(0-B)
0day: A vulnerability unknown to anybody else within the community, it had passed “0days” after it’s patch; nobody patched it.
Amplification: The process of increasing the magnitude of the output on a given input:output ratio
ARME: Apache Remote Memory Exploit. DoS.
ASLR: Address Space Layout Randomization, a security layer against low-level attacks protecting the stack
Backdoor: Malicious addition to existing software that allows remote access while skipping identification procedures
Bad Boy: Keyword marking a bad login attempt
Black Hat: A security activist with no regard to neither morals nor legal matters
BlackHole: A way to handle DDoS attacks - by silently dropping all incoming traffic without informing it was dropped.
Botkill: A functionality within malware to disable any other malware currently active on the infected
Botnet: The generic definition of massively-controlled trojan horses listening to a single C&C node and executing its commands
Box: see Machine.
Breakpoint: In IDEs, a popular function allowing you to stop the code execution flow when it reaches a certain function
Brute Force: A mathematical algorithm that, in a “brute” manner, tries every single possible solution to a case using simple rules, until it succeeds. Defending against this usually proves futile, however the most ideal solution is Captcha.
Buffer: A data-structure, a container.
Buffer Overflow: A load into a buffer that exceeds it’s set boundaries, usually
(C-E)
C&C: Command & Control
Captcha: A mechanism that supposedly prevents non-human clients from using a service.
Clickjacking: A JavaScript application usually embedded in an iframe recording out the click of the mouse and abuses it (Hidden forms etc)
Code Injection: Allows for exploiting a vulnerability to a degree of which the attacker is able to inject his own code at the platform’s language. Highly critical. Common examples are SQLi, XMLi, SSI.
Compiler: A local program that translates a code language to machine code and later on binary executable
Cookies: Data stored on the browser that, assuming coded correctly, saves a token which the site later on uses to “remember” the client
Cracking: Trying combos of email's/usernames and passwords to ”guess“ (Bruteforce) the right password of an account.
daemon: A background process without user interaction on *nix machines.
DB: Stands for database - the collection of data or ”information“ of most likely a web server.
DDoS: Stands for (Distributed) Denial of Service - using multiple attack vendors to execute an attack that damages a service and prevents it from working properly from multiple sources.
DeadLock: A simultaneous attempt of threads to access the same resource
Debug: Breaking down the code flow as you stop and move it as it executes.
Deface: The act of altering a website’s already-existing files with a
Desktop Phishing: Editing out the inner DNS cache to provide phishing results instead of the desired websites
DIOS: Multi-DBMS sub-query exploit, “Dump in one shot”
DLL: Dynamic Link Library, a file containing functions that are included dynamically
DoS: Stands for Denial of Service - using a singular attack source (possibly localhost) to execute an attack that damages a service and prevents it from working properly - from a single source
EK: Stands for exploit kit - the usage of multiple exploits to infect visitors with outdated and/or vulnerable software with malicious payload.
Endpoint: In networking, it’s a unit. a PC, usually. A router can’t be an endpoint. A switch can’t be an endpoint. A server can. A client can.
EOF: End of File.
Exploit (Term): A code that abuses an existing vulnerability automatically
Exploit (Verb): To take advantage out of a vulnerability
(F-H)
Fed: FBI.
Filesystem: The way files manage themselves on an OS
FUD: Stands for fully undetectable - not detected by any anti-virus.
Functional: A programming style resembling and establishing itself mathematically. Popular example would be Haskell.
GC: Garbage Collector
GET: HTTP method, user input in URL
POST: HTTP method, user input in a separate field
Gibson: Powerful machine.
Good Boy: Keyword marking a good login attempt
GPU: Graphical Processing Unit. Responsible for handling the graphical aspects and visualization within technology. Could be discrete and hooked to the mobo separately on
grep: A popular *nix program to sort through text applying RegEx.
Grey Hat: A security activist with no obligation crossing legality however with no usual malicious intent
HDD: Hard Drive Disk
HEAD: HTTP Header, no actual data
Heap: Part of the memory structure. Slower than the stack. Usually contains dynamically allocated variables as well as pointer variables and complex variables.
High Frequency Heap: Heap on CLI (C# & VB.NET & ASP) languages
High-Level: An interface with abstraction for human beings, more accessable more bloated
Hook: Implement your own code in an existing software, usually being part of a platform.
HTTP: HyperText Transfer Protocol
httpd: The HTTP software server service.
Hybrid: The nickname of the combination of p2s and p2p gain while being used both in a single application
(I-K)
IM: Instant/Near-Instant messaging. Common protocols are Skype, XMPP, IRC.
Interpreter: A local program reading the code “on-the-fly” and executes it as it goes line-after-line.
IP Address: Stand for Internet Protocol - the ”address“ or recognition of a host on a network.
Java Drive By: A category of malware infecting its victims by having them visit a website application hosting a Java applet with the build.
JIT: Just-In-Time
Kernel: The core component of an operation system.
Keylogger: A type of malware that records keystrokes as they’re being pressed, possibly sending them to the attacker at each time interval.
0day: A vulnerability unknown to anybody else within the community, it had passed “0days” after it’s patch; nobody patched it.
Amplification: The process of increasing the magnitude of the output on a given input:output ratio
ARME: Apache Remote Memory Exploit. DoS.
ASLR: Address Space Layout Randomization, a security layer against low-level attacks protecting the stack
Backdoor: Malicious addition to existing software that allows remote access while skipping identification procedures
Bad Boy: Keyword marking a bad login attempt
Black Hat: A security activist with no regard to neither morals nor legal matters
BlackHole: A way to handle DDoS attacks - by silently dropping all incoming traffic without informing it was dropped.
Botkill: A functionality within malware to disable any other malware currently active on the infected
Botnet: The generic definition of massively-controlled trojan horses listening to a single C&C node and executing its commands
Box: see Machine.
Breakpoint: In IDEs, a popular function allowing you to stop the code execution flow when it reaches a certain function
Brute Force: A mathematical algorithm that, in a “brute” manner, tries every single possible solution to a case using simple rules, until it succeeds. Defending against this usually proves futile, however the most ideal solution is Captcha.
Buffer: A data-structure, a container.
Buffer Overflow: A load into a buffer that exceeds it’s set boundaries, usually
(C-E)
C&C: Command & Control
Captcha: A mechanism that supposedly prevents non-human clients from using a service.
Clickjacking: A JavaScript application usually embedded in an iframe recording out the click of the mouse and abuses it (Hidden forms etc)
Code Injection: Allows for exploiting a vulnerability to a degree of which the attacker is able to inject his own code at the platform’s language. Highly critical. Common examples are SQLi, XMLi, SSI.
Compiler: A local program that translates a code language to machine code and later on binary executable
Cookies: Data stored on the browser that, assuming coded correctly, saves a token which the site later on uses to “remember” the client
Cracking: Trying combos of email's/usernames and passwords to ”guess“ (Bruteforce) the right password of an account.
daemon: A background process without user interaction on *nix machines.
DB: Stands for database - the collection of data or ”information“ of most likely a web server.
DDoS: Stands for (Distributed) Denial of Service - using multiple attack vendors to execute an attack that damages a service and prevents it from working properly from multiple sources.
DeadLock: A simultaneous attempt of threads to access the same resource
Debug: Breaking down the code flow as you stop and move it as it executes.
Deface: The act of altering a website’s already-existing files with a
Desktop Phishing: Editing out the inner DNS cache to provide phishing results instead of the desired websites
DIOS: Multi-DBMS sub-query exploit, “Dump in one shot”
DLL: Dynamic Link Library, a file containing functions that are included dynamically
DoS: Stands for Denial of Service - using a singular attack source (possibly localhost) to execute an attack that damages a service and prevents it from working properly - from a single source
EK: Stands for exploit kit - the usage of multiple exploits to infect visitors with outdated and/or vulnerable software with malicious payload.
Endpoint: In networking, it’s a unit. a PC, usually. A router can’t be an endpoint. A switch can’t be an endpoint. A server can. A client can.
EOF: End of File.
Exploit (Term): A code that abuses an existing vulnerability automatically
Exploit (Verb): To take advantage out of a vulnerability
(F-H)
Fed: FBI.
Filesystem: The way files manage themselves on an OS
FUD: Stands for fully undetectable - not detected by any anti-virus.
Functional: A programming style resembling and establishing itself mathematically. Popular example would be Haskell.
GC: Garbage Collector
GET: HTTP method, user input in URL
POST: HTTP method, user input in a separate field
Gibson: Powerful machine.
Good Boy: Keyword marking a good login attempt
GPU: Graphical Processing Unit. Responsible for handling the graphical aspects and visualization within technology. Could be discrete and hooked to the mobo separately on
grep: A popular *nix program to sort through text applying RegEx.
Grey Hat: A security activist with no obligation crossing legality however with no usual malicious intent
HDD: Hard Drive Disk
HEAD: HTTP Header, no actual data
Heap: Part of the memory structure. Slower than the stack. Usually contains dynamically allocated variables as well as pointer variables and complex variables.
High Frequency Heap: Heap on CLI (C# & VB.NET & ASP) languages
High-Level: An interface with abstraction for human beings, more accessable more bloated
Hook: Implement your own code in an existing software, usually being part of a platform.
HTTP: HyperText Transfer Protocol
httpd: The HTTP software server service.
Hybrid: The nickname of the combination of p2s and p2p gain while being used both in a single application
(I-K)
IM: Instant/Near-Instant messaging. Common protocols are Skype, XMPP, IRC.
Interpreter: A local program reading the code “on-the-fly” and executes it as it goes line-after-line.
IP Address: Stand for Internet Protocol - the ”address“ or recognition of a host on a network.
Java Drive By: A category of malware infecting its victims by having them visit a website application hosting a Java applet with the build.
JIT: Just-In-Time
Kernel: The core component of an operation system.
Keylogger: A type of malware that records keystrokes as they’re being pressed, possibly sending them to the attacker at each time interval.
(L-N)
Kernel: The core component of an operation system.
Keylogger: A type of malware that records keystrokes as they’re being pressed, possibly sending them to the attacker at each time interval.
Lamer: see Skid.
LFI: Local File Inclusion - WebApp attack
Local Root Exploit: A script locally compiled on the target machine and later on executed for the purposes of elevating the current *nix user to root by abusing a current vulnerability in the OS or OS-services.
Logs: Text files automatically written by software for documentation purposes.
Low-Level: An interface with no abstraction for human beings, less readable more productive
MAC address: Stands for Media Access Control - an unique identification number that's linked to a machine (hardware) via the ethernet.
Machine: Computer.
MITM: Man In The Middle - Networking Attack
mutex: Concept to solve multi-threading issues on code such as deadlock and livelock, race-conditions etc
node: A machine somehow connected to a network
Null: Non-Existence.
NullByte: A byte representing a null terminator character.
Null Terminator: The character at the end of a string representing a string\0
(O-Q)
Object Oriented: Style of coding that focuses on objects, classes, methods and how they all relate to each other
Packet: A pack of networking-related infendpointormation, usually passing through layers.
Path: A chain of directories leading somewhere
Payload: The part of the attack containing the attack itself - the code, the shellcode
peer-to-peer/p2p: A network topology drawing an equal-standing connection between endpoints all connected to each-other
Phishing: Stealing login credentials of somebody by misleading them and let them log-in on a fake login page which stores out the input and later supplies it to the attacker.
Procedural: Style of coding that focuses on commands execution one-after-another, argumentative usually
Process: A script being launched “runtime”, containing it’s own blob of memory pull and consuming system resources. works at the background, could interact with users.
Proxy: A server serving as a gateway between your packet target and yourself, effectively hiding the packet source and possibly encrypting the traffic.
PSU: Power Supply. Supplies electricity to your PC from the wall.
(R-T)
RAM: Random Accessible Memory. These sticks you shove to the motherboard.
Ransomware: A type of malware encrypting the HDD of the infected with a key only the attacker has, which he usually supplies after demanding money from the victim.
RAT: Stands for remote administration tool - a malware that gives you full control of a computer system after infection.
RCE: Remote Code Execution OR Remote Command Execution
Recursion: An action referring to itself from within it’s own implementation
REFERER: HTTP method representing the page the client visited before the current one
RegEx: Stands for Regular Expressions. a method with set rules to iterate through paragraphs and available text to pull precise information from. resulting in a program malfunction unless handled correctly.
Reverse Connection: A connection that is initialized by the server. Commonly used by RATs.
Reverse Engineering: Comprehending an application by slowly breaking it down to parts, researching them and reaching conclusions.
ring0: https://upload.wikimedia.org/wikipedia/c...gs.svg.png
root (term): The default *nix user with the biggest amount of privileges.
root (verb): To gain uid=0 privileges on a *nix machine
Router: A networking device holding many technologies, in charge of routing outgoing and incoming traffic in and out of your PC.
RUDY: Are-You-Dead-Yet. DoS method focusing on sending long POST requests
SE: Stands for social engineering - the art of human hacking (reference to this book).
Service: A process with no user interaction. Windows version of daemon.
Session: A temporary mutual sign of agreement of both endpoints, often representing a connection.
Session Fixation: Stealing out the current session another member is having between the server and him
Shell: An interface that executes its input as commands onto the platform it is running over. It’s your CMD, tty terminal, etc. In Web terms, a shell is a file written in a server-side language which gives the attacker control over the site: file access etc.
Shellcode: A malicious piece of code used as a payload to get executed after being bonded with exploiting a vulnerability.
Skid: Script Kiddie. It’s the insulting reference to somebody that uses tools or attacks without understanding their underlying concepts completely, hence focused on the outcome rather than the approach.
Slowloris: DoS method that splits the HTTP packet making the HTTPD service assume the connection is lagging thus hold resources to keep it open
SQLi: SQL Injection - WebApp Attack
SSL: Secure Socket Layer. The protocol wraps another protocol in a layer of security.
Stack: A data-structure, container, holding pieces of information in last-in-first-out format.
Subnet: A set category of possibly-allocated IPs.
Swatting: Calling for having fake emergency to the police or whatsoever, and referring them to the victim’s house.
Switch: A device routing between a set point of endpoints.
SYN: SYNchronize. The TCP packet starting a handshake.
TCP: Transmission Control Protocol. contrasting the UDP protocol, it is not stateless, aiming to be more sessioned and “secure”.
(U-W)
UDP: User Datagram Protocol, a fire-and-forget protocol that packages information to and from, delivering information to its upper layer and receiving information from its lower layer
Userland: ring3
VM: Stands for Virtual Machine - a virtual environment that can be used for testing and analysing things. Totally separate from your main system.
Volatile: The state of which RAM storage within the PC is being used as. It dissolves upon power-loss.
VPN: Stands for virtual private network - usage of an encrypted connection through routing through a system or server.
Vulnerability: A broken segment of logical implementation within the code which allows for experienced security activists to twist the program into performing actions it was not intended to do, or reveal information it wasn’t meant to.
WAF: Web Application Firewall
White Hat: A security activist performing strictly on the legal fields of his activities
WWW: World Wide Web
(X-Z)
XSS: Cross Site Scripting - WebApp Attack
Zine/E-Zine: Hacking-related magazine. Might contain doxes and such.
Zombie: An infected machine
Comments
Post a Comment