Cyber Glossary
Decoding the language of hackers.
Click any card to expand
AAA
Authentication, Authorization, and Accounting. A framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services.
ACL (Access Control List)
A list of rules that specifies which users or systems are granted or denied access to a particular object or system resource.
Active Directory
A directory service developed by Microsoft for Windows domain networks.
AES (Advanced Encryption Standard)
A symmetric encryption algorithm widely used globally to secure data.
Air Gap
A network security measure employed on one or more computers to ensure that a secure computer network is physically isolated from unsecured networks, such as the public Internet or an unsecured local area network.
Antivirus Software
Software designed to detect, prevent, and remove malware.
APT (Advanced Persistent Threat)
A prolonged and targeted cyberattack in which an intruder gains access to a network and remains undetected for an extended period.
ARP (Address Resolution Protocol)
A communication protocol used for discovering the link layer address, such as a MAC address, associated with a given internet layer address, typically an IPv4 address.
Attack Surface
The sum of the different points (the "attack vectors") where an unauthorized user (the "attacker") can try to enter data to or extract data from an environment.
Backdoor
A method of bypassing normal authentication or encryption in a computer system, a product, or an embedded device, etc.
Bcrypt
A password-hashing function designed to be slow to defend against brute-force attacks.
Black Hat Hacker
A hacker who violates computer security for little reason beyond maliciousness or for personal gain.
Blue Team
A group of individuals who perform an analysis of information systems to ensure security, identify security flaws, verify the effectiveness of each security measure, and to make certain all security measures will continue to be effective after implementation.
Botnet
A number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform distributed denial-of-service attack (DDoS attack), steal data, send spam, and allows the attacker to access the device and its connection.
Brute Force Attack
A cryptanalytic attack that consists of checking all possible keys until the correct key is found.
Buffer Overflow
An anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory locations.
Bug Bounty Program
A deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.
CI/CD Security
Security practices integrated into Continuous Integration and Continuous Deployment pipelines.
CIA Triad
A model designed to guide policies for information security within an organization. The specific elements are Confidentiality, Integrity, and Availability.
CISO (Chief Information Security Officer)
The senior-level executive within an organization responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected.
Cloud Computing
The on-demand availability of computer system resources, especially data storage (cloud storage) and computing power, without direct active management by the user.
Container
A standard unit of software that packages up code and all its dependencies so the application runs quickly and reliably from one computing environment to another.
Cross-Site Request Forgery (CSRF)
An attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated.
Cross-Site Scripting (XSS)
A type of security vulnerability typically found in web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users.
Cryptography
The practice and study of techniques for secure communication in the presence of third parties called adversaries.
CVE (Common Vulnerabilities and Exposures)
A list of publicly disclosed computer security flaws. When someone refers to a CVE, they mean a security flaw that has been assigned a CVE ID number.
CVSS (Common Vulnerability Scoring System)
A free and open industry standard for assessing the severity of computer system security vulnerabilities.
Dark Web
The World Wide Web content that exists on darknets, overlay networks that use the Internet but require specific software, configurations, or authorization to access.
Database Injection
A code injection technique where an attacker executes malicious SQL statements that control a web application's database server.
DDoS (Distributed Denial of Service)
A malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.
DevSecOps
An augmentation of DevOps to allow for security practices to be integrated into the DevOps approach.
Digital Forensics
A branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime.
DLP (Data Loss Prevention)
A set of tools and processes used to ensure that sensitive data is not lost, misused, or accessed by unauthorized users.
DMZ (Demilitarized Zone)
A physical or logical subnetwork that contains and exposes an organization's external-facing services to an untrusted network, usually the Internet.
DNS Spoofing
A form of computer security hacking in which corrupt Domain Name System data is introduced into the DNS resolver's cache, causing the name server to return an incorrect result record, e.g. an IP address.
EDR (Endpoint Detection and Response)
A technology that continually monitors and gathers data from endpoints to detect and analyze threat patterns.
Encryption
The process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext.
Enumeration
The process of extracting user names, machine names, network resources, shares and services from a system.
Evil Twin
A fraudulent Wi-Fi access point that appears to be legitimate but is set up to eavesdrop on wireless communications.
Exploit
A piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic.
Fileless Malware
A type of malicious software that uses legitimate programs to infect a computer. It does not look like a traditional virus because it does not rely on files and leaves no footprint on the hard drive.
Firewall
A network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.
Fuzzing
A quality assurance technique used to discover coding errors and security loopholes in software, operating systems or networks by inputting massive amounts of random data, called fuzz, to the system in an attempt to make it crash.
GDPR (General Data Protection Regulation)
A regulation in EU law on data protection and privacy in the European Union and the European Economic Area.
Grey Hat Hacker
A computer hacker or computer security expert who may sometimes violate laws or typical ethical standards, but does not have the malicious intent typical of a black hat hacker.
Hashing
The process of transforming any given key or a string of characters into another value. This is usually represented by a shorter, fixed-length value or key that represents and makes it easier to find or employ the original string.
HIPAA
Health Insurance Portability and Accountability Act. A US law designed to provide privacy standards to protect patients' medical records and other health information.
Honeypot
A computer security mechanism set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems.
HTTPS (Hypertext Transfer Protocol Secure)
An extension of the Hypertext Transfer Protocol (HTTP). It is used for secure communication over a computer network, and is widely used on the Internet.
IAM (Identity and Access Management)
A framework of policies and technologies for ensuring that the proper people in an enterprise have the appropriate access to technology resources.
IDS (Intrusion Detection System)
A device or software application that monitors a network or systems for malicious activity or policy violations.
Incident Response
The approach an organization takes to manage and correct the aftermath of a cyberattack or data breach.
IoC (Indicator of Compromise)
Artifacts observed on a network or in an operating system that with high confidence indicate a computer intrusion.
IoT (Internet of Things)
The network of physical objects "things" that are embedded with sensors, software, and other technologies for the purpose of connecting and exchanging data with other devices and systems over the internet.
IPS (Intrusion Prevention System)
A network security/threat prevention technology that examines network traffic flows to detect and prevent vulnerability exploits.
Kerberos
A computer-network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner.
Keylogger
A type of surveillance software that has the capability to record every keystroke you make to a log file, usually encrypted.
Lateral Movement
Techniques that cyber attackers use to progressively move through a network as they search for the key data and assets they are ultimately the target of their attack campaigns.
Logic Bomb
A piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.
Malware
Intentionally harmful software (malicious software). Examples include viruses, worms, trojan horses, ransomware, spyware, adware, and scareware.
Man-in-the-Middle (MitM) Attack
An attack where the attacker secretly relays and possibly alters the communications between two parties who believe they are directly communicating with each other.
MFA (Multi-Factor Authentication)
An electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism.
MITRE ATT&CK
A globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.
Network Segmentation
The process of dividing a computer network into smaller parts (subnetworks).
NIST Framework
A set of guidelines for private sector organizations in the United States to follow to be better prepared for identifying, detecting, and responding to cyber attacks.
OAuth
An open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords.
OSINT (Open Source Intelligence)
Data collected from publicly available sources to be used in an intelligence context.
OWASP (Open Web Application Security Project)
To improve the security of software, the Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted.
Patch Management
The process of distributing and applying updates to software. These patches are often necessary to correct errors (also referred to as "vulnerabilities" or "bugs") in the software.
Payload
The part of the malware which performs the malicious action.
PCI DSS
Payment Card Industry Data Security Standard. An information security standard for organizations that handle branded credit cards from the major card schemes.
Penetration Testing (Pentesting)
The practice of testing a computer system, network or web application to find security vulnerabilities that an attacker could exploit.
Phishing
The fraudulent attempt to obtain sensitive information or data, such as usernames, passwords and credit card details, by disguising oneself as a trustworthy entity in an electronic communication.
PKI (Public Key Infrastructure)
A set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption.
Ransomware
A type of malware from cryptovirology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid.
RAT (Remote Access Trojan)
A malware program that includes a back door for administrative control over the target computer.
RBAC (Role-Based Access Control)
A policy-neutral access-control mechanism defined around roles and privileges.
Red Team
An independent group that challenges an organization to improve its effectiveness by assuming an adversarial role or point of view.
Rootkit
A collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the existence of other software.
Sandbox
A security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading.
SIEM (Security Information and Event Management)
Software products and services combine security information management (SIM) and security event management (SEM). They provide real-time analysis of security alerts generated by applications and network hardware.
SOC (Security Operations Center)
A centralized unit that deals with security issues on an organizational and technical level.
Social Engineering
The psychological manipulation of people into performing actions or divulging confidential information.
Spoofing
A situation in which a person or program masquerades as another by falsifying data, to gain an illegitimate advantage.
SQL Injection (SQLi)
A code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution.
SSL (Secure Sockets Layer)
A standard security technology for establishing an encrypted link between a server and a client.
Steganography
The practice of concealing a file, message, image, or video within another file, message, image, or video.
Supply Chain Attack
A cyber-attack that seeks to damage an organization by targeting less-secure elements in the supply chain.
Threat Hunting
The process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions.
TLS (Transport Layer Security)
A cryptographic protocol designed to provide communications security over a computer network. Validates the identities of server and client applications.
Trojan Horse
A type of malware that looks like legitimate software but performs malicious actions.
Two-Factor Authentication (2FA)
A method of confirming users' claimed identities by using a combination of two different factors: 1) something they know, 2) something they have, or 3) something they are.
Virus
A type of computer program that, when executed, replicates itself by modifying other computer programs and inserting its own code.
VPN (Virtual Private Network)
Extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network.
Vulnerability
A weakness which can be exploited by a threat actor, such as an attacker, to cross privilege boundaries within a computer system.
WAF (Web Application Firewall)
A specific form of application firewall that filters, monitors, and blocks HTTP traffic to and from a web service.
Whaling
A specific form of phishing that is targeted at high-profile business executives and managers.
White Hat Hacker
An ethical computer hacker, or a computer security expert, who specializes in penetration testing and in other testing methodologies that ensure the security of an organization's information systems.
Worm
A standalone malware computer program that replicates itself in order to spread to other computers. It often uses a computer network to spread itself.
Zero Trust
A security concept centered on the belief that organizations should not automatically trust anything inside or outside its perimeters and instead must verify anything and everything trying to connect to its systems before granting access.
Zero-Day Exploit
An exploit for a vulnerability that is not yet known to the software vendor or the public.
Zombie
A computer connected to the Internet that has been compromised by a hacker, computer virus or trojan horse and can be used to perform malicious tasks of one sort or another under remote direction.