Editor’s phrase: The current article was initially revealed on September 16, 2020, and updated on December 7, 2023.
Have you ever learnt how a DMA assault works? Or what distinguishes Smurf assaults from Fraggle assaults? The cybersecurity {{industry}} is stuffed with technical phrases, jargon and industry-specific acronyms: realizing them is essential for anyone working inside the self-discipline.
That’s why, proper right here at ANY.RUN, we’ve created an alphabetical itemizing of key phrases every cybersecurity expert must know by coronary coronary heart (or, on the very least, recognized by coronary coronary heart the place to look them up).
How does this glossary work?
This glossary provides concise definitions for phrases and abbreviations usually current in cybersecurity articles, blogs, and totally different information security sources.
Use the desk of contents inside the left sidebar to leap to a particular letter, or scroll via the itemizing from A to Z.
A
Full of life Itemizing
Full of life Itemizing (AD) is a Microsoft service used for managing prospects, pc methods, and totally different sources inside a group. It makes use of a hierarchical building to rearrange objects and implement security insurance coverage insurance policies all through a House home windows setting. AD is a typical objective in lateral movement and privilege escalation assaults.
AES
AES stands for Superior Encryption Regular, a symmetric encryption algorithm that was established by the U.S. Nationwide Institute of Necessities and Know-how (NIST) in 2001. It’s extensively considered secure and surroundings pleasant, altering the older Data Encryption Regular (DES). AES is utilized in quite a few security protocols and strategies to encrypt information at rest and in transit.
ARP spoofing or ARP poisoning
ARP spoofing, additionally known as ARP poisoning, is an assault the place an attacker sends falsified ARP (Take care of Choice Protocol) messages over a neighborhood area group. This suggestions group devices into associating the attacker’s MAC cope with with an IP cope with of a dependable group helpful useful resource, like a router. The purpose is often to intercept, modify, or stop information guests.
ASCII
ASCII stands for American Regular Code for Information Interchange. It’s a persona encoding regular used for representing textual content material and administration characters in pc methods. Whereas not directly a cybersecurity time interval, ASCII is often associated in duties like information analysis and payload encoding all through security assessments.
Admin Privilege
Admin privilege grants an individual elevated rights to configure and deal with a system. In cybersecurity, these permissions are a high-value objective for attackers, as they will current full administration over strategies and networks.
Adware
Adware is a form of software program program that mechanically reveals or downloads selling supplies, normally inside the kind of pop-up commercials or banners, when an individual is on-line. Whereas not inherently malicious, adware can degrade system effectivity and particular person experience, and some variants might embody spyware and adware and adware capabilities.
Assault vector
An assault vector is a path or means by which an attacker optimistic facets unauthorized entry to a system or group. Examples of widespread assault vectors embody phishing emails, malicious web pages, and software program program vulnerabilities.
APT (Superior Persistent Danger)
A complicated malware actor, typically a laptop group that optimistic facets entry and stays hidden for prolonged intervals of time. APTs are generally state-sponsored and objective authorities and military organizations, along with perform military espionage.
Authentication
Authentication is the strategy of verifying the id of an individual, system, or service. It’s normally part of a broader entry administration mechanism, guaranteeing that solely licensed entities can entry sources. Authentication could also be carried out by checking distinctive information (PIN, Password), distinctive objects (Passport), or distinctive traits (Fingerprints, Voice, Face geometry).
B
Bashdoor
Bashdoor is a form of backdoor exploit that takes good thing about vulnerabilities inside the Bash shell, typically current in Unix and Linux strategies. This exploit permits an attacker to execute arbitrary directions on the objective system, normally bypassing typical security measures. Bashdoor assaults are considerably concerning on account of they will current full administration over a compromised system.
BAT file
A BAT file is a batch file utilized in DOS and House home windows environments to execute a group of directions. Whereas BAT info themselves shouldn’t malicious, attackers normally use them to automate duties like deploying malware or performing system modifications. Due to their talent to execute various directions in sequence, they’re typically involved in scripting assaults.
BGP (Border Gateway Protocol)
BGP is a routing protocol used to facilitate information change between fully totally different autonomous strategies on the Net. It performs a important place in how information travels all through networks. BGP is inclined to diversified assaults, paying homage to BGP hijacking, the place an attacker reroutes guests via malicious servers for information interception or group disruption.
Blackholing
Blackholing is a group safety method the place incoming guests is rerouted to a null or non-existent trip spot, efficiently dropping the packets. That’s normally used to mitigate DDoS assaults by directing malicious guests away from the targeted sources. However, it’s a blunt instrument that may also block dependable guests if not fastidiously configured.
Blind hijacking
Blind hijacking is an assault the place the attacker intercepts and modifies packets between two occasions with out each social gathering realizing that the knowledge has been altered.
Bluejacking
Bluejacking is an assault that exploits Bluetooth vulnerabilities to ship unsolicited messages or information to Bluetooth-enabled devices. It is normally considered low-risk and sometimes additional of a prank than a important assault.
Bluesnarfing
Bluesnarfing is a additional malicious kind of Bluetooth assault compared with bluejacking. In bluesnarfing, an attacker optimistic facets unauthorized entry to a Bluetooth-enabled system to steal delicate information like contacts, textual content material messages, and even administration the system.
Backdoor
A backdoor is a hidden method for bypassing common authentication or encryption in a laptop system, a product, or an embedded system. Attackers normally arrange backdoors to secure distant entry to a compromised system.
Black hat hacking
when a hacker performs actions with harmful intent, paying homage to stealing information or getting a ransom.
Brute stress assault
an assault that makes an try and guess an correct password by imputing as many random combos as attainable.
Block cipher
an algorithm that divides information into information blocks of fixed, equal measurement and subsequently encrypts or decrypts each block. A form of symmetric encryption.
Botnet
A gaggle of pc methods that had been invaded by malware which gave an attacker administration over each machine. Attackers use these machines to hold out malicious actions, paying homage to DDoS assaults or mail spam distribution. Owners of machines included inside the botnet typically don’t know in regards to the misuse of their {{hardware}}.
BYOD (Carry Your Private System)
a protection that determines whether or not or not employees are allowed to utilize their non-public devices at work and whether or not or not non-public devices could also be linked to the corporate group.
C
CAN (Controller Area Group)
CAN, or Controller Area Group, is a communication protocol typically utilized in automotive and industrial administration strategies. It permits microcontrollers and devices to talk without having a quantity laptop.
COM file
A COM file is a form of easy executable file format initially utilized in DOS strategies. These info have largely been modified by additional superior codecs like EXE, nonetheless they nonetheless could also be run in positive House home windows environments. Because of their simplicity, COM info are sometimes utilized in malware and assault campaigns to execute shellcode or deploy payloads.
C&C (Command and Administration server)
A Command and Administration server, normally abbreviated as C&C or C2, is a laptop managed by an attacker or authorized group to ship directions to strategies compromised with malware.
CSP (Content material materials Security Protection)
Content material materials Security Protection (CSP) is a security regular used to forestall cross-site scripting (XSS), clickjacking, and totally different code injection assaults. It permits web administrators to specify which sources of content material materials are permitted on an web internet web page, blocking the browser from loading one thing from unauthorized sources.
Cryptojacking
A form of cyber-attack that hijacks part of the system’s power to mine cryptocurrency with out the particular person’s consent.
Catfishing
An act of constructing a model new, fake social-media account of a non-existing particular person and subsequently use this account to deceive a particular explicit particular person.
Ciphertext
a state of data produced by the encryption course of. Ciphertext appears random, nonetheless information on this format could also be decrypted and restored to the distinctive kind using a decryption key.
Clickjacking
An assault method that makes prospects click on on on malicious URLs with out realizing that they interacted with them. This can be carried out by hiding exact interactive content material materials beneath a cover-web internet web page that reveals seemingly harmless content material materials. However, when clicking prospects work along with content material materials beneath that they don’t even see.
CND (Laptop computer Group Safety)
A set of inside measures carried out to secure a group from exterior assaults. The measures that make up a Laptop computer Group Safety are outlined inside the security protection of a given agency.
Cracker
A additional technically acceptable synonym of the phrase “hacker”, that is a lot much less used exterior of the cybersecurity group and thus a lot much less recognized.
Important infrastructure
Primarily probably the most important strategies or networks for enterprise or state. The compromise of such strategies will lead to devastating aftermath.
CVE (Widespread Vulnerabilities and Exposures)
CVE is a public registry of all recorded assaults, exploits, and vulnerabilities, created by the MITRE non-profit. It is doubtlessly basically probably the most full cyber-security database on the planet.
Cryptography
The science of privateness, information integrity, and authentication methods. Cryptography analysis methods of encrypting — a reversible conversion of data using a secret algorithm or key into encrypted, seemingly random textual content material.
Cookie file
A cookie file is a smal textual content material file saved on an individual’s laptop by an web browser. Cookies are used to retailer information like login states, particular person preferences, or monitoring information.
Cyber employees
A gaggle of individuals employed to develop, maintain, and improve cybersecurity measures for an organization or a state. Cyber Teams perform penetration testing, scan networks for vulnerabilities, and educate employees about cybersecurity.
D
Data integrity
Data integrity proves that information has not been modified or altered in any means. Cryptographic hashing is employed to retrieve a price by considering the distinctive information. When hashing is carried out subsequently the retrieved price must maintain the an identical to level that the knowledge remained intact.
Data mining
A technique of analyzing volumes of data in an effort to find basically probably the most worthwhile information, referred to as meta-data.
Data theft
An act of taking information with out the proprietor’s consent, via bodily stealing {{hardware}} that hosts the knowledge or leaking information.
DDoS (Distributed Denial of Service) assault
A cyberattack that targets to disrupt the operation of a service, normally by overloading the servers with incoming requests. Akin to when 1000’s of requests are made to the server previous its functionality to course of them.
Decryption
A course of that reverts ciphertext once more to its distinctive kind using a secret key. As an illustration, decrypting is how victims of ransomware assaults restore information, by using publicly on the market decrypting firms or by buying the essential factor though paying the ransom.
Deep web
The deep web refers to parts of the online that are not listed by standard serps like google and yahoo. This comprises private databases, password-protected web pages, and personal electronic message accounts. Reverse to some perceptions, the deep web is not going to be synonymous with illegal actions.
DES
DES stands for Data Encryption Regular, an older symmetric-key algorithm for encrypting digital information. It was as quickly as a federal regular nonetheless was modified by AES attributable to its vulnerability to brute-force assaults.
DHCP snooping
DHCP snooping is a security attribute on switches that filters DHCP guests to forestall rogue DHCP server assaults. The attribute builds a desk of dependable IP cope with leases, blocking unauthorized DHCP messages.
DMA assault
DMA stands for Direct Memory Entry, and a DMA assault exploits this performance to immediately be taught or write to a system’s memory. This bypasses the CPU and dealing system, normally subverting common authentication mechanisms. DMA assaults require bodily entry to a system and are typically executed via ports like Thunderbolt or FireWire.
Digital forensics
The strategy of amassing particulars about doubtlessly illegal actions inside a laptop group to present found information in a courtroom of laws.
DLP (Data Loss Prevention)
A set of measurements and pointers that an organization makes use of to forestall the dearth of information via leakage due to cyberattacks, malicious actions from all through the agency, or {{hardware}} failure.
DMZ (Demilitarized Zone)
An isolated extension of a personal group, which is protected by a firewall and open to exterior connections, making select information publicly on the market.
DNS
DNS stands for Space Title System. It’s the protocol that interprets human-readable domains to IP addresses, allowing browsers to load Net sources. DNS is a important part of internet infrastructure nonetheless may also be inclined to assaults like DNS poisoning and DNS hijacking.
DNS hijacking
DNS hijacking is an assault the place the attacker redirects queries to a novel DNS server, normally for malicious capabilities like phishing or guests interception. This can be carried out by compromising an individual’s DNS settings or by attacking the DNS server itself.
DNS poisoning
DNS poisoning is an assault that inserts corrupt DNS cache entries to redirect queries to malicious web sites. In distinction to DNS hijacking, which targets the particular person’s settings or server, DNS poisoning focuses on corrupting the DNS resolver cache.
DOC
DOC is a file extension used for Microsoft Phrase paperwork. Whereas typically used for text-based info, DOC info can comprise macros and scripts, which can very properly be malicious.
DOCX
DOCX is a additional modern file extension used for Microsoft Phrase paperwork, launched with Phrase 2007. In distinction to DOC, it makes use of XML-based formatting and is way much less susceptible to macro viruses attributable to its building. However, it is going to probably nonetheless be weaponized via embedded hyperlinks or malicious macros as part of social engineering assaults.
Space fronting
Space fronting is a technique used to bypass group censorship or monitoring by making outgoing requests appear as within the occasion that they’re headed to a benign space, whereas the exact trip spot is a novel, doubtlessly restricted web site. That’s achieved via layers of HTTP and DNS trickery.
Space title kiting, space kiting
Space kiting is the apply of registering a web site title after which repeatedly canceling and re-registering it in the middle of the grace interval to stay away from paying registration prices.
Space shadowing
Space shadowing is an assault method the place an attacker optimistic facets entry to a web site registration account to create subdomains with out the proprietor’s knowledge. These rogue subdomains are then used for malicious actions like web internet hosting phishing web sites or C&C servers.
DoS assault
A DoS, or Denial of Service assault, targets to make a targeted system or group unavailable by overwhelming it with guests or exploiting vulnerabilities to set off a crash. In distinction to DDoS assaults, which include various strategies, a DoS assault normally originates from a single provide.
Downgrade assault
A downgrade assault forces a system to fall once more to a a lot much less secure mannequin of a protocol or weaker encryption algorithms. This makes it less complicated for an attacker to reap the benefits of recognized vulnerabilities inside the outdated protocol. Downgrade assaults can occur in quite a few eventualities, paying homage to all through SSL/TLS handshakes.
Drive-by get hold of
A form of cyberattack the place the sufferer’s laptop turns into compromised mechanically after visiting a malicious site. Assaults like this are made attainable by leveraging the pure tendency of web browsers to mechanically execute JavaScript code, which creates a potential vulnerability.
E
Piece of email spoofing
Piece of email spoofing is the apply of sending emails with a strong sender cope with to deceive recipients. This technique is often utilized in phishing assaults to comprehend the assumption of the objective.
EDR (Endpoint Detection & Response)
Endpoint Detection and Response (EDR) is a bunch of cybersecurity merchandise that focus on monitoring and responding to security threats on explicit particular person devices — or endpoints. Antivirus software program program belongs to this group, amongst totally different devices.
EMET (Enhanced Mitigation Experience Toolkit)
EMET was a free Microsoft machine to boost House home windows security by making use of strategies that made it extra sturdy for attackers to reap the benefits of software program program vulnerabilities. It’s now retired, with its choices built-in into House home windows 10.
Evil Maid Assault
An Evil Maid Assault is when an attacker optimistic facets entry to a sufferer’s unattended laptop. The title stems from a state of affairs by which an adversary was able to entry the sufferer’s pocket e book left in a resort room. The assault targets to compromise security by tampering with {{hardware}} or placing in malicious software program program to steal delicate information or encryption keys.
EAP (Extensible Authentication Protocol)
EAP, or Extensible Authentication Protocol, is a framework utilized in group communication for secure authentication. It permits quite a few authentication methods to be used, paying homage to passwords, digital certificates, or token-based authentication, to determine a secure connection between a consumer and a server. EAP is normally utilized in Wi-Fi networks and VPNs to guarantee that solely licensed prospects can entry group sources.
Evergreen
A laptop program that is usually updated to complicate hacking assaults and improve usability.
Encoding
A technique of taking a readable information format and encrypting using a personal key to amass ciphertext.
F
False Flag
A False Flag operation is when an entity or explicit particular person carries out an movement, like a cyberattack, and makes it seem to be one other particular person did it. That’s carried out to divert blame or confuse investigators.
Fast Flux
Fast Flux is a technique utilized in cyberattacks to cowl the true location of malicious servers or web pages. It entails rapidly altering the IP addresses associated to a web site title via a group of compromised or “flux” machines.
FDE (Full Disk Encryption)
Full Disk Encryption (FDE) is a security know-how that encrypts a whole storage system, paying homage to a tricky drive or solid-state drive, to protect the knowledge saved on it. With FDE enabled, all the knowledge on the disk is mechanically encrypted, making it unreadable with out the acceptable decryption key or password.
Firewall
A filter that companies use to dam undesirable group guests. Firewalls whitelist incoming requests primarily based totally on a set of pre-defined parameters. In several phrases, by default they block all incoming guests, treating all requests as doubtlessly harmful.
Fraggle Assault
A Fraggle Assault is a network-based distributed denial-of-service (DDoS) assault that is very similar to a Smurf Assault. It entails the attacker sending an enormous amount of Net Administration Message Protocol (ICMP) echo request packets (ping) to an IP broadcast cope with, normally using IP addresses that don’t belong to them. These packets are then broadcasted to various hosts on the group, inflicting these hosts to answer to the sufferer’s IP cope with with ICMP echo replies, overwhelming the sufferer’s group bandwidth and inflicting a denial of service.
H
Hash
A Hash is a code utilized in cryptography to point out readable information into an encrypted string of textual content material with a set measurement. Making use of the an identical hash to information twice signifies that information has not been altered, as long as the output would not change.
Hacktivism
Hacktivism is hacking that is carried out out of principle or for a set off fairly than to comprehend income. Hacktivists normally defend their actions claiming that what they do is for the exact set off, however, in quite a few situations it is nonetheless illegal.
Heap Spraying
Heap spraying is a malicious method utilized in cyberattacks to reap the benefits of vulnerabilities in software program program functions. It entails flooding a program’s memory (heap) with an enormous amount of malicious code or information, normally inside the kind of shellcode or payloads. By doing so, attackers function to increase the chance that their malicious code shall be executed when the weak program’s memory is corrupted or manipulated.
Honeypot
A honeypot is a defensive decoy that mimics the operation of an precise system to trick hackers into attacking it, in its place of the manufacturing sources of an organization. Honeypots are used to make attackers waste as so much time as attainable and to assemble particulars about new malicious strategies.
HTTP (Hypertext Change Protocol)
Hypertext Change Protocol (HTTP) is the muse of data communication on the World Broad Web. It is an utility layer protocol used for transmitting and receiving information between a consumer (typically an web browser) and a server (the place web pages are hosted).
HTTPS (Hypertext Change Protocol Secure)
Hypertext Change Protocol Secure (HTTPS) is a secure mannequin of the same old HTTP protocol. HTTPS encrypts the knowledge transmitted between the patron and server, guaranteeing that it could possibly’t be merely intercepted or tampered with by malicious actors. This encryption is normally achieved using SSL/TLS (Secure Sockets Layer/Transport Layer Security) protocols.
I
Id cloning
This could be a authorized train by which the attacker takes on the id of 1 different precise particular person and makes use of it for his or her very personal obtain, typically to hold out actions that they won’t do with the true id, like accessing a credit score rating line.
IMAP (Net Message Entry Protocol)
IMAP is an electronic message protocol that allows prospects to entry and deal with electronic message messages saved on a distant server. It helps electronic message synchronization all through various devices, providing flexibility in electronic message administration.
IDS (Intrusion Detection System)
IDS is a passive cyber-defense system that shows the group for unauthorized connections and performs defensive actions if such connections are found.
IPS (Intrusion Prevention System)
IPS is an brisk security system that is designed to uncover cyber-attack makes an try and mechanically take measures to chop again their possibilities of success.
IP Take care of (Net Protocol Take care of)
An IP cope with, temporary for Net Protocol cope with, is a singular numerical label assigned to each system linked to a laptop group that makes use of the Net Protocol for communication.
IPv4 (Net Protocol mannequin 4)
IPv4, or Net Protocol mannequin 4, is a extensively used addressing scheme for determining devices on a laptop group. It makes use of a 32-bit numerical cope with, typically displayed in 4 items of decimal numbers separated by intervals (e.g., 192.168.1.1).
IPv6 (Net Protocol mannequin 6)
IPv6, or Net Protocol mannequin 6, is an upgraded and expanded mannequin of IPv4. It makes use of a 128-bit numerical cope with format, which provides an astronomically larger number of distinctive addresses. IPv6 addresses are normally represented as a group of hexadecimal numbers separated by colons (e.g., 2001:0db8:85a3:0000:0000:8a2e:0370:7334).
IRP (Incident Response Platform)
An Incident Response Platform (IRP) is a whole software program program reply designed to assist organizations in efficiently managing and responding to cybersecurity incidents. It provides a centralized platform for detecting, analyzing, and mitigating security threats and breaches.
iSCSI (Net Small Laptop computer System Interface)
ISCSI is a protocol used for enabling the change of block-level information between a laptop and a storage system over an IP group. It permits distant storage devices, often known as cupboard space networks (SANs), to look as in the event that they’re domestically linked to a laptop or server.
Okay
Keylogger
Generally, a keylogger is a bug, additional rarely {{hardware}}, that knowledge the interactions of the sufferer with their keyboard, allowing to see what delicate information the sufferer has typed.
Kerberos
Kerberos is a group authentication protocol designed to provide secure authentication for purchasers and firms over a non-secure group, such as a result of the online. It makes use of encryption and a trusted third-party authentication server to verify the identities of shoppers and firms.
KRACK assault (Key Reinstallation Assault)
The Key Reinstallation Assault, typically typically known as KRACK, is a cybersecurity vulnerability that impacts Wi-Fi networks secured with the WPA2 (Wi-Fi Protected Entry 2) protocol, which is normally used for securing wi-fi communication. KRACK exploits weaknesses inside the WPA2 protocol to intercept and manipulate information transmitted over a Wi-Fi group.
L
L2TP (Layer 2 Tunneling Protocol)
L2TP is a networking protocol that allows the creation of digital private networks (VPNs). It operates on the information hyperlink layer and is often utilized in combination with one different encryption protocol, like IPsec, to strengthen security.
LAN (Native Area Group)
Lan is a laptop group that is linked inside a restricted home, paying homage to all through the constraints of a single establishing.
LDAP (Lightweight Itemizing Entry Protocol)
LDAP is a group protocol used for accessing and managing itemizing information. It’s normally utilized in authentication, authorization, and itemizing firms for quite a few functions and strategies.
LotL Assault (Residing off the Land Assault)
A LotL assault is a cyberattack method the place menace actors use dependable system devices and utilities to carry out malicious actions, making their actions extra sturdy to detect. Devices leveraged in LotL assaults might embody PowerShell, House home windows Administration Instrumentation (WMI), or scripting languages like Python and JavaScript.
LTE (Prolonged Time interval Evolution)
LTE, or Prolonged Time interval Evolution, is a standard for wi-fi broadband communication. It is part of the 4G (fourth period) know-how family and is designed to provide faster and further surroundings pleasant cell information communication than its predecessor, 3G (Third Period).
Hyperlink jacking
Hyperlink jacking is a spam-like apply of purposefully misrepresenting the holiday spot of a hyperlink on a site. As an illustration, when an business seems to be directed to a product internet web page, nonetheless in its place takes the particular person to a random internet web page oversaturated with advert banners.
M
MAC cope with (Media Entry Administration Take care of)
A MAC cope with, additionally known as a {{hardware}} cope with or bodily cope with, is a singular identifier assigned to a group interface controller (NIC) on a software. It consists of a group of hexadecimal numbers and is used to find out devices on a neighborhood group part.
MAC flooding
MAC Flooding is a group assault that exploits the limitation of switches in Ethernet networks. On this assault, the attacker sends a flood of strong Ethernet frames, each with a novel, spoofed MAC cope with. The intention is to overwhelm the swap’s MAC cope with desk, inflicting it to enter a fail-open mode, the place it begins broadcasting incoming guests to all ports in its place of forwarding it to the correct trip spot.
Malvertising (Malicious Selling)
Malvertising is a cyber menace method the place malicious code or malware is hid inside on-line commercials. Cybercriminals use malvertising to ship malware to unsuspecting prospects as soon as they go to dependable web pages that present these commercials.
MBR (Grasp Boot Report)
The MBR, or Grasp Boot Report, is a crucial information building located initially of a storage system, paying homage to a tricky drive or SSD, that is used as properly a laptop’s working system. It includes the preliminary code that the laptop’s BIOS or UEFI firmware executes in the middle of the boot course of.
MD5 (Message Digest Algorithm 5)
MD5 is a cryptographic hash function that produces a 128-bit (16-byte) hash price from an enter information or message. It’s extensively used for information integrity and checksum capabilities.
Suggest Time to Reply (MTTR)
Suggest Time to Reply, normally abbreviated as MTTR, is a key effectivity indicator (KPI) in incident response and cybersecurity. It measures the standard time period it takes for an organization to detect and reply to a security incident as quickly because it has occurred.
Memory Scraper
A memory scraper is a form of malware designed to scan and seize delicate information immediately from a laptop’s RAM. It’s considerably adept at extracting information paying homage to financial institution card numbers, usernames, passwords, and totally different confidential information which can be saved in momentary memory whereas an individual is interacting with functions or making on-line transactions.
MITB assault (Man-in-the-Browser Assault)
A Man-in-the-Browser (MITB) assault is a form of cyberattack the place a malicious actor inserts their code proper right into a sufferer’s web browser, allowing them to intercept and manipulate web communication between the particular person and web pages.
MitD assault (Man-in-the-Disk Assault)
A Man-in-the-Disk (MitD) assault is a form of security vulnerability and assault vector that targets the way in which through which cell functions cope with storage and information on a software’s exterior storage, paying homage to an SD card. In a MitD assault, a malicious actor takes good thing about weak permissions or insufficient security measures in cell apps. They place malicious info or manipulate present info inside the exterior area for storing, the place the targeted app retailers information.
MITM Assault (Man-in-the-Middle Assault)
A Man-in-the-Middle (MITM) assault is a cyberattack the place an unauthorized third social gathering intercepts and doubtlessly manipulates communication between two occasions with out their knowledge. To carry out a MITM assault, an attacker normally positions themselves between the sufferer and the dependable social gathering, performing as a covert intermediary. This can be achieved via quite a few strategies, paying homage to ARP spoofing, DNS spoofing, or utilizing malicious proxy servers.
MITRE ATT&CK
MITRE ATT&CK is a public helpful useful resource that includes information of earlier cyberattacks. An indispensable helpful useful resource for cybersecurity researchers attempting to develop their knowledge about malicious strategies utilized by hackers.
N
.NET
The .NET (pronounced dot-net) framework is a software program program enchancment platform developed by Microsoft. It provides a whole setting for establishing and dealing quite a few kinds of functions, along with web, desktop, and cell functions.
NetBIOS
NetBIOS, temporary for Group Major Enter/Output System, is a legacy networking protocol used for communication between devices on a neighborhood area group (LAN).
NAT (Group Take care of Translation)
NAT, or Group Take care of Translation, is a know-how utilized in networking to modify group cope with information whereas in transit. It permits various devices inside a personal group to share a single public IP cope with for accessing sources on the internet.
NGFW (Subsequent-Period Firewall)
A Subsequent-Period Firewall (NGFW) is a security tools or software program program reply that mixes standard firewall efficiency with superior security options. NGFWs transcend basic packet filtering and stateful inspection to provide additional full security measures. They normally embody intrusion detection and prevention strategies (IDPS), application-aware filtering, deep packet inspection, and SSL/TLS decryption capabilities.
O
OLE (Object Linking and Embedding)
Object Linking and Embedding (OLE) is a know-how developed by Microsoft that allows fully totally different functions to share and manipulate objects or information. With OLE, you’ll embed objects created in a single utility, paying homage to a spreadsheet or a chart, into one different utility like a doc or presentation.
OpenID
OpenID is an open-standard protocol used for single sign-on (SSO) authentication. It permits prospects to utilize a single set of login credentials to entry various web pages or functions with out the need to create and remember separate usernames and passwords for every.
OSINT (Open-Provide Intelligence)
Open-Provide Intelligence (OSINT) is the apply of amassing, analyzing, and using publicly on the market information from quite a few sources to gather insights and intelligence. OSINT sources embody web pages, social media, info articles, public knowledge, and further.
Overlaying Assault
An overlaying assault is a cybersecurity menace the place an attacker creates a deceptive layer or overlay on prime of a dependable interface or utility. The purpose of this assault is to trick prospects into interacting with the malicious overlay, normally to steal delicate information like login credentials or financial institution card particulars. Overlaying assaults are generally associated to phishing and social engineering methods.
Outsider menace
Outsider menace is a potential hazard that is likely coming from an out of doors provide like a competing group, one different state, or a vindictive ex-worker.
OWASP (Open Web Software program Security Problem)
OWASP is a longtime on-line group of fanatics who help web pages improve their cyber-defense via a wide range of devices and practices. This group focuses on discovering out assault patterns to be taught as so much as attainable about malware to assemble an environment friendly safety method.
P
Packet sniffing
Packet sniffing is a technique of taking information packets (parts of a laptop group transmission) and saving them for extra analysis by a group administrator or a security researcher.
Charge card skimmers
A price card skimmer is a gadget that works with Degree Of Sale terminals that hackers use to assemble value card information from victims when a plastic card is entered into the terminal.
Pen (Penetration) testing
Pen testing is a complicated cybersecurity course of that involved ethical hacking. Thus, cybersecurity professionals conduct a managed assault on a system using precise malware and malicious strategies to look out out the weak components inside the safety.
Phishing
Phishing is a malicious technique of uncovering delicate information by tricking the sufferer into willingly disclosing information as part of human interaction, paying homage to when replying to a textual content material message or an electronic message.
Piggyback purposes
A Piggyback program is software program program that comes together with a program that the particular person downloaded explicitly. When the arrange of the precept software program program ends, it normally reveals a instant asking the particular person to acquire one different product inside the hope that the particular person mechanically clicks “Okay”.
PKI (Public Key Infrastructure)
PKI is a bunch of cryptographic security strategies designed to create a stronger cyber safety of communication and knowledge storage.
POS (Degree of Sale) intrusions
Degree of sale intrusion takes place when an attacker hacks a POS terminal in a bodily retailer or on a site that helps on-line check-out. POS intrusions function to steal financial institution card information from victims that make purchases at a targeted group.
POP3 (Publish Office Protocol 3)
POP3, or Publish Office Protocol 3, is a standard electronic message protocol used for receiving emails from a mail server to a consumer system, paying homage to an electronic message shopper or utility. When you configure an electronic message shopper with POP3 settings, it connects to the mail server, downloads incoming emails to the patron system, and normally removes them from the server
Punycode
Punycode is a way used to encode Internationalized Space Names (IDNs) proper right into a format that is appropriate with the ASCII character set. IDNs allow domains to include non-ASCII characters, paying homage to accented letters or characters from quite a few languages. Punycode converts these non-ASCII characters proper right into a standardized ASCII illustration, making it attainable for browsers and totally different internet functions to appropriately course of and present domains with worldwide characters.
R
RAT (Distant Entry Trojan)
A RAT, or Distant Entry Trojan, is malicious software program program that allows an attacker to comprehend unauthorized entry and administration over a sufferer’s laptop or group. As quickly as deployed, a RAT permits distant monitoring, information theft, and the pliability to execute directions on the compromised system.
Ransomware
a form of bug that encrypts the sufferer’s information and threatens that entry to the knowledge shall be fully misplaced, besides a ransom is paid. Ransomware normally drop a ransom phrase on the desktop, which includes instructions on restoring the knowledge. The phrase directs victims to a site, the place they will purchase a decryption key with a cryptocurrency value.
RAAS (Ransomware as a Service)
RAAS is a way of distributing ransomware when malware creators distribute this technique to buyers in change for money, fairly than working the malware themselves. Purchasers who purchase RAAS normally purchase the malware assemble, entry to an operations dashboard along with entry to technical assist.
RC4 (Rivest Cipher 4)
RC4, temporary for Rivest Cipher 4, is a extensively used stream cipher encryption algorithm. It’s recognized for its simplicity and tempo in encrypting information.
RDP (Distant Desktop Protocol)
RDP, or Distant Desktop Protocol, is a proprietary Microsoft protocol that allows distant entry to a laptop or server over a group connection.
Distant Shell
A distant shell, sometimes abbreviated as “RShell” or “rsh,” is a group communication machine that allows prospects to execute directions on a distant laptop or server from a neighborhood machine. It permits for command-line interaction with a distant system, facilitating duties like file transfers, system administration, and troubleshooting. Distant shells could also be useful for dependable capabilities, nonetheless they are often exploited by malicious actors to comprehend unauthorized entry to strategies.
RSA (Rivest-Shamir-Adleman)
RSA, which stands for Rivest-Shamir-Adleman, is a widely-used public key encryption algorithm in modern cryptography. It’s named after its inventors Ron Rivest, Adi Shamir, and Leonard Adleman. RSA operates using a pair of cryptographic keys: a public key for encryption and a personal key for decryption. Data encrypted with most people key can solely be decrypted using the corresponding private key, which provides a secure method to transmit delicate information over untrusted networks.
RTF (Rich Textual content material Format)
RTF, or Rich Textual content material Format, is a file format used for textual content material paperwork that comprise formatting information, paying homage to font varieties, colors, and formatting attributes. They’re typically used for creating paperwork that should retain fixed formatting all through fully totally different software program program and dealing strategies. RTF can comprise embedded malware or malicious macros.
Rootkit
Rootkit is a form of bug which differentiates itself from totally different malware kinds by its stealth capabilites. Rootkits obtain the chief correct to the OS of an contaminated machine and take measures to forestall detection, allowing them to stay hidden over time and accumulate as so much information as attainable.
S
SASE (Secure Entry Service Edge)
SASE, or Secure Entry Service Edge, is a cybersecurity model that integrates group security and wide-area networking (WAN) capabilities proper right into a cloud-based service. It ensures secure and scalable entry to group sources for distant prospects and division workplaces, simplifying group construction and enhancing security by transferring important capabilities to the cloud.
Sandboxing
Sandboxing is a course of of constructing an isolated setting and launching purposes and even whole working strategies inside created playgrounds to guage their conduct or conduct analysis whereas defending the precept system.
Secure side
A secure side is a loyal and tamper-resistant {{hardware}} half inside a software, paying homage to a smartphone or a clever card, designed to retailer and defend delicate information, along with cryptographic keys, biometric information, and value credentials.
SCADA (Supervisory Administration and Data Acquisition)
SCADA is a set of actions and logging protocols used to file information to automate the functioning of giant and complicated laptop strategies.
SD-WAN
SD-WAN, temporary for Software program program-Outlined Broad Area Networking, is a know-how that simplifies and optimizes the administration of giant area networks (WANs). It achieves this by using software-based approaches to manage and direct information guests all through the WAN.
SSID (Service Set Identifier)
An SSID, or Service Set Identifier, is a singular alphanumeric identifier assigned to a wi-fi group. It serves as a result of the title of the group and permits wi-fi devices to find out and join with a particular Wi-Fi group.
SHA (Secure Hash Algorithm)
SHA, which stands for Secure Hash Algorithm, refers to a family of cryptographic hash capabilities used to supply fixed-length hash values from variable-length enter information. Widespread SHA algorithms embody SHA-1, SHA-256, and SHA-3, each with varied ranges of security.
Side Channel Assault
A side channel assault is a form of cybersecurity assault that exploits unintended information leakage from a bodily system all through its operation. In its place of immediately concentrating on cryptographic algorithms or software program program vulnerabilities, side channel assaults cope with capturing information, paying homage to power consumption, electromagnetic radiation, or timing information, that is unintentionally emitted by a software.
Sinkholing
Sinkholing is a cybersecurity method used to divert malicious group guests away from its meant trip spot to a managed and secure location, normally managed by security researchers or group administrators.
SIEM (Security Information and Event Administration)
SIEM is a framework that dictates fastened requiring security evaluation, serving to to look out irregularities or violations of the security protocol.
SOAR (Security Orchestration, Automation, and Response)
SOAR, or Security Orchestration, Automation, and Response, is a cybersecurity know-how stack that streamlines incident response processes. SOAR platforms mix and automate security devices, enabling surroundings pleasant response to security incidents, threats, and vulnerabilities.
SOPs (Regular Working Procedures)
SOPs, sometimes referred to as “security protection,” is a set of pointers inside the group that must be adopted by all employees to deal with high-level cybersecurity.
Smurf Assault
A Smurf assault is a form of Distributed Denial of Service (DDoS) assault that targets a sufferer’s group by exploiting Net Administration Message Protocol (ICMP) and IP broadcast addresses. In a Smurf assault, the attacker sends quite a few ICMP echo request (ping) packets to an IP broadcast cope with on a group. This causes all devices on the group to answer to the sufferer’s IP cope with with ICMP echo replies, overwhelming the sufferer’s group with an excessive amount of tourists.
SPAM
Spam is an intrusive, undesirable, and sometimes low-quality content material materials or messages which may be normally distributed in mass batches to quite a few contacts.
Spear phishing
Spear phishing is an assault the place an adversary employs social engineering strategies and a targeted technique to leverage precise contacts of the sufferer. Custom-made content material materials makes spear-phishing assaults significantly dangerous given that attacker can trick the sufferer into contemplating that they are dealing with a dependable entity.
Spy ware
Spy ware is a form of bug that knowledge particular person actions and sends them to the attacker. It might exist in a lawful kind when operated by selling firms to check purchaser conduct or as malware when utilized by hackers in illegal functions.
SQL Injection
SQL injection is a malicious method by which an attacker exploits vulnerabilities in an web utility’s enter validation to control an SQL query despatched to a database. By injecting malicious SQL code into particular person inputs, paying homage to textual content material fields or URLs, attackers can trick the equipment into executing unintended database directions.
SSH (Secure Shell)
SSH, or Secure Shell, is a cryptographic group protocol that allows secure distant entry, authentication, and information communication between pc methods over unsecured networks, such as a result of the online. SSH encrypts all information transmitted between the patron and server, safeguarding in opposition to eavesdropping and unauthorized entry.
SSL (Secure Sockets Layer)
SSL, or Secure Sockets Layer, is a cryptographic protocol that ensures secure and encrypted communication between an individual’s web browser and an web server. SSL is designed to determine a secure connection for transmitting delicate information, paying homage to login credentials, financial institution card information, and personal particulars, over the online. It is typically used along with the HTTP protocol (HTTPS).
Stack Smashing
Stack smashing, additionally known as a buffer overflow, is a cybersecurity vulnerability and exploitation method that occurs when an attacker injects additional information proper right into a buffer (a quick information cupboard space) than it is going to probably keep. This additional information overflows into adjoining memory areas, doubtlessly corrupting or altering important program information and administration motion.
Stalkerware
Stalkerware is a form of malicious software program program that is put in on a sufferer’s system, normally with out their knowledge or consent, to secretly monitor and file their actions.
Symlink (Symbolic Hyperlink)
A symlink, temporary for symbolic hyperlink, is a reference or pointer to a distinct file or itemizing in a filesystem. In distinction to a tricky hyperlink, which components on to the knowledge of the objective file or itemizing, a symlink is a separate file that includes a path or reference to the objective.
T
TCP (Transmission Administration Protocol)
TCP, or Transmission Administration Protocol, is among the many core protocols of the Net Protocol (IP) suite and is chargeable for reliable information transmission between two devices over a group. TCP provides a connection-oriented and error-checking communication method, guaranteeing that information despatched from one system is obtained exactly and inside the acceptable order by the receiving system.
Danger intelligence
Danger intelligence comprises any and all information that an organization has regarding earlier, current, or future cybersecurity threats. Danger intelligence information is utilized by cybersecurity professionals to defend in opposition to potential assaults.
Trojan (Trojan Horse)
Trojan is a bug that suggestions the particular person into contemplating that it is harmless and makes use of social engineering strategies to manage the sufferer into downloading the malware and starting the execution course of.
TOR (The Onion Router)
TOR, temporary for The Onion Router, is a privacy-focused group know-how that facilitates anonymous internet communication. It achieves anonymity by routing information via a group of volunteer-operated servers, or “nodes,” with each node peeling away a layer of encryption, akin to layers of an onion.
TLS (Transport Layer Security)
TLS, or Transport Layer Security, is a cryptographic protocol used to secure information transmission over a group, normally the online. It ensures that information exchanged between two strategies stays private and tamper-proof all through transit. TLS encrypts information by making a secure “tunnel” between a consumer (e.g., an web browser) and a server (e.g., a site).
TPM (Trusted Platform Module)
A TPM, or Trusted Platform Module, is a hardware-based security half built-in into pc methods and devices to strengthen their security. It retailers cryptographic keys, passwords, and totally different delicate information, defending them from software-based assaults and unauthorized entry.
U
UDP (Client Datagram Protocol)
UDP, temporary for Client Datagram Protocol, is among the many core transport layer protocols in laptop networking. It operates on prime of the Net Protocol (IP) and is used for sending information packets all through a group. In distinction to TCP (Transmission Administration Protocol), UDP is connectionless and would not arrange a loyal, reliable connection sooner than sending information. This makes UDP faster nonetheless a lot much less reliable, as a result of it would not guarantee provide or order of packets.
UEBA (Client and Entity Habits Analytics)
UEBA, which stands for Client and Entity Habits Analytics, is a cybersecurity know-how that focuses on monitoring and analyzing the conduct of shoppers and entities (paying homage to devices and functions) inside a group or system. It makes use of machine finding out and superior analytics to determine a baseline of standard conduct for purchasers and entities. When deviations from this baseline occur, UEBA can detect potential security threats or anomalies, paying homage to insider threats or unauthorized entry.
UEFI (Unified Extensible Firmware Interface)
UEFI, which stands for Unified Extensible Firmware Interface, is a up to date substitute for the usual BIOS (Major Enter/Output System) that is used to initialize and deal with the {{hardware}} components of a laptop in the middle of the boot course of.
URL spoofing
URL spoofing is a deceptive apply by which an attacker creates a fake or fraudulent web cope with (URL) that rigorously resembles a dependable one.
UAF (Use-After-Free)
Use-After-Free, abbreviated as UAF, is a important software program program vulnerability that occurs when a program or utility tries to entry or use memory that has been beforehand freed or deallocated.
Client Agent
A Client Agent, often known as a UA, is a bit of software program program or an utility that acts on behalf of an individual when interacting with web servers or on-line firms. It is a important a part of the HTTP request despatched by a consumer (paying homage to an web browser) to an web server when requesting an web internet web page or helpful useful resource. The Client Agent string, normally included inside the HTTP headers, includes particulars concerning the shopper software program program, along with its title, mannequin, and sometimes additional particulars in regards to the working system and system.
USSD (Unstructured Supplementary Service Data)
USSD, or Unstructured Supplementary Service Data, is a communication protocol utilized by cellphones to ship text-based messages between the system and a cell group’s servers. In distinction to SMS (Fast Message Service), which is store-and-forward and may be delayed, USSD messages are despatched in real-time and are sometimes used for interactive communication.
V
VBS (Seen Major Script)
VBS, temporary for Seen Major Script, is a scripting language developed by Microsoft. It is normally used for automating duties, creating small functions, and customizing the conduct of House home windows working strategies. VBS scripts are written in plain textual content material and could also be executed using the House home windows Script Host (WSH) or totally different scripting engines. Malicious actors normally use VBS for harmful capabilities, paying homage to distributing malware.
VNC (Digital Group Computing)
VNC, which stands for Digital Group Computing, is a distant desktop protocol and software program program utility that allows prospects to manage and take a look at the graphical desktop of a distant laptop or server over a group connection.
VLAN (Digital Native Area Group)
VLAN, which stands for Digital Native Area Group, is a group segmentation method used to divide a bodily group into various logical subnetworks. These subnetworks are isolated from one another, even though they share the an identical bodily group infrastructure.
Virus
A virus is a form of malware that normally appends to a grasp file and executes when the sufferer interacts with the host file. Malware of this sort unfold to totally different objects and even totally different pc methods inside the group with particular person interactions.
Vishing
Vishing is a phishing assault event by which the attacker used Voice over IP protocol to call one different VoIP particular person, enabling to talk with the sufferer verbally.
W
Watering Hole
A watering hole assault is a form of targeted cyberattack the place malicious actors compromise web pages or on-line sources which may be usually visited by a particular group of shoppers. The purpose is to infect the pc methods of the objective group by injecting malware into these dependable web pages.
WebDAV (Web Distributed Authoring and Versioning)
WebDAV, temporary for Web Distributed Authoring and Versioning, is an extension of the HTTP (Hypertext Change Protocol) that allows collaborative enhancing and administration of knowledge and paperwork on web servers.
WebRTC (Web Precise-Time Communication)
WebRTC, which stands for Web Precise-Time Communication, is an open-source enterprise and set of web utilized sciences that allows real-time communication immediately between web browsers and functions.
Wi-Fi Dissociation
Wi-Fi dissociation, often known as deauthentication, is a group security course of used to disconnect a consumer system from a Wi-Fi group. This movement is normally taken by group administrators to forestall unauthorized entry or to deal with group sources.
Wildcard Certificates
A wildcard certificates is an SSL/TLS certificates used to secure various subdomains beneath a single space title. As an illustration, a wildcard certificates for “*.occasion.com” could secure “weblog.occasion.com,” “retailer.occasion.com,” and so forth. Whereas useful and cost-effective, wildcard certificates can pose a security hazard. If compromised, the attacker optimistic facets administration over all subdomains the certificates secures.
WEP
WEP stands for Wired Equal Privateness, an outdated encryption regular for wi-fi networks. Launched in 1997, WEP was found to have various vulnerabilities, making it comparatively easy to crack inside minutes. Due to its weaknesses, it has been largely modified by safer protocols like WPA and WPA2.
WPA and WPA2
WPA (Wi-Fi Protected Entry) and WPA2 are encryption protocols designed to secure wi-fi networks. WPA was developed as an interim reply to interchange the flawed WEP regular, whereas WPA2 is an enhanced mannequin that adopted. WPA2 makes use of the AES encryption regular and provides stronger security than WPA, which normally makes use of TKIP encryption. Every are considered far more secure than WEP nonetheless have to be configured accurately to maximise security.
Worm
A worm is a form of bug, which is focused on spreading to as many strategies as attainable by copying its code into info and spreading via networks. Worms was a most popular method to ship the final word malicious payload to victims, nonetheless at the moment they’re rarely used.
X
XXE assault
An XXE, or XML Exterior Entity, assault exploits vulnerabilities in XML parsers to be taught native info, work along with inside strategies, or execute distant code. The assault occurs when an utility processes XML enter that references an exterior entity.
Y
YARA
YARA is a tool used for determining and classifying malware primarily based totally on textual or binary patterns. It’s akin to writing antivirus signatures nonetheless is additional versatile and extensible. YARA pointers could also be utilized all through fully totally different ranges of incident response, from preliminary detection to in-depth malware analysis.
Z
Zero-day exploit
Zero-day exploit is a time interval that signifies vulnerabilities in software program program that are not fixed or purposes that exploit them.
Zip-bomb
A zipper-bomb is a malicious archive file designed to harm or incapacitate a system by exhausting its sources. When the archive is unpacked, it decompresses proper right into a dimension far larger than the distinctive file, normally many gigabytes and even petabytes. Zip-bombs are primarily used to disable antivirus software program program or to interact in denial-of-service assaults in opposition to file-processing strategies.
Zombie
A Zombie laptop is a machine that has been illegally accessed by a malware operator and have turn out to be a member of the botnet. Zombie pc methods perform malicious actions on behalf of an attacker who hijacks administration over the sources of a compromised machine.
0 – 9
3DES
3DES, or Triple DES, is an encryption algorithm that applies the DES encryption method 3 occasions to each information block. Whereas safer than single DES, it’s normally considered a lot much less secure than additional modern algorithms like AES.
802.1X
802.1X is a standard for group entry administration, normally utilized in firm Wi-Fi networks. It provides a framework for authenticating and controlling particular person guests primarily based totally on an individual’s credentials or system certificates.
Conclusion
Cybersecurity lingo is particularly rich as a result of it makes use of the laptop programming terminology and encompasses a number of its private distinctive phrases and concepts on prime of it. Proper right here we now have collected among the many most typically used phrases that may help you get started on the planet of cybersecurity or simply refresh your memory of widespread expert vocabulary.
Don’t stop with this textual content and proceed finding out the language of our {{industry}}. It ought to assist you to easily speak alongside along with your co-workers and members of the cyber-defense group!
About ANY.RUN
ANY.RUN is a cloud malware sandbox that handles the heavy lifting of malware analysis for SOC and DFIR teams. Every day, 300,000 professionals use our platform to analysis incidents and streamline menace analysis.
Request a demo at the moment and luxuriate in 14 days of free entry to our Enterprise plan.
Request demo →
