Have you ever heard someone throw words like botnet, shell, zero day exploit, metadata in a conversation and simple nodded your head because you didnق€™t want to sound like a noob and still be a part of the conversation?
The cybersecurity world is full of technical jargon that you might have no time to sit and dig about but these words continue to gnaw on your soul because they are so commonly used that itق€™s not feasible to overlook them anymore.
The question, now, is that are you okay getting by, knowing vaguely what they mean? Or do you really want to know what they stand for?
Here is your guide to the 50 most used cybersecurity terms and their dreaded meanings. Read this to know more about the world of hacking or just use them to impress your friends the next time you are gossiping about a breaking news near the water cooler.
1.
Packet:
A packet is a small unit of data that is transferred via a network. After reaching the destination, the packets are put together to form a file.
2.
Plaintext:
It is text that can be read and understood.
3.
Ciphertext:
It is text that has been encrypted for security and cannot be understood.
4.
Vulnerability:
Vulnerability is a flaw/bug/weakness in a computer system that can be exploited by someone.
5.
Exploit:
Taking advantage of a vulnerability found in a system by sending a payload.
6.
Payload:
It is what contains the harmful code that plays with the security of a system.
7.
Patch or bugfixes:
A code that is patched into a computer program with the purpose of updating it or fixing a vulnerability.
8.
Zero day vulnerability:
A vulnerability that is present but unknown or unaddressed by those who could fix it via a patch.
9.
CVE:
Common Vulnerabilities and Exposure is a list of all vulnerabilities (that have been publicly disclosed) with an ID, description and a reference attached to them.
https://cve.mitre.org/
10.
Zero day exploit:
An exploit or attack that takes place the same day when a vulnerability is discovered making it difficult to shield oneself (because no patch is available yet).
11.
IoT:
The internet of things is a network of devices (of any kind) that are connected to each other and can exchange data among one another without the need of an external interaction.
12.
C&C server:
The command and control server that hackers use to communicate with their victims by sending them commands and receiving sensitive data in return.
13.
Bot:
A robot like software, mainly consisting of a malware that carries out a repeated task of infecting a computer and connecting it to the C&C server of the attacker.
14.
Botnet:
A network of infected computers or bots that are controlled by a hacker for various malicious purposes. They are all connected to the C&C server and can be thought of as puppets or zombies in the hands of an attacker who could use them to launch further attacks.
15.
Rootkit:
A kit or a group of software that lets an attacker gain root access or administrator access to a computer.
16.
Kernel:
The innermost component of an operating system, that connects the hardware to the software. It exercises absolute central control over the system.
17.
Metadata:
It is that data which describes another data, for example metadata of a file consists of the type, size, and its creation date.
18.
Privilege escalation:
It refers to gaining such unauthorised access to a target system that is usually restricted and could lead to complete loss of security.
19.
Session cookies:
Recall how you jump from one page to another on Facebook without having to enter your login information every time. This is because of session cookies which temporarily store your authentication data until you exit the web browser. If stolen, they could be misused by an attacker to access your session.
20.
End to end encryption:
Also known as E2EE, it is one of the safest ways to communicate online. It means that data sent by a user will be encrypted and only decrypted by the receiver, thus preventing it to be misused by a third party.
21.
Hashing:
The converting of a data (image, text, video, audio) to a fixed number of characters using a mathematical formula in order to ensure its privacy.
22.
Script:
A set of instructions or commands that execute specified tasks. PHP, Python and Ruby are some popular scripting languages.
23.
Shell:
A shell is a program that you use to interact with your operating system. You input commands and the shell executes them, for example, deleting a file. It could either have a Command Line Interface (text based) or a Graphical User Interface (graphics based). Attackers obtain a targetق€™s shell to access their device.
24.
Pentest:
A part of ethical hacking and short for penetration testing, it means looking for vulnerabilities in a system by trying to hack into it.
25.
Black hat:
Hackers who hack into systems with the intent of harming or misusing them. Also known as the criminals of the cyber world.
26.
White hat:
Hackers who hack into systems with the intention of protecting them by identifying and fixing possible vulnerabilities. Also known as the police of the cyber world.
27.
Brute force:
An attack in which the hacker uses a systematic trial and error method to guess the password of a system or user.
28.
Backdoor:
A medium used by hackers to gain entry into a computer system by going around the authentication without getting detected.
29.
Keylogger:
A software that logs/records the keystrokes (keys that are pressed) on a device to steal sensitive information like passwords.
30.
Cryptocurrency Mining:
A process of verifying a cryptocurrency transaction and adding it to the blockchain ledger. It is painstaking and requires enormous computing power.
31.
Phishing:
Luring someone with a bait by sending a deceptive email that appears to be from a reputed company but is actually intended to make you enter your sensitive information for hacking purposes.
32.
Firewall:
It is a software that acts as a filter to control what data could enter or leave the computer to maximise security.
33.
Red team:
A team of penetration testers that act as fake attackers in order to help a company detect vulnreabilties.
34.
Blue team:
A team of security defenders that ensure the safety of the computer networks by regularly fixing vulnerabilities. They also act opposite to the red team by fending off mock attacks in order to determine the cybersecurity status of the company.
35.
Two factor authentication:
2FA is an extended form of authentication required from the user on top of the primary login details like a password. They are usually in the form of security questions or one time passwords.
36.
Exfiltration:
Unauthorised transfer of data from one device to another by an attacker.
37.
Virtual Machine:
A virtual machine mimics a computer and creates a virtual environment on a computer in order to contain an operating system and other software in it. VMware is type of Virtual Machine.
38.
Spoofing:
Deceiving a network/server/device by pretending to be a trusted or genuine user with the intention of harming security. Hackers can spoof networks by stealing and using the IP address of their target.
39.
Doxing:
Publishing private information about someone on the internet with a malicious intent. Hackers research and trace individuals or companies and then dox (document) their sensitive information online.
40.
Black box:
Black box hacking/testing is done to determine the vulnerability status of a computer system by letting someone deliberately attack the system from outside without giving any details about the target system.
41.
Social engineering:
A common technique used to manipulate people to reveal vital information in order to carry out a cyber attack. Typical targets include low and medium level employees of companies.
Read all about social engineering here
.
42.
Malware:
Malware is any type of malicious software that is intended to harm the security or privacy of a computer.
43.
Adware:
A form of malware that drops undesired advertisements on a device without the userق€™s permission and is designed to forcibly take the user to unwanted advertising or malicious websites. The aim behind adware is either to compromise the safety of the target or to drive revenues for the hacker.
44.
Spyware:
A type of malware that sends sensitive information about the target from his device to the hackerق€™s device.
45.
IP address:
A unique numerical address of a device that is connected to the internet. (Short of Internet Protocol address)
46.
MAC address:
A 12 digit unique ID for every machine that is connected on a network. Short for Media Access Control address, it is attached to the network adapter of your device like Ethernet or WiFi card.
47.
VPN:
A virtual private network is meant to keep a user anonymous while communicating over the internet. It encrypts the location as well as the data transferred by the computer.
48.
Worm:
A piece of malware that can spread or crawl like a worm within a network spread the infection from one computer to another.
49.
DDoS:
A distributed denial of service is a cyber attack that floods a target system with traffic from multiple systems or botnets. The intent behind a DDoS attack is to launch a bigger cyber attack by making the target system unusable for a while.
50.
Ransomware:
Last but not the least, ransomware is a very common cyber attack (one happening every 14 seconds) that encrypts the files on a system and asks for a ransom, usually cryptocurrency, to be paid in return for the decryption key.
On that note, we hope you are now a little bit more familiar with the cybersecurity world. Tell us in the comments if you want to know about a particular hacking term. Weق€™ll get back to you ASAP! And while you are here, check out the different types of cyberattacks in detail.
Read more. Know more. Grow more.