Cybersecurity Glossary

Man-in-the-Middle attack. An attack where the adversary secretly intercepts and potentially alters communications between two parties who believe they are communicating directly.

Media Access Control address. A unique hardware identifier assigned to a network interface controller, used for communication within a network segment.

Message Digest Algorithm 5. A widely used but cryptographically broken hash function that produces a 128-bit hash value, no longer considered secure for sensitive applications.

Malicious software designed to damage, disrupt, or gain unauthorized access to computer systems, encompassing viruses, worms, trojans, ransomware, and spyware.

Malware that completely rewrites its own code with each propagation while maintaining the same functionality, making signature-based detection nearly impossible.

Multi-Factor Authentication. A security method requiring two or more independent verification factors from different categories: something you know, have, or are.

An open-source penetration testing framework that provides tools for developing, testing, and executing exploit code against target systems.

A post-exploitation tool that extracts plaintext passwords, hashes, PIN codes, and Kerberos tickets from Windows memory for credential theft and privilege escalation.

The process of studying malware behavior, code, and capabilities to understand its purpose, origin, and impact for incident response and defense improvement.

The analysis of volatile memory (RAM) to discover evidence of malicious activity, running processes, network connections, and encryption keys.

Security strategies and tools designed to protect data and applications distributed across multiple cloud service providers simultaneously.

Managed Detection and Response. A cybersecurity service that provides organizations with threat monitoring, detection, and response capabilities delivered by external experts.

Malicious software specifically designed to target mobile devices, including trojans, spyware, adware, and ransomware for Android and iOS platforms.

Enterprise software that manages, monitors, and secures mobile devices used by employees, enforcing security policies and enabling remote wipe.

A trojan that modifies web page content and transaction data in real time within the browser, intercepting communications between the user and web applications.

An attack where an adversary queries a machine learning model systematically to reconstruct a functionally equivalent copy of the proprietary model.

The average time between the occurrence of a security incident and its detection, a key metric for evaluating security monitoring effectiveness.

The average time from detection of a security incident to its containment and resolution, measuring incident response team efficiency.

A physical security access control system consisting of a small space with two interlocking doors, ensuring only one door opens at a time to prevent tailgating.

A security technique that divides a network into small, isolated segments to limit lateral movement and contain breaches within a single segment.

A vulnerability where an application automatically binds HTTP request parameters to model attributes, allowing attackers to modify fields they should not access.

An isolated virtual environment used to safely execute and analyze suspicious files, observing their behavior without risking the host system.

A globally accessible knowledge base of adversary tactics and techniques based on real-world observations, used as a framework for threat modeling and detection.

The initial rapid assessment of a malware sample to determine its type, capabilities, and potential impact before committing to full analysis.

An attack that exploits a machine learning model to recover sensitive training data by analyzing the model's predictions and confidence scores.

An attack that determines whether a specific data record was used in training a machine learning model, potentially revealing private information.

Mobile Device Management. Software that enables IT administrators to control, secure, and enforce policies on smartphones, tablets, and other mobile devices.

The practice of securing mobile applications against threats including data leakage, insecure storage, improper session handling, and reverse engineering.

The process of digitally signing mobile applications to verify the developer's identity and ensure the app has not been tampered with.

Security solutions that protect mobile devices from network-based, device-based, and application-based threats using on-device detection.

An isolated environment on mobile devices that restricts application access to system resources and other applications' data for security.

Security testing specifically targeting mobile applications and their backend APIs, including static analysis, dynamic analysis, and network interception.

Security considerations for mesh wireless networks where devices relay data for each other, including routing attacks and data interception.

Mail Transfer Agent Strict Transport Security. A mechanism that enables mail service providers to declare their ability to receive TLS-secured connections.

Message Queuing Telemetry Transport. A lightweight messaging protocol used in IoT applications that requires security considerations for authentication and encryption.

An attack that overwhelms a network switch CAM table with fake MAC addresses, forcing it to broadcast all traffic like a hub.

Malware that uses document macros in office applications to execute malicious code when a user opens an infected document.

A tool that compresses and obfuscates malware executables to evade antivirus detection by changing the file signature.

A hash-based data structure where every leaf node contains a data hash and every non-leaf node contains a hash of its children, used for efficient data verification.

Malicious code embedded in document macros that executes when a user opens the document and enables macro execution.

Using the Microsoft Build Engine to compile and execute malicious code inline from project files, bypassing application whitelisting.

A hidden vulnerability inserted into a machine learning model during training that causes specific misclassification when a trigger pattern is present.

Adversarial attacks targeting AI systems that process multiple types of input like text, images, and audio simultaneously.

Security practices for microservice architectures including service mesh, mutual TLS, API gateway security, and distributed authentication.

Multiprotocol Label Switching. A routing technique that directs data using short path labels rather than long network addresses, improving traffic flow.

A rootkit designed for mobile operating systems that provides persistent privileged access while hiding its presence from the user.

An Android attack where malicious apps exploit external storage access to tamper with data used by other applications.

The process of analyzing compiled mobile applications to understand their functionality, find vulnerabilities, and extract sensitive data.

An open-source command and control framework designed for collaborative red team operations with extensible agent support.

Configurable command and control profiles that modify network traffic indicators to mimic legitimate services and evade detection.

Malware targeting mobile banking applications to steal financial credentials through overlay attacks, SMS interception, and screen recording.

A collective term for cybercriminal groups that specialize in web skimming attacks, injecting malicious code into e-commerce checkout pages.

Malware Information Sharing Platform. An open-source threat intelligence platform for sharing, storing, and correlating indicators of compromise.

A cloud-native SIEM and SOAR solution that uses AI to provide intelligent security analytics across the enterprise.

A cloud security posture management and workload protection platform for Azure, AWS, and GCP environments.

An attack that extracts a copy of a machine learning model by systematically querying it and training a replica from the responses.

A TLS configuration where both client and server authenticate each other using certificates, providing stronger identity verification.

Security practices for protecting medical devices from cyber threats, addressing patient safety and regulatory compliance.

The current state of threats targeting mobile devices including malware distribution, network attacks, and application vulnerabilities.

Security measures protecting mobile banking applications and transactions, including biometric authentication and fraud detection.

The science of recovering digital evidence from mobile devices under forensically sound conditions for legal proceedings.

An attack exploiting browser content type sniffing behavior to execute malicious content uploaded with innocent file extensions.

Fine-grained security policies applied at the workload level to control east-west traffic between individual applications.

A lightweight first-stage malware designed to download and execute heavier payloads from command-and-control infrastructure.

A malicious document containing embedded macros that download and execute malware when the user enables macro execution.

Mean Time to Contain. A metric measuring the average time from threat detection to successful containment of the security incident.

Security practices for protecting the end-to-end machine learning development pipeline from data collection through model deployment.

Continuous observation of deployed machine learning models for performance degradation, data drift, and adversarial manipulation.

Digital credentials used to authenticate non-human entities like servers, applications, and IoT devices.

The detailed examination of malware samples to determine functionality, origin, communication patterns, and potential remediation steps.

Specialized forensic techniques for extracting and analyzing evidence from smartphones, tablets, and wearable devices.

Attacks that inject malicious code into mobile applications at runtime through hooking frameworks, debugging, or memory manipulation.

Security measures protecting the backend APIs that mobile applications communicate with, including certificate pinning and token management.

Techniques for circumventing biometric authentication on mobile devices including fingerprint spoofing and face mask attacks.

An implementation that associates a host with its expected certificate to prevent man-in-the-middle attacks on mobile traffic.

Full-device encryption on smartphones and tablets that protects all stored data if the device is lost or stolen.

The process of preparing and positioning malware payloads on infrastructure before deploying them against targets.

Mean Time to Acknowledge. A metric measuring the average time between an alert firing and an analyst beginning investigation.

Security controls ensuring data isolation and access separation between different customers sharing the same cloud infrastructure.