Cybersecurity Glossary

A type of Wi-Fi attack where an attacker sets up a rogue access point that mimics a legitimate one to intercept wireless communications.

The practice of monitoring and controlling outbound network traffic to prevent data exfiltration, malware communication, and unauthorized data transfers.

The process of converting plaintext data into ciphertext using an algorithm and a key, making it unreadable to anyone without the corresponding decryption key.

A public-key cryptography approach based on the algebraic structure of elliptic curves, offering equivalent security to RSA with significantly smaller key sizes.

A measure of randomness or unpredictability in data, critical in cryptography for generating strong keys, passwords, and nonces that resist guessing attacks.

A communication system where only the communicating parties can read the messages, with encryption and decryption occurring at the endpoints rather than in transit.

A piece of code, software, or technique that takes advantage of a vulnerability in a system or application to cause unintended behavior or gain unauthorized access.

A toolkit used by attackers to automatically exploit known vulnerabilities in software, typically delivered through compromised websites or malicious advertisements.

The process of actively probing a target system to extract detailed information about users, groups, shares, services, and configurations.

The phase of a penetration test where identified vulnerabilities are actively exploited to gain unauthorized access or demonstrate the impact of the weakness.

The unauthorized transfer of data from a compromised system to an attacker-controlled location, often using covert channels to avoid detection.

The incident response phase focused on removing the root cause of an incident, including malware removal, vulnerability patching, and account remediation.

Endpoint Detection and Response. A cybersecurity solution that continuously monitors endpoints to detect, investigate, and respond to cyber threats in real time.

The practice of securing end-user devices such as laptops, desktops, and mobile devices from cyber threats through software and policy enforcement.

Unintentional electromagnetic signals emitted by electronic devices that can be intercepted to reconstruct displayed information or cryptographic keys.

The creation of emails with a forged sender address to deceive recipients into believing the message came from a trusted source.

A security solution that filters incoming and outgoing email traffic to block spam, phishing, malware, and other email-borne threats.

An attack that floods a victim email inbox with a massive volume of messages, causing denial of service and potentially masking important notifications.

The encryption of stored data on disk or in databases to protect against unauthorized access if physical storage media is compromised or stolen.

eLearnSecurity Junior Penetration Tester. An entry-level practical penetration testing certification with a hands-on exam environment.

Network traffic that moves laterally between servers or applications within a data center, as opposed to north-south traffic entering or leaving the network.

A public-key cryptography approach based on the algebraic structure of elliptic curves, providing equivalent security to RSA with smaller key sizes.

The process of protecting digital evidence from modification, damage, or destruction to maintain its integrity for investigation and legal proceedings.

A rogue wireless access point that masquerades as a legitimate one, tricking users into connecting and allowing the attacker to intercept their traffic.

Unintentional electromagnetic signals emitted by electronic devices that can be intercepted and analyzed to reconstruct processed data.

Techniques used by mobile applications to detect when they are running in an emulated environment, often to prevent security analysis.

The examination of email message headers to trace the path of an email, identify the sending server, and detect potential spoofing.

The process of encrypting email messages and attachments to protect their contents from unauthorized access during transit and storage.

The practice of executing email attachments in an isolated environment to detect malicious behavior before delivering them to the recipient.

An attack where the sender disguises their email to appear as if it comes from a trusted contact or organization without technically spoofing the address.

An area where suspicious emails are held for review rather than being delivered to the recipient's inbox or permanently deleted.

Physical security measures protecting IT equipment from environmental threats including fire, flood, temperature extremes, and humidity.

eLearnSecurity Web Application Penetration Tester eXtreme. An advanced web application security certification requiring exploitation of complex vulnerabilities.

A SQL injection technique that uses database error messages to extract information about the database structure and content.

Elliptic Curve Digital Signature Algorithm. A variant of DSA that uses elliptic curve cryptography, providing equivalent security with smaller keys.

A defense evasion technique that patches Event Tracing for Windows functions to prevent security tools from receiving telemetry data.

A physical attack where an adversary gains brief physical access to an unattended device to install implants or extract encryption keys.

Physical barriers that block electromagnetic fields to prevent eavesdropping on electronic emissions from computing equipment.

The combination of SPF, DKIM, and DMARC protocols working together to verify the authenticity of email senders and prevent spoofing.

Techniques used by attackers to avoid detection by Endpoint Detection and Response solutions, including unhooking, direct syscalls, and memory manipulation.

A highly sophisticated modular banking trojan that evolved into a malware distribution service, known for its polymorphic capabilities and email spreading.

A SIEM and endpoint security solution built on the Elastic Stack that provides threat detection, investigation, and response capabilities.

An Australian cybersecurity framework recommending eight mitigation strategies to protect against the most common cyber threats.

An adversarial machine learning attack that crafts inputs to cause a deployed model to make incorrect predictions at inference time.

Security implications of embedded SIM technology including remote provisioning vulnerabilities and profile manipulation risks.

A phishing technique where attackers reply to existing email conversations using a compromised account to deliver malware or phishing links.

The examination of email messages and headers to trace origins, detect forgery, and gather evidence for security investigations.

A dedicated security appliance that inspects all inbound and outbound email for threats including malware, phishing, and data leakage.

An attack that exploits web contact forms to inject additional email headers, potentially turning the form into a spam relay.

A proactive approach to identifying and prioritizing an organization most critical security exposures across the entire attack surface.

European Union regulation establishing a legal framework for artificial intelligence, including requirements for high-risk AI systems.

The organizational transition from password-based authentication to passwordless methods like FIDO2, biometrics, and certificates.

The systematic gathering of digital evidence following forensic procedures to maintain integrity and chain of custody.

Defined criteria and processes for escalating security incidents to higher tiers of analysis, management, or external parties.

A policy establishing when and how encryption must be used to protect data at rest, in transit, and in use.

Predefined procedures for granting temporary elevated access during critical incidents, with full audit logging.

Examining email artifacts including headers, attachments, and metadata to investigate phishing, fraud, and data theft.

Data Loss Prevention controls applied to email to prevent sensitive information from being sent outside the organization.

Security measures for protecting stored email archives including encryption, access controls, and tamper detection.

Systems that ensure email service availability during outages, providing emergency mailbox access when primary servers are down.

Threat data specifically related to email-based attacks including phishing campaigns, malware distribution, and BEC schemes.

A cryptographic function like SHAKE that produces output of arbitrary length, useful for key derivation and random generation.

A tamper-evident container used to store and transport physical digital evidence while maintaining chain of custody.

Documentation and artifacts that demonstrate an organization adherence to regulatory requirements and security standards.

Security practices for protecting embedded computing systems including secure boot, firmware validation, and hardware tamper resistance.

A comprehensive approach to securing mobile devices and applications in enterprise environments including MDM, MAM, and MCM.