Cybersecurity glossary
Cybersecurity Glossary
A list of common cybersecurity terms.
No terms found
Try a different search term or browse using the A-Z navigation.
#
1 term2FA/MFA (Two-Factor/Multi-Factor Authentication)
Authentication requiring multiple verification methods. Significantly reduces credential theft risk.
A
12 termsAccount Enumeration
Technique to identify valid usernames or accounts on a system. Used in reconnaissance phase.
Unauthorized access to a user’s account through stolen credentials, phishing, or other malicious methods. Often leads to financial fraud or data theft.
A prolonged and targeted cyberattack where an intruder gains access to a network and remains undetected for an extended period. Typically state-sponsored or highly organized criminal groups.
Adversary-in-the-Middle
Modern term for man-in-the-middle attacks emphasizing active adversary role. More accurate terminology.
AES (Advanced Encryption Standard)
Widely used symmetric encryption algorithm. Industry standard for data protection.
A ransomware operation that emerged in 2023, known for targeting VMware ESXi servers and using double extortion tactics. Notable for rapid victim turnaround.
Largest dark web marketplace before its 2017 takedown. Relaunched in 2021 under new management.
A set of protocols that allows different software applications to communicate. Exposed or poorly secured APIs can leak sensitive data.
Unintended disclosure of API endpoints, keys, or data that can be exploited by attackers. A leading cause of data breaches.
The total number of points where an unauthorized user can try to enter or extract data from an environment. Includes networks, applications, and cloud services.
The continuous discovery, inventory, classification, and monitoring of an organization’s external attack surface. Helps identify vulnerabilities before attackers do.
B
12 termsBabuk Ransomware
A ransomware-as-a-service operation known for targeting enterprise networks and leaking stolen data. Active since 2021.
Sophisticated phishing attack targeting businesses to authorize fraudulent wire transfers or data disclosure. Often impersonates executives or vendors.
A ransomware group that emerged in 2022, known for double extortion tactics and rapid encryption. Suspected to have ties to disbanded Conti group.
Black Hat Hacker
Cybercriminal who breaks into systems for malicious purposes or personal gain. Opposite of white hat ethical hackers.
Blockchain Analysis
Techniques for tracing cryptocurrency transactions to identify criminal activity. Increasingly used by law enforcement and threat intelligence.
A network of compromised computers controlled remotely to conduct malicious activities like DDoS attacks or spam distribution. Often created through malware infections.
Creating fake websites, social media accounts, or emails pretending to be a legitimate brand. Used for phishing and fraud.
Strategies and tools used to protect a company’s brand from impersonation, counterfeiting, and reputation damage. Includes monitoring for fake domains and social media accounts.
An incident where unauthorized parties gain access to sensitive, protected, or confidential data. Can result from hacking, malware, or human error.
A dark web forum where stolen databases, credentials, and hacking tools are traded. Successor to RaidForums.
Brute Force Attack
Attempting all possible password combinations until finding the correct one. Effective against weak passwords.
Bug Bounty
Programs rewarding security researchers for discovering and reporting vulnerabilities. Increasingly popular with enterprises.
Policy allowing employees to use personal devices for work. Creates security challenges.
C
23 termsInfrastructure used by attackers to communicate with compromised systems. Critical to detect and block.
C99 Shell
A popular web shell used by attackers to maintain persistent access to compromised web servers. Provides file management and command execution capabilities.
Certificate Authority (CA)
Trusted entity issuing digital certificates for encrypted communications. Foundation of PKI.
Executive responsible for organization’s cybersecurity strategy and operations. C-suite position.
A ransomware gang known for exploiting zero-day vulnerabilities in enterprise software. Famous for the MOVEit Transfer attacks.
Cloud Security Posture Management (CSPM)
Tools and practices for identifying misconfigurations in cloud environments. Essential for cloud security.
Combolists
Lists of username and password combinations leaked from data breaches. Sold on dark web forums and used for credential stuffing.
Stolen or leaked usernames and passwords. Most common initial access method.
Container Security
Protecting containerized applications and their runtime environments. Critical for modern DevOps.
Prolific ransomware gang that disbanded in 2022. Members formed new groups like Black Basta.
Credential Harvesting
Collecting usernames and passwords through phishing, keylogging, or database breaches. Precursor to account takeover.
The process of monitoring and analyzing leaked or stolen credentials across the dark web and other sources. Helps prevent account takeovers.
An automated attack where stolen username-password pairs are tested across multiple websites. Exploits password reuse habits.
Systems essential to society’s functioning (power, water, transportation). Prime targets for nation-state actors.
Digital currency using cryptography, often used in ransomware payments. Bitcoin most common in cybercrime.
Crypto Wallet
A digital tool for storing cryptocurrency keys and conducting transactions. Often targeted by thieves on the dark web.
CVE (Common Vulnerabilities and Exposures)
Standardized identifier for publicly known cybersecurity vulnerabilities. Used for tracking and patching.
CVSS (Common Vulnerability Scoring System)
Framework for rating vulnerability severity from 0-10. Helps prioritize patching.
Cyber Due Diligence
Security assessments conducted during mergers and acquisitions to identify cyber risks and liabilities. Critical for valuation.
Cyber Espionage
State-sponsored or organized criminal activities aimed at stealing sensitive information from governments or corporations. Often conducted by APT groups.
Insurance coverage for losses related to cyber incidents. Increasingly required by boards.
Cyber Jihad
Cyberattacks conducted in support of Islamic extremist causes. Often targets Western organizations.
A framework developed by Lockheed Martin describing the stages of a cyberattack from reconnaissance to data exfiltration. Used for defense planning.
EU regulation establishing cybersecurity requirements for products with digital elements. Aims to improve security throughout product lifecycles.
See Threat Intelligence.
Registering domain names similar to established brands with intent to profit or damage reputation. Also called domain squatting.
D
18 termsEncrypted portion of the internet not indexed by search engines, requiring specific software like Tor to access. Used for both legitimate privacy and criminal activities.
Continuous surveillance of dark web forums, marketplaces, and channels for mentions of your organization, leaked data, or planned attacks. Critical for threat intelligence.
Overlay networks requiring specific software, configurations, or authorization to access. Includes dark web and other anonymized networks.
Unauthorized transfer of data from a computer or network. Key objective of many breaches.
Tools and strategies to prevent sensitive data from leaving the organization. Monitors data in motion, at rest, and in use.
Documentation of how an organization collects, uses, and protects personal data. Required by GDPR and similar regulations.
Unauthorized exposure of database contents, often containing personal information, credentials, or sensitive business data. Can result from misconfiguration or breach.
An attack that overwhelms a target system with traffic from multiple sources, making it unavailable to legitimate users. Often used for extortion or disruption.
A DDoS tool used by the NoName057(16) hacktivist group to conduct coordinated attacks. Distributed through Telegram channels.
Parts of the internet not indexed by standard search engines but not necessarily encrypted. Includes password-protected sites and databases.
AI-generated synthetic media that convincingly manipulates audio or video. Increasingly used for fraud, impersonation, and misinformation.
DeSnake
The alleged administrator who relaunched the AlphaBay dark web marketplace in 2021. Identity remains unconfirmed.
Integration of security practices into DevOps processes. Shifts security left in development lifecycle.
Trail of data created by online activities. Can be exploited for reconnaissance.
Services that identify and mitigate cyber threats across the digital landscape. Includes dark web monitoring, brand protection, and attack surface management.
Ongoing monitoring and awareness of digital threats. Proactive security posture.
System translating domain names to IP addresses. Critical internet infrastructure and common attack vector.
An attack that corrupts DNS cache to redirect traffic to malicious websites. Also called DNS cache poisoning.
Domain Generation Algorithm (DGA)
Technique used by malware to generate random domain names for C2 communications. Evades blocklists.
Creating domains that closely resemble legitimate brands to deceive users. Used for phishing and fraud.
See Cybersquatting.
EU regulation requiring financial entities to strengthen their ICT risk management and resilience. Compliance required by 2025.
Ransomware tactic where attackers both encrypt data and threaten to leak it publicly. Increases pressure on victims to pay.
Doxxing
Publishing private information about individuals online without consent, often with malicious intent. Can lead to harassment or physical threats.
A ransomware-as-a-service group known for targeting healthcare and manufacturing sectors. Active since 2023.
E
8 termsEASM (External Attack Surface Management)
See Attack Surface Management focused specifically on externally facing assets.
Emotet
A sophisticated banking trojan turned malware distributor. Known for spreading through spam emails with malicious attachments.
Converting data into code to prevent unauthorized access. Foundation of data protection.
Security solution monitoring endpoint devices for threats. Essential for modern security stack.
Code or technique that takes advantage of a security vulnerability to gain unauthorized access or cause unintended behavior. Can be zero-day or known vulnerabilities.
Automated tool for delivering exploits to vulnerable systems. Often delivered via malicious websites.
A database accessible without proper authentication, often due to misconfiguration. Major source of data breaches.
F
4 termsAlert incorrectly identifying benign activity as malicious. Reduces SOC efficiency.
Fileless Malware
Malicious software that operates in memory without installing files on disk, making it harder to detect. Often uses legitimate system tools.
Firewall
Network security system monitoring and controlling traffic based on security rules. Basic security control.
Forensics
Investigation and analysis of cyber incidents. Critical for incident response and prosecution.
G
4 termsEU regulation on data protection and privacy. Severe penalties for non-compliance.
Using advanced Google search operators to find sensitive information exposed online. Also called Google Hacking.
A repository of Google dork queries used to discover vulnerabilities and exposed data. Maintained by security researchers.
Gray Hat Hacker
Security researcher operating in legal gray areas without malicious intent. Between white and black hat.
H
6 termsOnline communities where hackers exchange tools, techniques, and stolen data. Like BreachForums and XSS.
Hacking activities conducted for political or social causes rather than financial gain. Groups like Anonymous and NoName057(16) engage in hacktivism.
Hansa Market
A major dark web marketplace shut down by law enforcement in 2017 during Operation Bayonet. Was operated as a honeypot before seizure.
A cyber threat where adversaries steal encrypted data now with the expectation of decrypting it when quantum computing becomes capable. Also called HNDL.
Hash
Fixed-size string generated from data, used to verify integrity. One-way cryptographic function.
Honeypot
A decoy system designed to attract and detect attackers. Used for research and to divert threats from production systems.
I
9 termsOrganized approach to addressing security breaches or attacks. Includes preparation, detection, containment, and recovery.
Forensic evidence of a potential intrusion on a system or network. Includes malicious IP addresses, file hashes, and URLs.
Malware designed to harvest sensitive information like credentials, financial data, and personal information from infected systems. Often sold on dark web forums.
Security risk posed by employees, contractors, or partners with authorized access. Difficult to detect and prevent.
Intrusion Detection System (IDS)
Monitors network traffic for suspicious activity. Passive detection compared to IPS.
Intrusion Prevention System (IPS)
Actively blocks detected threats in network traffic. More proactive than IDS.
Network of physical devices connected to the internet. Often poorly secured and vulnerable to attacks.
Security practices and technologies designed to protect internet-connected devices. Critical as IoT adoption grows.
IP Spoofing
Falsifying source IP address in packets. Used to hide attacker identity or impersonate trusted systems.
J
2 termsJailbreak
Removing software restrictions on devices (especially iOS) to gain root access and install unauthorized apps. Also refers to bypassing AI safety guardrails to extract restricted information.
Juice Jacking
A cyberattack using compromised public USB charging ports to steal data or install malware on connected devices. Use your own charger or a USB data blocker to stay protected.
K
3 termsKerberoasting
Technique to extract service account credentials from Active Directory. Common privilege escalation method.
Software or hardware that records keystrokes to capture sensitive information like passwords. Common component of spyware.
Kill Chain
See Cyber Kill Chain.
L
8 termsCybercrime group known for social engineering and extortion. Targeted Microsoft, Nvidia, and Okta.
Lateral Movement
Techniques attackers use to progressively move through a network after initial compromise. Critical phase in advanced attacks.
Websites operated by ransomware groups to publish stolen data from victims who refuse to pay. Used as extortion leverage.
Living Off the Land (LOTL)
Technique using legitimate system tools for malicious purposes. Harder to detect than custom malware.
A prominent ransomware-as-a-service operation known for speed and efficiency. Subject of major law enforcement takedown in 2024.
Logic Bomb
Malicious code triggered by specific conditions. Often used by insider threats.
An infostealer malware-as-a-service that targets browser credentials, cryptocurrency wallets, and 2FA tokens. Highly active in 2024-2025.
A ransomware variant using double extortion tactics. Emerged in late 2024 targeting various industries.
M
9 termsAI techniques for threat detection and response automation. Improving defense capabilities.
Macro Malware
Malicious code embedded in document macros. Common delivery method for trojans.
Malicious software designed to damage, disrupt, or gain unauthorized access to computer systems. Includes viruses, trojans, and ransomware.
Malware-as-a-Service (MaaS)
Business model where malware developers sell or lease their creations to cybercriminals. Lowers barrier to entry for attacks.
Managed Security Service Provider (MSSP)
Third-party company providing outsourced security monitoring and management. Common for smaller organizations.
Man-in-the-Middle (MITM)
Attack where adversary secretly intercepts communications between two parties. Can capture or modify data.
A ransomware-as-a-service operation known for targeting critical infrastructure and healthcare. Uses double extortion tactics.
A globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. Used for threat modeling and defense planning.
A managed file transfer software exploited in 2023 by Cl0p ransomware gang, affecting thousands of organizations. Highlighted supply chain risks.
N
5 termsNation-State Actor
Government-sponsored hackers conducting cyber operations for political, economic, or military purposes. Often target critical infrastructure.
Network Segmentation
Dividing a network into isolated segments to limit attack spread. Key defensive strategy.
Updated EU cybersecurity directive expanding scope and requirements for essential and important entities. Stricter than original NIS.
A pro-Russian hacktivist group conducting DDoS attacks against Western targets. Uses the DDOSia tool.
US government guidelines for managing cybersecurity risk. Widely adopted globally.
O
4 termsOnion Routing
Technique for anonymous communication using multiple layers of encryption. Basis for Tor network.
Intelligence collected from publicly available sources like social media, news, and public records. Used for reconnaissance and threat intelligence.
OWASP
Open Web Application Security Project, providing resources for web application security. Known for the OWASP Top 10 vulnerabilities list.
Hardware and software managing industrial operations. Increasingly targeted by threat actors.
P
12 termsPassword Spraying
Attack trying common passwords against many accounts. Avoids lockout thresholds.
Process of managing software updates to fix vulnerabilities. Critical security practice.
Penetration Testing
Authorized simulated attack to evaluate security. Also called pen testing or ethical hacking.
Social engineering attack using deceptive emails or websites to steal credentials or install malware. Most common initial attack vector.
Data that can identify an individual. Protected by privacy regulations.
A ransomware gang known for targeting Latin American organizations and using double extortion. Active since 2022.
Privilege Escalation
Gaining higher access levels than initially authorized. Key attack phase after initial access.
Proof of Concept (PoC)
Demonstration that a vulnerability can be exploited. Often released by security researchers.
Proxy Server
Intermediary server between users and internet. Used for privacy, filtering, and caching.
Purple Team
Collaboration between red (attack) and blue (defense) teams. Improves overall security posture.
Q
2 termsA ransomware-as-a-service operation targeting critical infrastructure. Known for sophisticated tactics and high-profile attacks.
Future risk of quantum computers breaking current encryption. Driving post-quantum cryptography development.
R
10 termsProminent cybercrime forum seized by law enforcement in 2022. Predecessor to BreachForums.
Malware that encrypts victim’s data and demands payment for decryption. Major threat to organizations worldwide.
Business model where ransomware developers lease their malware to affiliates for a share of profits. Enables less skilled criminals.
RAT (Remote Access Trojan)
Malware providing remote control over infected systems. Used for surveillance and data theft.
Red Team
Security professionals who simulate attacks to test defenses. Adversary emulation for security testing.
Remote Code Execution (RCE)
Vulnerability allowing attackers to run code on target systems remotely. Among the most severe vulnerability types.
A major ransomware-as-a-service operation responsible for high-profile attacks. Disrupted by law enforcement in 2022.
Process of identifying and evaluating potential security threats. Foundation of security strategy.
Malware designed to hide its presence and maintain persistent access. Extremely difficult to detect and remove.
Russian Market
A dark web marketplace specializing in stolen credentials, credit cards, and RDP access. One of the largest credential shops.
S
16 termsSandbox
Isolated environment for running untrusted code safely. Used for malware analysis.
Supervisory Control and Data Acquisition systems for industrial operations. Critical infrastructure often using legacy systems.
A cybercrime group known for SIM swapping and social engineering attacks against major enterprises. Linked to MGM and Caesars breaches.
Platform aggregating and analyzing security data from across the organization. Central to security operations.
Centralized unit monitoring and responding to security incidents. 24/7 security monitoring.
Shadow IT
Technology used without IT department approval. Creates security blind spots.
First major dark web marketplace, shut down by FBI in 2013. Pioneered anonymous online criminal commerce.
Fraudulently transferring victim’s phone number to attacker’s SIM card. Used to bypass 2FA and steal accounts.
SMS-based phishing attacks. Increasingly common as people trust text messages.
Manipulating people into divulging information or taking actions that compromise security. Exploits human psychology rather than technical vulnerabilities.
Targeted phishing attack customized for specific individuals or organizations. More sophisticated than generic phishing.
Disguising communication to appear from trusted sources. Includes email, IP, and DNS spoofing.
SQL Injection
Attack inserting malicious SQL code into database queries. Can expose or modify database contents.
Data collected by infostealer malware, including credentials, cookies, and browser data. Sold in bulk on dark web markets.
Compromising software or hardware during development or distribution to affect end users. SolarWinds and MOVEit are examples.
Surface Web
Publicly accessible internet indexed by search engines. Smallest portion of the web.
T
9 termsTactics, Techniques, and Procedures (TTPs)
Patterns of behavior used by threat actors. Key for threat intelligence and defense.
Takedown
Removing malicious content or infrastructure from the internet. Can be legal or technical action.
Encrypted messaging platform increasingly used by cybercriminals for communication and selling stolen data. Alternative to dark web forums.
Security risks from vendors, suppliers, and partners. Growing concern as supply chains become more complex.
Threat Actor
Individual or group conducting malicious cyber activities. Includes hacktivists, criminals, and nation-states.
Information about current and potential attacks that helps organizations prepare defenses. Includes indicators, context, and attribution.
Privacy network enabling anonymous communication. Primary access method for dark web sites.
Malware disguised as legitimate software. Named after Greek mythology’s Trojan horse.
Registering domain names with common misspellings of popular sites. Used for phishing and malware distribution.
U
2 termsThe marketplace where cybercriminals buy and sell stolen data, tools, and services. Operates primarily on dark web and Telegram.
URL Obfuscation
Disguising malicious URLs to appear legitimate. Common in phishing attacks.
V
5 termsProcess of assessing and managing security risks from third-party vendors. Critical for supply chain security.
Voice-based phishing using phone calls. Often impersonates banks or tech support.
VPN (Virtual Private Network)
Encrypted connection for secure remote access. Essential for remote work security.
Weakness in software, hardware, or procedures that can be exploited. Foundation of many attacks.
Automated process to identify security weaknesses in systems. Basic security hygiene.
W
4 termsWatering Hole Attack
Compromising websites frequently visited by target group. Strategic web compromise.
Web Shell
Malicious script giving attackers remote access to web servers. Common persistence mechanism.
Phishing targeting high-level executives. High stakes and highly customized attacks.
White Hat Hacker
Ethical hacker who finds vulnerabilities to help organizations improve security. Works within legal boundaries.
X
2 termsXDR (Extended Detection and Response)
Security solution integrating multiple security products into unified platform. Evolution of EDR.
XSS (Cross-Site Scripting)
Attack injecting malicious scripts into web pages viewed by other users. Common web vulnerability.
Y
2 termsYARA Rules
A pattern-matching tool used by malware researchers and SOC analysts to detect, classify, and hunt for malware based on textual or binary patterns. Essential for threat hunting and incident response.
YubiKey
A hardware security key used for two-factor and multi-factor authentication. Requires physical presence to authenticate, providing strong protection against phishing and account takeover.
Z
2 termsSecurity model requiring verification for every access request regardless of location. “Never trust, always verify.”
A previously unknown vulnerability with no available patch. Highly valued by attackers and defenders alike.
About the author
