Discover essential hacking terminology and delve into relevant content, training paths, and expert tips to elevate your cybersecurity skills.
A type of DNS record that maps hostnames to IPv4 addresses.
A type of DNS record that maps hostnames to IPv6 addresses.
A technical control used to permit and deny access to shared resources or networks.
The process of logging actions taken on a computer system and linking those actions to a specific digital identity. Example: "We identified the internal employee responsible for the data breach by tracking all activities in the file share based on user accounts and group memberships."
A directory service developed by Microsoft for Windows domain networks. It authenticates and authorizes all users and computers in a Windows domain type network—assigning and enforcing security policies for all computers and installing or updating software.
Software that automatically displays or downloads advertising material (often unwanted) when a user is online.
A software program that performs a specific task on behalf of a user or another program, typically in the background.
Active reconnaissance is the process of probing a network to gather information about the target. This can include scanning for open ports, identifying services running on those ports, and identifying vulnerabilities in those services.
A communication protocol used for discovering the link layer address, such as a MAC address, associated with a given internet layer address, typically an IPv4 address.
A stealthy computer network attack in which a person or group gains unauthorized access to a network and remains undetected for an extended period.
A user account that has full access to a computer system. Administrators can make system-wide changes, install software, and access all files on the computer.
A software program that runs on a computer or mobile device. Applications can be web-based or installed on a device.
The process of making software and web applications more secure by finding, fixing, and preventing security vulnerabilities.
The process of verifying the identity of a user or device. Authentication is typically done using a username and password, biometric data, or a security token.
The process of determining what a user is allowed to do on a computer system or network. Authorization is typically based on the user's identity and the permissions assigned to that identity.
A binary-to-text encoding scheme that represents binary data in an ASCII string format by translating it into a radix-64 representation.
A hidden entry point into a computer system that bypasses normal security mechanisms. Backdoors are often used by attackers to gain unauthorized access to a system.
A type of shell that opens a network port on a computer and listens for incoming connections. Bind shells are often used by attackers to gain remote access to a system.
A tool used for analyzing Active Directory environments to identify and visualize attack paths that could be used by attackers to compromise the network.
The defensive team in a cybersecurity exercise or organization. Blue teams are responsible for protecting systems, networks, and data from cyber threats.
Bourne Again SHell. A command-line shell and scripting language used in Unix and Linux operating systems.
A network of computers infected with malware and controlled by a single entity. Botnets are often used to launch distributed denial-of-service (DDoS) attacks or send spam emails.
A type of cyberattack in which an attacker tries to gain unauthorized access to a system by trying all possible combinations of usernames and passwords until the correct one is found.
A type of software vulnerability in which a program writes more data to a buffer than it can hold, causing the excess data to overflow into adjacent memory locations. Buffer overflows can be exploited by attackers to execute arbitrary code or crash the program.
A program run by organizations that rewards individuals for discovering and reporting security vulnerabilities in their software or systems.
A popular web application security testing tool used for scanning, testing, and attacking web applications. Burp Suite includes a variety of tools for performing different types of security testing.
Bring Your Own Device. A policy that allows employees to use their personal devices, such as smartphones, laptops, and tablets, for work purposes.
A cybersecurity competition in which participants solve a series of challenges to find hidden flags. CTFs are used to test and improve participants' hacking skills.
An entity that issues digital certificates used to verify the identity of users, devices, or organizations on the internet. CAs are responsible for validating the information in the certificate and digitally signing it to ensure its authenticity.
A centralized server or infrastructure used by attackers to communicate with and control compromised systems in a botnet or other malicious network.
A type of web application vulnerability in which an attacker injects malicious scripts into web pages viewed by other users. XSS attacks can be used to steal sensitive information, deface websites, or redirect users to malicious sites.
The practice of securing communication and data by converting it into a form that can only be read by authorized parties. Cryptography uses mathematical algorithms to encrypt and decrypt data.
A method of representing IP addresses and their associated routing prefixes. CIDR notation is used to specify the number of leading bits in an IP address that represent the network portion of the address.
Software that is proprietary and does not allow users to view or modify its source code. Closed-source software is typically distributed under restrictive licensing terms.
A model for delivering computing services over the internet. Cloud computing allows users to access and use computing resources, such as servers, storage, and applications, on a pay-as-you-go basis.
A network of remote servers hosted on the internet that store, manage, and process data. Cloud services can include infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS).
The practice of protecting computer systems, networks, and data from cyber threats. Cybersecurity includes measures to prevent, detect, respond to, and recover from security incidents.
A type of software vulnerability in which an attacker executes arbitrary commands on a target system by injecting malicious code into a command input field.
A type of web application vulnerability in which an attacker tricks a user into performing an unwanted action on a trusted site. CSRF attacks can be used to change a user's account settings, transfer funds, or perform other malicious actions.
A software application used to create, manage, and publish digital content on the web. CMS platforms allow users to create and update websites without needing to write code.
A small piece of data stored on a user's computer by a website. Cookies are used to remember user preferences, track user activity, and personalize the user experience.
A type of cyberattack in which an attacker uses stolen usernames and passwords from one website to gain unauthorized access to accounts on other websites. Credential stuffing attacks rely on the fact that many users reuse the same credentials across multiple sites.
A time-based job scheduler in Unix-like operating systems. Cronjobs are used to schedule and automate tasks, such as running scripts, updating databases, and performing system maintenance.
A type of cyberattack in which an attacker floods a target system or network with traffic to disrupt its normal operation. DoS attacks can cause websites to become slow or unresponsive, crash servers, or prevent users from accessing online services.
An incident in which sensitive, protected, or confidential data is accessed, stolen, or exposed without authorization. Data breaches can occur due to cyberattacks, human error, or system vulnerabilities.
The process of converting encrypted data back into its original, readable form. Decryption requires the use of a decryption key or algorithm to reverse the encryption process.
A method of analyzing network traffic at the packet level to inspect and filter data in real-time. DPI is used to monitor and control network traffic, detect security threats, and enforce security policies.
The network device that serves as the entry and exit point for data packets traveling between a local network and the internet. The default gateway forwards packets to their destination outside the local network.
A network segment that separates an organization's internal network from an external network, such as the internet. The DMZ is used to host public-facing services, such as web servers, without exposing the internal network to external threats.
A hierarchical structure used to organize and store files, folders, and other resources on a computer system. Directories are used to manage and navigate the file system.
A type of web application vulnerability in which an attacker can access files and directories outside the web root directory. Directory traversal attacks can be used to view sensitive files, execute malicious code, or gain unauthorized access to a server.
An open-source platform used to automate the deployment, scaling, and management of software applications in containers. Docker containers are lightweight, portable, and isolated environments that run applications and their dependencies.
A server that manages user accounts, security policies, and access controls in a Windows domain network. Domain controllers authenticate and authorize users and computers in the network.
A hierarchical system used to translate domain names, such as www.example.com, into IP addresses, such as
A network protocol used to automatically assign IP addresses and network configuration settings to devices on a network. DHCP servers manage the allocation of IP addresses and ensure that each device has a unique address.
The process of converting data into a secure, unreadable format using an encryption algorithm. Encrypted data can only be read by authorized parties who have the decryption key.
A piece of software or code that takes advantage of a vulnerability in a system or application to gain unauthorized access, execute arbitrary code, or perform other malicious actions.
A device or node on a network that serves as a communication endpoint. Endpoints can include computers, servers, mobile devices, and other network-connected devices.
A cybersecurity professional who uses hacking techniques to identify and fix security vulnerabilities in systems, networks, and applications. Ethical hackers help organizations improve their security posture and protect against cyber threats.
The process of gathering information about a target system, such as user accounts, network shares, and system configurations. Enumeration is often used by attackers to identify potential vulnerabilities and plan further attacks.
A network security device that monitors and controls incoming and outgoing network traffic based on predetermined security rules. Firewalls are used to protect networks from unauthorized access, malware, and other cyber threats.
The process of collecting, preserving, and analyzing digital evidence to investigate cybercrimes, security incidents, and data breaches. Forensic analysis is used to identify the cause of an incident, determine the extent of the damage, and support legal proceedings.
A software testing technique that involves sending random or invalid data to an application to identify vulnerabilities, crashes, or unexpected behavior. Fuzzing is used to discover security flaws and improve the reliability of software applications.
A security feature that encrypts all data on a storage device, such as a hard drive or solid-state drive. Full disk encryption protects data at rest and prevents unauthorized access to sensitive information if the device is lost or stolen.
Software that is embedded in hardware devices to control their operation. Firmware provides the low-level control and functionality needed to boot the device, manage hardware components, and interact with the operating system.
A network protocol used to transfer files between a client and a server on a computer network. FTP is commonly used to upload, download, and manage files on a remote server.
A security policy that defines how a firewall should handle incoming and outgoing network traffic. Firewall rules specify which connections are allowed or blocked based on criteria such as IP addresses, ports, and protocols.
A computer or network device that stores and manages files for users on a network. File servers provide centralized storage, access control, and file sharing capabilities for users and applications.
An initial point of access that an attacker establishes on a target system or network. Footholds are used to gain a persistent presence, escalate privileges, and launch further attacks.
A search query that uses advanced operators to find information that is not easily accessible through conventional search engines. Google dorks are often used by hackers to discover sensitive data and vulnerabilities on websites.
A hacker who operates between the ethical boundaries of white hat hackers and the malicious intent of black hat hackers. Gray hat hackers may engage in activities that are technically illegal but are not intended to cause harm.
A pre-configured template used to create identical copies of virtual machines or systems. Golden images are used to streamline the deployment of new systems and ensure consistency across multiple environments.
A command-line utility used to search text files for specific patterns or regular expressions. Grep is commonly used in Unix and Linux operating systems to find and filter text data.
A collection of user accounts that share common permissions, access rights, and security policies. Groups are used to simplify user management, control access to resources, and enforce security policies in a computer system.
A person who uses technical knowledge and skills to gain unauthorized access to computer systems, networks, and data. Hackers may engage in activities such as exploiting vulnerabilities, stealing information, and disrupting operations.
A fixed-length string of characters generated by a cryptographic algorithm to represent data. Hashes are used to verify data integrity, authenticate messages, and securely store passwords.
A decoy system or network designed to attract and deceive attackers. Honeypots are used to monitor and analyze attacker behavior, gather threat intelligence, and protect real systems from cyber threats.
Hypertext Transfer Protocol. A protocol used for transmitting and receiving information on the World Wide Web. HTTP defines how web browsers and servers communicate, exchange data, and display web pages.
Hypertext Transfer Protocol Secure. An encrypted version of HTTP that uses SSL/TLS protocols to secure data transmitted between a web browser and a web server. HTTPS is used to protect sensitive information, such as passwords and credit card details, from eavesdropping and tampering.
A popular password cracking tool used to recover lost or forgotten passwords from hashed data. Hashcat supports a variety of hash algorithms and attack modes to crack passwords stored in different formats.
A markup language used to create and structure web pages. HTML defines the content and layout of web pages using tags and attributes to format text, images, links, and other elements.
A computer or device connected to a network that provides services, resources, or data to other devices. Hosts can include servers, workstations, routers, and other networked devices.
The process of responding to and managing security incidents, such as data breaches, cyberattacks, and system compromises. Incident response involves detecting, analyzing, containing, and recovering from security incidents to minimize damage and restore normal operations.
An identifier assigned to a device on a network to enable communication with other devices. IP addresses are used to route data packets between devices and identify the source and destination of network traffic.
A security tool that monitors network traffic and system activity for signs of unauthorized access, malicious behavior, or security threats. IDSs analyze network packets, log files, and system events to detect and alert on suspicious activity.
A security tool that monitors network traffic, detects security threats, and automatically blocks or mitigates malicious activity. IPSs are used to prevent attacks, protect network resources, and enforce security policies.
A set of rules that govern how data packets are transmitted over a network. IP is used to route data between devices on the internet and assign unique addresses to each device for identification and communication.
A company that provides internet access to individuals, businesses, and organizations. ISPs offer a range of services, such as broadband, dial-up, and wireless internet connections, to connect users to the internet.
A network protocol used to send error messages and control messages between devices on a network. ICMP is used to diagnose network problems, test connectivity, and report errors in data transmission.
A network of interconnected devices, sensors, and objects that communicate and exchange data over the internet. IoT devices include smart home appliances, wearable devices, industrial sensors, and other internet-connected gadgets.
A real-time messaging protocol used to create and participate in chat rooms and group discussions on the internet. IRC is used for online communication, collaboration, and social interaction between users around the world.
A collection of Python scripts used to interact with Windows networks and systems. Impacket provides a set of tools for performing network attacks, security assessments, and penetration testing on Windows environments.
An archive file that contains an exact copy of the data from an optical disc, such as a CD, DVD, or Blu-ray disc. ISO files are used to create backup copies of discs, distribute software, and install operating systems.
A programming language used to create interactive and dynamic content on websites. JavaScript is commonly used to add functionality, validate forms, and enhance the user experience in web applications.
A high-level programming language used to develop software applications, web applications, and mobile apps. Java is platform-independent and widely used for building enterprise applications, web services, and Android apps.
A compact, URL-safe token format used to securely transmit information between parties as a JSON object. JWTs are commonly used for authentication, authorization, and information exchange in web applications and APIs.
An open-source content management system (CMS) used to create and manage websites, blogs, and online applications. Joomla is written in PHP and offers a range of features, templates, and extensions for building dynamic websites.
A lightweight data interchange format used to transmit data between a server and a web application. JSON is based on JavaScript syntax and is commonly used for storing and exchanging structured data in web services and APIs.
The process of removing software restrictions on a device to gain full control and access to its operating system. Jailbreaking is commonly used to install unauthorized apps, customize settings, and bypass security restrictions on mobile devices.
A Debian-based Linux distribution designed for digital forensics, penetration testing, and security auditing. Kali Linux includes a collection of tools and utilities for testing and assessing the security of computer systems and networks.
A type of software or hardware device that records keystrokes typed by a user on a computer or mobile device. Keyloggers are used to capture sensitive information, such as passwords, credit card numbers, and other confidential data.
The core component of an operating system that manages system resources, hardware devices, and software applications. The kernel provides essential services, such as memory management, process scheduling, and device drivers, to enable the operation of the operating system.
A network authentication protocol used to verify the identity of users and services on a network. Kerberos provides secure authentication, single sign-on, and mutual authentication between clients and servers in a distributed environment.
The process of securely sharing cryptographic keys between parties to establish a secure communication channel. Key exchange protocols are used to negotiate encryption keys, authenticate users, and protect data during transmission.
An open-source data visualization tool used to explore, analyze, and visualize data stored in Elasticsearch. Kibana provides a user-friendly interface for creating dashboards, charts, and reports to monitor and analyze data in real-time.
A fundamental concept in cryptography that states a cryptographic system should be secure even if everything about the system, except the key, is known to the attacker. Kerckhoffs's Principle emphasizes the importance of using strong encryption keys to protect data.
An open-source container orchestration platform used to automate the deployment, scaling, and management of containerized applications. Kubernetes provides tools for managing container clusters, scheduling workloads, and monitoring application performance.
A temporary credential issued by the Kerberos Key Distribution Center (KDC) to authenticate a user to services on a network. The TGT is used to obtain service tickets and access network resources securely.
A component of the Kerberos authentication system that verifies the identity of users and issues initial tickets for authentication. The AS is responsible for authenticating users and granting access to the Kerberos Key Distribution Center (KDC).
A centralized server that manages authentication, ticket granting, and key distribution in the Kerberos authentication system. The KDC issues tickets, authenticates users, and enforces security policies in a Kerberos realm.
A temporary credential issued by the Kerberos Key Distribution Center (KDC) to authenticate a user to a specific service on a network. The service ticket is used to access network resources securely without revealing the user's password.
A logical administrative domain in the Kerberos authentication system that defines a set of users, services, and authentication policies. Kerberos realms are used to manage security domains and establish trust relationships between entities.
An entity, such as a user or service, that is identified and authenticated by the Kerberos authentication system. Kerberos principals are assigned unique names and keys to securely access network resources.
A network authentication protocol used to verify the identity of users and services in a distributed environment. Kerberos provides secure authentication, mutual authentication, and single sign-on capabilities to protect network resources.
A component of the Kerberos authentication system that issues service tickets to users for accessing network services. The TGS is responsible for granting access to services and enforcing security policies in a Kerberos realm.
A temporary cryptographic key generated by the Kerberos authentication system to secure communication between a client and a service. The session key is used to encrypt and decrypt data exchanged during a Kerberos session.
An open-source operating system based on the Linux kernel and GNU software. Linux is widely used in servers, desktops, mobile devices, and embedded systems due to its stability, security, and flexibility.
A network that connects devices within a limited geographic area, such as a home, office, or campus. LANs are used to share resources, exchange data, and enable communication between computers, printers, and other networked devices.
A file that records events, activities, and messages generated by a computer system, application, or network device. Log files are used to track system activity, monitor performance, and troubleshoot issues in software and hardware.
A type of security vulnerability in which an attacker manipulates LDAP queries to execute unauthorized commands on a target LDAP server. LDAP injection attacks can be used to extract sensitive information, modify data, or gain unauthorized access to LDAP directories.
A network device or software application that distributes incoming network traffic across multiple servers or resources. Load balancers improve performance, availability, and scalability by evenly distributing workloads and preventing server overload.
A reserved hostname that refers to the local computer or device on which a program is running. Localhost is commonly used to access services, test applications, and view web pages on the same device without connecting to the internet.
A type of network attack that targets the data link layer (Layer 2) of the OSI model. Layer 2 attacks exploit vulnerabilities in Ethernet frames, MAC addresses, and switches to intercept, modify, or disrupt network traffic.
A type of network attack that targets the network layer (Layer 3) of the OSI model. Layer 3 attacks exploit vulnerabilities in IP addresses, routing protocols, and routers to disrupt, intercept, or redirect network traffic.
A type of network attack that targets the transport layer (Layer 4) of the OSI model. Layer 4 attacks exploit vulnerabilities in TCP and UDP protocols to overload, disrupt, or manipulate network connections and services.
A type of network attack that targets the application layer (Layer 7) of the OSI model. Layer 7 attacks exploit vulnerabilities in web applications, APIs, and protocols to disrupt, exploit, or compromise application functionality.
A type of web application vulnerability that allows an attacker to include and execute local files on a web server. LFI attacks can be used to read sensitive files, execute malicious code, and gain unauthorized access to a server.
A security vulnerability that allows an attacker to gain higher privileges on a local system or device. Local privilege escalation attacks exploit weaknesses in operating systems, applications, or configurations to elevate user permissions and access sensitive data.
A security principle that restricts user accounts and processes to the minimum level of access required to perform their tasks. Least privilege helps reduce the risk of unauthorized access, data breaches, and privilege escalation in computer systems and networks.
The process of moving laterally across a network to gain access to additional systems, resources, or data. Lateral movement is used by attackers to expand their presence, escalate privileges, and maintain persistence in a compromised network.
Malicious software designed to disrupt, damage, or gain unauthorized access to computer systems, networks, and data. Malware includes viruses, worms, trojans, ransomware, spyware, and other types of malicious code.
A covert threat where attackers intercept and alter communication between two parties. Man-in-the-Middle (MITM) attacks can result in data theft, unauthorized access, and financial losses. To prevent such attacks, encryption and secure communication protocols are essential.
A penetration testing framework that helps security professionals identify and exploit vulnerabilities in computer systems, networks, and applications. Metasploit provides a range of tools, modules, and payloads for testing and assessing the security of target systems.
The process of examining, dissecting, and understanding malicious software to identify its behavior, functionality, and impact. Malware analysis is used to detect, classify, and respond to cyber threats, such as viruses, worms, trojans, and ransomware.
A security mechanism that requires users to provide multiple forms of verification to access an account, system, or application. MFA combines two or more factors, such as passwords, biometrics, tokens, and SMS codes, to enhance security and prevent unauthorized access.
A post-exploitation tool used in penetration testing and red teaming to maintain access and control over a compromised system. Meterpreter provides a range of features, commands, and modules for executing post-exploitation activities on target systems.
The process of analyzing, deconstructing, and understanding malicious software to identify its functionality, behavior, and purpose. Malware reverse engineering is used to develop countermeasures, detect threats, and improve cybersecurity defenses against malware attacks.
A controlled environment used to execute and analyze malware samples in a safe and isolated manner. Malware sandboxes are used to observe malware behavior, identify malicious activities, and generate threat intelligence for cybersecurity research and analysis.
A communication channel used by malware to receive commands, exfiltrate data, and interact with a remote attacker. Malware command and control (C2) servers are used to control infected systems, steal information, and launch further attacks on target networks.
A post-exploitation tool used to extract and manipulate credentials in Windows environments. Mimikatz provides a range of capabilities for recovering passwords, hashes, and tokens from memory, registry, and other sources on compromised systems.
A cryptographic hash function that produces a fixed-length hash value of 128 bits from input data. MD5 hashes are commonly used to verify data integrity, store passwords, and generate checksums in software applications and security protocols.
A type of malware that delivers and installs malicious payloads on a target system. Malware droppers are used to distribute ransomware, trojans, worms, and other malware variants to compromise systems and steal sensitive information.
A technique used to change or forge the Media Access Control (MAC) address of a network device. MAC spoofing is used to bypass network filters, impersonate legitimate devices,
A knowledge base of adversary tactics, techniques, and procedures used in cyberattacks. MITRE ATT&CK provides a framework for understanding and categorizing threat actor behavior, tactics, and techniques to improve cybersecurity defenses and incident response.
The practice of protecting computer networks, systems, and data from cyber threats, attacks, and unauthorized access. Network security includes a range of technologies, tools, and practices to secure network infrastructure, monitor traffic, and detect security incidents.
A technique used to map private IP addresses to public IP addresses to enable communication between devices on different networks. NAT is used to conserve IP addresses, improve network security, and facilitate internet connectivity for multiple devices.
A collection of interconnected devices, systems, and resources that communicate with each other to share data and services. Networks can be classified based on their size, scope, and purpose, such as LANs, WANs, and the internet.
Software that is freely available, modifiable, and redistributable under an open-source license. Open-source software promotes collaboration, transparency, and innovation by allowing users to view, modify, and share the source code.
A software program that manages computer hardware, software resources, and user interactions. Operating systems provide essential services, such as memory management, file systems, and process scheduling, to enable the operation of computers and devices.
A list of the top 10 most critical web application security risks identified by the Open Web Application Security Project (OWASP). The OWASP Top 10 provides guidance on common vulnerabilities, attack techniques, and security best practices to protect web applications from cyber threats.
A nonprofit organization dedicated to improving the security of software applications and web services. OWASP provides resources, tools, and guidelines for developers, security professionals, and organizations to build secure applications and protect against cyber threats.
A type of web application vulnerability that allows an attacker to redirect users to malicious websites. Open redirect vulnerabilities are used in phishing attacks, social engineering scams, and malware distribution to deceive users and steal sensitive information.
A type of cyber attack that uses social engineering techniques to deceive users into revealing sensitive information, such as passwords, credit card numbers, and personal data. Phishing attacks are commonly delivered via email, text messages, and fake websites to steal information and compromise accounts.
A security assessment that simulates real-world cyber attacks to identify and exploit vulnerabilities in computer systems, networks, and applications. Penetration testing helps organizations assess security risks, test defenses, and improve cybersecurity posture.
The malicious component of malware that performs a specific action, such as stealing data, deleting files, or launching an attack. Payloads are designed to execute malicious code, exploit vulnerabilities, and achieve the attacker's objectives on a target system.
A technique used to discover open ports, services, and vulnerabilities on a target system or network. Port scanning tools are used to identify listening ports, detect network services, and assess security risks in computer systems and devices.
A security vulnerability that allows an attacker to gain higher privileges on a computer system or network. Privilege escalation attacks exploit weaknesses in software, configurations, or user accounts to elevate permissions and access sensitive data.
A technique used to capture and analyze network traffic to monitor data packets, detect security threats, and troubleshoot network issues. Packet sniffers are used by network administrators, security professionals, and attackers to inspect and intercept network communications.
A communication endpoint used to identify network services and applications on a computer system. Ports are numbered and assigned to specific protocols, such as TCP, UDP, and HTTP, to enable data exchange and network communication between devices.
A request for information or data sent to a database, search engine, or network server. Queries are used to retrieve, filter, and manipulate data in databases, perform searches on the internet, and communicate with network services.
A two-dimensional barcode that stores information, such as URLs, text, and contact details, in a machine-readable format. QR codes are used for marketing, advertising, payments, and authentication by scanning the code with a smartphone or QR code reader.
A type of security vulnerability that allows an attacker to manipulate database queries to execute unauthorized commands. Query injection attacks are used to extract data, modify records, and bypass security controls in web applications and databases.
A type of malware that encrypts files, locks computer systems, and demands a ransom payment from victims to restore access to their data. Ransomware attacks are used to extort money, disrupt operations, and cause financial losses for individuals and organizations.
A type of malware that provides unauthorized access and control over a computer system or network. Rootkits are used to hide malicious activities, evade detection, and maintain persistence on infected systems by modifying system files and processes.
A security vulnerability that allows an attacker to execute arbitrary code on a remote system or network. Remote code execution (RCE) attacks are used to compromise servers, exploit software vulnerabilities, and gain unauthorized access to target systems.
A group of security professionals who simulate cyber attacks to test and assess the security defenses of an organization. Red teams use offensive tactics, techniques, and procedures to identify vulnerabilities, exploit weaknesses, and improve cybersecurity readiness.
The process of analyzing, deconstructing, and understanding software or hardware to extract design information, source code, or functionality. Reverse engineering is used for software development, security research, and intellectual property analysis in technology products.
An evaluation of potential threats, vulnerabilities, and impacts to identify and prioritize security risks in an organization. Risk assessments help organizations assess security posture, mitigate vulnerabilities, and implement controls to protect against cyber threats.
An unauthorized wireless access point that poses a security risk to users and networks. Rogue access points are used by attackers to intercept
A type of web application vulnerability that allows an attacker to manipulate SQL queries to execute unauthorized commands on a database. SQL injection attacks are used to extract data, modify records, and bypass security controls in web applications and databases.
A psychological manipulation technique used to deceive individuals into revealing sensitive information, such as passwords, personal data, and financial details. Social engineering attacks exploit human behavior, trust, and emotions to gain unauthorized access to systems and data.
Malicious software that secretly monitors and collects information about a user's activities, browsing habits, and personal data. Spyware is used to track users, steal sensitive information, and deliver targeted ads without their knowledge or consent.
A cryptographic network protocol used to securely access and manage remote systems over an unsecured network. SSH provides encrypted communication, secure authentication, and remote command execution to protect data and prevent unauthorized access to network services.
A security technology that combines security information management (SIM) and security event management (SEM) to provide real-time monitoring, analysis, and reporting of security events and incidents. SIEM systems help organizations detect, investigate, and respond to security threats.
A network protocol used to share files, printers, and resources between devices on a network. SMB is commonly used in Windows environments to enable file sharing, remote access, and network communication between computers, servers, and storage devices.
A type of malware that disguises itself as a legitimate program to deceive users and gain unauthorized access to their systems. Trojan horses are used to steal data, install backdoors, and deliver payloads on infected computers without the user's knowledge.
Information about potential cyber threats, vulnerabilities, and risks that can be used to protect organizations from security incidents. Threat intelligence provides insights, analysis, and context to help organizations detect, respond to, and mitigate security threats.
A security mechanism that requires users to provide two forms of verification to access an account, system, or application. Two-factor authentication (2FA) combines something the user knows (password) with something the user has (token, phone) to enhance security and prevent unauthorized access.
An individual, group, or organization that carries out cyber attacks, security breaches, or malicious activities to achieve specific objectives. Threat actors include hackers, cybercriminals, hacktivists, and nation-state actors who target systems, networks, and data for financial gain, espionage, or disruption.
A network protocol used to establish remote terminal connections and manage network devices over a TCP/IP network. Telnet provides command-line access to remote systems, routers, and servers for configuration, administration, and troubleshooting purposes.
A connectionless network protocol used to send datagrams between devices on a network. UDP is used for real-time applications, such as video streaming, online gaming, and voice over IP (VoIP), that require low latency and high-speed data transmission.
A web address that specifies the location of a resource on the internet, such as a website, file, or document. URLs consist of a protocol (http, https), domain name, path, and query parameters to identify and access web content on the World Wide Web.
A string that identifies the web browser, device, or application used to access a website or online service. User-agent strings are sent in HTTP requests to provide information about the client's software, operating system, and capabilities to web servers and applications.
A technique used to discover valid usernames, accounts, or user IDs on a target system or application. User enumeration attacks are used by attackers to identify valid user accounts, bypass authentication controls, and gain unauthorized access to systems and data.
A weakness or flaw in a computer system, network, or application that can be exploited by attackers to compromise security, steal data, or disrupt operations. Vulnerabilities are identified, reported, and patched to prevent cyber attacks and protect against security risks.
A secure network connection that encrypts data and routes traffic through a remote server to protect privacy and security. VPNs are used to establish secure connections, access restricted content, and protect sensitive information when browsing the internet or connecting to public Wi-Fi networks.
A wireless networking technology that enables devices to connect to the internet and communicate with each other without using cables. Wi-Fi uses radio waves to transmit data between devices, such as smartphones, laptops, and routers, to provide wireless internet access and network connectivity.
A security tool that filters, monitors, and blocks malicious traffic to protect web applications from cyber attacks. Web application firewalls are used to detect and mitigate threats, such as SQL injection, cross-site scripting, and DDoS attacks, to secure web servers and applications.
A popular operating system developed by Microsoft for personal computers, servers, and mobile devices. Windows provides a graphical user interface, multitasking capabilities, and a wide range of software applications for productivity, entertainment, and communication.
A type of web application vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. Cross-site scripting (XSS) attacks are used to steal sensitive information, deface websites, and execute unauthorized actions in web browsers.
A type of security vulnerability that allows attackers to exploit XML processors and parse external entities in XML documents. XML external entity (XXE) attacks are used to read files, execute commands, and extract sensitive data from web applications and services.
A pattern-matching tool used to identify and classify malware samples based on predefined rules and signatures. YARA is used for malware analysis, threat hunting, and incident response to detect and analyze malicious code, files, and behaviors in computer systems and networks.
A human-readable data serialization format used to store and exchange data in a structured manner. YAML is commonly used in configuration files, data exchange, and automation scripts to represent data structures, objects, and relationships in a simple and readable format.
A security vulnerability that is exploited by attackers on the same day it is discovered, before a patch or fix is available. Zero-day exploits are used to launch cyber attacks, compromise systems, and steal data by exploiting unknown vulnerabilities in software, hardware, or networks.
A security model that assumes no trust in users, devices, or networks and verifies every access request before granting permissions. Zero trust architecture uses identity verification, least privilege, and continuous monitoring to protect data, applications, and resources from cyber threats and insider attacks.