Cybersecurity Glossary

The techniques attackers use to progressively move through a network after initial compromise, searching for sensitive data and escalating privileges.

Local File Inclusion. A vulnerability that allows an attacker to include files already present on the server through the web application, potentially exposing sensitive configuration files.

Malicious code inserted into a program that remains dormant until triggered by a specific condition such as a date, user action, or system event.

Lightweight Directory Access Protocol. A protocol for accessing and managing distributed directory information services, commonly used for centralized authentication.

A security principle that grants users and processes only the minimum permissions necessary to perform their required tasks, reducing attack surface.

The post-incident review process that analyzes what happened, what worked, what failed, and what improvements should be made to prevent future incidents.

The examination of system, application, and security logs to identify suspicious activities, reconstruct events, and support incident investigation.

The practice of securing large language models against attacks including prompt injection, data extraction, jailbreaking, and training data poisoning.

An attack technique that uses legitimate system tools and features already present on the target system to perform malicious activities, evading detection.

Living Off the Land Binaries, Scripts, and Libraries. A catalog of legitimate Windows binaries that can be used for malicious purposes by attackers.

A reverse tunneling tool used by penetration testers to establish encrypted tunnels through compromised hosts for pivoting into internal networks.

Living Off the Land Binaries. Legitimate system executables that can be abused by attackers for malicious purposes, such as certutil, mshta, or regsvr32 on Windows.

Malware that downloads and executes additional payloads from remote servers after initial infection, allowing attackers to deploy various tools post-compromise.

The process of collecting, storing, analyzing, and retaining log data from across an organization's infrastructure for security monitoring.

The collection and analysis of digital evidence from a running system, capturing volatile data that would be lost if the system were powered off.

A technique that circumvents the safety restrictions of large language models to produce outputs the model was designed to refuse.

The practice of opening a lock by manipulating its components without the original key, used in physical penetration testing and security assessment.

An attack that exploits applications constructing LDAP queries from user input, potentially accessing unauthorized directory information.

A legitimate system binary that can be misused for malicious purposes such as downloading payloads, executing code, or bypassing security.

The unintentional disclosure of sensitive training data by large language models through carefully crafted prompts or interactions.

LDAP over SSL. A secure version of LDAP that encrypts the communication between client and directory server using SSL/TLS.

Security architecture for Long Range Wide Area Network IoT protocol including AES-128 encryption, device authentication, and key management.

A domain name that closely resembles a legitimate domain through character substitution or addition, used in phishing attacks.

Security considerations for load balancers including SSL termination, DDoS protection, health checks, and access control.

A prominent ransomware-as-a-service group known for fast encryption, automated lateral movement, and their leak site for publishing stolen data.

Attacks targeting autonomous AI agents that can take actions, exploiting their decision-making to perform unauthorized operations.

Security considerations for Long-Term Evolution mobile networks including IMSI catching, downgrade attacks, and protocol vulnerabilities.

Post-quantum cryptographic algorithms based on lattice problems, considered resistant to quantum computer attacks.

Safety mechanisms implemented around large language models to prevent harmful outputs, prompt injection, and data leakage.

Living Off the Land attack using legitimate system administration tools for malicious purposes to avoid detection.

Methods for opening locks without picking including shimming, bumping, and using bypass tools on specific lock designs.