT), also known as Internet of Everything (IoE), refers to the network of devices having IP addresses and the capability to sense, collect, and send data using embedded sensors, communication hardware and processors.
IoT Device Management: IoT device management helps in supporting IoT solutions by using any software tools and processes and helps in onboarding latest devices securely and promptly.
Industrial Network: A network of automated control systems is known as an industrial network.
Industrial Protocols: Protocols used for serial communication and communication over standard Ethernet. Ex: S7, CDA, CIP, Modbus, etc.
IT/OT Convergence (IIOT): IT/OT convergence is the integration of IT computing systems and OT operation monitoring systems to bridge the gap between IT/OT technologies for improving overall security, efficiency, and productivity.
ICS: ICS is often referred to as a collection of different types of control systems and their associated equipment such as systems, devices, networks, and controls used to operate and automate several industrial processes.
Infrastructure-as-a-Service (IaaS): This service provides virtual machines and other abstracted hardware and operating systems (OSs), which may be controlled through a service application programming interface (API).
Identity-as-a-Service (IDaaS): This cloud computing service offers authentication services to the subscribed enterprises and is managed by a third-party vendor to provide identity and access management services.
J
JIT Spraying: Attackers use just-in-time (JIT) spraying techniques to execute arbitrary code on a victim’s system by exploiting vulnerabilities in the JIT compilation feature in many modern web browsers.
Jailbreaking: Jailbreaking is defined as the process of installing a modified set of kernel patches that allows users to run third-party applications not signed by the OS vendor.
Jamming Attack: Jamming is a type of attack in which the communications between wireless IoT devices are jammed so that they can be compromised.
K
Kerberos: Kerberos is a network authentication protocol that provides strong authentication for client/server applications through secret-key cryptography.
Kerberoasting (Cracking TGS): Kerberoasting is an attack technique that targets the Kerberos authentication protocol to obtain and crack the password hashes of service accounts in an Active Directory environment.
Kernel Exploits: Kernel exploits refer to programs that can exploit vulnerabilities present in the kernel to execute arbitrary commands or code with higher privileges.
Keylogger: Keystroke loggers are programs or hardware devices that monitor each keystroke as the user types on a keyboard, logs onto a file, or transmits them to a remote location.
Kubernetes: Kubernetes, also known as K8s, is an open-source, portable, extensible, orchestration platform developed by Google for managing containerized applications and microservices.
Key Stretching: Key stretching refers to the process of strengthening a key that might be slightly too weak, usually by making it longer.
L
LDAP: Lightweight directory access protocol (LDAP) is an Internet protocol for accessing distributed directory services.
Lawful Interception: Lawful interception refers to legally intercepting data communication between two end points for surveillance on the traditional telecommunications, Voice over Internet Protocol (VoIP), data, and multiservice networks.
Low-interaction Honeypots: Low-interaction honeypots emulate only a limited number of services and applications of a target system or network.
LDAP Injection Attack: An LDAP injection attack works in the same way as an SQL injection attack, but it exploits user parameters to generate an LDAP query.
LPWAN: Low Power Wide Area Networking (LPWAN) is a wireless telecommunication network, designed to provide long-range communications between two endpoints.
LWM2M: Lightweight Machine-to-Machine (LWM2M) is an application-layer communication protocol used for application-level communication between IoT devices; it is used for IoT device management.
Living Off the Cloud Attack (LotC): Living Off the Cloud (LotC) is a modern evolution of the “living off the land” attack, in which attackers target victim’s SaaS and IaaS-based applications to carry out malicious activities such as data exfiltration.
M
MITRE ATT&CK Framework: MITRE ATT&CK is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations.
Maintaining Access: Maintaining access refers to the phase when the attacker tries to retain their ownership of the system.
Management Information Base (MIB): MIB is a virtual database containing a formal description of all the network objects that can be managed using SNMP.
Manual Vulnerability Scanning: Manual vulnerability scanning refers to the process of manually identifying, evaluating, and validating security vulnerabilities in systems, networks, and applications.
Mask Attack: Mask attack is similar to brute-force attacks but recovers passwords from hashes with a more specific set of characters based on information known to the attacker.
Mobile Application Scanning: Mobile application scanning aims at protecting the privacy of data across mobile applications and APIs.
Markov-Chain Attack: Attackers gather a password database and split each password entry into 2-and 3-character long syllables; using these character elements, a new alphabet is developed, which is then matched with the existing password database.
Malware: Malware is malicious software that damages or disables computer systems and gives limited or full control of the systems to the malware creator for the purpose of theft or fraud.
Malicious Code: A command that defines malware’s basic functionalities such as stealing data and creating backdoors.
Malware Analysis: Malware analysis is a process of reverse engineering a specific piece of malware to determine the origin, functionality, and potential impact of a given type of malware.
MAC Flooding: MAC flooding involves the flooding of the CAM table with fake MAC address and IP pairs until it is full.
MAC Spoofing/Duplicating: A MAC duplicating attack is launched by sniffing a network for MAC addresses of clients who are actively associated with a switch port and re-using one of those addresses.
Malicious Insider: A disgruntled or terminated employee who steals data or destroys the company’s networks intentionally by introducing malware into the corporate network.
Multi-Vector Attack: In multi-vector DDoS attacks, the attackers use combinations of volumetric, protocol, and application-layer attacks to disable the target system or service.
Man-in-the-Middle/Manipulator-in-the-Middle Attack: The man-in-the-middle attack is used to intrude into an existing connection between systems and intercept the messages being exchanged.
Man-in-the-Browser/Manipulator-in-the-Browser Attack: The man-in-the-browser attack uses a Trojan horse to intercept the calls between the browser and its security mechanisms or libraries.
Medium-interaction Honeypots: Medium-interaction honeypots simulate a real OS as well as applications and services of a target network.
Malware Honeypots: Malware honeypots are used to trap malware campaigns or malware attempts over the network infrastructure.
MarioNet Attack: MarioNet is a browser-based attack that runs malicious code inside the browser, and the infection persists even after closing or browsing away from the malicious webpage through which infection has spread.
Manual Web Application Security Testing: It involves testing a web application using manually designed data, customized code, and some browser extension tools to detect vulnerabilities and weaknesses associated with the applications.
Mobile Spam: Mobile phone spam, also known as SMS spam, text spam, or m-spam, refers to unsolicited messages sent in bulk form to known/unknown phone numbers/email IDs to target mobile phones.
Mobile Device Management (MDM): Mobile Device Management (MDM) provides platforms for over-the-air or wired distribution of applications and data and configuration settings for all types of mobile devices, including mobile phones, smartphones, and tablet computers.
MQTT: Message Queuing Telemetry Transport (MQTT) is an ISO standard lightweight protocol used to transmit messages for long-range wireless communication.
Multimedia over Coax Alliance (MoCA): MoCA is a type of network protocol that provides high-definition videos and related content to homes over existing coaxial cables.
Mobile Backend-as-a-Service (MBaaS): This cloud computing service allows app developers to integrate their front-end applications with backend infrastructure through an application programming interface (API) and software development kit (SDK).
Multi Cloud: It is a dynamic heterogeneous environment that combines workloads across multiple cloud vendors that are managed via one proprietary interface to achieve long-term business goals.
Microservices: Monolithic applications are broken down into cloud-hosted sub-applications called microservices that work together, each performing a unique task.
Man-in-the-Cloud (MITC) Attack: MITC attacks are performed by abusing cloud file synchronization services such as Google Drive or Drop Box for data compromise, command and control (C&C), data exfiltration, and remote access.
MD5: The MD5 algorithm takes a message of arbitrary length as the input and then outputs a 128-bit fingerprint or message digest of the input.
MD6: MD6 uses a Merkle-tree-like structure to allow for large-scale parallel computation of hashes for very long inputs.
Multilayer Hashing Calculators: Multilayer hashing, also known as nested hashing or recursive hashing, is a technique in which a hash function is applied multiple times to the input or output of a previous hash operation.
N
Non-Repudiation: A guarantee that the sender of a message cannot later deny having sent the message and that the recipient cannot deny having received the message.
Network Indicators: Network indicators are useful for command and control, malware delivery, identifying the operating system, and other tasks.
Network Scanning: Network scanning refers to a set of procedures used for identifying hosts, ports, and services in a network.
NTP: Network Time Protocol (NTP) is designed to synchronize the clocks of networked computers.
National Vulnerability Database (NVD): A U.S. government repository of standards-based vulnerability management data represented using the Security Content Automation Protocol (SCAP).
Network-based Vulnerability Scanning: Determines possible network security attacks that may occur on the organization’s system.
Non-Credentialed/Unauthenticated Vulnerability Scanning: Non-credentialed vulnerability scanning is a security testing method that assesses systems, networks, and applications without using valid credentials to log into the target system.
NTLM Relay Attack: An NTLM relay attack involves an attacker intercepting and relaying NTLM authentication requests between a client and server to impersonate the client and gain unauthorized access.
NTFS Data Stream: NTFS Alternate Data Stream (ADS) is a Windows hidden stream, which contains metadata for the file, such as attributes, word count, author name and access, and modification time of the files.
Natural Language Processing (NLP): Natural language processing (NLP) is a branch of artificial intelligence that focuses on the interaction between computers and humans through natural language.
Network Level Hijacking: Network level hijacking can be defined as the interception of packets during the transmission between a client and the server in a TCP or UDP session.
Network Address Translation (NAT): Network address translation separates IP addresses into two sets and enables the LAN to use these addresses for internal and external traffic separately.
Near-Field Communication (NFC): NFC is a type of short-range communication that uses magnetic field induction to enable communication between two electronic devices.
NAND Glitching: NAND glitching is the process of gaining privileged root access while booting a device, which can be performed by making a ground connection to the serial I/O pin of a flash memory chip.
Next-Generation Secure Web Gateway (NG SWG): NG SWG is a cloud-based security solution that protects an organization’s network from cloud-based threats, malware infections, and data theft activities.
O
Organized Hackers: Miscreants or hardened criminals who use rented devices or botnets to perform various cyber-attacks to pilfer money from victims.
OS Discovery/Banner Grabbing: Banner grabbing or OS fingerprinting is the method used to determine the operating system running on a remote target system.
Overpass-the-Hash Attack: It is a type of credential theft-and-reuse attack using which attackers perform malicious activities on compromised devices or environments.
Obfuscator: A program that conceals its code and intended purpose via various techniques, and thus, makes it hard for security mechanisms to detect or remove it.
Obfuscating: Obfuscating is an IDS evasion technique used by attackers who encode the attack packet payload in such a way that the destination host can decode the packet but not the IDS.
OAuth: OAuth is an authorization protocol that allows a user to grant limited access to their resources on a site to a different site without having to expose their credentials.
Output Encoding: Output encoding is used to encode the input to ensure it is properly sanitized before being passed to the database.
Orthogonal Frequency-Division Multiplexing (OFDM): An OFDM is a method of digital modulation of data in which a signal, at a chosen frequency, is split into multiple carrier frequencies that are orthogonal (occurring at right angles) to each other.
Omnidirectional Antenna: Omnidirectional antennas radiate electromagnetic (EM) energy in all directions.
OTP Hijacking: Attackers hijack OTPs and redirect them to their personal devices using different techniques such as social engineering and SMS jacking.
OT: Operational Technology (OT) is the software and hardware designed to detect or cause changes in industrial operations through direct monitoring and/or controlling of industrial physical devices.
P
PoisonGPT: PoisonGPT is an AI-powered tool that introduces malicious models into otherwise trusted AI systems.
PentestGPT: PentestGPT was designed to assist penetration testers by automating various aspects of the testing process.
Passive Attacks: Passive attacks involve intercepting and monitoring network traffic and data flow on the target network and do not tamper with the data.
Procedures: “Procedures” are organizational approaches that threat actors follow to launch an attack.
Payment Card Industry Data Security Standard (PCI DSS): The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle cardholder information for major debit, credit, prepaid, e-purse, ATM, and POS cards.
Passive Footprinting: Passive footprinting involves gathering information about the target without direct interaction.
Packet Fragmentation: Packet fragmentation refers to the splitting of a probe packet into several smaller packets (fragments) while sending it to a network.
Proxy Server: A proxy server is an application that can serve as an intermediary for connecting with other computers.
Physical Security Vulnerability Scanning: Physical security vulnerability scanning involves conducting a comprehensive examination of physical assets to proactively identify various vulnerabilities associated with them.
Password Cracking: Attackers use password cracking techniques to gain unauthorized access to vulnerable systems.
Password Guessing: Password guessing is a password-cracking technique that involves attempting to log on to the target system with different passwords manually.
Password Spraying Attack: Password spraying attack targets multiple user accounts simultaneously using one or a small set of commonly used passwords.
Pass-the-Ticket Attack: Pass the Ticket is a technique used for authenticating a user to a system that is using Kerberos without providing the user’s password.
PRINCE Attack: An advanced version of a combinator attack where instead of taking input from two different dictionaries, attackers use a single input dictionary to build chains of combined words.
Password Salting: Password salting is a technique where a random string of characters are added to the password before calculating their hashes.
Proof-of-Concept (PoC): Proof-of-concept (PoC) is the demonstration of the existence and impact of a vulnerability in software or networks.
Privilege Escalation: A privilege escalation attack is the process of gaining more privileges than were initially acquired.
Pivoting: Attackers use the pivoting technique to compromise a system, gain remote shell access on it, and further bypass the firewall to pivot via the compromised system to access other vulnerable systems in the network.
Point-of-Sale Trojans: Point-of-sale (POS) Trojans are a type of financial fraudulent malware that target POS and payment equipment such as credit card/debit card readers.
Packer: A program that allows all files to bundle together into a single executable file via compression to bypass security software detection.
Payload: A piece of software that allows control over a computer system after it has been exploited.
Potentially Unwanted Application or Applications (PUAs): Also known as grayware or junkware, are potentially harmful applications that may pose severe risks to the security and privacy of data stored in the system where they are installed.
Portable Executable (PE): The Portable Executable (PE) format is an executable file format used on Windows OS, which stores the information that a Windows system requires to manage the executable code.
Packet Sniffing: Packet sniffing is the process of monitoring and capturing all data packets passing through a given network using a software application or hardware device.
Passive Sniffing: It involves monitoring packets sent by others without sending any additional data packets in the network traffic.
Piggybacking: Piggybacking usually implies entry into a building or security area with the consent of the authorized person.
Pop-Up Windows: Windows that suddenly pop up while surfing the Internet and ask for user information to login or sign-in.
Phishing: Phishing is the practice of sending an illegitimate email claiming to be from a legitimate site in an attempt to acquire a user’s personal or account information.
Pharming: Pharming is a social engineering technique in which the attacker executes malicious programs on a victim’s computer or server, and when the victim enters any URL or domain name, it automatically redirects the victim’s traffic to an attacker-controlled website.
Ping of Death Attack: In a Ping of Death (PoD) attack, an attacker tries to crash, destabilize, or freeze the targeted system or service by sending malformed or oversized packets using a simple ping command.
Pulse Wave DDoS Attack: In a pulse wave DDoS attack, attackers send a highly repetitive, periodic train of packets as pulses to the target victim every 10 minutes, and each specific attack session can last for a few hours to days.
Peer-to-Peer Attack: A peer-to-peer attack is a form of DDoS attack in which the attacker exploits a number of bugs in peer-to-peer servers to initiate a DDoS attack.
Permanent Denial-of-Service Attack: Permanent DoS, also known as phlashing, refers to attacks that cause irreversible damage to system hardware.
Protocol Anomaly Detection: In this type of detection, models are built to explore anomalies in the way in which vendors deploy the TCP/IP specification.
Packet Filtering Firewall: In a packet filtering firewall, each packet is compared to a set of criteria before it is forwarded.
Pure Honeypots: Pure honeypots emulate the real production network of a target organization.
Production Honeypots: Production honeypots are deployed inside the production network of the organization along with other production servers.
Port Scanning: Port scanning is used to identify open ports and the services running on these ports.
Patch: A patch is a small piece of software designed to fix problems, security vulnerabilities, and bugs and improve the performance of a computer program or its supporting data.
Pass-the-Cookie Attack: The pass-the-cookie attack occurs when attackers obtain a clone of a cookie from the user’s browser and use the cookie to establish a session with the target web server.
Parabolic Grid Antenna: A parabolic grid antenna uses the same principle as a satellite dish, but it does not have a solid dish. It consists of a semi-dish in the form of a grid consisting of aluminum wires.
Purdue Model: The Purdue model is derived from the Purdue Enterprise Reference Architecture (PERA) model, which is widely used to describe internal connections and dependencies of important components in the ICS networks.
Programmable Logic Controller (PLC): A programmable logic controller (PLC) is a small solid-state control computer where instructions can be customized to perform a specific task.
Platform-as-a-Service (PaaS): This offers development tools, configuration management, and deployment platforms on-demand, which can be used by subscribers to develop custom applications.
Public Cloud: In this model, the provider makes services such as applications, servers, and data storage available to the public over the Internet.
Private Cloud: A private cloud, also known as the internal or corporate cloud, is a cloud infrastructure operated by a single organization and implemented within a corporate firewall.
Post-quantum Cryptography: Post-quantum cryptography is an advanced cryptographic algorithm designed to protect security systems from attacks initiated on both conventional and quantum computers.
Public Key Infrastructure (PKI): PKI is a set of hardware, software, people, policies, and procedures required to create, manage, distribute, use, store, and revoke digital certificates.
Pretty Good Privacy (PGP): It is often used for data compression, digital signing, encryption and decryption of messages, emails, files, and directories, and to enhance the privacy of email communications.
Padding Oracle Attack: In a padding oracle attack (also known as a Vaudenay attack), attackers exploit the padding validation of an encrypted message to decipher the ciphertext.
Q
QRLJacking: QRLJacking is a type of social engineering attack that exploits the QR Code Login method in various web applications to hijack login sessions and gain unauthorized access to victims’ accounts.
Quantum Cryptography: This cryptography is processed based on quantum mechanics, such as quantum key distribution (QKD), using photons instead of mathematics as a part of encryption.
Quantum Cryptanalysis: Quantum cryptanalysis is the process of cracking cryptographic algorithms using a quantum computer.
R
Red Hat Hackers: Red hats adopt aggressive tactics, such as black hat hackers, with the intent of neutralizing threats before damaging resources.
Reconnaissance: Reconnaissance refers to the preparatory phase where an attacker seeks to gather information about a target prior to launching an attack.
Risk: Risk refers to the degree of uncertainty or expectation that an adverse event may cause damage to the system.
Risk Matrix: The risk matrix scales the risk occurrence or likelihood probability, along with its consequences or impact.
Risk Management: Risk management is the process of reducing and maintaining risk at an acceptable level by means of a well-defined and actively employed security program.
Risk Identification: Identifies the sources, causes, consequences, and other details of the internal and external risks affecting the security of the organization.
Risk Assessment: Assesses the organization’s risk and provides an estimate of the likelihood and impact of the risk.
Risk Treatment: Selects and implements appropriate controls for the identified risks.
Risk Tracking: Ensures appropriate controls are implemented to handle known risks and calculates the chances of a new risk occurring.
Return-Oriented Programming (ROP) Attack: Return-oriented programming is an exploitation technique used by attackers to execute arbitrary malicious code in the presence of security protections such as code signing and executable space protection.
RPC: Remote Procedure Call (RPC) allows clients and servers to communicate in distributed client/server programs.
Resource Exhaustion: A resource exhaustion attack damages the server by sending multiple resource requests from different locations to exploit software bugs or errors, thereby hanging the system and server or causing a system crash.
Race Condition: A race condition is an undesirable incident that occurs when a software or system program depends on the execution of processes in a sequence and on the timing of the programs.
Replay Attack: In a replay attack, packets and authentication tokens are captured using a sniffer. After the relevant information is extracted, the tokens are placed back on the network to gain access.
Rainbow Table: A rainbow table is a precomputed table that contains word lists like dictionary files, brute force lists, and their hash values.
Relaying: Attackers use the relaying technique to access resources present on other systems via the compromised system such a way that the requests to access the resources are coming from the initially compromised system.
Rootkits: Rootkits are programs that hide their presence as well as attacker’s malicious activities, granting them full access to the server or host at that time, and in the future.
Rich Text Format (RTF) Injection: RTF injection involves exploiting features of Microsoft Office such as RTF template files that are stored locally or in a remote machine.
Ransomware: Ransomware is a type of malware that restricts access to the computer system’s files and folders and demands an online ransom payment to the malware creator(s) to remove the restrictions.
Rogue DHCP Server Attack: The attacker sets up a rogue DHCP server on the network and responds to DHCP requests with bogus IP addresses resulting in compromised network access.
Reverse Social Engineering: The attacker presents him/herself as an authority and the target seeks his or her advice before or after offering the information that the attacker needs.
Reverse Tabnabbing: Reverse tabnabbing involves a seemingly legitimate website that deceives users into opening a malicious link, which then alters the content of the original tab to a phishing site.
RST Hijacking: RST hijacking involves injecting an authentic-looking reset (RST) packet using a spoofed source address and predicting the acknowledgment number.
Research Honeypots: Research honeypots are high-interaction honeypots primarily deployed by research institutes, governments, or military organizations to gain detailed knowledge about the actions of intruders.
RASP: Runtime application self-protection (RASP) provides security to web and non-web applications running on a server.
Reflector Antennas: Reflector antennas are used to concentrate EM energy that is radiated or received at a focal point.
RFID Cloning Attack: RFID cloning involves capturing the data from a legitimate RFID tag and then creating its clone using a new chip.
Reverse Engineering: Reverse engineering is the process of analyzing and extracting the source code of a software or application, and if needed, regenerating it with required modifications.
RC4: RC4 is a variable key-size symmetric-key stream cipher with byte-oriented operations, and it is based on the use of a random permutation.
RC5: RC5 is a fast symmetric-key block cipher designed by Ronald Rivest for RSA Data Security (now RSA Security).
RC6: RC6 is a symmetric-key block cipher derived from RC5. It is a parameterized algorithm with a variable block size, key size, and number of rounds.
Rivest Shamir Adleman (RSA): Ron Rivest, Adi Shamir, and Leonard Adleman formulated RSA, a public-key cryptosystem for Internet encryption and authentication.
RIPEMD-160: RACE Integrity Primitives Evaluation Message Digest (RIPEMD) is a 160-bit hash algorithm developed by Hans Dobbertin, Antoon Bosselaers, and Bart Preneel.
Rainbow Table Attack: A rainbow table attack is a type of cryptography attack where an attacker uses a rainbow table to reverse cryptographic hash functions.
Related-Key Attack: An attacker launches a related key attack by exploiting the mathematical relationship between keys in a cipher to gain access over encryption and decryption functions.
Race Attack: A race attack is a double-spending attack that exploits the delay in transaction confirmation in blockchain networks to obtain goods or services without actually paying for them and effectively spends the same coin twice.
S
Suicide Hackers: Suicide hackers are individuals who aim to bring down critical infrastructure for a “cause” and are not worried about facing jail terms or any other kind of punishment.
Script Kiddies: Script kiddies are unskilled hackers who compromise systems by running scripts, tools, and software developed by real hackers.
State-Sponsored Hackers: State-sponsored hackers are individuals employed by the government to penetrate, gain top-secret information from, and damage the information systems of other governments.
ShellGPT: An AI-powered tool that ethical hackers and cybersecurity professionals can use to perform various tasks.
Strategic Threat Intelligence: Strategic threat intelligence provides high-level information regarding cybersecurity posture, threats, details about the financial impact of various cyber activities, attack trends, and the impact of high-level business decisions.
Scanning: Scanning refers to the pre-attack phase when the attacker scans the network for specific information based on information gathered during reconnaissance.
Supervised Learning: Supervised learning uses algorithms that input a set of labeled training data to attempt to learn the differences between the given labels.
Sarbanes Oxley Act (SOX): Enacted in 2002, the Sarbanes-Oxley Act aims to protect the public and investors by increasing the accuracy and reliability of corporate disclosures.
Shoulder Surfing: In the shoulder surfing technique, an attacker stands behind the victim and secretly observes the victim’s activities on the computer, such as keystrokes while entering usernames, passwords, and so on.
Stealth Scan (Half-open Scan): Stealth scanning involves abruptly resetting the TCP connection between the client and server before the completion of three-way handshake signals, thus leaving the connection half-open.
SCTP INIT Scanning: Attackers send an INIT chunk to the target host, and an INIT+ACK chunk response implies that the port is open, whereas an ABORT Chunk response means that the port is closed.
SCTP COOKIE ECHO Scanning: Attackers send a COOKIE ECHO chunk to the target host, and no response implies that the port is open, whereas an ABORT Chunk response means that the port is closed.
Source Routing: Source routing refers to sending a packet to the intended destination with a partially or completely specified route (without firewall-/IDS-configured routers) in order to evade an IDS or firewall.
Source Port Manipulation: Source port manipulation refers to manipulating actual port numbers with common port numbers in order to evade an IDS or firewall.
SNMP Enumeration: SNMP enumeration is the process of enumerating user accounts and devices on a target system using SNMP.
SSDP: Simple Service Discovery Protocol (SSDP) is a network protocol that generally communicates with machines when querying them with routable IPv4 or IPv6 multicast addresses.
SMB: Server Message Block (SMB) is a transport protocol that is generally used by Windows systems for providing shared access to files, printers, and serial ports as well as remote access to Windows services.
Security Accounts Manager (SAM) Database: Windows uses the Security Accounts Manager (SAM) database or Active Directory Database to manage user accounts and passwords in hashed format (a one-way hash).
Spyware: Spyware is a stealthy program that records the user’s interaction with the computer and the Internet without the user’s knowledge and sends the information to the remote attackers.
Screen-Capturing Spyware: Screen-capturing spyware is a program that allows you to monitor computer activities by taking snapshots or screenshots of the computer on which the program is installed.
Steganography: Steganography is a technique of hiding a secret message within an ordinary message and extracting it at the destination to maintain confidentiality of data.
Spam/Email Steganography: Spam/email steganography refers to the technique of sending secret messages by hiding them in spam/email messages.
Steganalysis: Steganalysis is the art of discovering and rendering covert messages using steganography.
Skeleton Key Attack: A skeleton key is a form of malware that attackers use to inject false credentials into domain controllers (DCs) to create a backdoor password.
Silver Ticket Attack: A silver ticket attack is a post-exploitation technique implemented by an attacker to steal legitimate users’ credentials and create a fake Kerberos Ticket Granting Service (TGS) ticket.
Sheep Dip Computer: Sheep dipping refers to the analysis of suspect files, incoming messages, etc. for malware.
Static Malware Analysis: It involves going through the executable binary code without executing it to have a better understanding of the malware and its purpose.
SNMP: Simple Network Management Protocol (SNMP) is a TCP/IP-based protocol used for exchanging management information between devices connected on a network.
SMTP: Simple Mail Transfer Protocol (SMTP) is used for transmitting email messages over the Internet.
System Baselining: Baselining refers to the process of capturing the system state (taking a snapshot of the system) when the malware analysis begins, which can be compared with the system’s state after executing the malware file.
SPAN Port: A SPAN port is a port that is configured to receive a copy of every packet that passes through a switch.
STP Attack: Attackers connect a rogue switch into the network to change the operations of the STP protocol and sniff all the network traffic.
SAD DNS Attack: SAD DNS is a new variant of DNS cache poisoning, in which an attacker injects harmful DNS records into a DNS cache to divert all traffic toward their own servers.
Social Engineering: Social engineering is the art of convincing people to reveal confidential information.
Spam Email: Irrelevant, unwanted, and unsolicited emails that attempt to collect financial information, social security numbers, and network information.
Scareware: Malware that tricks computer users into visiting malware-infested websites, or downloading/buying potentially malicious software.
Spear Phishing: Attackers send spear phishing to send a message with specialized, social engineering content directed at a specific person, or a small group of people.
Spimming: A variant of spam that exploits Instant Messaging platforms to flood spam across the networks.
SMiShing: SMiShing (SMS phishing) is the act of using SMS text messaging system of cellular phones or other mobile devices to lure users into instant action, such as downloading malware, visiting a malicious webpage, or calling a fraudulent phone number.
Smurf Attack: In a Smurf attack, the attacker spoofs the source IP address with the victim’s IP address and sends a large number of ICMP ECHO request packets to an IP broadcast network.
SYN Flood Attack: In a SYN attack, the attacker sends a large number of SYN requests to the target server (victim) with fake source IP addresses.
Spoofed Session Flood Attack: Attackers create fake or spoofed TCP sessions by carrying multiple SYN, ACK, and RST or FIN packets.
Session Hijacking: Session hijacking refers to an attack in which an attacker seizes control of a valid TCP communication session between two computers.
Signature Recognition: Signature recognition, also known as misuse detection, tries to identify events that indicate an abuse of a system or network resource.
Stateful Multilayer Inspection Firewall: Stateful multilayer inspection firewalls combine the aspects of the other three types of firewalls (Packet Filtering, Circuit-Level Gateways, and Application-Level Firewalls).
Spam Honeypots: Spam honeypots specifically target spammers who abuse vulnerable resources such as open mail relays and open proxies.
Spider Honeypots: Spider honeypots are also called spider traps. These honeypots are specifically designed to trap web crawlers and spiders.
Session Splicing: Session splicing is a technique used to bypass the IDS where an attacker splits the attack traffic into many packets such that no single packet triggers the IDS.
SSH Brute Force Attack: Attackers use SSH protocols to create an encrypted SSH tunnel between two hosts to transfer unencrypted data over an insecure network.
Same-Site Attack: Same-site attacks, also known as related-domain attacks, occur when an attacker targets a subdomain of a trusted organization and attempts to redirect users to an attacker-controlled web page.
Static Application Security Testing (SAST): It is also referred to as a white-box testing approach, in which the complete system architecture (including its source code) or application/software to be tested is already known to the tester.
Source Code Review: Source code reviews are used to detect bugs and irregularities in the developed web applications.
16-bit Unicode Encoding: It replaces unusual Unicode characters with “%u” followed by the character’s Unicode code point expressed in hexadecimal.
SQL Injection: SQL injection is a technique used to take advantage of un-sanitized input vulnerabilities to pass SQL commands through a web application for execution by a backend database.
Service Set Identifier (SSID): An SSID is a 32-alphanumeric-character unique identifier given to a wireless local area network (WLAN) that acts as a wireless identifier of the network.
Simjacker: Simjacker is a vulnerability associated with a SIM card’s S@T browser (SIMalliance Toolbox Browser), a pre-installed software incorporated in SIM cards to provide a set of instructions.
Sybil Attack: The attacker uses multiple forged identities to create a strong illusion of traffic congestion, affecting communication between neighboring nodes and networks.
Side-Channel Attack: The attacker extracts information about encryption keys by observing the emission of signals i.e. “side channels” from IoT devices.
Supervisory Control and Data Acquisition (SCADA): SCADA is a centralized supervisory control system that is used for controlling and monitoring industrial facilities and infrastructure.
Safety Instrumented Systems (SIS): An SIS is an automated control system designed to safeguard the manufacturing environment in case of any hazardous incident in the industry.
Software-as-a-Service (SaaS): This cloud computing service offers application software to subscribers on-demand over the Internet.
Security-as-a-Service (SECaaS): It provides services such as penetration testing, authentication, intrusion detection, anti-malware, security incident and event management.
Serverless Computing: Serverless computing, also known as serverless architecture or Function-as-a-Service (FaaS), is a cloud-based application architecture where application infrastructure and supporting services are provided by the cloud vendor as they are needed.
S3 Buckets: Simple storage service (S3) is a scalable cloud storage service used by Amazon AWS, where files, folders, and objects are stored via Web APIs.
SAML: Security Assertion Markup Language (SAML) is a popular open-standard protocol used for authentication and authorization between communicating parties.
Security Groups: It is a basic security measure implemented in cloud infrastructure to provide security to virtual instances.
Symmetric Encryption: Symmetric encryption (secret-key, shared-key, and private-key) uses the same key for encryption as it does for decryption.
Serpent: Serpent uses a 128-bit symmetric block cipher with 128-, 192-, or 256-bit key sizes.
Secure Hashing Algorithm (SHA): This algorithm generates a cryptographically secure one-way hash; it was published by the National Institute of Standards and Technology as a US Federal Information Processing Standard.
Secure Sockets Layer (SSL): SSL is an application layer protocol developed by Netscape for managing the security of message transmission on the Internet.
T
Tactics, Techniques, and Procedures (TTPs): The term Tactics, Techniques, and Procedures (TTPs) refers to the patterns of activities and methods associated with specific threat actors or groups of threat actors.
Tactics: “Tactics” are the guidelines that describe the way an attacker performs the attack from beginning to the end.
Techniques: “Techniques” are the technical methods used by an attacker to achieve intermediate results during the attack.
Technical Threat Intelligence: Technical threat intelligence provides information about resources an attacker uses to perform an attack; this includes command and control channels, tools, and other items.
Threat Modeling: Threat modeling is a risk assessment approach for analyzing the security of an application by capturing, organizing, and analyzing all the information that affects the security of an application.
The Digital Millennium Copyright Act (DMCA): It defines the legal prohibitions against the circumvention of technological protection measures employed by copyright owners to protect their works, and against the removal or alteration of copyright management information.
Traceroute: Traceroute programs work on the concept of ICMP protocol and use the TTL field in the header of ICMP packets to discover the routers on the path to a target host.
TCP SYN Ping Scan: TCP SYN ping is a host discovery technique for probing different ports to determine if the port is online and to check if it encounters any firewall rule sets.
Toggle-Case Attack: Attackers try all possible combinations of upper and lower cases of a word present in the input dictionary.
Telephone/Cellphone Spyware: Telephone/cellphone spyware is a software tool that gives you full access to monitor a victim’s telephone or cellphone.
Trojan: It is a program in which the malicious or harmful code is contained inside apparently harmless programming or data in such a way that the code can get control and cause damage, such as ruining the file allocation table on your hard disk.
Tailgating: Tailgating implies accessing a building or secured area without the consent of the authorized person.
Tabnabbing: In a tabnabbing attack, a malicious webpage tricks users by changing its content to resemble a familiar site, such as a bank login page, capturing their credentials when they switch back to the tab.
Throttling: Throttling entails the setting up of routers for server access with a logic to throttle incoming traffic levels that are safe for the server.
TCP SACK Panic Attack: TCP SACK panic attack is a remote attack vector in which attackers attempt to crash the target Linux machine by sending SACK packets with malformed MSS.
TCP/IP Hijacking: TCP/IP hijacking involves using spoofed packets to seize control of a connection between a victim and target machine.
Two-Factor Authentication: A two-factor authentication provides an extra layer of protection as it provides another vector of authentication in addition to a user’s password.
Transit Gateway: A transit gateway is a network routing solution that establishes and manages communication between an on-premises consumer network and VPCs via a centralized unit.
Triple Data Encryption Standard (3DES): It performs DES three times with three different keys.
Twofish: Twofish uses a block size of 128 bits and key sizes up to 256 bits. It is a Feistel cipher.
Threefish: Threefish is a large tweakable symmetric-key block cipher in which the block and key sizes are equal, i.e., 256, 512, and 1024.
TEA: Tiny Encryption Algorithm (TEA) is a Feistel cipher that uses 64 rounds.
TPM: Trusted platform module (TPM) is a crypto-processor or chip that is present on the motherboard that can securely store the encryption keys, and it can perform many cryptographic operations.
Transport Layer Security (TLS): TLS is a protocol to establish a secure connection between a client and a server and ensure the privacy and integrity of information during transmission.
U
Unsupervised Learning: Unsupervised learning makes use of algorithms that input unlabeled training data to attempt to deduce all the categories without guidance.
UDP Ping Scan: Attackers send UDP packets to target hosts, and a UDP response indicates that the host is active.
USB Spyware: USB spyware is a program designed for spying on a computer, which copies spyware files from a USB device onto the hard disk without any request or notification.
UDP Flood Attack: An attacker sends spoofed UDP packets at a very high packet rate to a remote host on random ports of a target server using a large source IP range.
UDP Hijacking: A network-level session hijacking where the attacker sends forged server reply to a victim’s UDP request before the intended server replies to it.
URL Encoding: URL encoding is the process of converting URL into valid ASCII format so that data can be safely transported over HTTP.
UTF-8: It is a variable-length encoding standard that uses each byte expressed in hexadecimal and preceded by the % prefix.
Union SQL Injection: In a UNION SQL injection, an attacker combines a forged query with a query requested by the user using a UNION clause.
USB Encryption: USB encryption is an additional feature for USB storage devices that offers onboard encryption services.
V
Vulnerability Research: Vulnerability research is the process of analyzing protocols, services, and configurations to discover the vulnerabilities and design flaws that will expose an operating system and its applications to exploit, attack, or misuse.
Vulnerability Assessment: Vulnerability assessment is an in-depth examination of the ability of a system or application, including current security procedures and controls, to withstand the exploitation.
Vulnerability Exploitation: Vulnerability exploitation involves the execution of multiple complex, interrelated steps to gain access to a remote system.
Video Steganography: Video steganography refers to hiding secret information in a carrier video file.
Virus: A virus is a self-replicating program that produces its own copy by attaching itself to another program, computer boot sector, or document.
Vishing: Vishing (voice or VoIP phishing) is an impersonation technique (electronic fraud) in which the attacker tricks individuals to reveal personal and financial information using voice technology such as the telephone system, VoIP, etc.
VPN: A VPN is a private network constructed using public networks, such as the Internet.
Vulnerability Scanning: Vulnerability scanning involves analyzing protocols, services, and configurations to discover vulnerabilities and design flaws that may expose an operating system and its applications to exploitation, attack, or misuse.
Vulnerability Analysis: Vulnerability analysis is the systematic process of identifying, evaluating, and prioritizing security weaknesses in systems, networks, applications, or protocols.
Vulnerability Assessment Reports: A vulnerability assessment report is a comprehensive document that details the findings of a vulnerability assessment.
Virtual Private Cloud (VPC): VPC is a secure and independent private cloud environment that resides within the public cloud.
Vulnerability: A vulnerability refers to a weakness in the design or implementation of a system that can be exploited to compromise the security of the system.
Video Spyware: Video spyware is software for video surveillance installed on a target computer without the user’s knowledge.
Very Small Aperture Terminal (VSAT): VSAT is a communication protocol that is used for data transfer using small dish antennas for both broadband and narrowband data.
W
White Hats: White hats or penetration testers are individuals who use their hacking skills for defensive purposes.
WormGPT: WormGPT is an AI-powered tool that assists cybersecurity professionals in automating the generation of worm-like scripts and payloads.
Website Footprinting: Website footprinting refers to the monitoring and analysis of the target organization’s website for information.
Whois: Whois is a query and response protocol used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Wireless Network Vulnerability Scanning: Wireless network scanning determines the vulnerabilities in an organization’s wireless networks.
Wire Sniffing: Packet sniffing is a form of wire sniffing or wiretapping in which hackers sniff credentials during transit by capturing Internet packets.
Windows Management Instrumentation (WMI): WMI is a feature in Windows administration that provides a platform for accessing Windows system resources locally and remotely.
Windows Remote Management (WinRM): WinRM is a Windows-based protocol designed to allow a user to run an executable file, modify system services, and the registry on a remote system.
Whitespace Steganography: In white space steganography, the user hides the messages in ASCII text by adding white spaces to the ends of the lines.
Wiretapping: Wiretapping is the process of monitoring telephone and Internet conversations by a third party.
Whaling: A whaling attack is a type of phishing that targets high-profile executives like CEOs, CFOs, politicians, and celebrities who have complete access to confidential and highly valuable information.
Web Server: A web server is a computer system that stores, processes, and delivers web pages to clients via HTTP.
Website Defacement: Website defacement refers to unauthorized changes made to the content of a single web page or an entire website, resulting in changes to the visual appearance of the web page or website.
Web Cache Poisoning Attack: An attacker forces the web server’s cache to flush its actual cache content and sends a specially crafted request to store in the cache.
Web Server Misconfiguration: Server misconfiguration refers to configuration weaknesses in web infrastructure that can be exploited to launch various attacks on web servers such as directory traversal, server intrusion, and data theft.
Website Mirroring: Website mirroring copies an entire website and its content onto a local drive.
Web Applications: Web applications provide an interface between end users and web servers through a set of web pages that are generated at the server end or contain script code to be executed dynamically within the client web browser.
Web Service: A web service is an application or software that is deployed over the Internet and uses standard messaging protocols such as SOAP, UDDI, WSDL, and REST to enable communication between applications developed for different platforms.
Web-based Timing Attack: A web-based timing attack is a type of side-channel attack performed by attackers to retrieve sensitive information such as passwords from web applications by measuring the response time taken by the server.
Web Spidering/Crawling: Web spiders/crawlers automatically discover the hidden content and functionality by parsing HTML forms and client-side JavaScript requests and responses.
WS-Address Spoofing: In a WS-address spoofing attack, an attacker sends a SOAP message containing fake WS-address information to the server. The <ReplyTo> header consists of the address of the endpoint selected by the attacker rather than the address of the web service client.
Web API: Web API is an application programming interface that provides online web services to client-side apps for retrieving and updating data from multiple online sources.
Webhooks: Webhooks are user-defined HTTP callback or push APIs that are raised based on events triggered, such as receiving a comment on a post or pushing code to the registry.
Web Shell: A web shell is a malicious piece of code or script that is developed using server-side languages such as PHP, ASP, PERL, RUBY, and Python and are then installed on a target server.
Web Application Fuzz Testing: Web application fuzz testing (fuzzing) is a black-box testing method. It is a quality checking and assurance technique used to identify coding errors and security loopholes in web applications.
Whitelist Validation: Whitelist validation is an effective technique in which only the list of entities that have been approved for secured access are accepted.
Wi-Fi: Wireless network (Wi-Fi) refers to WLANs based on IEEE 802.11 standard, which allows the device to access the network from anywhere within an AP range.
Wired Equivalent Privacy (WEP): WEP is a security protocol defined by the 802.11b standard; it was designed to provide a wireless LAN with a level of security and privacy comparable to that of a wired LAN.
Wi-Fi Protected Access (WPA): WPA is a security protocol defined by 802.11i standards; it uses a Temporal Key Integrity Protocol (TKIP) that utilizes the RC4 stream cipher encryption with 128-bit keys and 64-bit MIC integrity check to provide stronger encryption and authentication.
WPA2: WPA2 is an upgrade to WPA, and it includes mandatory support for counter mode with cipher block chaining message authentication code protocol (CCMP), an AES-based encryption mode with strong security.
WPA3: WPA3 is an advanced implementation of WPA2 providing trailblazing protocols and uses the AES-GCMP 256 encryption algorithm.
Wireless Traffic Analysis: Wireless traffic analysis enables attackers to identify vulnerabilities and susceptible victims in a target wireless network.
Wireless Intrusion Prevention Systems: Wireless intrusion prevention systems (IPSs) protect networks against wireless threats and enable administrators to detect and prevent various network attacks.
Wrapping Attack: A wrapping attack is performed during the translation of the SOAP message in the TLS layer where attackers duplicate the body of the message and send it to the server as a legitimate user.
Web of Trust (WOT): Web of trust (WoT) is a trust model of PGP, OpenPGP, and GnuPG systems.
X
Xmas Scan: Xmas scan is a type of inverse TCP scanning technique with the FIN, URG, and PUSH flags set to send a TCP frame to a remote device.
XML External Entity Attack: XML External Entity attack is a server-side request forgery (SSRF) attack that can occur when a misconfigured XML parser allows applications to parse XML input from an unreliable source.
Y
Yagi Antenna: A Yagi antenna, also called Yagi–Uda antenna, is a unidirectional antenna commonly used in communications at a frequency band of 10 MHz to VHF and UHF.
YAK: YAK is a public-key-based Authenticated Key Exchange (AKE) protocol.
Z
Zero-trust Principles: Zero-trust principles constitute a set of standardized user pre-verification procedures that requires all users to be authenticated before providing access to any resource.
Zones and Conduits: A network segregation technique used to isolate the networks and assets to impose and maintain strong access control mechanisms.
Zero Trust Network: The Zero Trust model is a security implementation that assumes that every user trying to access the network is not a trusted entity by default and verifies every incoming connection before allowing access to the network.
Zero-Day Vulnerabilities: Zero-day vulnerabilities are unknown vulnerabilities in software/hardware that are exposed but not yet patched.