Cybersecurity Glossary

Transmission Control Protocol / Internet Protocol. The fundamental communication protocol suite of the internet that defines how data is packetized, addressed, transmitted, and received.

A network diagnostic tool that tracks the path packets take from source to destination, showing each hop and the time taken, useful for identifying network issues.

Malware disguised as legitimate software that provides attackers with backdoor access to infected systems, often used to steal data or install additional malware.

A form of cybersquatting where attackers register domain names similar to popular websites with common typos to capture traffic and distribute malware or steal credentials.

Time-based One-Time Password. An algorithm that generates temporary passwords based on the current time and a shared secret, commonly used in authenticator apps.

A physical social engineering technique where an unauthorized person follows an authorized individual through a secure entrance without proper credentials.

The proactive search for cyber threats that have evaded existing security solutions, using hypotheses and advanced techniques to discover hidden compromises.

Tactics, Techniques, and Procedures. The patterns of behavior and methods used by threat actors, documented in frameworks like MITRE ATT&CK for threat intelligence.

Evidence-based knowledge about existing or emerging threats to an organization, including context about threat actors, their motivations, and attack methods.

An individual, group, or entity responsible for cybersecurity incidents, ranging from script kiddies and hacktivists to organized crime and nation-states.

A structured approach to identifying, quantifying, and addressing security threats to a system, helping prioritize defensive measures based on risk.

The complete set of potential and identified cyberthreats affecting a particular sector, organization, or technology environment at a given time.

Replacing sensitive data with non-sensitive placeholder tokens that maintain the original data format while being meaningless if compromised.

Trusted Platform Module. A dedicated microcontroller designed to secure hardware through integrated cryptographic keys, used for disk encryption and secure boot.

A structured approach to identifying and prioritizing potential security threats during application design, enabling proactive mitigation of risks before deployment.

A discussion-based simulation where team members walk through a hypothetical security incident scenario to test response plans and identify gaps.

A gamified cybersecurity training platform offering guided learning paths and hands-on virtual labs for beginners to advanced practitioners.

An older network protocol for remote terminal access that transmits data in plaintext, making it inherently insecure and largely replaced by SSH.

A Windows attack technique where an attacker steals or duplicates access tokens of other users to impersonate them and access their resources.

A cybersecurity professional who collects, analyzes, and disseminates information about current and emerging cyber threats to support defensive operations.

The process of intercepting and examining network messages to deduce information from patterns in communication, even when messages are encrypted.

Server-Side Template Injection. A vulnerability where user input is embedded into server-side templates, potentially allowing remote code execution.

The practice of encapsulating one network protocol within another to create a secure communication path or bypass network restrictions.

Tactics, Techniques, and Procedures. The behavior patterns of threat actors that describe how they conduct attacks, used for threat intelligence and detection.

A forensic technique that creates a chronological sequence of system events from multiple sources to reconstruct incident activities.

The initial assessment phase of incident response that quickly determines the scope, severity, and nature of a security incident.

A mobile attack similar to clickjacking where malicious apps overlay transparent elements on legitimate apps to capture user taps.

A proactive cybersecurity role focused on searching through networks and systems to detect advanced threats that evade automated security controls.

The latest version of the Transport Layer Security protocol, providing improved security with reduced handshake latency and removal of obsolete algorithms.

Terminal Access Controller Access-Control System Plus. A protocol providing detailed access control for network equipment through separate authentication and authorization.

A blind SQL injection technique that infers information based on database response delays introduced by conditional time delay functions.

An evolution of double extortion where attackers additionally threaten DDoS attacks or contact the victim organization customers directly.

A symmetric-key block cipher with a block size of 128 bits and key sizes up to 256 bits, a finalist in the AES selection process.

An encryption algorithm that applies the DES cipher three times to each data block, providing improved security over single DES.

The unauthorized acquisition of authentication tokens like session cookies, OAuth tokens, or Kerberos tickets to impersonate legitimate users.

A system that aggregates, correlates, and analyzes threat data from multiple sources to produce actionable intelligence.

Immediate actions taken during incident response to prevent a threat from spreading, including network isolation and account lockdown.

Trusted Platform Module. A specialized chip on a computer motherboard that stores cryptographic keys and provides hardware-based security functions.

Attacks exploiting the direct memory access capabilities of Thunderbolt ports to read or write system memory.

Attacks that recover private training data from machine learning models through inference queries and memorization exploitation.

Transparent Data Encryption. A technology that encrypts database files at rest without requiring changes to applications accessing the data.

A US government codename for standards and measures protecting against compromising electromagnetic emanations from electronic equipment.

The Onion Router. An anonymity network that encrypts traffic and routes it through multiple volunteer relays to conceal user identity and location.

The deliberate manipulation of network traffic to optimize performance, enforce policies, or detect anomalies.

Trusted Automated eXchange of Indicator Information. A protocol for exchanging cyber threat intelligence in STIX format between organizations.

An open-source collection of command-line tools for digital forensics, providing disk image analysis and file system examination.

Software that assists in identifying, categorizing, and prioritizing potential security threats during application design.

A structured discussion exercise where participants walk through a hypothetical security incident to test response plans.

An attack that terminates established TCP connections by sending forged RST packets, disrupting communications between legitimate parties.

Copying network traffic to a monitoring port or tool for analysis without affecting the original traffic flow.

A denial-of-service attack that sends fragmented IP packets with overlapping offset fields, crashing vulnerable systems during reassembly.

A phishing attack where a background browser tab changes its content to a login page, tricking users into entering credentials.

Testing based on threat intelligence about adversaries likely to target the organization, simulating their specific techniques.

Threat Intelligence-Based Ethical Red Teaming. A European framework for testing financial institutions using intelligence-led red team exercises.

Security assessment of desktop applications that process data locally, including memory analysis, DLL hijacking, and local storage review.

A cryptographic system where multiple parties must cooperate to perform cryptographic operations, preventing single points of compromise.

An automated stream of threat intelligence data including indicators of compromise, malware signatures, and vulnerability information.

An entry-level security analyst responsible for initial alert triage, monitoring dashboards, and escalating confirmed threats.

A mid-level security analyst who performs deeper investigation of escalated incidents, conducts forensic analysis, and develops detection rules.

A senior security analyst specializing in advanced threat hunting, malware analysis, and complex incident investigation.

The cyclical process of planning, collecting, processing, analyzing, disseminating, and evaluating threat intelligence.

A policy establishing requirements for assessing and managing cybersecurity risks from vendors and business partners.

Exploiting the shared knowledge in pre-trained models to craft adversarial examples that transfer across different AI systems.

Physical security measures including mantraps, turnstiles, and guard stations designed to prevent unauthorized following through secured doors.

A career path focused on collecting, analyzing, and disseminating intelligence about cyber threats and threat actors.

A periodic assessment documenting current and emerging cyber threats, attack trends, and their potential impact on organizations.

A proposed theory about adversary activity that guides proactive searches through network and endpoint data for evidence of threats.

A detailed characterization of a threat actor including their capabilities, motivations, targets, and typical attack patterns.