| Access Control |
A security technique that regulates who or what can view or use resources in a computing environment. |
| Advanced Persistent Threat (APT) |
A prolonged and targeted cyberattack where an intruder gains access to a system and remains undetected for an extended period. |
| Authentication |
The process of verifying the identity of a user, device, or system before granting access. |
| Botnet |
A network of infected computers, controlled by a hacker, that can be used to launch cyberattacks. |
| Brute Force Attack |
A method of trying multiple password combinations until the correct one is found. |
| Command and Control (C2) |
A server used by cybercriminals to send commands to infected machines and receive stolen data. |
| Credential Stuffing |
An attack where stolen username-password pairs are used to gain unauthorized access to multiple accounts. |
| Cryptojacking |
The unauthorized use of someone's computing resources to mine cryptocurrency. |
| Cyber Threat Intelligence (CTI) |
Information collected and analyzed to understand potential cyber threats and improve security. |
| Data Breach |
An incident where sensitive information is accessed, stolen, or exposed without authorization. |
| Denial-of-Service (DoS) Attack |
An attack that overwhelms a system with excessive requests, causing it to crash or become unavailable. |
| Domain Generation Algorithm (DGA) |
A technique used by malware to generate domain names dynamically for evading detection. |
| Endpoint Security |
Measures taken to protect network-connected devices, such as laptops, mobile phones, and servers, from cyber threats. |
| Encryption |
The process of converting data into a secure format to prevent unauthorized access. |
| Exfiltration |
The unauthorized transfer of data from a network or system. |
| Firewall |
A network security device or software that monitors and controls incoming and outgoing traffic based on security rules. |
| Fraudulent Website |
A site created to mimic a legitimate one, often used for phishing or distributing malware. |
| Hacker |
A person who uses technical skills to gain unauthorized access to computer systems. |
| Hashing |
A cryptographic technique that transforms input data into a fixed-length value, often used for storing passwords securely. |
| Identity Theft |
The fraudulent use of someone else's personal information for financial or criminal purposes. |
| Indicators of Compromise (IOC) |
Evidence that suggests a system has been compromised, such as unusual traffic patterns or unauthorized access. |
| Incident Response (IR) |
The process of handling and mitigating cybersecurity incidents. |
| Malware |
Malicious software designed to harm or exploit a system, such as viruses, trojans, ransomware, and spyware. |
| Man-in-the-Middle (MitM) Attack |
An attack where an attacker secretly intercepts and relays communications between two parties. |
| Multi-Factor Authentication (MFA) |
A security process requiring multiple forms of verification (e.g., password + SMS code) to access an account. |
| Phishing |
A social engineering attack where attackers impersonate legitimate sources to trick individuals into revealing sensitive information. |
| Privilege Escalation |
A cyberattack technique where an attacker gains higher-level access to a system than originally authorized. |
| Proxy Server |
An intermediary between a user and the internet, often used for security, anonymity, or content filtering. |
| Ransomware |
A type of malware that encrypts files and demands a ransom for their release. |
| Red Team |
A group of ethical hackers that simulate cyberattacks to test an organization's security defenses. |
| Remote Access Trojan (RAT) |
Malware that allows an attacker to control a victim's computer remotely. |
| Security Operations Center (SOC) |
A team that monitors and analyzes an organization's security posture to detect and respond to threats. |
| Smishing |
A type of phishing attack that occurs via SMS text messages. |
| Social Engineering |
Manipulating individuals into divulging confidential information through deception. |
| Spyware |
Malicious software that secretly gathers information from a user's device. |
| Threat Actor |
An individual or group responsible for cyberattacks, such as hackers, cybercriminals, or nation-state groups. |
| Trojan Horse |
Malware disguised as legitimate software to trick users into installing it. |
| Vulnerability |
A weakness in a system that can be exploited by attackers. |
| Virtual Private Network (VPN) |
A service that encrypts internet traffic and hides a user's IP address for privacy and security. |
| Watering Hole Attack |
A cyberattack where attackers compromise websites frequently visited by their target. |
| Whaling Attack |
A phishing attack targeting high-profile individuals, such as executives or senior officials. |