1. Black Hat
A person who conducts hacking for illegal purposes, usually for financial gain. They infiltrate networks to destroy, ransom, modify, or steal data, or to deny access to authorized users. The term originates from classic Western films where villains wore black hats and heroes wore white hats.
2. Backdoor
A hidden access method in a computer system that bypasses standard authentication mechanisms such as logins and passwords, effectively undermining the system's data protection.
3. Brute-Force Attack
An automated, exhaustive search of all possible passwords or keys until the correct one is found, allowing attackers to break authentication and gain access to a system.
4. Doxing
Discovering and publishing an internet user's identity by searching online for their detailed information.
5. Gray Hat
A person who performs hacking activities but not primarily for personal or financial gain. For example, an activist might hack as part of a political protest to embarrass or expose an organization.
6. IP
Internet Protocol address. A numerical identifier for a device on a network, used to identify a device, track activity, or infer location.
7. Keylogger
Software or hardware that records the keys pressed by a computer user so an attacker can capture login credentials and passwords.
8. Malware
Software designed to control, damage, or steal data from a computer or network without authorization.
9. Phishing
Soliciting personal information such as passwords, bank account details, or credit card numbers by sending emails that appear to come from a legitimate person or organization.
10. Email Spoofing
Altering an email so that it appears to come from a different source, for example a bank, and delivering false instructions that, if followed, compromise data security.
11. Spyware
A type of malware programmed to run unnoticed on a computer and quietly transmit data to an attacker.
12. Whaling
Phishing attacks targeted at high-level executives or organizational leadership. Whaling is used to obtain sensitive or embarrassing personal information such as salaries, bonuses, private addresses, and phone numbers.
13. White Hat
A hacker who uses their skills for defensive purposes, such as helping organizations identify and fix vulnerabilities in their IT systems.
14. Vulnerability
A flaw or misconfiguration in software, hardware, or communication protocols that allows an attacker to access or compromise a system without authorization. Common vulnerabilities include SQL injection, weak passwords, remote command execution, and privilege bypass.
15. Malware Categories
Malware refers to programs installed or executed in an information system without authorization to achieve improper objectives. Common types include:
1. Trojan
A malicious program designed primarily to steal personal information or enable remote control of a victim's computer. Trojans typically consist of a controller and a client. By function, trojans can be classified into account-stealing trojans, banking trojans, data-stealing trojans, remote-control trojans, traffic-hijacking trojans, downloader trojans, and others.
2. Bot
Malicious software used to build large-scale attack platforms. Bots can be categorized by their communication protocol into IRC bots, HTTP bots, P2P bots, and others.
3. Worm
Self-replicating malware that spreads widely to consume system and network resources. Worms can propagate via email, instant messaging, removable drives, exploit vulnerabilities, and other vectors.
4. Virus
Malware that spreads by infecting files and is designed to corrupt or alter user data, affecting normal system operation.
5. Ransomware
Malware used to seize control of user assets or resources and demand payment. Ransomware typically encrypts user data or changes device configuration to render it unusable, then issues a ransom demand in exchange for decryption or system recovery instructions.
6. Mobile Malware
Malicious programs targeting mobile devices, installed or executed without user knowledge or authorization. Categories by behavior include fraudulent billing, data theft, remote control, malicious propagation, consumption of service fees, system damage, deception and fraud, and rogue behavior.
7. Other
Other malicious programs not covered by the above categories.
Malware by Primary Use
As underground economies evolve, many malware samples combine multiple functional attributes. Malware is often categorized by its primary purpose as described below.
1. Botnet
A network of compromised computers controlled centrally by an attacker, typically via one-to-many command-and-control channels. Botnets can perform distributed denial-of-service attacks, send large volumes of spam, and execute other coordinated malicious actions.
2. Denial-of-Service
An attack that sends a high volume of malicious packets or performs specific operations to render a target information system unable to provide service.
3. Website Defacement
Malicious modification of website content, disrupting normal operation or inserting unauthorized content.
4. Website Spoofing
Creating pages that closely mimic a target website to trick users. Phishing sites are a common form, often spread via spam, instant messages, SMS, or fake ads, and may lead to account or password disclosure.
5. Web Backdoor
An incident where an attacker uploads remote-control pages to a specific website directory, allowing secret remote control of the web server.
6. Spam
Unsolicited email sent to users without their permission.
7. DNS Hijacking
Intercepting DNS resolution requests or tampering with DNS server data so that users receive false IP addresses or requests fail when accessing a domain.
8. Route Hijacking
Altering routing information through deception so that users cannot reach the correct target or their traffic is diverted through attacker-controlled paths.
16. Difference Between Viruses and Trojans
Virus: Typically refers to an infectious program that damages computer functions or data. A virus is a set of instructions or program code that can self-replicate and infect other files. It exhibits propagation, stealth, infection, latency, activation, and destructive behavior. Typical lifecycle stages include development, infection, latency, activation, discovery, cleanup, and termination.
Trojan: Named after the Trojan Horse tactic, trojans are usually delivered via email attachments or bundled with other programs. They consist of a controller and a client. Unlike viruses, trojans do not self-replicate or intentionally infect other files. Instead, they modify the registry, reside in memory, install backdoors, persist across reboots, and enable unauthorized remote control for actions such as file deletion, copying, or password changes.
Key differences:
- Viruses can self-propagate; trojans do not.
- Virus infection is often noticeable; trojans aim to remain hidden to carry out further activity.
- Viruses are typically destructive; trojans are primarily used to steal information.
Worms differ from trojans in that worms exploit system vulnerabilities to self-propagate over networks without attaching to other programs. Large-scale worm propagation can consume network resources and cause widespread congestion or outages, making worms particularly disruptive.
17. Honeypot
1. Honeypot technology is essentially a deception technique that deploys decoy hosts, network services, or data to lure attackers. By capturing and analyzing attacks, defenders can learn attacker tools and methods, infer intent, and better understand threats to improve defenses.
2. A honeypot acts as an intelligence collection system, intentionally presenting an attractive target so defenders can observe attacks, detect new exploits and vulnerabilities, and monitor attacker communications and tools.
18. Dark Web
The internet can be described in three layers:
- Surface web
- Deep web
- Dark web
The surface web consists of commonly accessible websites such as search engines and mainstream services. The deep web includes content not indexed by search engines and often requires authentication or special methods to access, for example private messaging services. The dark web is a subset of the deep web that requires specific browsers to access and uses domain suffixes such as .onion. Accessing the dark web typically requires special software and is more difficult than accessing the surface web.
Key differences:
- The deep web is content not indexed by search engines and often requires authentication or special access methods.
- The dark web is a branch of the deep web, accessible only with specific browsers and protocols.
The dark web hosts market activity involving stolen data and other illicit content.
19. AV Evasion
Techniques used to bypass antivirus detection mechanisms so that antivirus software fails to detect or remove malicious code.
20. APT
Advanced Persistent Threat. APTs use sophisticated attack methods to conduct long-term, targeted cyber campaigns against specific entities. Certain countries and high-value organizations are frequent targets of APT campaigns, which are often supported by nation-state actors or organized groups to steal research, intellectual property, or sensitive information.
Once targeted by an APT, it can be difficult to fully remove the attacker.
21. Exploit / POC
Exploit: A program or code that takes advantage of a vulnerability. A vulnerability does not always have an exploit, but an exploit implies the existence of a vulnerability.
POC (Proof of Concept): A short, incomplete implementation intended to demonstrate that an idea or vulnerability is feasible and to validate its principle. A POC shows that a program or system has a vulnerability, but it may not be a fully usable exploit.
22. Internal Network Penetration
Internal network penetration involves conducting penetration testing or attacks within an internal environment. Sensitive data, source code, and important resources are often stored on internal network servers or on employees' workstations, so internal scanning and penetration are necessary. Internal penetration requires more variability and different techniques due to a more complex environment.
23. Social Engineering
Social engineering in computer security refers to manipulating individuals through seemingly legitimate interactions to influence them to perform actions or disclose confidential information. It is commonly used to fraudulently collect information, deceive, and facilitate unauthorized access to systems.
Social Engineering Databases
1. A tool within social engineering that aggregates leaked or breached data to enable search and correlation.
2. Complex databases can combine leaked data to find phone numbers, booking records, passwords, and other personal information.
24. Google Hacking
Using search engines such as Google to locate security exposures and attackable points on the internet. Two common types of web vulnerabilities discovered by this method are software flaws and misconfigurations. While skilled attackers may look for specific system vulnerabilities, many intruders begin with known software flaws or common configuration mistakes. Search engines can be useful for finding systems with such misconfigurations during reconnaissance.
25. Database Dump
Often called "data dump" or "database leak." It refers to obtaining a website's database, including member information or other desired data, by illegal means and downloading it.
26. Privilege Escalation
After gaining a foothold such as a webshell, the attacker elevates privileges from a normal user to administrator to gain greater control over the system.
27. Zero-Day
Zero-day vulnerabilities are security flaws that do not yet have patches. A zero-day exploit is an attack that leverages such an undisclosed vulnerability. The person or group that discovers and releases details or exploit code typically creates zero-day attacks. Zero-day exploits pose significant threats to cybersecurity.
28. Adjacent Site / C-Class Network
Adjacent site: Other websites hosted on the same server as the target. An attacker may attempt to move from an adjacent site to the actual target directory.
C-class network: Any machine within the same subnet. If hosts share a subnet, there may be opportunities to sniff credentials or intercept traffic.
