ADWARE
Adware (or advertising software) is the term used for various pop-up
advertisements that show up on your computer or mobile device. Adware has
the potential to become malicious and harm your device by slowing it down,
hijacking your browser and installing viruses and/or spyware .
Botnet
A collection of innocent computers which have been compromised by
malicious code in order to run a remote control agent granting an attacker
the ability to remotely take advantage of the system's resources in order to
perform illicit or criminal actions. Botnets can be comprised of dozens to over
a million individual computers.
CRYPTOJACKING
➢ Cryptojacking is the unauthorized use of someone else’s computer to
mine cryptocurrency. Hackers do this by either getting the victim to click
on a malicious link in an email that loads cryptomining code on the
computer, or by infecting a website or online ad with JavaScript code
that auto-executes once loaded in the victim’s browser.
�Denial-Of-Service
denial-of-service is a cyber attack in which the perpetrator seeks to
make a machine or network resource unavailable to its
intended user by temporarily or indefinitely disrupting services of
a host connected to the internet.
EXPLOIT
An exploit is a code that takes advantage of a software vulnerability or
security flaw. When used, exploits allow an intruder to remotely access
a network and gain elevated privileges, or move deeper into the
network.
FORENSICS
Digital Forensics is a branch of forensic science which includes the
identification, collection, analysis and reporting any valuable digital
information in the digital devices related to the computer crimes, as
a part of the investigation.
�GREYHAT
A grey hat (greyhat or gray hat) is a computer hacker or computer
security expert who may sometimes violate laws or typical ethical
standards, but does not have the malicious intent typical of a black hat
hacker.
HACKER
"hacker" can refer to any skilled computer programmer, the term
has become associated in popular culture with a “security hacker",
someone who, with their technical knowledge,
uses bugs or exploits to break into computer systems.
Input Sanitization
Input Sanitization describes cleansing and scrubbing
user input to prevent it from jumping the fence and
exploiting security holes. But thorough input sanitization is hard.
While some vulnerable sites simply don't sanitize at all, others do
so incompletely, lending their owners a false sense of security.
�JAVA DESERIALIZATION
The Java deserialization problem occurs when
applications deserialize data from untrusted sources and is one of
the most widespread security vulnerabilities to occur over the last
couple years.
keylogger
Any means by which the keystrokes of a victim are recorded as they are
typed into the physical keyboard. A keylogger can be a software solution or
a hardware device used to capture anything that a user might type in
including passwords, answers to secret questions or details and information
form e-mails, chats and documents.
Lateral movement
Lateral movement refers to the techniques that a cyberattacker uses,
after gaining initial access, to move deeper into a network in search of
sensitive data and other high-value assets. ... And with a protracted
dwell time, data theft might not occur until weeks or even months after
the original breach.
�MALWARE
The term malware is a contraction of malicious software. Put simply,
malware is any piece of software that was written with the intent of
damaging devices, stealing data, and generally causing a mess. Viruses,
Trojans, spyware, and ransomware are among the different kinds of
malware.
NOP sled
NOP sled or NOP ramp is a sequence of NOP (no-operation) instructions
meant to "slide" the CPU's instruction execution flow to its final, desired
destination whenever the program branches to a memory address
anywhere on the slide.
Obfuscation
Obfuscation is the practice of making something difficult to
understand. Obfuscation may involve encrypting some or all of the
code, stripping out potentially revealing metadata, renaming useful
class and variable names to meaningless labels or adding unused or
meaningless code to an application binary.
�Phishing
phishing is a type of social engineering attack often used to steal
user data, including login credentials and credit card numbers. It
occurs when an attacker, masquerading as a trusted entity, dupes
a victim into opening an email, instant message, or text message.
QUERY INJECTION
Query injection is a type of vulnerability which is a result of a lack of input
sanitization.The most famous example is SQL injection is a web security
vulnerability that allows an attacker to interfere with the queries that an
application makes to its database. It generally allows an attacker to view data
that they are not normally able to retrieve.
ransomware
A form of malware that holds a victim's data hostage on their computer
typically through robust encryption. This is followed by a demand for
payment in the form of Bitcoin (an untraceable digital currency) in order to
release control of the captured data back to the user.
�Social engineering
Social engineering is a non-technical strategy cyber attackers use that
relies heavily on human interaction and often involves tricking people into
breaking standard security practices. When successful, many social
engineering attacks enable attackers to gain legitimate, authorized
access to confidential information.
Tunneling
Tunneling is a protocol that allows for the secure movement of data
from one network to another. Tunneling involves allowing private
network communications to be sent across a public network, such as
the Internet, through a process called encapsulation.
Unauthorized access
Unauthorized access is when someone gains access to a website,
program, server, service, or other system using someone else's account or
other methods. For example, if someone kept guessing a password or
username for an account that was not theirs until they gained access, it is
considered unauthorized access.
�VULNERABILITY
A vulnerability is a weakness which can be exploited by a cyber attack to
gain unauthorized access to or perform unauthorized actions on a computer
system. Vulnerabilities can allow attackers to run code, access a system's
memory, install malware , and steal, destroy or modify sensitive data.
WAR DRIVING
War driving, also called access point mapping, is the act of locating and
possibly exploiting connections to wireless local area networks while driving
around a city or elsewhere. To do war driving, you need a vehicle, a
computer (which can be a laptop), a wireless Ethernet card set to work
in promiscuous mode, and some kind of an antenna which can be mounted
on top of or positioned inside the car.
XSS
XSS is a client-side code injection attack. The attacker aims to execute malicious
scripts in a web browser of the victim by including malicious code in a legitimate
web page or web application. The actual attack occurs when the victim visits the
web page or web application that executes the malicious code. The web page or
web application becomes a vehicle to deliver the malicious script to the user’s
browser.
�Yubikey
A YubiKey is a small USB device that supports
multiple authentication protocols to help protect access to computers,
networks, websites and other online services. The small device looks like a
standard USB flash drive and can be attached to a user's house or car
keychain for easy access and to help prevent losing the device.
Zero Day
It is the day a new vulnerability is made known. In some cases, a zero day
exploit is referred to an exploit for which no patch is available yet. Day one
is a day at which the patch is made available.
