Hacker's ABC: Key Terms and Abbreviations in Cybersecurity

[Tr0jan_Horse]

Are you just starting out in information security and feel like you don't understand most of the discussions on forums? The world of information security is full of specific terms and abbreviations that can be confusing for a newbie. This article will help you understand the basic concepts used in the field of cybersecurity.

1. Basic teams and approaches in cybersecurity

• Red Team: This is a group that simulates a real attack in order to penetrate a network/program and find vulnerabilities and then inform the customer about the vulnerabilities discovered.
• Blue Team: A team of information security specialists who are responsible for protecting systems from attacks (for example, from a Red Team attack).
• Purple Team: A concept that implies the interaction of the Red Team and Blue Team. It is considered the most effective for identifying vulnerabilities.
• CTF (Capture The Flag, cityef, capture the flag): A competitive discipline or competition itself in the form of a team game, the main goal of which is to be the first to capture or take away the “flag” from the opponent in conditions close to reality.

2. Tools and methods of protection

• Firewall (firewall, firewall) - a system that controls traffic between networks. It can be represented by a program or a hardware and software complex (server).
• OSINT (open-source intelligence) - an intelligence discipline whose main goal is to search for information on the Internet and other open sources.
• Shell (shell) - a command interpreter that ensures user interaction with the system.
• Security audit - checking the system for compliance with information security standards.
• Information security (InfoSec, Information Security) - a set of measures designed to protect information from external and internal threats.
• Patch - an update that eliminates a vulnerability.
• Pentest (penetration test, penetration test) - a set of specific measures and actions designed to test a network/program for security. As a rule, it is an imitation of a real attack.
• Pentester - a person who performs penetration testing (pentest).
• An ethical hacker (white hat) is a specialist who legally hacks systems to improve their security.
• Blackbox testing is a type of testing where the researcher has no information about the object being tested.
• Graybox testing is a type of testing that combines both white and black box testing.
• Whitebox testing is a type of testing where the researcher does not have access to the source code of the application and can write specific code himself.
• Exploit is a method or code that uses a vulnerability in the system to hack it.

3. Common types of attacks and vulnerabilities

• 0-day (zero-day, zero-day vulnerability) is a term used to describe any vulnerability that has not been fixed after detection, as well as malware for which mechanisms have not yet been developed. Literally, the developers had 0 days to fix the vulnerability.
• Bruteforce attack (brute force attack) is a type of attack in which an attacker tries to gain access to an account by trying passwords using special software or manually.
• Fishing (phishing) is a type of Internet fraud that is a way to obtain confidential information / credentials. As a rule, deception is carried out using social engineering and fake emails / sites / programs.
• Man in the Middle (MITM, intermediary attack, man in the middle) is a type of attack in which an attacker intercepts / modifies packets between two parties without their knowledge.
• CSRF (cross-site request forgery) is a type of attack aimed at users, the purpose of which is to perform some malicious actions on another server that does not belong to the attacker.
• DDoS (disturbed denial of service, dudos) is a type of attack designed to disrupt the service by creating a huge number of requests and causing a denial of service to other users. DoS differs from DDoS in that DoS is carried out from 1 computer, and DDoS - from a cluster.
• Remote Desktop Exploits (RDE, attack via RDP) is a type of vulnerability that is an incorrect configuration of RDP (Remote Desktop Protocol). During the exploitation of the vulnerability, attackers can gain access to the target by using this protocol.
• SQL injection (SQLi, SQL injection) is a type of attack on databases, which is the introduction of malicious SQL code into requests to servers. XSS (cross-site scripting) is a type of attack on web applications and websites that involves the introduction of malicious code (script) into the page provided to the user.
• An attack on IoT devices is an attack on Internet of Things devices by exploiting vulnerabilities by an attacker in order to gain access to confidential user data.
• An attack through a supply chain is a type of attack that involves the use of a vulnerability in the security of an organization's supply chain. In this way, an attacker can "bring in" malware and introduce it through third parties.

4. Useful tools for specialists

• Burp Suite (burpsuit, burp) is a program designed for web application penetration testing.
• FOCA is a scanner, OSINT tool designed to search for metadata on a website or in a web application.
• Kali Linux (kali, kali linux) is an operating system designed for penetration testing.
• NMap (nmap, network mapper) is a program designed for IP scanning of networks, searching for network objects.
• OWASP ZAP is a free, open-source, black-box scanner of websites and applications for vulnerabilities.
• Tails (tails) is a Linux-based operating system designed for maximum user anonymity.
• WinPEAS (Windows Privilege Escalation Awesome Scripts) is a program designed to search for and exploit Windows OS vulnerabilities in order to increase user privileges in the system.
• Wireshark: Network traffic analyzer for diagnosing and analyzing network problems.

5. Malicious software

• Adware (adware virus) - a type of malware that displays unwanted advertising.
• Bootkit (bootkit) - a type of virus programs that modify the boot sector of the hard drive. Typically used by malware to gain maximum access to the system.
• CVE (Common Vulnerabilities and Exposures) - a database of known vulnerabilities and threats in the field of information security. The numbers next to the CVE abbreviation indicate a specific cyber threat.
• Keylogger: A program that records keystrokes to steal information.
• Malware (malware, malicious software) - the same as a malicious program.
• Ransomware (ransomware virus, ransomware) - virus software that requires the user to send money to the attacker's accounts. Typically an element of a combined threat.
• Rootkit - a malicious program for hiding other viruses. It is an element of a combined threat.
• Trojan (Trojan, Trojan) - a type of malicious software that penetrates the user's computer under the guise of legitimate software.
• USB attack (BadUSB) - a subtype of attacks via USB devices - keyboard emulators.
• Winlocker (Winlocker, Windows blocker) - a type of ransomware viruses that block the loading of Windows OS and reading data from the disk, demanding a ransom to return access.
• Worm - a virus program that quickly spreads over the network by self-copying.
• Antivirus - software designed to prevent infection of the system by malicious software and/or cure an existing infection.
• Ransomware - a virus whose main operating principle is based on encrypting files on the infected computer. As a rule, it simultaneously requests a ransom for unarchiving (i.e. it is a ransomware virus).
• Malicious program (malware, malware, virus, malware) - software designed to harm a computer / steal data / extortion / other goals pursued by the attacker.
• Dropper - virus software designed to download additional malware to an infected computer. It can be either a separate virus or an integral part of a malware package (see Combined threats).
• Keygen (keygen, key generator) is a type of software designed to generate activation keys and further activation and use of licensed software. In fact, it is not a virus, but some antiviruses include it in the list of threats.
• Keyspy (keylogger) is a malicious software that logs (records) keyboard keystrokes.
• Combined threat (malware package) is a set of different malicious programs acting together. As a rule, packages are used to complicate the detection and elimination of infection.

6. Additional terms

• APT (Advanced Persistent Threat) is a complex, multi-component targeted attack on a network or system.
• OWASP (Open Web Application Security Project) is an organization dealing with software security issues.
• Reverse Engineering is a method of software research that is an analysis of software code that has already been compiled / obfuscated by the author.
• SIEM (Security information and event management) is a security event management system that collects and analyzes security events in real time for timely response to them.
• SOC (security operations center, cybersecurity monitoring center) is an information security unit that monitors the system and protects it from cyber threats.
• Zero Trust ("Trust no one") is a model for building information security based on the principle of expecting danger from everywhere.
• Social engineering is a set of actions aimed at manipulating people in order to gain access to certain data or perform actions.
• Forensics is a set of actions to investigate cybercrimes.

Understanding the basic terms and tools in cybersecurity is the first step to becoming a cybersecurity expert. Regularly updating your knowledge and applying the information you receive will help you effectively protect systems and data from various threats.

 

[ColdFusionz]

ok

 

[LuckyMary]

+

 

[ZufomkS]

q

 

[xxF]

best

 

[ddedde]

sup

 

[captinteemo]

sup

 

[Zerobytes]

ty

 

[MommyBitchs]

ty

 

[hiddin]

!

 

[W1IIk3n]

best

 

[richard60]

!

 

[CombatLog]

sup

 

[kaluzord]

sup

 

[uvsagi]

thx

 

[Stillnoof]

hm

 

[daviabrantes]

ty