Cybersecurity Glossary

A network security device or software that monitors and controls incoming and outgoing network traffic based on predetermined security rules, acting as a barrier between trusted and untrusted networks.

A security weakness where a web application fails to properly validate uploaded files, allowing attackers to upload malicious scripts or executables.

Malware that operates entirely in memory without writing files to disk, making it difficult to detect with traditional antivirus solutions that scan file systems.

An authentication standard that enables passwordless login using hardware security keys or platform authenticators, providing strong phishing-resistant authentication.

The process of gathering maximum information about a target system, network, or organization during the reconnaissance phase of a penetration test.

Family Educational Rights and Privacy Act. A US federal law protecting the privacy of student education records at institutions receiving federal funding.

Federal Risk and Authorization Management Program. A US government program providing a standardized approach to security assessment for cloud products and services.

Federal Information Security Modernization Act. US legislation requiring federal agencies to develop, document, and implement information security programs.

A vulnerability disclosure approach where details of security vulnerabilities are published immediately and publicly, without giving the vendor advance notice.

The process of examining device firmware to identify vulnerabilities, backdoors, and hardcoded credentials that could be exploited by attackers.

A DeFi exploit where attackers use uncollateralized flash loans to manipulate cryptocurrency prices and drain liquidity pools in a single transaction.

An enclosure made of conductive material that blocks electromagnetic signals, used to prevent electronic eavesdropping and protect sensitive equipment.

File Transfer Protocol. A standard network protocol used for transferring files between a client and server, considered insecure without encryption.

The process of creating an exact bit-for-bit copy of a storage device for forensic analysis, preserving the original evidence.

A forensic technique that recovers files from unallocated disk space based on file signatures and structure, without relying on file system metadata.

An automated software testing technique that provides invalid, unexpected, or random data to program inputs to discover vulnerabilities and crashes.

Attacks targeting distributed machine learning systems where malicious participants manipulate local model updates to corrupt the global model.

An attack technique that introduces faults into hardware through voltage glitching, clock manipulation, or laser stimulation to bypass security mechanisms.

A security method that encrypts all data on a storage drive, protecting information even if the device is lost or stolen.

A security process that validates the integrity of operating system and application files by comparing current states against known good baselines.

The examination of network flow data like NetFlow or sFlow to identify anomalies, detect threats, and understand traffic patterns.

An attack exploiting file upload functionality to upload malicious files like web shells, achieving remote code execution on the server.

An encryption scheme where the ciphertext has the same format and length as the plaintext, useful for encrypting structured data.

Malware that infects device firmware to persist below the operating system, surviving OS reinstallation and most security measures.

Malicious JavaScript code injected into payment forms on websites to steal credit card information as customers enter their details.

A Windows-based malware analysis distribution maintained by Mandiant, providing a curated collection of reverse engineering and analysis tools.

The extraction and analysis of device firmware for evidence of tampering, backdoors, or malicious modifications.

A denial-of-service attack similar to Smurf that uses UDP echo instead of ICMP to amplify traffic against a target.

An attack where a user manually accesses web pages not linked from the application, potentially finding unprotected administrative functions.

A vulnerability exploiting format string functions like printf to read or write memory, potentially leading to code execution.

An attack technique that executes malicious code entirely in memory using legitimate system tools without writing files to disk.

The process of refining detection rules and thresholds to reduce false alerts while maintaining detection effectiveness.

The organizational preparation to efficiently conduct digital forensic investigations, including log retention and tool availability.

A detailed document presenting findings from a digital forensic investigation, suitable for legal proceedings and management review.

Security considerations for distributed machine learning where models are trained across decentralized devices without sharing raw data.

The initial person to arrive at a digital crime scene or security incident, responsible for preserving volatile evidence.

A collection of hardware and software tools used by digital forensic investigators to acquire, analyze, and report on evidence.

A dedicated computer system configured specifically for digital forensic analysis with appropriate tools and write-blocking capabilities.

Specialized software or hardware for creating bit-for-bit copies of storage devices while maintaining forensic integrity.