This dictionary provides a summary of 232 phrases, or jargon, related to information security. We would like to clarify the most stubborn misunderstanding immediately, because the mainstream media might have misinformed you:
Hacker ~ a security researcher who ethically identifies weaknesses in security systems, and then reports them or works on a solution.
Cracker ~ a criminal who unethically misuses (highly sensitive) information, as well as weaknesses in security systems, for personal gain.
Due to the negative connotation most hackers now prefer the job title "security researcher". Other phrases often heard in the industry are:
Software designed to show ads, or showing a lot of ads. Offline or online. See Tracker also.
A detection method that applies a behavioural analysis to establish the parameters of regular use, and then sets off an alarm when it detects behaviour that deviates from that pattern.
An ideology and not a single group. A gathering of individuals among which Hacktivists, hierarchically unstructured internally, that attempt to form a single front against larger powers.
A part of InfoSec dedicated to application security.
An addition for Metasploit which adds a graphical interface (GUI) on top of the textual interface (CLI).
A specific order of events that are indicative for an attempt to gain unauthorized access to a system or network.
The sum of the amount of points at which software can be attacked. Developers should always try to keep the attack surface as small as possible, so that Hackers and Crackers have less chance of being successful during an attack.
Being able to credit an attack, without any doubt, to a responsible group or individual. Attribution is not always possible because sometimes traces are dead ends or incomplete. It is a lengthy process, often only performed by digital forensic investigators working towards a criminal prosecution case.
A process in which the auditor independently checks the integrity and security measures of a system to be able to determine impartially whether it meets safety requirements and standards.
A log which contains who has accessed the system, including the time and date, and a report of the consequential activities within the system during the time of access.
Kali Linux was previously named, and known as, Backtrack Linux.
The opposite of a HoneyPot. A system in the network specifically designed to withstand attacks. Often using extreme measures of Hardening. The system is as minimalistic as possible to minimize the Attack surface.
A marketing term. The gathering of information on a large scale. Often with the hope of being able to apply smart analysis on the vast amount of information, in order to extract valuable details from it all.
In relation to Persistence establishing and after the Initial exploitation of the target computer, the system can be set up as a shell-server. After which Hackers and Crackers can attempt to reconnect using a shell-client. See also Shell shoveling and Reverse shell.
A criminal. See Cracker.
An attack method in which the same Payload is strapped onto multiple and diverse types of Exploits, and then fired at a system. Crackers hope to increase the chances of success fast this way. The risk of being detected is substantially increased during blended attacks due to the large Attack footprint of such an attack.
Software that comes pre-installed on a system and can be useful, but it was installed without approval. See also Crapware.
A team of security employees specialized in defensive tactics, to avoid a breach by Crackers and or during exercises with the the Red team. The blue team is sometimes referred to as Tiger team, CSIRT or CIRT.
This is the phase after netdancing in which a Hacker or Cracker will attempt to secure the spoils from the Compromised system using Exfiltration, followed by a careful cleaning of traces possibly left behind in any of the previous four phases.
A part of the hard disk which is read by the computer during booting, to be able to determine what it needs to load from the disk to start the operating system. If an OS is installed at all.
A network of systems that have fallen prey to, and is controlled by, criminals. These systems can be owned by anyone, anywhere. Owners are often not aware of the fact that their system is part of a botnet. Botnets are used by Crackers to achieve their personal goals. Goals that require vast amounts of computer power or anonymity. See also Zombie.
The method of securing a network by giving extra attention to devices on the edge of a network, often facilitating the connection to the outside world. This includes among others gateways, proxies, routers and Firewalls.
A situation in which someone can access information that was not meant to be accessed by them originally. In which case the privilege system was flawed.
A situation in which someone is able to access information with the use of an invalid account. In which case the authentication system was flawed.
A type of attack related to Hashing. Because hashes cannot be reversed back into the original information, the idea of this attack is to use a dataset of self-hashed information to compare to. If the hashes match, the information within is found. Brute force attacks can be performed offline, contrary to Dictionary attacks.
A method of attack in which a buffer of a specific size is overloaded on purpose. This can lead to the corruption of memory. A common Vulnerability that can often lead to further system access.
An application that uses automation in order to discover Vulnerabilities in web based systems, such as websites and web applications.
Computer Incident Response Team. A different name for the Blue team, often used within governments.
Computer Security Incident Response Team. A different name for the Blue team, often used within governments.
A form of data theft in which the cache system is abused for Exfiltration.
A form of Social engineering in which the criminal poses, often with a fake identity, as a potential romantic partner. The criminal often hopes to be able to convince the victim to wire money to them.
A value that is computed on data, in order to be able to detect errors or manipulation afterwards. See also Hashing.
See Clear web.
A method used by Crackers that transforms a seemingly harmless hyperlink into actually linkin to something harmful like malicious software.
A form of Phishing in which legitimate e-mail is intercepted and manipulated in route. For example, by changing hyperlinks to malicious destinations.
A marketing term. 'The cloud' is a location outside of the organization where data is stored. This is called a data center. In attempt to speak to the imagination, a marketeer once coined the phrase 'cloud'. Which stuck. Storing data in data centers can be economically beneficial. However, all data should always be encrypted since it's not within the control of the organization to secure it otherwise.
See Command and control.
When something can no longer be trusted as valid. For example, when an unknown entity has had access and therefore the opportunely to alter a system to their desire. In this case, the system must be considered a security risk by default.
A research method performed by a Red team that involves attacking an organization without any (inside) knowledge about the organization. Employees of the organization are also unaware of the planned attack. At the request of, and with the permission of, only the upper management. Not to be confused with Black boxing, which is about a single particular system.
A criminal who unethically misuses (highly sensitive) information, as well as weaknesses in security systems, for personal gain. Crackers do not abide by law or ethical common sense.
See Cracker. Acts performed by a cracker.
Software that comes pre-installed on a system. Solely for marketing purposes and often not of any use whatsoever. See also Bloatware.
Also known as 'one-click attack' or 'session riding' and often abbreciated to XSRF or CSRF. A type of attack in which a Cracker tricks a victim into executing a command, while the victim is logged into a service. The command abuses the fact that the victim is logged into the service, to perform a task.
A type of attack in which criminals are able to insert malicious script code into a legitimate website. With adverse consequences for other visitors. For example Formjacking or redirecting visitors tot a malicious website.
A type of Malware known as Scareware. This malicious software enters a system often as a Payload of a Trojan, like a document attached to an e-mail. Once in, it will encrypt all (important) files. After the Encryption finished, it will reveal itself to the user of the system and demand money to revert the encrypted files back into a usable state.
Attempting to reconstruct events that took place based on digital evidence.
An attack on an individual or organization using digital technology, as opposed to conventional methods like corporate espionage.
Criminal acts using digital technology, as opposed to conventional physical criminality like burglary for example.
A different name for Information security. The phrase cyber security is often used by people wanting to address the topic, but without having a proper knowledge on the subject themselves. Like for example some politicians and CEO's. The issue is that the phrase is dated and heavily charged, apart from also being associated with the 1980s. More modern professionals prefer the phrase information security.
The suspicion that Crackers would be able to cause damage within the digital technology of an organisation.
A method in which the IP address of a domain name in a DNS is falsified. See also Pharming attack.
See DNS cache poisoning.
See Dark web.
A layer of the internet that can be accessed using special software. TOR for example. In this layer, whistle blowers, journalists in dangerous countries and criminals benefit from the extra anonymity the dark web offers.
When data is leaked. For example, when a Cracker is able to enter a system and download information back to its own system. Data breaches are often discovered late due to insufficient monitoring and/or logging. Stolen data is often exposed, sold or used for financial extortion.
A part of the internet that has not, or not fully, been mapped by search engines. Therefore this part of the internet is rarely visited by the majority of internet users. The opposite is the Surface web.
Breaking into a system or website and having it show a message to all other users. Sometimes this message can be a (political) statement, other times it is the alias of a Cracker/group desiring the fame and credit for defacing the system.
A type of Brute force attack. In this type of attack a vast list of plain text credentials is used, in the hopes of finding one that works. This principle relies on the fact that people often (re)use the same credentials and/or use weak passwords. A defensive method against such attacks is Rate Limiting. Users themselves can also help by choosing unique and strong passwords for their accounts.
Finding and publicly publishing personal information on an individual, which assumed to be Anonymous and safe on the internet. Often used among Crackers to expose one another, out of spite or envy. Doxing is, like snitching among criminals, seen as a very serious matter.
A dropper is malicious code specifically designed to infect a victim, without requiring any interaction from the victim.
A mathematical procedure. The act of securing information using formulas, which convert information from human readable to unreadable and back using for example a secret password. Clever math is able to encrypt information rapidly. Without knowing the secret it is virtually impossible to decrypt it however.
A method in which Encryption is used to protect information between two endpoints. The sender and receiver are able to read the information. Others are unable to read it when the message is intercepted due to being unable to decrypt it.
A concrete method of (ab)using a security issue, also known as Vulnerability, to gain (unauthorized) access. Vulnerabilities that are being exploited can be widely known or not known at all. The latter kind is best known as a Zero day.
Acronym for 'fully undetectable'. Criminal software that has not (yet) been identified by anti Virus software is often labelled FUD by criminals.
A phrase used when a system should have said 'yes', but actually said 'no'. For example, when a logging system informs that no logins have taken place, while it is certain that logins did take place.
A phrase used when a system should have said 'no', but actually said 'yes'. For example, when anti Virus software is overlooking malicious code in a file and labels it safe for use.
Software that helps defend against unauthorized access. Even though hardware firewalls exist, it's always software. Hardware firewalls are simply dedicated systems for such software. See WAF for a related mechanism.
A type of attack related to DoS. An attack in which a computer process replicates itself infinitely to inevitably cause the paralyzation of the host system. Also known as a Rabbit virus or Wabbit attack.
An attack often performed using LFI and XSS, in which malicious code is inserted into an existing legitimate webform. Entered details are then also sent back to the criminal. To steal credit card details or other personal information for example.
A term used by criminals. A 'fullz' is an information package on an individual. This package contains personal details like a full name, address, e-mail address, day of birth, social security number, account numbers and/or other details.
An, often automated, form of attack in which wrong, strange of random data is forced into a system. This can lead to the discovery of Exploits.
A criminal with a purely economic motivation. See Cracker.
A Hacker that balances on the edge of remaining ethical, or alternates between acting good and bad.
A Security researcher who ethically identifies weaknesses in security systems, and then reports them or works on a solution. Most hackers prefer security researcher as a job title due to the media misusing the word hacker, which resulted in the word hacker now being associated with criminal behaviour by the general public.
See Hacker. Tasks performed by a hacker.
An activist that steals and publicly publishes digital information to the masses.
Applying changes to a system to help improve the general level of security. Like how installing a Firewall helps increasing the security of a computer.
A mathematical procedure. The process of converting information into a short series of characters. This, as opposed to Encryption, can not be reversed. Hashing the same information however results in the same hash outcome. This can practically be used to store passwords without knowing the actual password for example. Or to verify the integrity of information.
Meant as successor for Low-Orbit-Ion-Cannon. With the unique feature of being able to attack 256 URLs simultaneously.
A Microsoft specific implementation of a HoneyPot.
A system setup by Hackers to catch Crackers. A honeypot looks like a regular system to a cracker, who might decide to break into it. HoneyPots are designed for this purpose by hackers. Hackers can now look at the crackers attempts in a safe environment and try to catch it. A honeypot is the opposite of a Bastion host.
Intrusion detection system. A system that analyses information in real-time to be able to detect Intrusion attempts.
Intrusion prevention system. Identical to an IDS, but besides detecting an IPS will also directly block the attempt.
A part of InfoSec dedicated to office IT security.
A criminal is able to steal personal information, or even official documents, and uses these to assume that identity. The identity is often used to avoid getting caught, or to steal from the person to whom the identity originally belongs to.
Finding a way in, where none should be possible. See also Intrusion.
An abbreviation for Information security.
The profession in which one is bestowed with the responsibility of keeping digital information, and everything related, secure. Apart from the actual information, this includes securing the computers, networks, software and anything else that needs securing for the information to remain safe.
A type of attack in which injecting special characters into regular data can lead to further access into a system. See also Fuzzing.
The assumptions that serialized data is safe and can be deserialized without any problems. Crackers can use special characters to abuse the process of deserialization, and as a result being able to perform actions that were never meant to happen.
A marketing term. The ideology that every device should be able to connect to the internet. Not only computers, smartphones and/or tablets. But every other thing ranging from refrigerators to cars. With the purpose of improving the quality of life. It comes with (security) risks though, ranging from Crackers to Big data.
An abbreviation. See Internet of things.
Much like a Hacker, but motivated by journalistic reasons.
An operating system, including applications, focussed solely on testing security and discovering Vulnerabilities in systems.
An application (abbreviated to KL) that collects which keys are pressed and then send them back to a Cracker. In the hope of catching passwords.
An application to analyse network traffic.
Local file inclusion. A type of attack in which the Cracker tricks a legitimate system into including malicious code on the same system.
Coming from the Latin 'latus' (side). A strategy in which one does not move as expected, but RATher attacks from a flank or side. Lateral movement is invented to try and bypass security systems all together, rather than attacking such systems directly.
A piece of malicious code that activates when certain legitimate actions are performed.
An open-source application to perform network-stress-tests and to simulate DoS attacks.
A type of attack related to Man-in-the-middle in which browser weaknesses are used to be able to take position between a victim and the internet. Often to eavesdrop on the information, or to manipulate the traffic. Also abbreviated and known as MitB or MiB.
A type of attack in which a Cracker is able to position himself between the victim and their desired destination, and thus being able to eavesdrop on the connection or even manipulate the information in it. The destination can be a banking website for example.
See Command and control.
An application that uses automation in order to discover Vulnerabilities in systems.
An abbreviation for Man-in-the-middle.
See State actor.
An application that uses automation in order to discover Vulnerabilities in systems.
A part of InfoSec dedicated to network security.
An open-source application which helps to discover systems and services within a network. It maps them by using automated network packages and analysis of replies.
See OSI model
The 7 layers of communication systems (Application, presentation, session, transport, network, data link and physical).
Open-source intelligence. Also known as Passive reconnaissance. The act of gathering publicly available information about a target. On the internet for example.
Open Web Application Security Project. A community that is focussed on internet security, by means of informing and researching.
Software that gives insight into traffic between computers and over networks.
A type of attack, similar to Brute force attack, where a single password is tried on a large amount of usernames in the hope of avoiding a lockout due to too many worng password attempts. Usernames with weaker passwords might be succesfully breached.
When a criminal has gained access it can leave behind malicious code. Usually for the reason of being able to reconnect again later, even after the Vulnerability was found and fixed. Or to steal information. This malicious code is the payload of the Exploit on the way in.
See Penetration testing.
Professional term for what is often known as Hacking. The act of, with permission, attempting to gain access in an unconventional way.
A type of attack in which a visit to a legitimate website is redirected to a malicious website. For example by using DNS cache poisoning or by altering the host file of a system.
A type of attack related to DoS. A flood of ICMP echo requests (ping packets) are used to effectively render a system unresponsive.
See Twinge attack.
See Ping of death.
The act of Exploiting bugs, design flaws or configuration flaws, in order to gain elevated rights within a system.
A method where different systems are located between the Cracker and the target, to hide the real IP and/or to bypass blockages from the target.
A service that is available to the general public, for example over the internet. As opposed to being restricted to a smaller group, for example on just the intranet.
Remote administration tool. Sometimes the word Trojan is used instead of tool. Using a RAT, a system can be controlled anytime after the initial breach.
Remote file inclusion. A type of attack in which the Cracker tricks a legitimate system into including malicious code stored somewhere externally.
See Form bomb.
Large data sets containing hashes of common passwords and randomly generated passwords. Because Hashing is irreversible Crackers often use large data sets of self-hashed passwords to compare with stolen hashes.
See Crypto malware
A defence method against Dictionary attacks. To avert an attack, time can be used. By slowing down each attempt to log in for example. But also by forcing time-out of a few minutes after three failed attempts. This way a Cracker soon loses interest in performing such attacks, as the method can literally delay the aforementioned types of attacks by years.
A team of security employees specialized in offensive tactics, to test the system and the Blue team.
Having access tot a system from a remote location. Legitimately, or after the use of an Exploit.
In relation to Persistence establishing and after the Initial exploitation of the target computer, the system can be set up as a shell-client. Which attempts to reconnect to the Hacker or Cracker shell-server. See also Shell shoveling and Bind shell.
A malicious type of software that tries to hide itself, and survive, by seeking shelter in the deepest and darkest parts of a computer. Sometimes even inside chips. Fully erasing a hard disk, for example, will not get rid of a rootkit.
SQL Injection is a type of attack in which database commands are abused in order to perform actions that were not intended to happen.
See SQL injection.
Scareware is a type of Malware that uses Social engineering (anxiety or shock) to persuade a victim under threat into doing something. Like purchasing a fake Virus scanner. Crypto malware is also a part of scareware.
An unskilled person that uses scripts or software made by others to attack systems.
A method used by Crackers that involves stealing or guessing a unique code, which then allows the cracker to enter the website using the account and privileges of someone else.
A type of attack in which malicious software intercepts legitimate commands, and then changes it, forwards it or it handles the command itself. The victim is unaware of this happening.
A type of 'attack' in which a Cracker simply looks over the victims shoulder to see what password or pin code the victim enters into a system
An abbreviation for Script kiddie.
A form of attack in which one system is able to paralyze another by opening as many connections as possible, and leaving them open for as long as possible. This suffocates the targeted system.
A type of DDoS attack that uses the ICMP protocol and spoofs the IP address of the target system, which causes this system to receive a flood of replies that could paralyze it. See also Ping flooding.
Unsolicited e-mail. Often of a commercial nature and sent to a large group of recipients.
Falsifying information to prevent being caught, or to impose as something or someone else. An email address and IP address can be spoofed for example.
A type of malicious code that secretly spies on victims and then uses Exfiltration.
Individuals or groups that act on behalf, or in the interest, of a government or local power.
The part of the internet that is indexed by search engines, thus having the most activity. The opposite is the Deep web.
A type of DoS attack that often involves sending many SYN packets to the targetted system
A type of DoS attack in which incomplete TCP packages are used. These cause the target system to have them overlap one another, resulting in a crash.
See Blue team.
A piece of malicious code that activates on or after a specific time.
The phase after Persistence establishing in which a Hacker or Cracker is carefully bringing in more tools into a Compromised system or network. These tools are often brought in gradually to avoid being detected.
(online) software to track individuals, in an effort to categorize the person into a customer profile. Often these profiles are later used to personalize ads based on collected prefererences.
Gaining access by using not one, but two types of proof that confirm it is the right person. Usually for example by using both a password, and an extra code. This code is sent to a separate system, like a text message or an app.
See URL hijacking.
A method used by Crackers that involves clever use of misspelling a URL. This can lead to targets being unaware of the fact that they have not been taken to the legitimate service they were expecting to go to.
A virus is a type of software that has malevolent intents. They often use an Exploit and a Payload. Contrary to a Worm, a virus requires human interaction to be able to spread the infection. The target can be specific, in which case the virus spreads but lays dormant until the target is infected. Or it can activate on all of the systems that the virus manages to reach.
An abbreviation for Vulnerability.
An abbreviation for Web Application Firewall
An application that uses automation in order to discover Vulnerabilities in WordPress websites. For example, vulnerable versions of plugins.
See Fork bomb.
A type of attack in which Wi-Fi is broadcasted, often from a vehicle, near a public place. For example, a hotel or other public place. The attackers hope passers-by will connect to their network and then eavesdrop on the connection for valuable information.
An electronic device capable of broadcasting Wi-Fi is mailed and delivered to a target, for example a company. The attackers hope that the staff of the company will connect with the Wi-Fi and then eaves drop on the connection for valuable information.
A type of attack in which the Cracker found out which services the desired target or targets use. The cracker then attempts to infect this service or services in order to gain further access to the target.
A way of focussed security for web applications in the higher layers of the OSI model.
Similar to Phishing, but in this case the target is a high-ranking individual within a company. Like a CEO, CTO or CFO.
A type of malicious code that tries to simply wipe all or parts of your data.
An application to analyse network traffic.
A malicious type of software that self-propagates through networks, as opposed to a Virus which requires human interaction for it being able to spread. Worms can therefore multiply and infect at exponential Rates. Worms often carry a Payload within them.
See Cross-site scripting.
The creative use of XML to gain access to, or cause damage in, a system.
Also known as 0-day. An Exploit for a Vulnerability that has not yet been fixed. As long as nobody is aware of the weakness, the publisher cannot release an update to fix the problem. A zero day can be (ab)used in the period between being found (by Hackers or Crackers) and being fixed (by the publisher).
An open-source application that uses automation in order to discover Vulnerabilities in web based systems.