Cybersecurity Glossary

An attack where a malicious actor sends falsified ARP messages to link their MAC address with a legitimate IP address, enabling man-in-the-middle attacks on a local network.

The practice of protecting application programming interfaces from attacks and misuse, including authentication, authorization, rate limiting, and input validation.

Advanced Encryption Standard. A symmetric block cipher adopted as the encryption standard by the US government, widely used for securing sensitive data with 128, 192, or 256-bit keys.

An encryption method using a pair of mathematically related keys where one encrypts and the other decrypts, enabling secure communication without prior key exchange.

A modern password hashing algorithm that won the Password Hashing Competition, designed to be resistant to GPU and ASIC-based attacks using memory-hard operations.

Software that automatically displays or downloads advertising material, often bundled with free software and sometimes collecting user data for targeted advertising.

Advanced Persistent Threat. A sophisticated, long-term cyberattack campaign where an intruder gains and maintains unauthorized access to a network, often state-sponsored.

The process of verifying the identity of a user, device, or system, typically through credentials like passwords, tokens, biometrics, or certificates.

The process of determining what resources and actions an authenticated user is permitted to access, enforced through policies and access control mechanisms.

Microsoft directory service that provides authentication and authorization for Windows domain networks, managing users, computers, and security policies.

Attribute-Based Access Control. An access control model that evaluates attributes of users, resources, and environment conditions to make authorization decisions.

A network security suite for assessing Wi-Fi network security, including monitoring, attacking, testing, and cracking WEP and WPA/WPA2 encryption.

A piece of digital evidence found during forensic analysis, such as log entries, file metadata, registry entries, or network traffic captures.

A document defining the acceptable ways employees and users can use organizational IT resources, establishing boundaries and consequences for violations.

The total sum of all possible entry points or vulnerabilities through which an attacker could potentially gain unauthorized access to a system or network.

The specific path, method, or scenario an attacker uses to gain unauthorized access to a system or network, such as phishing emails or unpatched vulnerabilities.

A physical and logical isolation of a computer or network from unsecured networks, including the internet, used to protect highly sensitive systems.

A mobile OS security mechanism that isolates each application in its own restricted environment, preventing unauthorized access to other apps and system resources.

The practice of opening email attachments in an isolated virtual environment to detect malicious behavior before delivering them to the recipient inbox.

Cyberattacks that leverage artificial intelligence and machine learning to automate reconnaissance, generate convincing phishing content, or evade detection systems.

Techniques that exploit vulnerabilities in machine learning models by crafting inputs designed to cause the model to make incorrect predictions.

Techniques used to bypass the safety restrictions and content policies of AI systems, causing them to produce outputs they are designed to refuse.

The practice of tracking and managing all IT assets within an organization, essential for understanding and protecting the complete attack surface.

A structured review document completed after a security incident or exercise that captures lessons learned, successes, and areas for improvement.

Hardware and software systems that manage and restrict physical access to facilities, rooms, and equipment using cards, biometrics, or PINs.

Techniques used to circumvent the Antimalware Scan Interface in Windows, allowing malicious scripts to execute without being detected by security software.

An attack targeting Active Directory accounts that do not require Kerberos preauthentication, allowing offline password cracking of their AS-REP responses.

A penetration testing approach that begins with the assumption that an attacker already has internal access, focusing on lateral movement and impact assessment.

A security method that adjusts authentication requirements based on risk assessment, requiring additional verification for suspicious login attempts.

A condition where security analysts become desensitized to security alerts due to the high volume of false positives, potentially missing genuine threats.

A conceptual diagram showing how a system can be attacked, with the root representing the attacker's goal and branches representing different attack paths.

The practice of mimicking the tactics, techniques, and procedures of specific threat actors to test an organization's detection and response capabilities.

A server that acts as a single entry point for API requests, handling authentication, rate limiting, request routing, and security enforcement.

The study of attacks on machine learning systems and defenses against them, including evasion, poisoning, and model extraction attacks.

The practice of systematically testing AI systems for vulnerabilities, biases, and failure modes using adversarial techniques and creative probing.

An attack targeting the AI development pipeline, including compromised training data, poisoned pre-trained models, and malicious dependencies.

AI-powered malware or attack tools that can independently make decisions, adapt to defenses, and pursue objectives without human operator input.

An attack that exploits AI model hallucinations by registering domain names, package names, or resources that AI systems falsely recommend.

Phishing attacks enhanced by AI to generate highly personalized and convincing messages, automatically adapting content based on target profiles.

Security solutions that monitor and filter AI model inputs and outputs to detect prompt injections, data leaks, and other AI-specific threats.

The process of reverse engineering Android application packages to analyze source code, identify vulnerabilities, and understand application behavior.

The process of gaining root access on Android devices to bypass manufacturer restrictions and access system files for security testing.

A mobile security approach that applies a management layer to mobile applications without modifying the underlying code, enforcing security policies.

Authenticated Received Chain. An email authentication system that preserves authentication results across intermediaries like mailing lists and forwarding services.

Information gathering that involves direct interaction with the target system, such as port scanning, service enumeration, and vulnerability probing.

Techniques used to prevent or hinder digital forensic analysis, including data wiping, encryption, log tampering, and timestamp manipulation.

Techniques for circumventing Windows AppLocker application whitelisting policies to execute unauthorized programs.

Self-propagating malware that uses AI to adapt its behavior, evade detection, and automatically spread across systems without human direction.

The unauthorized extraction or replication of proprietary machine learning models through techniques like model extraction or side-channel attacks.

Intentionally crafted inputs designed to cause machine learning models to make incorrect predictions while appearing normal to humans.

Frameworks and practices for managing the development and deployment of AI systems responsibly, including security, ethics, and compliance.

Security risks in the AI development pipeline including compromised pre-trained models, poisoned datasets, and malicious dependencies.

An attack where a malicious actor gains unauthorized access to a user account, typically through credential theft or session hijacking.

The exploitation of API endpoints beyond their intended use, including excessive requests, parameter manipulation, and business logic exploitation.

Advanced Message Queuing Protocol. An application layer protocol for message-oriented middleware, requiring security considerations for authentication and encryption.

A security mindset that operates under the assumption that attackers are already inside the network, driving more resilient security practices.

The sequence of steps an attacker takes from initial reconnaissance to achieving their final objective, used for understanding and disrupting attacks.

A network addressing and routing method where multiple servers share the same IP address, used for DDoS mitigation and content delivery.

A firewall component that provides protocol-specific filtering at the application layer, understanding application-level commands.

Techniques for circumventing API rate limiting controls, including header manipulation, IP rotation, and parameter pollution.

An open-source full packet capture and search system that indexes network traffic for forensic analysis and threat hunting.

The automated process of identifying all hardware and software assets connected to an organization network for security management.

An open-source digital forensics platform with a graphical interface built on The Sleuth Kit for hard drive and smartphone analysis.

American Institute of CPAs Service Organization Controls. Audit frameworks for evaluating service provider security controls.

An AWS threat detection service that continuously monitors for malicious activity and unauthorized behavior in AWS accounts.

Security risks from AI-generated code including vulnerable patterns, outdated libraries, and hallucinated package names.

The use of AI to automate and enhance social engineering attacks through personalized phishing, voice cloning, and deepfakes.

A physical pattern designed to fool computer vision systems when placed in a camera field of view, potentially evading surveillance.

Attacks that deliberately exploit known biases in AI systems to achieve favorable outcomes or bypass security decisions.

The process of testing APIs for vulnerabilities including authentication flaws, injection attacks, and business logic errors.

Automatic Certificate Management Environment. A protocol for automating certificate issuance and management, used by Let us Encrypt.

Malicious applications that bypass app store security reviews and are distributed through official channels to reach victims.

Technical measures including SPF, DKIM, DMARC, and MTA-STS that prevent unauthorized parties from sending email as your domain.

Corrupting the ARP table of a target device to associate the attacker MAC address with a legitimate IP, enabling traffic interception.

A penetration test starting from the assumption of initial access to evaluate internal defenses, detection, and response capabilities.

Security testing specifically targeting application programming interfaces to identify authentication, authorization, and injection vulnerabilities.

Security assessment focused on Active Directory environments, testing Kerberos attacks, trust relationships, and privilege escalation paths.

A periodic process of validating that users access rights are appropriate for their current roles, removing unnecessary permissions.

A component that authenticates resource owners and issues access tokens to clients after receiving valid authorization grants.

A digital document that binds a set of attributes to an entity, used for fine-grained authorization without bundling identity.

A unique identifier used to authenticate requests to an API, providing a simple but less secure alternative to OAuth tokens.

The continuous discovery, monitoring, and management of an organization external-facing digital assets and their vulnerabilities.

The challenge of ensuring artificial intelligence systems behave in accordance with human values and intentions.

Research and practices focused on preventing AI systems from causing unintended harm, including alignment and robustness.

Techniques for recovering training data from machine learning models through memorization exploitation and inference attacks.

Techniques for embedding detectable signals in AI-generated content to identify its synthetic origin.

Procedures for handling security incidents involving AI systems including model compromise, data poisoning, and adversarial attacks.

Security assessment of AI and machine learning systems for vulnerabilities including adversarial robustness and data extraction.

The process of identifying undocumented or hidden API endpoints that may lack proper security controls.

Security risks arising from maintaining multiple API versions, where older versions may contain unpatched vulnerabilities.

A security engagement starting from simulated internal access to test detection, response, and containment capabilities.

A detailed plan for simulating specific threat actor techniques during red team engagements, based on threat intelligence.

A library of simple, focused tests mapped to the MITRE ATT&CK framework for validating security detection capabilities.

The identification and visualization of potential routes an attacker could take from initial access to critical assets.

The process of analyzing multiple security alerts to identify related events that together indicate a larger attack pattern.

A policy defining how access to systems and data is granted, managed, reviewed, and revoked within an organization.

Using artificial intelligence to create more convincing social engineering attacks, including personalized phishing and voice impersonation.

The ability to understand and explain how AI systems reach their decisions, critical for identifying bias and detecting adversarial manipulation.

An access control model where authorization decisions are based on attributes of users, resources, and environmental conditions.

A systematic method for describing and analyzing the security of systems using a tree structure showing how a target can be attacked.

Tools that automate discovery, enumeration, and exploitation phases of penetration testing for consistent and repeatable results.

The accidental exposure of API keys in source code repositories, client-side code, or public documentation.

A coordinated series of related cyberattacks conducted by a threat actor against specific targets over a defined period.

Malware capabilities that detect and evade analysis environments including debugger detection, VM detection, and timing checks.

A chronological record of system activities that provides documentary evidence of the sequence of events for regulatory review.

Using machine learning algorithms to identify security threats by analyzing patterns in network traffic, user behavior, and system logs.

AI-driven security systems that can independently detect, analyze, and respond to threats without human intervention.

Deliberately corrupting AI model training data or processes to introduce vulnerabilities or biases that can be exploited later.

A periodic review process where managers verify that users access rights are still appropriate for their current roles.

A detailed blueprint for simulating specific threat actor campaigns during red team engagements.

Technologies that identify whether text, images, or media were generated by artificial intelligence systems.