Cybersecurity Glossary

Border Gateway Protocol. The routing protocol that manages how packets are routed across the internet between autonomous systems, critical to internet infrastructure.

A technique used to gather information about a computer system on a network by reading the banner messages displayed by network services when a connection is established.

A category of vulnerabilities where authentication mechanisms are improperly implemented, allowing attackers to compromise passwords, tokens, or session management.

A vulnerability where restrictions on authenticated users are not properly enforced, allowing users to access unauthorized functions or data.

A symmetric encryption algorithm that encrypts data in fixed-size blocks, with modes of operation like CBC, CTR, and GCM determining how multiple blocks are processed.

A password hashing function based on the Blowfish cipher, designed to be computationally expensive to resist brute-force attacks, with a configurable work factor.

A type of rootkit that infects the master boot record or volume boot record, loading before the operating system and evading detection by security software.

A network of compromised computers controlled remotely by an attacker, commonly used for DDoS attacks, spam distribution, and cryptocurrency mining.

A sophisticated scam where attackers compromise or impersonate business email accounts to redirect financial transactions or steal sensitive data.

A method of bypassing normal authentication or encryption in a system, often installed by malware or intentionally built in by developers for maintenance access.

An attack method that systematically tries every possible combination of characters to crack passwords or encryption keys until the correct one is found.

Authentication using unique biological characteristics such as fingerprints, facial recognition, iris patterns, or voice recognition to verify user identity.

The defensive security team responsible for maintaining and improving an organization security posture by detecting, responding to, and mitigating attacks.

A program where organizations offer monetary rewards to security researchers who discover and responsibly disclose vulnerabilities in their systems.

A comprehensive web application security testing platform that includes tools for intercepting proxies, scanning, and exploiting web vulnerabilities.

An Active Directory reconnaissance tool that uses graph theory to reveal hidden relationships and attack paths within AD environments.

The planning and preparation to ensure that critical business functions can continue during and after a disaster or significant disruption.

The exploitation of vulnerabilities in Bluetooth implementations, including bluejacking, bluesnarfing, and bluebugging attacks on paired devices.

A class of attacks exploiting the inherent trust computers place in USB devices by reprogramming USB firmware to act as keyboards or network adapters.

A classification of vulnerability impact ranging from informational to critical, determining the urgency of remediation based on potential damage and exploitability.

Security practices for blockchain and cryptocurrency systems, addressing smart contract vulnerabilities, 51% attacks, and wallet security.

A planned approach to creating and managing copies of data to ensure recovery in case of data loss, corruption, or ransomware attacks.

A shell session where the compromised target machine opens a listening port and waits for the attacker to connect, requiring inbound firewall access.

An independent security researcher who discovers and reports vulnerabilities in software and systems for monetary rewards through bug bounty programs.

A special-purpose computer on a network specifically designed and configured to withstand attacks, serving as a gateway between trusted and untrusted networks.

The legal requirement to inform affected individuals and regulatory authorities when personal data has been compromised in a security breach.

A social engineering attack that uses a false promise to entice victims, such as leaving infected USB drives in public places.

Security attacks targeting Bluetooth connections, including BlueBorne, KNOB, BIAS, and Bluetooth impersonation attacks.

Bring Your Own Device. A policy that allows employees to use personal devices for work, creating security challenges around data protection and device management.

The interception and analysis of Bluetooth communications using specialized hardware, potentially capturing sensitive data transmitted between devices.

Business Email Compromise. A sophisticated scam targeting businesses that regularly perform wire transfers, using compromised or spoofed email accounts.

Brand Indicators for Message Identification. A standard that enables organizations to display their logo next to authenticated emails in supporting email clients.

A short vertical post designed to prevent vehicle access to pedestrian areas and protect buildings from vehicle-borne attacks.

A specially crafted key that can open pin tumbler locks through a technique called lock bumping, a concern for physical security assessments.

A career path focused on finding and reporting security vulnerabilities in organizations' systems for monetary rewards through bug bounty programs.

Security practices for protecting data backups, including encryption, access controls, offsite storage, and regular testing of recovery procedures.

An attack where malicious actors announce ownership of IP prefixes they do not control, redirecting internet traffic through their infrastructure.

A type of SQL injection where the attacker asks the database true or false questions and determines the answer based on application response differences.

A vulnerability arising from flawed application design rather than coding errors, allowing attackers to abuse legitimate functionality.

Malware specifically designed to steal financial credentials and intercept banking transactions through web injection and form grabbing techniques.

A symmetric-key block cipher designed as a fast replacement for DES, using variable-length keys up to 448 bits.

Automated platforms that continuously simulate attacks against an organization to validate security controls and identify gaps.

An attack that exploits flaws in the design and implementation of business processes rather than technical vulnerabilities.

A technique that collects information about a browser configuration to create a unique identifier for tracking users without cookies.

Security considerations for Bluetooth Low Energy including pairing vulnerabilities, GATT profile attacks, and tracking through BLE beacons.

Security certifications focused on defensive skills including CompTIA CySA+, GIAC GSEC, and Certified SOC Analyst.

A type of XML bomb that uses nested entity definitions to expand exponentially, consuming server memory and causing denial of service.

A vulnerability where API endpoints fail to properly enforce authorization checks, allowing users to access administrative functions.

Broken Object Level Authorization. An API vulnerability where endpoints expose object IDs without proper access control validation.

The analysis of blockchain transactions to trace cryptocurrency movements, identify wallet owners, and investigate financial crimes.

An open-source hacking tool for communicating with hardware devices through protocols like SPI, I2C, UART, and JTAG.

Techniques for defeating biometric authentication systems using fake fingerprints, photos, voice recordings, or 3D-printed faces.

The use of weak, outdated, or improperly implemented cryptographic algorithms that can be exploited to decrypt protected data.

A vulnerability where a program writes more data to a buffer than it can hold, potentially overwriting adjacent memory and enabling code execution.

An attack targeting vulnerabilities in web browsers to execute arbitrary code, escape sandboxes, or steal data.

A form of digital signature where the content of a message is disguised before signing, providing signer privacy.

An access token that grants access to a protected resource to whoever possesses it, requiring secure transmission and storage.

Automated testing that simulates real-world attack scenarios to validate the effectiveness of security controls.

A tool that combines a legitimate program with malware into a single executable, executing both when the user runs the file.

Discovering exposed cloud storage buckets through predictable naming patterns and misconfigurations.

The unauthorized duplication of access badges using RFID readers, allowing physical access to secured facilities.

Intentionally slowing network traffic to manage congestion or enforce usage policies on specific services or users.

A spanning tree protocol feature that disables switch ports receiving unexpected bridge protocol data units to prevent STP manipulation attacks.

Online services like HackerOne and Bugcrowd that connect organizations with security researchers for vulnerability discovery programs.

Encrypting backup data to protect it from unauthorized access even if backup media is lost, stolen, or improperly disposed of.

A digital reference of biometric characteristics stored for comparison during authentication, requiring secure storage.