Information security dictionary

This dictionary provides a summary of 233 phrases, or jargon, related to information security. We would like to clarify the most stubborn misunderstanding immediately, because the mainstream media might have misinformed you:

Hacker ~ a security researcher who ethically identifies weaknesses in security systems, and then reports them or works on a solution.

Cracker ~ a criminal who unethically misuses (highly sensitive) information, as well as weaknesses in security systems, for personal gain.

Due to the negative connotation most hackers now prefer the job title "security researcher". Other phrases often heard in the industry are:

Active reconnaissance

The process in which a Cracker is gathering intel on a network or system by using port probing or other direct interaction with the target. See also Passive reconnaissance.


See Cracker.


Software designed to show ads, or showing a lot of ads. Offline or online. See Tracker also.

Anomaly-Based Detection

A detection method that applies a behavioural analysis to establish the parameters of regular use, and then sets off an alarm when it detects behaviour that deviates from that pattern.


An ideology and not a single group. A gathering of individuals among which Hacktivists, hierarchically unstructured internally, that attempt to form a single front against larger powers.


A part of InfoSec dedicated to application security.


An addition for Metasploit which adds a graphical interface (GUI) on top of the textual interface (CLI).

Attack footprint

The attention an attack attracts. Crackers can be spotted more easily when the attack attracts more attention, which is often the case with Blended attacks for example.

Attack signature

A specific order of events that are indicative for an attempt to gain unauthorized access to a system or network.

Attack surface

The sum of the amount of points at which software can be attacked. Developers should always try to keep the attack surface as small as possible, so that Hackers and Crackers have less chance of being successful during an attack.

Attack vector

The way in which, or techniques with which, a Hacker or Cracker gains unauthorized access to a system or network. The attack vector is determined in the Initial exploitation phase.


Being able to credit an attack, without any doubt, to a responsible group or individual. Attribution is not always possible because sometimes traces are dead ends or incomplete. It is a lengthy process, often only performed by digital forensic investigators working towards a criminal prosecution case.


A process in which the auditor independently checks the integrity and security measures of a system to be able to determine impartially whether it meets safety requirements and standards.

Audit trail

A log which contains who has accessed the system, including the time and date, and a report of the consequential activities within the system during the time of access.


A point of entry into a system, other than the usual way in for regular users. For instance a second point of entry for service personnel or a discovered Vulnerability by Crackers.

Backtrack Linux

Kali Linux was previously named, and known as, Backtrack Linux.

Bad actor

See Cracker.

Bastion host

The opposite of a HoneyPot. A system in the network specifically designed to withstand attacks. Often using extreme measures of Hardening. The system is as minimalistic as possible to minimize the Attack surface.

Big data

A marketing term. The gathering of information on a large scale. Often with the hope of being able to apply smart analysis on the vast amount of information, in order to extract valuable details from it all.

Bind shell

In relation to Persistence establishing and after the Initial exploitation of the target computer, the system can be set up as a shell-server. After which Hackers and Crackers can attempt to reconnect using a shell-client. See also Shell shoveling and Reverse shell.

Black boxing

A type of Penetration testing in which the Hacker has no prior knowledge about the system being tested. This is the Cracker-perspective. See also White boxing.

Black hat hacker

A criminal. See Cracker.

Blended attack

An attack method in which the same Payload is strapped onto multiple and diverse types of Exploits, and then fired at a system. Crackers hope to increase the chances of success fast this way. The risk of being detected is substantially increased during blended attacks due to the large Attack footprint of such an attack.


Software that comes pre-installed on a system and can be useful, but it was installed without approval. See also Crapware.

Blue team

A team of security employees specialized in defensive tactics, to avoid a breach by Crackers and or during exercises with the the Red team. The blue team is sometimes referred to as Tiger team, CSIRT or CIRT.

Body bagging

This is the phase after netdancing in which a Hacker or Cracker will attempt to secure the spoils from the Compromised system using Exfiltration, followed by a careful cleaning of traces possibly left behind in any of the previous four phases.


A part of the hard disk which is read by the computer during booting, to be able to determine what it needs to load from the disk to start the operating system. If an OS is installed at all.


A network of systems that have fallen prey to, and is controlled by, criminals. These systems can be owned by anyone, anywhere. Owners are often not aware of the fact that their system is part of a botnet. Botnets are used by Crackers to achieve their personal goals. Goals that require vast amounts of computer power or anonymity. See also Zombie.

Boundary protection

The method of securing a network by giving extra attention to devices on the edge of a network, often facilitating the connection to the outside world. This includes among others gateways, proxies, routers and Firewalls.


When a Cracker creates a website or e-mail that looks like it originates from a legitimate well-known company. This is a type of Social engineering and often also uses URL hijacking.

Broken access control

A situation in which someone can access information that was not meant to be accessed by them originally. In which case the privilege system was flawed.

Broken authentication

A situation in which someone is able to access information with the use of an invalid account. In which case the authentication system was flawed.

Brute force attack

A type of attack related to Hashing. Because hashes cannot be reversed back into the original information, the idea of this attack is to use a dataset of self-hashed information to compare to. If the hashes match, the information within is found. Brute force attacks can be performed offline, contrary to Dictionary attacks.

Buffer overflow attack

A method of attack in which a buffer of a specific size is overloaded on purpose. This can lead to the corruption of memory. A common Vulnerability that can often lead to further system access.

Burp suite

An application that uses automation in order to discover Vulnerabilities in web based systems, such as websites and web applications.


Computer Incident Response Team. A different name for the Blue team, often used within governments.


Computer Security Incident Response Team. A different name for the Blue team, often used within governments.

Cache poisoning

A form of data theft in which the cache system is abused for Exfiltration.


A form of Social engineering in which the criminal poses, often with a fake identity, as a potential romantic partner. The criminal often hopes to be able to convince the victim to wire money to them.


A value that is computed on data, in order to be able to detect errors or manipulation afterwards. See also Hashing.

Clear net

See Clear web.

Clear web

The common internet as opposed to the Dark web. The clear web contains both a Surface web and Deep web.


A method used by Crackers that transforms a seemingly harmless hyperlink into actually linkin to something harmful like malicious software.

Clone phishing

A form of Phishing in which legitimate e-mail is intercepted and manipulated in route. For example, by changing hyperlinks to malicious destinations.


A marketing term. 'The cloud' is a location outside of the organization where data is stored. This is called a data center. In attempt to speak to the imagination, a marketeer once coined the phrase 'cloud'. Which stuck. Storing data in data centers can be economically beneficial. However, all data should always be encrypted since it's not within the control of the organization to secure it otherwise.

Command and control

A concept in which control is set up hierarchically. The system at the top of the hierarchy is often known as a CnC server or Master. Crackers often use a CnC server to control a Botnet for example.

Common Vulnerabilities and Exposures

Often abbreviated to CVE. A register of codes and corresponding publicly known information on Vulnerabilities.


When something can no longer be trusted as valid. For example, when an unknown entity has had access and therefore the opportunely to alter a system to their desire. In this case, the system must be considered a security risk by default.

Covert testing

A research method performed by a Red team that involves attacking an organization without any (inside) knowledge about the organization. Employees of the organization are also unaware of the planned attack. At the request of, and with the permission of, only the upper management. Not to be confused with Black boxing, which is about a single particular system.


A criminal who unethically misuses (highly sensitive) information, as well as weaknesses in security systems, for personal gain. Crackers do not abide by law or ethical common sense.


See Cracker. Acts performed by a cracker.


Software that comes pre-installed on a system. Solely for marketing purposes and often not of any use whatsoever. See also Bloatware.

Cross-site request forgery

Also known as 'one-click attack' or 'session riding' and often abbreciated to XSRF or CSRF. A type of attack in which a Cracker tricks a victim into executing a command, while the victim is logged into a service. The command abuses the fact that the victim is logged into the service, to perform a task.

Cross-site scripting

A type of attack in which criminals are able to insert malicious script code into a legitimate website. With adverse consequences for other visitors. For example Formjacking or redirecting visitors tot a malicious website.


An application that attempts to let criminal software bypass Virus scanners, by using Encryption on the criminal software.

Crypto malware

A type of Malware known as Scareware. This malicious software enters a system often as a Payload of a Trojan, like a document attached to an e-mail. Once in, it will encrypt all (important) files. After the Encryption finished, it will reveal itself to the user of the system and demand money to revert the encrypted files back into a usable state.

Cyber analysis

Attempting to reconstruct events that took place based on digital evidence.

Cyber attack

An attack on an individual or organization using digital technology, as opposed to conventional methods like corporate espionage.

Cyber crime

Criminal acts using digital technology, as opposed to conventional physical criminality like burglary for example.

Cyber security

A different name for Information security. The phrase cyber security is often used by people wanting to address the topic, but without having a proper knowledge on the subject themselves. Like for example some politicians and CEO's. The issue is that the phrase is dated and heavily charged, apart from also being associated with the 1980s. More modern professionals prefer the phrase information security.

Cyber threat

The suspicion that Crackers would be able to cause damage within the digital technology of an organisation.


Distributed Denial of Service. See DoS. A DDoS differs in that it uses a lot of computers (not a single one) to render the target unresponsive to everybody. For example a Botnet.

DNS cache poisoning

A method in which the IP address of a domain name in a DNS is falsified. See also Pharming attack.

DNS spoofing

See DNS cache poisoning.

Dark net

See Dark web.

Dark web

A layer of the internet that can be accessed using special software. TOR for example. In this layer, whistle blowers, journalists in dangerous countries and criminals benefit from the extra anonymity the dark web offers.

Data breach

When data is leaked. For example, when a Cracker is able to enter a system and download information back to its own system. Data breaches are often discovered late due to insufficient monitoring and/or logging. Stolen data is often exposed, sold or used for financial extortion.

Deep web

A part of the internet that has not, or not fully, been mapped by search engines. Therefore this part of the internet is rarely visited by the majority of internet users. The opposite is the Surface web.


Breaking into a system or website and having it show a message to all other users. Sometimes this message can be a (political) statement, other times it is the alias of a Cracker/group desiring the fame and credit for defacing the system.

Dictionary attack

A type of Brute force attack. In this type of attack a vast list of plain text credentials is used, in the hopes of finding one that works. This principle relies on the fact that people often (re)use the same credentials and/or use weak passwords. A defensive method against such attacks is Rate Limiting. Users themselves can also help by choosing unique and strong passwords for their accounts.


Denial of service. An attack in which no Intrusion ever takes place, but RATher overloads a system from the outside. Which puts it out of service for anyone. Also see DDoS and DrDoS attack.


Finding and publicly publishing personal information on an individual, which assumed to be Anonymous and safe on the internet. Often used among Crackers to expose one another, out of spite or envy. Doxing is, like snitching among criminals, seen as a very serious matter.

DrDoS attack

Distributed Reflection Denial of Service attack. A form of DoS attack in which a Cracker sents traffic via a third party, often legitimate, in order to hide their own identity.


See Dropper.


A dropper is malicious code specifically designed to infect a victim, without requiring any interaction from the victim.


A mathematical procedure. The act of securing information using formulas, which convert information from human readable to unreadable and back using for example a secret password. Clever math is able to encrypt information rapidly. Without knowing the secret it is virtually impossible to decrypt it however.

End to end ecryption

A method in which Encryption is used to protect information between two endpoints. The sender and receiver are able to read the information. Others are unable to read it when the message is intercepted due to being unable to decrypt it.


Finding a way out, where none should be possible. In the context of InfoSec exfiltration is often the process with wich malicious code attempts to send stolen data back to the Cracker.


A concrete method of (ab)using a security issue, also known as Vulnerability, to gain (unauthorized) access. Vulnerabilities that are being exploited can be widely known or not known at all. The latter kind is best known as a Zero day.


Acronym for 'fully undetectable'. Criminal software that has not (yet) been identified by anti Virus software is often labelled FUD by criminals.

False negative

A phrase used when a system should have said 'yes', but actually said 'no'. For example, when a logging system informs that no logins have taken place, while it is certain that logins did take place.

False positive

A phrase used when a system should have said 'no', but actually said 'yes'. For example, when anti Virus software is overlooking malicious code in a file and labels it safe for use.


Software that helps defend against unauthorized access. Even though hardware firewalls exist, it's always software. Hardware firewalls are simply dedicated systems for such software. See WAF for a related mechanism.

Fork bomb

A type of attack related to DoS. An attack in which a computer process replicates itself infinitely to inevitably cause the paralyzation of the host system. Also known as a Rabbit virus or Wabbit attack.


An attack often performed using LFI and XSS, in which malicious code is inserted into an existing legitimate webform. Entered details are then also sent back to the criminal. To steal credit card details or other personal information for example.

Fraggle attack

A form of DDoS attack, very similar to a Smurf attack, with the difference being that UPD packets are used.


A term used by criminals. A 'fullz' is an information package on an individual. This package contains personal details like a full name, address, e-mail address, day of birth, social security number, account numbers and/or other details.


An, often automated, form of attack in which wrong, strange of random data is forced into a system. This can lead to the discovery of Exploits.

Green hat hacker

A criminal with a purely economic motivation. See Cracker.

Grey boxing

Related to Black boxing and White boxing. A type of Penetration testing in which the Hacker has some information about the system being tested.

Grey hat hacker

A Hacker that balances on the edge of remaining ethical, or alternates between acting good and bad.

HTTP flood attack

A different name for a DoS or DDoS attack.


A Security researcher who ethically identifies weaknesses in security systems, and then reports them or works on a solution. Most hackers prefer security researcher as a job title due to the media misusing the word hacker, which resulted in the word hacker now being associated with criminal behaviour by the general public.


See Hacker. Tasks performed by a hacker.


An activist that steals and publicly publishes digital information to the masses.


Applying changes to a system to help improve the general level of security. Like how installing a Firewall helps increasing the security of a computer.


A mathematical procedure. The process of converting information into a short series of characters. This, as opposed to Encryption, can not be reversed. Hashing the same information however results in the same hash outcome. This can practically be used to store passwords without knowing the actual password for example. Or to verify the integrity of information.


Meant as successor for Low-Orbit-Ion-Cannon. With the unique feature of being able to attack 256 URLs simultaneously.


A Microsoft specific implementation of a HoneyPot.


A system setup by Hackers to catch Crackers. A honeypot looks like a regular system to a cracker, who might decide to break into it. HoneyPots are designed for this purpose by hackers. Hackers can now look at the crackers attempts in a safe environment and try to catch it. A honeypot is the opposite of a Bastion host.


Intrusion detection system. A system that analyses information in real-time to be able to detect Intrusion attempts.


Intrusion prevention system. Identical to an IDS, but besides detecting an IPS will also directly block the attempt.


A part of InfoSec dedicated to office IT security.

Identity theft

A criminal is able to steal personal information, or even official documents, and uses these to assume that identity. The identity is often used to avoid getting caught, or to steal from the person to whom the identity originally belongs to.


Finding a way in, where none should be possible. See also Intrusion.


An abbreviation for Information security.

Information security

The profession in which one is bestowed with the responsibility of keeping digital information, and everything related, secure. Apart from the actual information, this includes securing the computers, networks, software and anything else that needs securing for the information to remain safe.

Initial exploitation

The phase in which a Hacker or Cracker obtains initial access into a system or network. This phase comes directly after Reconnaissance fase.


A type of attack in which injecting special characters into regular data can lead to further access into a system. See also Fuzzing.

Insecure deserialization

The assumptions that serialized data is safe and can be deserialized without any problems. Crackers can use special characters to abuse the process of deserialization, and as a result being able to perform actions that were never meant to happen.

Internet of things

A marketing term. The ideology that every device should be able to connect to the internet. Not only computers, smartphones and/or tablets. But every other thing ranging from refrigerators to cars. With the purpose of improving the quality of life. It comes with (security) risks though, ranging from Crackers to Big data.


Not welcome, but entered nevertheless. A person, Virus or Payload was able to enter a system that it was not supposed to enter.


An abbreviation. See Internet of things.


Much like a Hacker, but motivated by journalistic reasons.

John the Ripper

An application to automate the Cracking of passwords, using both Dictionary attacks and Brute force attacks.

Juice jacking

A type of attack in which the victim uses a public charging oppertunity, often USB, to recharge their device. The Cracker however also sets up a data connection in an attempt to also steal data from the device.

Kali Linux

An operating system, including applications, focussed solely on testing security and discovering Vulnerabilities in systems.


An application (abbreviated to KL) that collects which keys are pressed and then send them back to a Cracker. In the hope of catching passwords.

Keystroke logging

See Keylogger.


An application to analyse network traffic.


Local file inclusion. A type of attack in which the Cracker tricks a legitimate system into including malicious code on the same system.


Local Privilege escalation. A form of Privilege escalation which is only Exploitable if there already is local access to a system.

Lateral movement

Coming from the Latin 'latus' (side). A strategy in which one does not move as expected, but RATher attacks from a flank or side. Lateral movement is invented to try and bypass security systems all together, rather than attacking such systems directly.

Logic bomb

A piece of malicious code that activates when certain legitimate actions are performed.


An open-source application to perform network-stress-tests and to simulate DoS attacks.


Malware covers a range of malicious code. Ranging from a Virus, Worm, Trojan to Spyware and more. All malware is in one way or another harmful for a system.


A type of attack related to Man-in-the-middle in which browser weaknesses are used to be able to take position between a victim and the internet. Often to eavesdrop on the information, or to manipulate the traffic. Also abbreviated and known as MitB or MiB.


A type of attack in which a Cracker is able to position himself between the victim and their desired destination, and thus being able to eavesdrop on the connection or even manipulate the information in it. The destination can be a banking website for example.


An application that uses automation in order to discover Vulnerabilities in systems.


An abbreviation for Man-in-the-middle.

Nation state

See State actor.


An application that uses automation in order to discover Vulnerabilities in systems.

Net dancing

This is the phase after Toolboxing in which a Hacker or Cracker is using tools for Lateral movement and further explore the network around the Compromised machine.


A part of InfoSec dedicated to network security.


An open-source application which helps to discover systems and services within a network. It maps them by using automated network packages and analysis of replies.

OSI layers

See OSI model

OSI model

The 7 layers of communication systems (Application, presentation, session, transport, network, data link and physical).


Open-source intelligence. Also known as Passive reconnaissance. The act of gathering publicly available information about a target. On the internet for example.


Open Web Application Security Project. A community that is focussed on internet security, by means of informing and researching.


An application that uses automation in order to discover Vulnerabilities in systems. An open-source fork of the closed-source Nessus.

Packet sniffer

Software that gives insight into traffic between computers and over networks.

Passive reconnaissance

The process in which a Cracker is gathering intel on a network or system by using publicly available information about a target. See also Active reconnaissance and OSINT.

Password spraying

A type of attack, similar to Brute force attack, where a single password is tried on a large amount of usernames in the hope of avoiding a lockout due to too many worng password attempts. Usernames with weaker passwords might be succesfully breached.


When a criminal has gained access it can leave behind malicious code. Usually for the reason of being able to reconnect again later, even after the Vulnerability was found and fixed. Or to steal information. This malicious code is the payload of the Exploit on the way in.

Pen test

See Penetration testing.

Penetration testing

Professional term for what is often known as Hacking. The act of, with permission, attempting to gain access in an unconventional way.

Persistence establishing

The phase after Initial exploitation in which a Hacker or Cracker attempts to establish means of future access to the system with certainty. For example by using Shell shoveling.

Pharming attack

A type of attack in which a visit to a legitimate website is redirected to a malicious website. For example by using DNS cache poisoning or by altering the host file of a system.


An attempt by Crackers to steal information by pretending to be a credible (other) person in a digital conversation. Often the target is random, contrary to Spear phishing and Whaling.

Ping flooding

A type of attack related to DoS. A flood of ICMP echo requests (ping packets) are used to effectively render a system unresponsive.

Ping of death

See Twinge attack.

Privilege escalation

The act of Exploiting bugs, design flaws or configuration flaws, in order to gain elevated rights within a system.


A method where different systems are located between the Cracker and the target, to hide the real IP and/or to bypass blockages from the target.

Public facing

A service that is available to the general public, for example over the internet. As opposed to being restricted to a smaller group, for example on just the intranet.


Remote administration tool. Sometimes the word Trojan is used instead of tool. Using a RAT, a system can be controlled anytime after the initial breach.


Remote file inclusion. A type of attack in which the Cracker tricks a legitimate system into including malicious code stored somewhere externally.

Rabbit virus

See Form bomb.

Rainbow tables

Large data sets containing hashes of common passwords and randomly generated passwords. Because Hashing is irreversible Crackers often use large data sets of self-hashed passwords to compare with stolen hashes.


See Crypto malware

Rate Limiting

A defence method against Dictionary attacks. To avert an attack, time can be used. By slowing down each attempt to log in for example. But also by forcing time-out of a few minutes after three failed attempts. This way a Cracker soon loses interest in performing such attacks, as the method can literally delay the aforementioned types of attacks by years.


The first phase, in which a Hacker or Cracker explores the target. This can be done with either Passive reconnaissance or Active reconnaissance.

Red team

A team of security employees specialized in offensive tactics, to test the system and the Blue team.

Remote access

Having access tot a system from a remote location. Legitimately, or after the use of an Exploit.

Reverse shell

In relation to Persistence establishing and after the Initial exploitation of the target computer, the system can be set up as a shell-client. Which attempts to reconnect to the Hacker or Cracker shell-server. See also Shell shoveling and Bind shell.


A malicious type of software that tries to hide itself, and survive, by seeking shelter in the deepest and darkest parts of a computer. Sometimes even inside chips. Fully erasing a hard disk, for example, will not get rid of a rootkit.

SQL injection

SQL Injection is a type of attack in which database commands are abused in order to perform actions that were not intended to happen.


See SQL injection.


Scareware is a type of Malware that uses Social engineering (anxiety or shock) to persuade a victim under threat into doing something. Like purchasing a fake Virus scanner. Crypto malware is also a part of scareware.

Script kiddie

An unskilled person that uses scripts or software made by others to attack systems.

Security researcher

See Hacker.

Session hijacking

A method used by Crackers that involves stealing or guessing a unique code, which then allows the cracker to enter the website using the account and privileges of someone else.

Shell shoveling

A method in which an external system can be controlled using a (hidden) shell connection. See also Bind shell and Reverse shell.


A type of attack in which malicious software intercepts legitimate commands, and then changes it, forwards it or it handles the command itself. The victim is unaware of this happening.


A search engine that is specifically designed for more technical users. Hackers, Jackers and of course also Crackers can use it to find very specific technical systems or devices on the internet.

Shoulder surfing

A type of 'attack' in which a Cracker simply looks over the victims shoulder to see what password or pin code the victim enters into a system


An abbreviation for Script kiddie.

Slowloris attack

A form of attack in which one system is able to paralyze another by opening as many connections as possible, and leaving them open for as long as possible. This suffocates the targeted system.

Smurf attack

A type of DDoS attack that uses the ICMP protocol and spoofs the IP address of the target system, which causes this system to receive a flood of replies that could paralyze it. See also Ping flooding.

Social engineering

The practice of prying information from victims by pretending to be somebody else. Often by phone or email. Contradictory to Phishing, social engineering is extremely targeted.


Unsolicited e-mail. Often of a commercial nature and sent to a large group of recipients.

Spear phishing

Similar to Phishing, but the target that could leak the desired information to the Cracker is known and specifically targeted.


Falsifying information to prevent being caught, or to impose as something or someone else. An email address and IP address can be spoofed for example.


A type of malicious code that secretly spies on victims and then uses Exfiltration.

State actor

Individuals or groups that act on behalf, or in the interest, of a government or local power.


Criminal software that is used to steal passwords. After stealing them it sends them back to the Cracker using Exfiltration.

Stealth bomb

See Trojan.

Surface web

The part of the internet that is indexed by search engines, thus having the most activity. The opposite is the Deep web.

TCP flood

A type of DoS attack that often involves sending many SYN packets to the targetted system

Teardrop attack

A type of DoS attack in which incomplete TCP packages are used. These cause the target system to have them overlap one another, resulting in a crash.

Threat actor

See Cracker.

Tiger team

See Blue team.

Time bomb

A piece of malicious code that activates on or after a specific time.


The phase after Persistence establishing in which a Hacker or Cracker is carefully bringing in more tools into a Compromised system or network. These tools are often brought in gradually to avoid being detected.


(online) software to track individuals, in an effort to categorize the person into a customer profile. Often these profiles are later used to personalize ads based on collected prefererences.


Also known as Stealth bomb. Software that seems harmless at first glance, but secretly also carries a Payload within.

Twinge attack

A type of attack in which a malformed ping command is used to a cripple a system. This method is the predecessor of Ping flooding. Twinge attacks are also known as PoD and Ping of death.

Two-factor authentication

Gaining access by using not one, but two types of proof that confirm it is the right person. Usually for example by using both a password, and an extra code. This code is sent to a separate system, like a text message or an app.

Typo squatting

See URL hijacking.

URL hijacking

A method used by Crackers that involves clever use of misspelling a URL. This can lead to targets being unaware of the fact that they have not been taken to the legitimate service they were expecting to go to.


A virus is a type of software that has malevolent intents. They often use an Exploit and a Payload. Contrary to a Worm, a virus requires human interaction to be able to spread the infection. The target can be specific, in which case the virus spreads but lays dormant until the target is infected. Or it can activate on all of the systems that the virus manages to reach.


An abbreviation for Vulnerability.


A weaker spot (security issue) in a system. Hackers look for a Vulnerability to fix it. Crackers look for a Vulnerability to (ab)use it using an Exploit.


An abbreviation for Web Application Firewall


An application that uses automation in order to discover Vulnerabilities in WordPress websites. For example, vulnerable versions of plugins.

Wabbit attack

See Fork bomb.


A type of attack in which Wi-Fi is broadcasted, often from a vehicle, near a public place. For example, a hotel or other public place. The attackers hope passers-by will connect to their network and then eavesdrop on the connection for valuable information.


An electronic device capable of broadcasting Wi-Fi is mailed and delivered to a target, for example a company. The attackers hope that the staff of the company will connect with the Wi-Fi and then eaves drop on the connection for valuable information.

Watering hole attack

A type of attack in which the Cracker found out which services the desired target or targets use. The cracker then attempts to infect this service or services in order to gain further access to the target.

Web Application Firewall

A way of focussed security for web applications in the higher layers of the OSI model.


Similar to Phishing, but in this case the target is a high-ranking individual within a company. Like a CEO, CTO or CFO.

White boxing

A type of Penetration testing in which the Hacker has full and prior knowledge about the system being tested. This is the insider-perspective. See also Black boxing.

White hat hacker

A Hacker or Security researcher.


A type of malicious code that tries to simply wipe all or parts of your data.


An application to analyse network traffic.


A malicious type of software that self-propagates through networks, as opposed to a Virus which requires human interaction for it being able to spread. Worms can therefore multiply and infect at exponential Rates. Worms often carry a Payload within them.


The creative use of XML to gain access to, or cause damage in, a system.

Zero day

Also known as 0-day. An Exploit for a Vulnerability that has not yet been fixed. As long as nobody is aware of the weakness, the publisher cannot release an update to fix the problem. A zero day can be (ab)used in the period between being found (by Hackers or Crackers) and being fixed (by the publisher).


A Compromised system that has become part of a Botnet.


An open-source application that uses automation in order to discover Vulnerabilities in web based systems.