Glossary
Navigation: A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z
A
Access Control
A method of regulating who or what can access specific systems, networks, or data.
Accounting
The process of tracking user activities and maintaining logs for auditing and security purposes.
Active Defense
Proactive security measures that involve deception, countermeasures, and threat hunting to detect and mitigate cyber threats.
Active Directory (AD) Security
Protecting Microsoft's directory service from unauthorized access, privilege escalation, and exploitation.
Advanced Encryption Standard (AES)
A widely used symmetric encryption algorithm for securing sensitive data.
Advanced Persistent Threat (APT)
A long-term targeted cyber attack carried out by sophisticated adversaries, often for espionage or data theft.
Adversary Emulation
Simulating real-world threat actors to test and improve cybersecurity defenses.
Air-Gapped System
A computer or network physically isolated from unsecured networks to prevent cyber threats.
Algorithmic Attack
A type of attack that exploits weaknesses in cryptographic algorithms.
Anomaly Detection
The process of identifying unusual patterns in data that may indicate cyber threats.
Anti-Forensic Techniques
Methods used to evade digital forensics analysis, such as data wiping, encryption, and steganography.
Antivirus (AV)
Software designed to detect, prevent, and remove malware from computers and networks.
Application Control
Security practice that restricts which applications can execute on a system to prevent malware execution.
Application Layer Attack
A cyber attack that targets vulnerabilities in application software, such as SQL injection or cross-site scripting (XSS).
Application Security (AppSec)
A set of practices and tools used to secure software applications from cyber threats.
Artificial Intelligence (AI) in Cybersecurity
The use of machine learning and AI models to detect threats, automate responses, and analyze security events.
Asset Management
The process of identifying, categorizing, and securing IT assets within an organization.
Asymmetric Encryption
A cryptographic method using a public and private key pair to secure data transmission.
Attack Chain
A sequence of steps an attacker follows to compromise a system, also known as the cyber kill chain.
Attack Surface
The total number of exploitable vulnerabilities in a system, including hardware, software, and human elements.
Attack Vector
A method or pathway used by attackers to gain unauthorized access to a system.
Attacker Dwell Time
The period between an attacker’s initial compromise and their detection within a system.
Audit Trail
A chronological record of events or activities in a system to support investigation and compliance.
Authentication
The process of verifying the identity of users, devices, or applications.
Authorization
The process of granting or restricting access rights based on authentication results.
Automated Threat Intelligence
The use of automated tools to collect, analyze, and disseminate threat intelligence data.
Availability
One of the three pillars of the CIA triad (Confidentiality, Integrity, Availability), ensuring systems and data are accessible when needed.
Awareness Training
Cybersecurity education programs designed to help users recognize and avoid cyber threats such as phishing and social engineering.
B
Backdoor
A hidden entry point that bypasses standard authentication or security controls in a system.
Backup Security
Measures to protect backup data from corruption, unauthorized access, or ransomware attacks.
Banking Trojan
A type of malware designed to steal financial information such as banking credentials.
Behavioral Analysis
A security technique that detects anomalies by analyzing patterns of user and system behavior.
Biometric Authentication
The use of unique physical or behavioral characteristics, such as fingerprints or facial recognition, for identity verification.
Black Box Testing
A security testing method where the tester has no prior knowledge of the internal workings of the system being tested.
Black Hat Hacker
A hacker who engages in cybercriminal activities such as data theft, fraud, and system compromise.
Blacklist
A security mechanism that blocks known malicious entities, such as IP addresses, domains, or applications.
Block Cipher
A cryptographic algorithm that encrypts data in fixed-size blocks rather than bit-by-bit.
Boot Sector Virus
A type of malware that infects the master boot record (MBR) or boot sector of a storage device, making it difficult to remove.
Bot
An automated script or program that performs tasks, often used in malicious activities such as spam distribution or DDoS attacks.
Botnet
A network of compromised devices controlled by an attacker to execute large-scale cyber attacks.
Brute Force Attack
A method of attempting all possible password combinations until the correct one is found.
Buffer Overflow
A vulnerability where excess data overwrites adjacent memory, potentially leading to code execution or system crashes.
Bug Bounty Program
A security initiative where ethical hackers are rewarded for identifying and reporting vulnerabilities in software.
Business Continuity Plan (BCP)
A strategy to ensure critical business operations continue in the event of a cyber incident or disaster.
Business Email Compromise (BEC)
A type of phishing attack where attackers impersonate executives or vendors to manipulate financial transactions.
Bypassing Authentication
A technique used by attackers to gain unauthorized access to systems by circumventing authentication mechanisms.
BYOD (Bring Your Own Device) Security
Policies and security controls to manage risks associated with employees using personal devices for work purposes.
C
Cache Poisoning
A cyber attack that manipulates cached data, such as DNS or browser caches, to redirect users to malicious sites.
Capability-Based Security
A security model where access is granted based on specific capabilities assigned to users or processes.
Certificate Authority (CA)
An entity responsible for issuing and managing digital certificates used for authentication and encryption.
Chain of Custody
The documented process of handling and preserving digital evidence to maintain its integrity in legal proceedings.
Cipher
An algorithm used for encryption and decryption of data to maintain confidentiality.
Ciphertext
The scrambled output of encrypted data that is unreadable without a decryption key.
Clickjacking
A malicious technique that tricks users into clicking on invisible elements, often leading to unintended actions or data theft.
Cloud Access Security Broker (CASB)
A security tool that provides visibility, compliance, and data protection for cloud-based applications.
Cloud Computing Security
Strategies and tools used to protect cloud environments from unauthorized access, data breaches, and misconfigurations.
Cold Boot Attack
A type of attack where an adversary extracts encryption keys from a system's RAM after a sudden power loss.
Command and Control (C2)
A mechanism used by attackers to remotely control compromised systems in a network.
Common Vulnerabilities and Exposures (CVE)
A publicly available list of known security vulnerabilities in software and hardware.
Common Weakness Enumeration (CWE)
A classification system for software security weaknesses that can lead to vulnerabilities.
Compromised Credentials
Usernames, passwords, or authentication tokens that have been stolen or exposed in a data breach.
Confidentiality
One of the key principles of cybersecurity, ensuring that sensitive information is accessible only to authorized individuals.
Container Security
Security measures designed to protect containerized applications and their environments from vulnerabilities and attacks.
Content Security Policy (CSP)
A browser security feature that helps prevent cross-site scripting (XSS) and data injection attacks.
Continuous Monitoring
An automated security practice that tracks and analyzes systems in real-time for potential threats.
Credential Dumping
A technique used by attackers to extract stored authentication credentials from a compromised system.
Credential Stuffing
An attack where stolen credentials from data breaches are used to gain unauthorized access to multiple accounts.
Critical Infrastructure Security
Protecting essential systems such as energy, water, and telecommunications from cyber threats.
Cross-Site Request Forgery (CSRF)
An attack that tricks a user into performing unintended actions on a trusted website.
Cross-Site Scripting (XSS)
A web-based attack where malicious scripts are injected into webpages to steal data or manipulate user interactions.
Cryptanalysis
The study of breaking cryptographic security mechanisms, including cracking encryption algorithms.
Cryptographic Hash Function
A mathematical function that converts data into a fixed-length hash value, often used for data integrity verification.
Cryptography
The practice of securing communication through encryption and other mathematical techniques.
Cyber Espionage
The use of cyber tactics to steal confidential information from governments, organizations, or individuals.
Cyber Hygiene
Best practices for maintaining strong security habits, such as using strong passwords and updating software regularly.
Cyber Insurance
A financial protection policy that helps businesses recover from cyber incidents such as data breaches and ransomware attacks.
Cyber Kill Chain
A model outlining the stages of a cyber attack, from reconnaissance to execution.
Cyber Resilience
The ability of an organization to continue operations and recover quickly from cyber threats and incidents.
Cyber Threat Intelligence (CTI)
The process of gathering, analyzing, and using data about cyber threats to enhance security defenses.
Cyber Warfare
The use of cyber attacks by nation-states or organizations to disrupt, damage, or steal information from adversaries.
Cybersquatting
Registering domain names similar to well-known brands to mislead users or demand ransom from legitimate owners.
D
Data Breach
Unauthorized access, exposure, or theft of sensitive information.
Data Classification
The process of categorizing data based on sensitivity and importance to apply appropriate security controls.
Data Encryption Standard (DES)
An outdated symmetric-key encryption algorithm replaced by AES due to security vulnerabilities.
Data Exfiltration
The unauthorized transfer of data from a system, often performed by attackers or insiders.
Data Integrity
Ensuring that data remains accurate, unaltered, and consistent throughout its lifecycle.
Data Leak
Unintentional exposure of sensitive information due to misconfigurations, human error, or insider negligence.
Data Loss Prevention (DLP)
A set of tools and policies designed to prevent unauthorized access, sharing, or leakage of sensitive data.
Data Minimization
A security principle that encourages collecting only the necessary data to reduce exposure to risks.
Data Privacy
Ensuring that personal or confidential information is handled securely and in compliance with regulations.
Data Retention Policy
A set of rules that define how long data should be stored and when it should be deleted.
Data Sanitization
Techniques for securely erasing data from storage devices to prevent unauthorized recovery.
Data Sovereignty
The concept that data is subject to the laws of the country in which it is stored.
Database Security
Measures to protect databases from unauthorized access, SQL injection, and other cyber threats.
Deauthentication Attack
A wireless attack where an attacker forces a device to disconnect from a Wi-Fi network.
Deception Technology
Cybersecurity tools that use fake assets (honeypots, honeytokens) to lure and detect attackers.
Decoy Network
A simulated network used to attract attackers and study their tactics.
Deep Packet Inspection (DPI)
An advanced network security technique that examines the content of data packets to detect threats.
Deepfake
AI-generated media that manipulates audio, video, or images to create realistic but fraudulent content.
Defense in Depth
A layered security strategy that combines multiple defense mechanisms to protect systems.
Denial of Service (DoS) Attack
An attack that overwhelms a system with excessive requests, making it unavailable to legitimate users.
Detection and Response
A security approach that focuses on identifying and mitigating threats in real time.
Detonation Chamber
A secure environment where suspicious files or URLs are executed to observe their behavior.
DevSecOps
An approach that integrates security practices into the DevOps software development lifecycle.
Dictionary Attack
A password-cracking technique that systematically tests commonly used words and phrases.
Digital Certificate
An electronic document used to prove the authenticity of a website, user, or device.
Digital Evidence
Electronic data collected during an investigation that can be used as legal evidence.
Digital Forensics
The practice of collecting, analyzing, and preserving electronic data for investigative purposes.
Digital Rights Management (DRM)
Technologies used to prevent unauthorized copying and distribution of digital content.
Direct Memory Access (DMA) Attack
A cyber attack that exploits direct access to a system's memory, often bypassing traditional security measures.
Disaster Recovery Plan (DRP)
A structured approach to recovering IT systems and data after a cybersecurity incident or natural disaster.
Distributed Denial of Service (DDoS) Attack
A large-scale attack that uses multiple compromised devices to flood a target with excessive traffic.
DNS Amplification Attack
A type of DDoS attack that exploits misconfigured DNS servers to generate large amounts of malicious traffic.
DNS Filtering
Blocking access to malicious or unauthorized domains at the DNS level to prevent cyber threats.
DNS Hijacking
An attack where an attacker redirects a user’s DNS requests to malicious servers.
DNS Spoofing
A technique used to redirect users to fraudulent websites by corrupting DNS records.
Domain Generation Algorithm (DGA)
A technique used by malware to generate random domain names for command-and-control communication.
Domain Name System (DNS) Security
Protecting DNS infrastructure from threats like cache poisoning, hijacking, and spoofing.
Drive-By Download Attack
A cyber attack where malicious software is installed on a device simply by visiting a compromised website.
Dual-Factor Authentication (2FA)
A security mechanism that requires two independent forms of authentication to verify user identity.
Dumping Credentials
Extracting stored usernames, passwords, or authentication tokens from a compromised system.
Dynamic Analysis
A method of analyzing the behavior of software or malware by executing it in a controlled environment.
Dynamic Malware Analysis
Observing how malware behaves when executed in a sandboxed or isolated environment.
E
Eavesdropping Attack
A cyber attack where an attacker secretly listens to private communications, such as network traffic or phone calls.
Edge Computing Security
Protecting decentralized computing resources at the edge of a network from cyber threats.
Egress Filtering
A security measure that controls outbound network traffic to prevent data leaks or unauthorized communications.
Electromagnetic Eavesdropping
The use of electromagnetic signals to intercept and extract sensitive information from electronic devices.
Email Security
Measures to protect email communications from phishing, spam, and malware.
Embedded System Security
Techniques to secure specialized computing systems built into devices such as IoT, industrial control systems, and medical equipment.
Emergency Incident Response Plan
A predefined strategy for quickly handling and mitigating security incidents or breaches.
Emulation-Based Malware Detection
A technique where a virtual environment is used to analyze the behavior of potentially malicious software.
Encapsulation Security Payload (ESP)
A protocol in the IPSec suite that provides confidentiality, integrity, and authentication for network packets.
Encryption
The process of converting information into an unreadable format to protect it from unauthorized access.
Encryption Key Management
The process of securely handling cryptographic keys to ensure data protection.
End-to-End Encryption (E2EE)
A security method that encrypts messages or data from the sender to the recipient, preventing interception by intermediaries.
Endpoint Detection and Response (EDR)
Security tools designed to monitor, detect, and respond to cyber threats at endpoint devices.
Endpoint Protection Platform (EPP)
A security solution that integrates multiple protective measures, such as antivirus, firewall, and intrusion prevention, for endpoint devices.
Endpoint Security
Measures to protect network-connected devices, such as laptops, smartphones, and IoT devices, from cyber threats.
Enterprise Risk Management (ERM)
A strategic approach to identifying, assessing, and mitigating security risks within an organization.
Enumeration Attack
A technique used by attackers to extract information about a system, such as usernames, directories, or available services.
Ephermal Key
A temporary cryptographic key used for a single session to enhance security in communications.
Escalation of Privilege
A security breach where an attacker gains higher-level access than they are authorized to have.
Ethical Hacking
The practice of legally testing an organization's security by simulating attacks to identify vulnerabilities.
Evil Twin Attack
A cyber attack where an attacker sets up a rogue Wi-Fi access point to steal user credentials and intercept network traffic.
Executable Packers
Programs that compress or encrypt executable files to obfuscate their content, often used by malware to evade detection.
Exploit
A technique or piece of code that takes advantage of a software vulnerability to gain unauthorized access or control.
Exploit Kit
A collection of automated tools designed to scan and exploit security vulnerabilities in target systems.
Exploit Mitigation
Security measures used to reduce the risk of vulnerabilities being exploited, such as address space layout randomization (ASLR) and data execution prevention (DEP).
Exposure
A situation where an asset or system is left unprotected, making it vulnerable to cyber threats.
Extended Detection and Response (XDR)
An advanced security solution that integrates multiple security tools to detect, investigate, and respond to threats across an organization’s infrastructure.
External Attack Surface
The sum of all internet-exposed assets that can be targeted by attackers, including websites, APIs, and cloud services.
External Penetration Testing
A security assessment that simulates an attack from an external perspective to identify vulnerabilities in public-facing systems.
F
False Positive
A security alert that incorrectly identifies legitimate activity as malicious.
False Negative
A failure to detect an actual security threat, allowing an attack to go unnoticed.
Federated Identity Management (FIM)
A security framework that allows users to authenticate across multiple organizations or services using a single identity.
File Integrity Monitoring (FIM)
A security process that detects unauthorized changes to system files to prevent tampering or compromise.
Fileless Malware
A type of malware that operates in system memory without leaving a footprint on disk, making it harder to detect.
Fingerprinting Attack
A reconnaissance technique where attackers gather information about a target system, such as operating system, software versions, and services.
Firewall
A network security device or software that filters incoming and outgoing traffic to prevent unauthorized access.
Firmware Security
Techniques used to protect firmware (low-level software in hardware devices) from tampering, exploitation, and malware infection.
Forensic Analysis
The process of examining digital evidence to investigate cyber incidents, breaches, or malicious activity.
Forensic Image
A bit-by-bit copy of a storage device used in digital forensics to analyze compromised systems without altering original data.
Forward Secrecy
A cryptographic principle ensuring that encryption keys used in past sessions cannot be compromised even if the current key is exposed.
Fragmentation Attack
A network attack that manipulates fragmented packets to bypass security measures such as intrusion detection systems (IDS).
Fraud Detection
Security mechanisms used to identify and prevent fraudulent transactions, financial scams, and identity theft.
Full Disk Encryption (FDE)
A security method that encrypts all data on a storage device to prevent unauthorized access.
Fuzz Testing (Fuzzing)
An automated security testing technique that injects malformed or unexpected data into software to find vulnerabilities.
Federated Authentication
A system where a single set of credentials allows users to access multiple applications across different organizations.
Firewall Evasion Techniques
Methods used by attackers to bypass firewalls, such as tunneling, packet fragmentation, and encrypted payloads.
Framework for Improving Critical Infrastructure Cybersecurity
A cybersecurity framework developed by NIST to guide organizations in strengthening their security posture.
Frequency Analysis Attack
A cryptographic attack that studies patterns in encrypted text to break ciphers.
Front-Door Attack
A cyber attack that targets authenticated access points by using stolen credentials or social engineering.
FTP (File Transfer Protocol) Security
Measures to secure file transfers, including using secure alternatives like SFTP and FTPS to prevent data interception.
Functional Security Testing
A process that evaluates security controls to ensure they function as intended and effectively protect against threats.
Future-Proof Encryption
Cryptographic methods designed to resist attacks from emerging technologies, such as quantum computing.
G
Gartner Magic Quadrant for Security
A research methodology that evaluates and ranks cybersecurity vendors based on their ability to execute and vision.
Gateway Security
A security layer that filters traffic entering or leaving a network, typically through firewalls, proxies, or intrusion prevention systems.
General Data Protection Regulation (GDPR)
A European Union regulation that mandates data protection and privacy measures for organizations handling EU citizens' data.
Geofencing Security
A technique that restricts access to applications, networks, or data based on geographical location.
Geolocation Spoofing
A method used by attackers to manipulate their geographic location to bypass security controls or access restricted content.
Gray Hat Hacker
A hacker who may break security rules or exploit vulnerabilities but without malicious intent, often revealing flaws to organizations.
Grid Computing Security
Protecting distributed computing environments where multiple machines work together to process large-scale tasks.
Group Policy Object (GPO) Security
Security controls within Windows environments that enforce security configurations across networked systems.
Guardrails in Cybersecurity
Predefined security measures that guide users and automated systems to follow best practices and avoid misconfigurations.
Guest Network Security
Security measures that isolate guest users from internal corporate networks to prevent unauthorized access.
GUID Hijacking
A persistence technique where attackers manipulate globally unique identifiers (GUIDs) to maintain access to compromised systems.
Gunicorn (Green Unicorn) Security
Hardening practices for the Gunicorn WSGI server used in Python-based web applications to prevent exploits.
GPU-Based Cryptanalysis
Using graphics processing units (GPUs) to perform high-speed computations to crack encryption algorithms.
GRC (Governance, Risk, and Compliance)
A strategic approach to aligning security policies with business objectives, managing risk, and ensuring regulatory compliance.
Graph-Based Threat Intelligence
A cybersecurity technique that maps relationships between attack patterns, threat actors, and vulnerabilities using graph databases.
Graylog Security
Best practices for securing Graylog, an open-source log management tool used for security event monitoring and analysis.
Green Computing Security
Security measures for energy-efficient computing systems to ensure sustainability without compromising protection.
Ground Station Cybersecurity
Securing satellite communication ground stations from cyber threats, including signal interference and hacking attempts.
Group-Based Access Control (GBAC)
An access control model where user permissions are assigned based on group membership rather than individual identities.
H
Hacker
An individual skilled in computer systems and security who explores or exploits vulnerabilities, categorized as white hat (ethical), black hat (malicious), or gray hat (a mix of both).
Hacking-as-a-Service (HaaS)
A cybercrime model where attackers offer hacking tools, techniques, or services for rent on dark web marketplaces.
Hacktivism
Cyber attacks conducted for political or ideological reasons, often targeting governments, corporations, or institutions.
Hardened Security Configuration
A set of security best practices applied to systems to minimize vulnerabilities and reduce the attack surface.
Hardware Security Module (HSM)
A physical device designed to securely generate, store, and manage cryptographic keys.
Hash Collision
A situation where two different inputs produce the same cryptographic hash, which can lead to security vulnerabilities in hashing algorithms.
Hash Function Security
Ensuring the integrity and resistance of cryptographic hash functions against collision, preimage, and second-preimage attacks.
Hashcat
A popular password recovery and cracking tool that uses brute-force and dictionary attacks against hashed credentials.
Hashing
A cryptographic process that converts data into a fixed-length representation to ensure integrity and security.
Heap Spray Attack
A technique used to exploit memory vulnerabilities by injecting malicious code into predictable memory locations.
Heuristic Analysis
A security detection technique that identifies new or unknown threats based on behavior patterns rather than signatures.
Hidden Field Manipulation Attack
A web-based attack where attackers modify hidden form fields in HTML to manipulate application logic or bypass security controls.
HIDS (Host-Based Intrusion Detection System)
A security system that monitors and analyzes activity on individual hosts to detect suspicious behavior.
Hijacking Attack
A cyber attack where an attacker takes control of a session, system, or network resource without authorization.
HMAC (Hash-Based Message Authentication Code)
A cryptographic function used to verify the integrity and authenticity of a message using a secret key.
Honeypot
A decoy system designed to attract attackers, detect threats, and analyze malicious activities.
Honeynet
A network of honeypots set up to study advanced cyber threats and attacker behaviors.
Hop Point in Attack Chains
An intermediary system used by attackers to relay traffic and obfuscate their origin.
Host-Based Firewall
A software-based firewall that runs on an individual device to filter incoming and outgoing traffic.
Host Isolation
A security response technique that quarantines a compromised host to prevent further infection or damage.
Hotfix Security Patch
A small, urgent update released to fix critical vulnerabilities or bugs in software.
Hybrid Cloud Security
Security strategies designed to protect hybrid cloud environments, which combine private and public cloud resources.
Hybrid Cryptography
A method that combines symmetric and asymmetric encryption for enhanced security and efficiency.
Hyperjacking
A cyber attack that compromises a hypervisor to take control of virtual machines running on it.
Hypervisor Security
Protecting virtualization environments from threats such as VM escape, rootkit attacks, and unauthorized access.
HTTP Security Headers
A set of response headers used to enhance web application security by preventing attacks like XSS, clickjacking, and data injection.
HTTP Smuggling Attack
A web attack that manipulates HTTP request parsing to bypass security controls and exploit backend servers.
Human Factor in Cybersecurity
The role of human behavior in security, including awareness training, social engineering risks, and insider threats.
Hunting Threats (Threat Hunting)
A proactive security practice where analysts search for hidden or undetected cyber threats within an organization’s network.
I
Identity and Access Management (IAM)
A framework of policies and technologies ensuring that only authorized users can access specific systems and resources.
Identity Federation
A system where users can access multiple organizations’ services using a single authentication credential.
Identity Spoofing
An attack where an attacker impersonates a legitimate user or system to gain unauthorized access.
IDS (Intrusion Detection System)
A security tool that monitors network or system activity for signs of malicious behavior or security breaches.
IEC 62443
A cybersecurity standard for industrial automation and control systems (IACS), ensuring security in critical infrastructures.
Illegal Instruction Exploit
A cyber attack where an attacker forces a system to execute unintended CPU instructions, often leading to code execution vulnerabilities.
IMSI Catcher
A device used to intercept mobile communications by mimicking a legitimate cell tower.
Incident Handling
The process of managing security events from detection to mitigation and recovery.
Incident Response (IR)
A structured approach for detecting, analyzing, and responding to cybersecurity incidents in real time.
Incident Response Plan (IRP)
A documented strategy that outlines how an organization will respond to cyber threats and security breaches.
Industrial Control System (ICS) Security
Protecting critical industrial infrastructures, such as power plants and manufacturing systems, from cyber threats.
Information Disclosure Vulnerability
A security flaw where an application unintentionally exposes sensitive information to unauthorized users.
Information Leakage Attack
A technique used by attackers to extract unintended information from a system or application, often through error messages or side-channel attacks.
Information Security (InfoSec)
The practice of protecting data from unauthorized access, disclosure, modification, or destruction.
Infrastructure as Code (IaC) Security
Applying security best practices to automated infrastructure deployments to prevent misconfigurations and vulnerabilities.
Ingress Filtering
A security technique that controls incoming network traffic to prevent spoofing and unauthorized access.
Inline Security Gateway
A network security device that actively inspects and filters traffic to prevent threats such as malware, phishing, and unauthorized access.
Insider Threat
A security risk posed by employees, contractors, or partners who misuse their access to systems or data.
Integer Overflow Attack
A vulnerability where an arithmetic operation produces a value outside the expected range, leading to unexpected behavior or exploits.
Integrity Check
A security process that verifies data has not been altered, ensuring its authenticity and consistency.
Intelligence-Driven Security
A cybersecurity approach that leverages threat intelligence to enhance detection, prevention, and response capabilities.
Interception Attack
A type of cyber attack where an adversary eavesdrops on communications or intercepts data in transit.
Interface Spoofing
An attack where a malicious device masquerades as a trusted interface to intercept or manipulate network traffic.
Internet of Things (IoT) Security
Strategies and technologies used to secure IoT devices from cyber threats such as botnets, unauthorized access, and data breaches.
Internet Protocol Security (IPSec)
A protocol suite that encrypts and secures communications over IP networks.
IP Blacklisting
Blocking specific IP addresses known to be associated with malicious activities to prevent unauthorized access.
IP Spoofing
A cyber attack technique where an attacker fakes the source IP address to disguise their identity or bypass security controls.
Island Hopping Attack
A cyber attack where adversaries compromise smaller, less secure organizations to eventually infiltrate a larger target.
ISO/IEC 27001
An international standard for information security management systems (ISMS), providing best practices for protecting sensitive data.
IT Asset Management (ITAM) Security
The process of tracking and securing hardware, software, and network assets within an organization.
IT Governance, Risk, and Compliance (IT GRC)
A framework for aligning IT security strategies with business objectives, regulatory requirements, and risk management.
J
Jailbreak
A process of removing software restrictions imposed by manufacturers on devices, often exposing them to security risks.
Jamming Attack
A type of cyber attack that disrupts wireless communications by overwhelming frequencies with noise or interference.
JavaScript Security
Measures to protect web applications from JavaScript-based attacks such as Cross-Site Scripting (XSS) and DOM manipulation.
JWT (JSON Web Token) Security
Best practices for securely handling JWTs used for authentication and authorization in web applications.
JTAG Exploitation
A hardware hacking technique used to gain low-level access to embedded devices for debugging or reverse engineering.
Juice Jacking
A cyber attack where malware is installed on a device via a compromised USB charging station.
Jump Server Security
Hardening remote access gateways (jump servers) to protect internal network resources from unauthorized access.
Just-in-Time (JIT) Access
A security model that grants privileged access to systems only when needed and for a limited time to reduce attack risks.
Just-in-Time (JIT) Compilation Security
Protecting runtime code execution in environments that use JIT compilers, such as JavaScript engines, from memory corruption exploits.
Junk Data Injection
A technique used by attackers to flood systems with meaningless data to disrupt operations or evade detection.
K
Kerberos Authentication
A network authentication protocol that uses tickets to allow secure communication between clients and servers.
Key Escrow
A security mechanism where encryption keys are stored by a trusted third party for recovery purposes.
Key Exchange Protocol
A cryptographic process that allows two parties to securely establish a shared encryption key over an insecure channel.
Key Injection Attack
A cyber attack where an attacker inserts unauthorized cryptographic keys into a system to bypass authentication or encryption mechanisms.
Key Management System (KMS)
A framework for generating, distributing, storing, and destroying encryption keys securely.
Key Reinstallation Attack (KRACK)
A vulnerability in the WPA2 Wi-Fi protocol that allows an attacker to decrypt network traffic by manipulating key exchanges.
Keystroke Dynamics Security
A behavioral biometric authentication method that verifies users based on their unique typing patterns.
Keylogger
A type of malware that records keystrokes to steal credentials, sensitive data, or monitor user activity.
Kernel Exploit
An attack that targets vulnerabilities in an operating system's kernel to gain elevated privileges or execute arbitrary code.
Kernel-Level Rootkit
A type of malware that operates at the OS kernel level to hide its presence and maintain persistence.
Kill Chain
A cybersecurity framework outlining the stages of an attack, from reconnaissance to data exfiltration.
Kiosk Mode Security
Techniques to restrict user access on public or shared systems to prevent unauthorized activities or exploitation.
Knowledge-Based Authentication (KBA)
A security method that verifies identity by asking personal questions, such as previous addresses or known facts.
Known Plaintext Attack (KPA)
A cryptanalysis method where an attacker has access to both plaintext and ciphertext to determine encryption keys.
Kubernetes Security
Best practices for securing Kubernetes clusters, including container runtime security, access controls, and monitoring.
L
LAN Security (Local Area Network Security)
Measures to protect internal network environments from unauthorized access, attacks, and insider threats.
Lateral Movement
A tactic used by attackers to navigate through a compromised network to escalate privileges and access sensitive data.
LDAP Injection
An attack technique that exploits vulnerabilities in LDAP queries to bypass authentication or manipulate directory services.
Least Privilege Principle
A security practice where users and processes are granted only the minimum level of access necessary to perform their tasks.
Least Common Mechanism
A security principle that minimizes shared resources among users to reduce security risks and vulnerabilities.
Legacy System Security
Strategies to secure outdated hardware and software that may no longer receive security updates.
Log Analysis
The process of examining system and security logs to identify suspicious activities, anomalies, and potential breaches.
Log Poisoning Attack
A technique where attackers manipulate system logs to hide malicious activities or mislead investigators.
Logic Bomb
A type of malicious code that remains dormant until triggered by a specific event, such as a date or action.
Login Spoofing
A phishing attack where a fake login page is used to steal user credentials.
Long-Term Persistence Attack
A cyber attack where an adversary maintains access to a compromised system for an extended period, often through backdoors or rootkits.
Loopback Attack
A network attack where an attacker manipulates internal network communications to gain unauthorized access.
Low and Slow Attack
A stealthy cyber attack strategy that operates over a long period to avoid detection by security systems.
Lua Malware
Malicious code written in the Lua scripting language, often used in game modifications and embedded applications to introduce exploits.
Log4Shell (CVE-2021-44228)
A critical remote code execution (RCE) vulnerability in the Log4j logging framework, widely exploited in cyber attacks.
Load Balancer Security
Techniques to secure load balancing configurations to prevent DDoS attacks, unauthorized access, and session hijacking.
Local Privilege Escalation (LPE)
An attack where a user or process exploits system vulnerabilities to gain higher-level access within a device or network.
Location-Based Access Control (LBAC)
A security policy that grants or restricts access to systems based on a user’s geographic location.
Lock Bit Ransomware
A notorious ransomware variant known for encrypting victim files and demanding ransom payments for decryption.
M
MAC Address Spoofing
An attack where an attacker alters the MAC address of their device to impersonate another device on the network.
Machine Learning Security
Techniques to protect machine learning models from adversarial attacks, data poisoning, and model inversion threats.
Malicious Code
Any software or script intentionally designed to cause damage, steal information, or exploit system vulnerabilities.
Malvertising
A cyber attack where attackers inject malicious ads into legitimate advertising networks to distribute malware.
Malware
A broad category of malicious software, including viruses, worms, Trojans, ransomware, and spyware.
Malware Analysis
The process of examining malicious software to understand its behavior, functionality, and impact.
Man-in-the-Browser (MitB) Attack
An attack where malware manipulates web transactions by injecting malicious code into a browser session.
Man-in-the-Middle (MitM) Attack
A cyber attack where an attacker intercepts and possibly alters communication between two parties.
Managed Detection and Response (MDR)
A cybersecurity service that provides 24/7 threat monitoring, detection, and response through a dedicated security team.
Managed Security Service Provider (MSSP)
A third-party company that provides outsourced cybersecurity services, including monitoring, threat intelligence, and incident response.
Mandatory Access Control (MAC)
A strict security model where access permissions are predefined and enforced by the operating system.
Masquerade Attack
An attack where an attacker impersonates a legitimate entity to gain unauthorized access to a system.
Memory Corruption Attack
A cyber attack that exploits software bugs to alter a program’s memory structure, potentially leading to code execution.
Memory Forensics
The practice of analyzing volatile memory (RAM) to detect malware, uncover forensic artifacts, and investigate cyber incidents.
Memory Injection Attack
A technique where malicious code is injected into the memory space of a running process to execute unauthorized actions.
Metadata Security
Protecting embedded metadata in files and documents to prevent data leaks and unintended exposure of sensitive information.
Metasploit Framework
A popular open-source penetration testing tool used for developing and executing exploits against systems.
Micro-Segmentation
A network security strategy that isolates workloads and applications to limit lateral movement in case of a breach.
Mobile Application Security
Measures to protect mobile apps from threats such as reverse engineering, data leakage, and unauthorized access.
Mobile Device Management (MDM)
A security approach that enables organizations to manage, monitor, and secure employee mobile devices.
Mobile Malware
Malicious software designed specifically to target mobile operating systems, such as Android and iOS.
Model Poisoning Attack
An attack on machine learning models where adversaries manipulate training data to introduce vulnerabilities.
Multi-Factor Authentication (MFA)
An authentication method that requires users to verify their identity using two or more factors, such as a password and a fingerprint.
Multi-Stage Attack
A complex cyber attack that involves multiple steps, such as reconnaissance, exploitation, and exfiltration, to achieve an objective.
Multi-Tenant Security
Security controls designed to protect cloud environments where multiple users or organizations share infrastructure.
Mutual Authentication
A security process where both the client and the server verify each other’s identity before establishing communication.
Malware Command and Control (C2)
A mechanism used by attackers to remotely manage compromised systems and execute commands.
Malware Obfuscation
Techniques used to disguise malicious code to evade detection by security tools.
N
NAC (Network Access Control)
A security framework that restricts unauthorized devices from connecting to a network based on predefined policies.
NAT (Network Address Translation) Security
A technique that masks internal IP addresses to enhance security and prevent direct exposure of network devices to the internet.
National Institute of Standards and Technology (NIST) Cybersecurity Framework
A widely used cybersecurity framework providing best practices for risk management, security controls, and compliance.
Network Anomaly Detection
The use of machine learning and behavioral analysis to identify unusual network activity that may indicate cyber threats.
Network Enumeration
A reconnaissance technique used by attackers to identify active hosts, services, and shared resources on a network.
Network Forensics
The process of capturing, recording, and analyzing network traffic to investigate security incidents and identify threats.
Network Intrusion Detection System (NIDS)
A security system that monitors and analyzes network traffic for suspicious or malicious activity.
Network Intrusion Prevention System (NIPS)
A proactive security tool that blocks or mitigates detected threats in network traffic.
Network Layer Security
Measures to protect data at the network layer, such as IPsec, TLS, and encrypted tunnels.
Network Mapping
A technique used by security professionals and attackers to create a visual representation of an organization's network topology.
Network Penetration Testing
A security assessment that simulates cyber attacks to identify vulnerabilities in an organization’s network infrastructure.
Network Reconnaissance
The initial phase of a cyber attack where adversaries gather information about a target’s network, hosts, and services.
Network Segmentation
A security strategy that divides a network into isolated segments to limit lateral movement and contain cyber threats.
Next-Generation Firewall (NGFW)
An advanced firewall that integrates traditional packet filtering with deep packet inspection, intrusion prevention, and threat intelligence.
NFC (Near Field Communication) Security
Measures to protect NFC-based communication, commonly used in contactless payments and mobile devices, from relay attacks and data theft.
Non-Repudiation
A security principle ensuring that an entity cannot deny the authenticity of its actions, commonly enforced through digital signatures.
Null Session Attack
A legacy Windows vulnerability where an attacker can establish an unauthenticated connection to a system and enumerate shared resources.
Number Padding Attack
A cryptographic attack where adversaries manipulate number padding schemes in encryption to weaken security.
N-Day Exploit
An attack that targets publicly disclosed vulnerabilities (as opposed to zero-day exploits) before patches are widely applied.
NTLM Relay Attack
A form of credential theft where an attacker intercepts NTLM authentication requests and forwards them to gain unauthorized access.
Null Byte Injection
An attack that exploits improper input validation by inserting a null byte (\x00) to bypass security controls or manipulate data processing.
Network Traffic Analysis (NTA)
A security practice that involves continuously monitoring and analyzing network traffic to detect anomalies, intrusions, and threats.
Noise-Based Evasion
A technique used by attackers to inject noise into security logs or network traffic to evade detection by security monitoring tools.
O
Obfuscation
A technique used to hide the true intent or functionality of code, commonly used in malware to evade detection.
OCSP (Online Certificate Status Protocol)
A protocol used to verify the revocation status of digital certificates in real-time.
Offensive Security
A proactive cybersecurity approach that involves ethical hacking, penetration testing, and red teaming to identify vulnerabilities before attackers exploit them.
One-Time Pad (OTP) Encryption
A theoretically unbreakable encryption method that uses a random key equal in length to the message being encrypted.
One-Time Password (OTP)
A temporary password that is valid for only a single login session, commonly used in multi-factor authentication (MFA).
On-Premises Security
Cybersecurity measures implemented within an organization's physical infrastructure rather than in the cloud.
Open Redirect Vulnerability
A web security flaw where an attacker manipulates URLs to redirect users to malicious sites.
Open Source Intelligence (OSINT)
The collection and analysis of publicly available information for threat intelligence, investigations, and cybersecurity purposes.
Operating System Hardening
A set of security measures applied to an OS to minimize vulnerabilities and protect against cyber threats.
Operational Security (OPSEC)
A risk management process that prevents sensitive information from being leaked through behavioral analysis and unintentional disclosures.
Orchestration in Cybersecurity
The automation of security processes across multiple systems, often implemented in SOAR (Security Orchestration, Automation, and Response) platforms.
Organizational Threat Modeling
A structured approach to identifying, assessing, and mitigating cybersecurity risks specific to an organization’s operations.
OSI Model Security
Applying security measures at different layers of the Open Systems Interconnection (OSI) model to protect network communications.
Out-of-Band Authentication (OOBA)
An additional layer of security that requires authentication through a separate communication channel, such as SMS or a mobile app.
Out-of-Band Management (OOBM) Security
A secure method for remotely managing network devices and servers, often used in incident response scenarios.
Overlay Attack
A type of attack where a malicious interface is placed over a legitimate application or website to steal credentials or sensitive data.
Overprivileged Account
A user or system account that has more permissions than necessary, increasing the risk of privilege escalation attacks.
Oversharing in Cybersecurity
The inadvertent exposure of sensitive data through social media, email, or public platforms, leading to security risks.
Ownership-Based Access Control (OBAC)
An access control model where the creator of a file or resource determines access permissions.
OAuth Security
Best practices to protect OAuth-based authentication and authorization flows from attacks such as token leakage and session hijacking.
Over-the-Air (OTA) Security
Techniques used to secure wireless updates and communication between mobile devices, IoT, and automotive systems.
Overflows in Cybersecurity
A category of vulnerabilities where excess data is written to memory, leading to exploits such as buffer overflows and integer overflows.
Ongoing Threat Monitoring
A continuous security practice that involves real-time tracking of threats, logs, and alerts to detect cyber incidents before they escalate.
P
Packet Analysis
The process of inspecting network packets to detect malicious activity, intrusions, or performance issues.
Packet Filtering
A firewall mechanism that inspects and allows or blocks packets based on predefined security rules.
Packet Sniffing
A technique used to capture and analyze network traffic, often employed by attackers to intercept sensitive data.
Padding Oracle Attack
A cryptographic attack that exploits improper padding validation in encryption schemes to decrypt ciphertext.
Pass-the-Hash Attack (PtH)
A technique where an attacker captures and reuses hashed credentials to gain unauthorized access to systems.
Pass-the-Ticket Attack (PtT)
A method used by attackers to exploit Kerberos authentication by stealing session tickets and gaining access to network resources.
Password Cracking
The process of attempting to recover passwords through brute force, dictionary attacks, or rainbow tables.
Password Hashing
A security practice that converts plaintext passwords into cryptographic hashes to protect stored credentials.
Password Spraying Attack
An attack that attempts commonly used passwords across many accounts to bypass authentication mechanisms.
Patch Management
The process of identifying, testing, and deploying software updates to fix vulnerabilities and improve security.
Payload
The malicious component of an exploit or malware that carries out an attack after successful infiltration.
Penetration Testing (Pentest)
A security assessment where ethical hackers simulate real-world attacks to identify and mitigate vulnerabilities.
Perimeter Security
A set of controls, such as firewalls and intrusion prevention systems (IPS), used to protect a network’s boundary from external threats.
Persistent Threat
An attack where an adversary maintains long-term access to a compromised system using backdoors or rootkits.
Personal Data Protection
Legal and technical measures used to safeguard individuals’ personally identifiable information (PII) from unauthorized access or breaches.
Pharming
A cyber attack that redirects users from legitimate websites to fraudulent sites, often by compromising DNS settings.
Phishing
A social engineering attack where attackers impersonate trusted entities to deceive victims into revealing sensitive information.
Physical Security in Cybersecurity
Protecting IT assets, such as servers and networking equipment, from unauthorized physical access, theft, or tampering.
Piggybacking Attack
A technique where an unauthorized person gains access to a restricted area by following an authorized individual.
Ping Flood Attack
A type of Denial-of-Service (DoS) attack that overwhelms a target with ICMP Echo Request (ping) packets.
Ping of Death Attack
An old DoS attack that sends oversized ping packets to crash a target system.
Pivoting in Cyber Attacks
A lateral movement technique used by attackers to move from a compromised system to other systems within a network.
Plaintext Attack
A cryptographic attack where the attacker has access to unencrypted data and attempts to derive the encryption key.
Point-of-Sale (POS) Malware
Malicious software designed to steal payment card data from POS systems used in retail and hospitality industries.
Polymorphic Malware
A type of malware that continuously changes its code to evade detection by signature-based antivirus solutions.
Port Knocking
A security technique where a series of connection attempts to closed ports is used as a secret authentication mechanism to open a specific port.
Port Scanning
A reconnaissance technique used to identify open ports and services on a target system.
Post-Exploitation
The phase in a cyber attack where an attacker takes advantage of a compromised system to escalate privileges, move laterally, or exfiltrate data.
Pretexting Attack
A social engineering technique where attackers fabricate a scenario to trick victims into disclosing sensitive information.
Privilege Escalation
An attack where an adversary exploits system vulnerabilities to gain higher access rights than initially granted.
Proactive Threat Hunting
A cybersecurity practice where security analysts actively search for hidden threats within an organization’s network.
Process Hollowing
A stealthy malware injection technique where an attacker replaces a legitimate process’s memory with malicious code.
Protocol-Based Attack
A cyber attack that exploits vulnerabilities in communication protocols, such as TCP/IP, DNS, or SMB, to disrupt services or gain unauthorized access.
Proxy Server Security
Measures to secure proxy servers, which act as intermediaries between clients and the internet, from misuse and compromise.
Public Key Infrastructure (PKI)
A framework that manages encryption keys and digital certificates to establish secure communications.
Pump-and-Dump Scam
A fraudulent scheme where attackers manipulate stock prices using misleading online information, often combined with hacking techniques.
Purple Teaming
A collaborative security approach where offensive (Red Team) and defensive (Blue Team) cybersecurity teams work together to improve security defenses.
Push Notification Hijacking
A mobile-based attack where an attacker intercepts or manipulates push notifications to steal sensitive data or bypass authentication.
Pyrotechnic Attack in Cybersecurity
A metaphorical term for aggressive cyber attacks that cause widespread disruption, similar to a destructive explosion.
Q
Quarantine (Security Response)
The process of isolating potentially malicious files, emails, or systems to prevent the spread of malware or threats.
Quantum Cryptography
A security method that leverages quantum mechanics to create encryption systems resistant to traditional and quantum computing attacks.
Quantum Key Distribution (QKD)
A cryptographic technique that enables secure key exchange using quantum mechanics, making interception nearly impossible.
Quantum-Resistant Algorithms
Encryption algorithms designed to withstand attacks from quantum computers, also known as post-quantum cryptography.
Quishing (QR Code Phishing)
A phishing attack that uses malicious QR codes to trick victims into visiting fraudulent websites or downloading malware.
Query String Manipulation Attack
An attack that alters URL parameters to exploit web applications, often leading to unauthorized access or data leakage.
Queue Jumping Attack
A cyber attack where an adversary manipulates network traffic queues to prioritize their malicious packets over legitimate ones.
Quick Response (QR) Code Security
Techniques used to prevent QR code-based cyber threats, such as phishing (quishing) and malware distribution.
Quota-Based DDoS Attack
A type of distributed denial-of-service (DDoS) attack that targets service providers with usage-based billing to exhaust their quotas and disrupt operations.
Quorum-Based Authentication
A security mechanism where access or actions require multiple approvals from different users or systems, reducing the risk of insider threats.
Quasi-Static Malware Detection
A hybrid approach to identifying malware by combining signature-based and behavior-based detection methods.
Query Flooding Attack
A denial-of-service (DoS) attack that overwhelms a system or database with excessive queries to degrade performance or crash services.
Quarantine Network
A restricted network segment where compromised or untrusted devices are placed until they are verified as secure.
R
Race Condition Attack
A vulnerability where two or more processes execute simultaneously, leading to unexpected behavior, often exploited to escalate privileges or bypass security controls.
Ransomware
A type of malware that encrypts files or systems and demands payment (ransom) to restore access.
Ransomware-as-a-Service (RaaS)
A cybercrime model where ransomware developers sell or lease their malware to other cybercriminals for attacks.
Ransomware Decryption Tools
Software developed by security researchers to help victims recover files encrypted by ransomware without paying the ransom.
Rebound Attack
A cyber attack that exploits previously compromised systems to attack new targets, often within the same network.
ReCAPTCHA Bypass
Techniques used by attackers to defeat CAPTCHA challenges, often using automated scripts, machine learning, or CAPTCHA-solving services.
Reconnaissance (Cyber Attack Phase)
The initial phase of an attack where adversaries gather intelligence about a target’s infrastructure, systems, and vulnerabilities.
Record and Replay Attack
A cyber attack where an adversary intercepts and reuses a valid data transmission to perform unauthorized actions.
Red Teaming
A cybersecurity assessment where ethical hackers simulate real-world attacks to evaluate an organization’s security posture.
Reflective DDoS Attack
A denial-of-service attack that uses spoofed requests to amplify traffic through vulnerable third-party servers, such as DNS or NTP servers.
Remote Access Trojan (RAT)
A type of malware that allows attackers to control a victim’s system remotely, often used for espionage and persistent access.
Remote Code Execution (RCE)
A critical vulnerability where an attacker can execute arbitrary code on a target system remotely.
Remote Desktop Protocol (RDP) Security
Best practices to secure RDP connections, preventing unauthorized access and brute-force attacks.
Replay Attack
A network attack where valid data transmissions are intercepted and retransmitted to gain unauthorized access.
Resource Exhaustion Attack
A type of denial-of-service (DoS) attack that depletes system resources, such as memory, CPU, or network bandwidth, causing system crashes or performance degradation.
Reverse Engineering in Cybersecurity
The process of analyzing software or hardware to understand its functionality, often used for malware analysis or vulnerability discovery.
Reverse Shell Attack
A cyber attack where an attacker forces a compromised machine to initiate an outbound connection to a remote server, granting the attacker control.
Ring 0 Privilege Escalation
A type of attack that exploits vulnerabilities to gain kernel-level access (Ring 0), allowing full control over an operating system.
Risk Assessment
The process of identifying, evaluating, and prioritizing cybersecurity risks to determine mitigation strategies.
Risk-Based Authentication (RBA)
A security measure that adjusts authentication requirements based on risk factors, such as device reputation, geolocation, and login behavior.
Role-Based Access Control (RBAC)
A security model where user permissions are assigned based on job roles to enforce the principle of least privilege.
Root Certificate Compromise
A security breach where a trusted certificate authority (CA) is compromised, potentially allowing attackers to issue fraudulent certificates.
Rootkit
A type of stealthy malware that hides its presence on a compromised system while providing persistent unauthorized access.
Router Security
Techniques to secure network routers from attacks such as unauthorized access, DNS hijacking, and firmware exploitation.
Routing Table Poisoning Attack
An attack that manipulates routing tables to reroute network traffic through malicious nodes, often used for eavesdropping or data interception.
RSA Encryption
A widely used asymmetric encryption algorithm that secures data transmission and authentication.
Runtime Application Self-Protection (RASP)
A security technology that detects and prevents attacks in real time by analyzing application behavior during execution.
S
Salami Attack
A cyber attack that steals small amounts of data or money over time, often going unnoticed until significant losses accumulate.
Sandboxing
A security technique that isolates applications or files in a controlled environment to analyze their behavior and prevent malicious execution on a system.
Scareware
A form of social engineering attack that tricks users into believing their system is infected, prompting them to install fake security software.
Script Kiddie
An unskilled hacker who uses pre-existing tools and exploits without fully understanding how they work.
Secure Boot
A security feature that ensures a system only loads trusted, signed software during startup to prevent boot-time malware infections.
Secure Coding Practices
A set of best practices followed during software development to prevent security vulnerabilities such as SQL injection and buffer overflows.
Secure Element (SE)
A tamper-resistant chip used in mobile devices and smart cards to store cryptographic keys and perform secure transactions.
Secure Multiparty Computation (SMPC)
A cryptographic technique that enables multiple parties to compute a function over their inputs without revealing the actual data to each other.
Secure Shell (SSH) Security
Best practices for securing SSH connections, such as disabling root login, using key-based authentication, and implementing rate limiting.
Security Assertion Markup Language (SAML)
An authentication protocol that allows for single sign-on (SSO) between different systems or applications.
Security Awareness Training
Educational programs designed to teach employees and users how to recognize and respond to cyber threats such as phishing and social engineering.
Security Breach
An incident where unauthorized access to a system, network, or data occurs, often resulting in data loss or exposure.
Security by Design
A cybersecurity principle where security measures are integrated into software and hardware development from the beginning rather than added later.
Security Information and Event Management (SIEM)
A cybersecurity solution that collects, analyzes, and correlates security event data from multiple sources to detect and respond to threats.
Security Operations Center (SOC)
A centralized team of cybersecurity professionals responsible for monitoring, analyzing, and responding to security incidents.
Security Onion
An open-source Linux distribution for threat hunting, log analysis, and network security monitoring.
Security Token
A physical or digital device used to provide an additional layer of authentication, often as part of multi-factor authentication (MFA).
Session Hijacking
An attack where an attacker steals a user’s session token to gain unauthorized access to their active session.
Shadow IT
The use of unauthorized applications, services, or devices within an organization, increasing security risks.
Shared Responsibility Model (Cloud Security)
A cloud security framework where cloud providers and customers share responsibilities for protecting data and infrastructure.
Side-Channel Attack
A cryptographic attack that exploits information leaked from a system, such as power consumption or electromagnetic emissions, rather than directly breaking encryption.
SIM Swapping Attack
A fraud technique where attackers take control of a victim’s phone number by convincing the mobile carrier to transfer it to a new SIM card.
Single Sign-On (SSO)
An authentication mechanism that allows users to access multiple systems with a single set of login credentials.
Smart Contract Security
Measures to protect self-executing blockchain contracts from vulnerabilities such as reentrancy attacks and integer overflows.
Smishing (SMS Phishing)
A type of phishing attack where fraudulent SMS messages are used to trick victims into revealing sensitive information.
Sniffing Attack
A cyber attack where an attacker captures network traffic to steal data, such as login credentials or confidential information.
Social Engineering
A manipulation technique that exploits human psychology to trick people into revealing sensitive information or performing actions that compromise security.
Software Bill of Materials (SBOM)
A detailed list of all components, libraries, and dependencies used in a software application to improve transparency and security.
Software Composition Analysis (SCA)
A security process that scans applications for open-source vulnerabilities and license compliance issues.
Software Supply Chain Attack
A cyber attack that targets third-party software vendors or open-source dependencies to compromise downstream users.
Spear Phishing
A targeted phishing attack directed at specific individuals or organizations, often using personalized information to increase effectiveness.
Spoofing Attack
A cyber attack where an attacker disguises their identity by forging data, such as email addresses, IP addresses, or domain names.
SQL Injection (SQLi)
A web-based attack where an attacker manipulates SQL queries to gain unauthorized access to a database.
SSL/TLS Encryption
Security protocols used to encrypt internet communications and protect data from interception or tampering.
Steganography
A technique used to hide data within other files, such as images or audio, to evade detection.
Stolen Credentials Marketplace
Dark web platforms where cybercriminals buy and sell compromised usernames and passwords.
Strategic Cyber Threat Intelligence
High-level threat intelligence that focuses on long-term cybersecurity trends and adversary motivations.
Supply Chain Security
Security measures designed to protect organizations from cyber threats originating from third-party vendors and partners.
Surveillance Malware
Malware designed to spy on users by recording keystrokes, capturing screenshots, or activating webcams and microphones.
Suspicious Activity Detection
A security practice that uses analytics and behavioral monitoring to identify potentially malicious behavior.
SYN Flood Attack
A type of denial-of-service (DoS) attack that overwhelms a target system with a large number of incomplete TCP connection requests.
Syslog Security
Best practices for securing system logs to prevent log tampering and unauthorized access.
T
Tabletop Exercise (TTX)
A cybersecurity drill where organizations simulate and test their incident response plans against hypothetical cyber threats.
Tamper-Resistant Security
Hardware and software features designed to prevent unauthorized modifications or reverse engineering.
Tangible Asset Protection
Security measures to safeguard physical IT assets, such as servers, storage devices, and network hardware.
Tarpitting
A security mechanism that slows down malicious network activity, such as spam or automated attacks, by intentionally delaying responses.
TCP/IP Hijacking
A cyber attack where an attacker intercepts and manipulates TCP/IP sessions to gain unauthorized access.
Temporal Key Integrity Protocol (TKIP)
A security protocol used in WPA Wi-Fi encryption, later replaced due to vulnerabilities.
Tethered Jailbreak
A method of jailbreaking a device that requires it to be connected to a computer each time it is restarted.
Threat Actor
An individual or group that conducts cyber attacks, including hackers, nation-state actors, and cybercriminal organizations.
Threat Assessment
The process of identifying and evaluating cybersecurity threats to determine their potential impact.
Threat Detection and Response (TDR)
A security approach that continuously monitors systems to identify and mitigate cyber threats in real time.
Threat Feeds
Regularly updated sources of cyber threat intelligence that provide information about emerging attack techniques and indicators of compromise (IOCs).
Threat Hunting
A proactive cybersecurity practice where analysts search for hidden or undetected threats within an organization’s network.
Threat Intelligence (TI)
Data and analysis about cyber threats that help organizations predict, prevent, and respond to attacks.
Threat Intelligence Platform (TIP)
A tool used to collect, process, and analyze cyber threat intelligence to enhance security operations.
Ticket Granting Ticket (TGT) Attack
An attack on Kerberos authentication where attackers exploit a stolen TGT to gain unauthorized network access.
Time-Based One-Time Password (TOTP)
A dynamic authentication method that generates temporary login codes based on time synchronization.
Token Hijacking
A cyber attack where an attacker steals authentication tokens to gain unauthorized access to accounts or systems.
Tokenization
A data security technique that replaces sensitive information, such as credit card numbers, with unique tokens that have no exploitable value.
Tor (The Onion Router) Security
The practice of securing Tor-based communication against surveillance, deanonymization, and traffic correlation attacks.
Traffic Analysis Attack
A cyber attack where adversaries analyze network traffic patterns to infer sensitive information, even without decrypting the data.
Training Data Poisoning
An attack on machine learning models where adversaries manipulate training datasets to introduce biases or vulnerabilities.
Transient Execution Attack
A class of CPU-based vulnerabilities, such as Spectre and Meltdown, that exploit speculative execution to leak sensitive data.
Transport Layer Security (TLS) Security
Best practices for configuring TLS encryption to protect web and email communications from interception and tampering.
Trojan Horse Malware
A type of malware disguised as a legitimate application to deceive users into executing it.
TTPs (Tactics, Techniques, and Procedures)
The methods used by threat actors to conduct cyber attacks, analyzed in frameworks like MITRE ATT&CK.
Trusted Computing Base (TCB)
The combination of hardware, software, and firmware components that enforce a system’s security policies.
Trusted Platform Module (TPM)
A hardware security feature used to store cryptographic keys and ensure system integrity.
Two-Factor Authentication (2FA)
A security mechanism that requires two independent authentication methods to verify user identity.
Typosquatting Attack
A cyber attack where malicious actors register domains with misspelled names of popular websites to trick users into visiting fraudulent sites.
U
Unauthorized Access
Gaining access to a system, network, or data without proper authorization, often leading to data breaches or system compromises.
Underflow Attack
A cyber attack that exploits buffer underflow vulnerabilities, causing unexpected behavior in applications or systems.
Unified Threat Management (UTM)
An all-in-one security solution that integrates multiple security functions, such as firewall, intrusion detection, antivirus, and content filtering.
Unintentional Insider Threat
A security risk posed by employees or users who unintentionally expose sensitive data or create security vulnerabilities through negligence or lack of awareness.
Unmanaged Device Security
The risks and security challenges associated with allowing personal or non-corporate devices to access organizational networks.
Unpatched Vulnerability
A security flaw in software or hardware that remains exploitable due to the absence of a security patch or update.
Unstructured Data Security
Protecting sensitive data that is not stored in a structured format, such as emails, documents, and multimedia files.
URL Manipulation Attack
An attack where an attacker alters parameters in a URL to access restricted content or bypass authentication mechanisms.
URL Spoofing
A phishing technique where attackers create fraudulent websites with URLs that closely resemble legitimate ones to deceive users.
USB-Based Attacks
Cyber threats that leverage USB devices to spread malware, steal data, or compromise systems, such as USB rubber ducky attacks and BadUSB.
USB Drive Sanitization
The process of securely wiping data from USB drives to prevent unauthorized data recovery and potential malware infections.
USB Restricted Mode
A security feature in mobile devices that disables USB data transfer to prevent unauthorized access and malware injection.
User and Entity Behavior Analytics (UEBA)
A security approach that uses machine learning and analytics to detect abnormal user behavior that may indicate insider threats or cyber attacks.
User Account Control (UAC) Security
A Windows security feature that limits the execution of administrative privileges to prevent unauthorized changes and malware execution.
User Enumeration Attack
A technique where attackers probe login systems to discover valid usernames and use them for brute-force or phishing attacks.
User Identity Federation
A security model that allows users to authenticate across multiple systems and organizations using a single identity, such as SAML or OAuth.
User Tracking Security Risks
The privacy concerns and threats associated with tracking user activity across websites, applications, or devices.
Unauthorized API Access
A security issue where attackers gain access to APIs without proper authentication, potentially leading to data leaks or system manipulation.
UDP Flood Attack
A type of denial-of-service (DoS) attack that overwhelms a target with excessive UDP packets, consuming bandwidth and system resources.
Update Security
Ensuring that software and firmware updates are authentic, untampered, and deployed securely to prevent supply chain attacks.
Upload Vulnerability
A security risk where attackers exploit file upload functionalities to execute malicious code or gain unauthorized access.
Uptime Monitoring Security
Ensuring the availability and security of critical services by continuously monitoring uptime and detecting anomalies.
USB Armory
A security-focused USB device used for penetration testing, secure storage, and cryptographic operations.
Untrusted Code Execution
A security risk where applications or systems execute code from unverified or potentially malicious sources.
Unvalidated Redirects and Forwards
A web vulnerability where attackers trick users into visiting malicious sites by exploiting unverified URL parameters in web applications.
V
Vaccine Malware
A type of malware designed to protect a system by pre-infecting it in a way that prevents more harmful infections.
Vulnerability Assessment
The process of identifying, classifying, and prioritizing security vulnerabilities in systems, applications, and networks.
Vulnerability Chaining
An attack strategy where multiple vulnerabilities are combined to escalate privileges or bypass security mechanisms.
Vulnerability Exploitability Exchange (VEX)
A security framework that helps organizations determine which vulnerabilities are actually exploitable in their environment.
Vulnerability Management
A continuous process of identifying, assessing, prioritizing, and mitigating security vulnerabilities in an organization’s IT infrastructure.
Vulnerability Research
The study of security flaws in software, hardware, or protocols to identify potential attack vectors.
Virtual Private Cloud (VPC) Security
Security best practices for protecting cloud environments that provide isolated network spaces within a public cloud.
Virtual Private Network (VPN) Security
Techniques to ensure the security and privacy of VPN connections, including encryption, authentication, and mitigation of VPN leaks.
Virtual Machine Escape Attack
A critical security flaw where an attacker breaks out of a virtual machine (VM) to gain control of the host system.
Virtualization Security
Strategies to protect virtualized environments, including hypervisor hardening, secure VM isolation, and network segmentation.
Virus
A type of malware that attaches itself to legitimate programs and spreads when executed.
Voice Phishing (Vishing)
A form of phishing attack conducted over the phone to trick victims into revealing sensitive information.
VoIP Security (Voice over IP Security)
Protecting VoIP communication from threats such as eavesdropping, call interception, and spoofing attacks.
Volume-Based DDoS Attack
A denial-of-service attack that overwhelms a target with massive amounts of network traffic, consuming bandwidth and rendering services unavailable.
VPN Bypass Attack
Techniques used by attackers to circumvent VPN protections and access restricted networks or content.
VPN Leak
A security flaw where a VPN fails to fully encrypt or anonymize user traffic, exposing their real IP address or data.
Vulnerability Disclosure Program (VDP)
A structured process that allows security researchers to report vulnerabilities to an organization for responsible disclosure.
Vendor Risk Management (VRM)
The process of assessing and mitigating cybersecurity risks associated with third-party vendors and supply chain partners.
Volatile Memory Forensics
The process of analyzing live system memory (RAM) to extract digital evidence, detect malware, or investigate security incidents.
Verified Boot
A security mechanism that ensures only trusted, signed operating system components are loaded during startup.
Variable Key Attack
A cryptographic attack where an adversary manipulates encryption keys to break or weaken encrypted communications.
Virtual Trusted Platform Module (vTPM)
A software-based TPM used in virtualized environments to provide cryptographic security features.
Voiceprint Spoofing
A cyber attack where an attacker mimics or deepfakes a person's voice to bypass voice authentication systems.
Vendor-Specific Security Controls
Custom security measures implemented by technology providers to address unique vulnerabilities in their products or services.
W
WAF (Web Application Firewall)
A security solution that protects web applications from threats such as SQL injection, cross-site scripting (XSS), and other web-based attacks.
WannaCry Ransomware
A notorious ransomware attack that exploited the EternalBlue vulnerability in Windows systems, encrypting files and demanding ransom payments.
Wardriving
The act of searching for insecure Wi-Fi networks using a mobile device or specialized equipment.
Watering Hole Attack
A targeted attack where cybercriminals compromise websites frequently visited by their intended victims to deliver malware.
Weak Key Attack
A cryptographic attack that exploits poorly chosen or predictable encryption keys to break a system’s security.
Weaponized Document
A seemingly legitimate document embedded with malicious payloads, often used in phishing or malware distribution campaigns.
Web Cache Poisoning Attack
A cyber attack that manipulates web caching mechanisms to deliver malicious content to users.
Web Crawling for Reconnaissance
The use of automated scripts to gather intelligence on target websites, including hidden pages, metadata, and exposed credentials.
Web Scraping Security
Techniques to prevent unauthorized data extraction from websites, including bot detection and CAPTCHA enforcement.
Web Shell
A malicious script uploaded to a web server that allows attackers to execute commands remotely.
Web Skimming (Magecart Attack)
A cyber attack where malicious scripts are injected into e-commerce checkout pages to steal payment card information.
Whaling Attack
A form of spear phishing that specifically targets high-profile individuals, such as executives or government officials.
Whitelist in Cybersecurity
A security mechanism that allows only pre-approved applications, processes, or IP addresses to run or access resources.
Wi-Fi Eavesdropping
A cyber attack where an adversary intercepts and monitors unencrypted wireless communications to steal sensitive data.
Wi-Fi Pineapple Attack
A man-in-the-middle attack using a rogue access point to capture, modify, or inject malicious network traffic.
Wildcard Certificate Security Risk
Potential security issues associated with wildcard SSL/TLS certificates, which can be misused if compromised.
Windows Defender Application Control (WDAC)
A Microsoft security feature that enforces application whitelisting and prevents unauthorized code execution.
Windows Event Log Analysis
The process of monitoring and analyzing Windows logs to detect suspicious activity or security incidents.
Wireless Intrusion Detection System (WIDS)
A security solution that monitors wireless networks for unauthorized access and potential attacks.
Wireless Intrusion Prevention System (WIPS)
A proactive security tool that not only detects wireless threats but also takes automated actions to block them.
Worm Malware
A self-replicating type of malware that spreads across networks without human interaction.
Write-Once, Read-Many (WORM) Storage Security
A security measure that ensures data integrity by preventing stored data from being modified or deleted.
WPA/WPA2 Security
Best practices for securing Wi-Fi networks using WPA/WPA2 encryption to prevent unauthorized access.
WPA3 Security Improvements
Enhancements in the WPA3 Wi-Fi security standard, including improved encryption and protection against brute-force attacks.
WebRTC Security Risks
Vulnerabilities associated with WebRTC technology, such as IP leakage and eavesdropping in real-time communications.
Windows Registry Forensics
The process of analyzing Windows registry entries to uncover evidence of malware, persistence mechanisms, or unauthorized changes.
Weak Password Policy Risks
The security threats posed by allowing users to set short, common, or easily guessed passwords.
Write Permission Exploits
Attacks that take advantage of misconfigured file or directory write permissions to execute malicious code.
X
X.509 Certificate Security
A standard defining the format of public key certificates used in authentication, encryption, and digital signatures.
X-Content-Type-Options Security Header
A security mechanism that prevents web browsers from interpreting files as a different MIME type than declared, mitigating attacks like MIME-type sniffing.
X-Frame-Options Security Header
A web security feature that prevents clickjacking attacks by restricting how a webpage can be embedded in an iframe.
X-Powered-By Header Removal
A security best practice that hides server technology information to reduce exposure to targeted attacks.
X.25 Network Security
Measures to protect legacy X.25 packet-switching networks from interception, spoofing, and protocol-based attacks.
XAML Injection Attack
A security vulnerability where an attacker injects malicious XAML code into an application, potentially leading to remote code execution.
XDR (Extended Detection and Response)
A cybersecurity solution that integrates multiple security products to provide centralized threat detection, analysis, and response.
Xen Hypervisor Security
Best practices for securing Xen-based virtualized environments, including isolation, access control, and patch management.
Xenon-Based Malware Analysis
A technique that leverages hardware-assisted debugging using Xenon gas to analyze malware running in embedded systems.
XOR Encryption Attack
A cryptographic attack that exploits weaknesses in XOR-based encryption, often used in simple obfuscation schemes.
XSS (Cross-Site Scripting) Attack
A web security vulnerability where attackers inject malicious scripts into web pages viewed by other users.
XSS Filter Evasion Techniques
Methods used by attackers to bypass XSS filters in modern web applications to execute malicious code.
XML Bomb (Billion Laughs Attack)
A denial-of-service (DoS) attack that exploits XML parsers by nesting entities exponentially, causing excessive memory consumption.
XML External Entity (XXE) Injection
An attack that exploits XML parsers to access sensitive data, execute remote code, or conduct server-side request forgery (SSRF).
XMPP (Extensible Messaging and Presence Protocol) Security
Techniques for securing instant messaging communications using XMPP against eavesdropping, spoofing, and man-in-the-middle (MitM) attacks.
XOR-Based Malware Obfuscation
A technique used by malware authors to evade detection by encoding payloads with XOR operations.
XSRF (Cross-Site Request Forgery) Attack
A security vulnerability where an attacker tricks a user into executing unintended actions on a trusted website without their consent.
X-Rate-Limit Headers for API Security
A technique used to prevent abuse of APIs by limiting the number of requests allowed within a specified time frame.
X.400 Email Security
Security measures for X.400-based email communication systems used in legacy government and military applications.
XFS (X Font Server) Exploits
Vulnerabilities targeting the X Font Server (XFS) in Unix-based systems, potentially leading to denial-of-service or remote code execution.
XcodeGhost Malware
A malicious version of Apple's Xcode development environment that injected malware into legitimate iOS applications.
X.25 Network Attack
A legacy cyber attack targeting the X.25 packet-switching protocol, commonly used in older banking and government systems.
Y
YARA Rules
A pattern-matching tool used in cybersecurity for detecting and classifying malware based on specific signatures and behavioral characteristics.
YubiKey Security
A hardware authentication device that provides strong two-factor and passwordless authentication to enhance security.
Yahoo Data Breaches
A series of high-profile cyber breaches that exposed billions of user accounts due to weak security controls.
Yanking Attack (Drive Yank Attack)
A physical attack where an attacker quickly removes an encrypted storage device from a running system to extract data before encryption can be enforced.
Yield-Farming Scam
A type of fraud in decentralized finance (DeFi) where attackers set up fake yield-farming platforms to steal cryptocurrency assets from users.
YARA-Based Threat Hunting
The use of YARA rules to proactively search for indicators of compromise (IOCs) and unknown malware across networks and endpoints.
YouTube Phishing Scams
Social engineering attacks that exploit YouTube comment sections, fake channels, and fraudulent video descriptions to distribute malware or steal credentials.
Yellow Team (Cybersecurity)
A lesser-known cybersecurity role focusing on collaboration between developers (Blue Team) and offensive security professionals (Red Team) to improve security during software development.
Yet Another Distributed Denial of Service (YADDoS) Attack
A variation of DDoS attacks leveraging botnets to overwhelm a target system, similar to traditional volumetric and application-layer attacks.
YAML Injection Attack
A security vulnerability where improperly validated YAML (Yet Another Markup Language) files are exploited to execute arbitrary code.
Your Phone Malware
A category of malware that exploits smartphone synchronization features between mobile devices and desktops, commonly seen in Android and Windows integration attacks.
Yield Curve Manipulation in Financial Cybersecurity
A cyber threat where attackers manipulate financial systems to alter yield curves, potentially leading to fraudulent trading advantages.
Z
Zero-Day Vulnerability
A software or hardware security flaw that is unknown to the vendor and can be exploited before a patch is available.
Zero-Day Exploit
A cyber attack that targets an undisclosed vulnerability, making it highly dangerous as no official fix exists at the time of exploitation.
Zero-Day Malware
Malicious software designed to exploit zero-day vulnerabilities, often used in advanced persistent threats (APTs).
Zero Trust Security Model
A cybersecurity framework that assumes no user, device, or application should be trusted by default, requiring continuous verification.
Zero Trust Architecture (ZTA)
A security strategy that enforces strict access controls, micro-segmentation, and identity verification at all levels of an IT environment.
Zero Trust Network Access (ZTNA)
A remote access security model that verifies users and devices before granting limited access to specific resources rather than entire networks.
Zero Trust Policy Enforcement
A security principle where access to systems, applications, and data is granted based on strict authentication and least privilege policies.
Zombie Computer (Botnet Node)
A compromised system controlled by an attacker, often used as part of a botnet to launch distributed denial-of-service (DDoS) attacks.
Zoombombing
A cyber attack where unauthorized individuals join video conferences to disrupt meetings, often by sharing inappropriate content.
Z-Wave Security
Protecting smart home and IoT devices using Z-Wave communication protocols from eavesdropping and unauthorized access.
Zebra Crossing Attack (QR Code Attack)
A phishing attack that uses malicious QR codes to trick users into visiting fraudulent websites or downloading malware (also known as "Quishing").
Zero-Day Phishing Attack
A highly sophisticated phishing campaign that exploits newly discovered social engineering techniques or software vulnerabilities before defenses can be deployed.
Zero-Knowledge Proof (ZKP) Security
A cryptographic method that allows one party to prove knowledge of information without revealing the actual data, commonly used in blockchain and authentication systems.
Zone-Based Firewall (ZBFW) Security
An advanced firewall mechanism that applies security policies based on network zones rather than individual IP addresses or ports.
Zombie Process Attack
A security risk where malicious code creates persistent zombie processes in a system to evade detection and maintain stealth access.
ZMap Security Scanning
A high-speed network scanner used to identify vulnerable hosts, open ports, and misconfigured services at an internet-wide scale.
Zero-Click Exploit
An advanced cyber attack that compromises a target device without requiring any user interaction, often used against smartphones and messaging apps.
Zero-Latency Attack Detection
A real-time cybersecurity approach that identifies and mitigates threats instantly, minimizing damage from fast-moving attacks.