● 220 entries

Attacks & Threats

Account Takeover (ATO)An attack in which a criminal gains unauthorised control of a legitimate user account and uses it to steal funds, data, or commit further fraud.
Advanced Persistent Threat (APT)A stealthy, well-resourced threat actor — typically state-sponsored — that gains long-term, undetected access to a target network to steal data or pre-position for disruption.
Adversary-in-the-Middle (AiTM) PhishingA phishing technique that places a reverse-proxy server between the victim and the real login page to relay credentials and steal the post-authentication session cookie, bypassing most MFA.
AMSI BypassTechniques that disable, patch, or evade the Windows Antimalware Scan Interface so that scripts and in-memory payloads are not inspected by antivirus engines.
AppInit_DLLsLegacy Windows persistence technique that abuses a registry value so a specified DLL is loaded into every user-mode process linking user32.dll.
ARP SpoofingA local-network attack that sends forged ARP messages to bind the attacker's MAC address to another host's IP, redirecting traffic through the attacker.
AS-REP RoastingAn Active Directory attack that requests Kerberos AS-REP messages for accounts with pre-authentication disabled, then cracks the returned encrypted blob offline to recover the user's password.
ATM JackpottingAn attack in which the cash dispenser of an ATM is forced to spit out all its cash, either via physical access to the top box or via a network compromise.
BadUSBA class of attacks that reprograms a USB device's controller firmware so it claims a malicious identity such as a keyboard, network adapter, or storage volume.
BaitingA social-engineering attack that lures victims with an enticing physical or digital object designed to trigger malware execution or credential theft.
BEAST AttackA 2011 chosen-plaintext attack on SSL 3.0 and TLS 1.0 CBC ciphers (CVE-2011-3389) by Rizzo and Duong that recovers HTTPS cookies via a predictable IV flaw.
BIAS AttackA 2020 Bluetooth Impersonation AttackS technique (CVE-2020-10135) that exploits weak authentication in BR/EDR to impersonate a previously paired peer.
BleedingToothA 2020 set of Linux BlueZ Bluetooth vulnerabilities, headlined by CVE-2020-12351, that permitted zero-click remote code execution on vulnerable Linux hosts.
Bleichenbacher AttackA 1998 adaptive chosen-ciphertext attack by Daniel Bleichenbacher that recovers RSA plaintext when the server leaks whether PKCS#1 v1.5 padding is valid.
Blind XSSA stored XSS variant where the payload fires in a context the attacker cannot directly see, typically an internal admin panel or back-office tool.
BlueBorneA 2017 set of Bluetooth vulnerabilities discovered by Armis that allowed remote code execution and man-in-the-middle attacks on Android, iOS, Linux, and Windows.
BluebuggingA Bluetooth attack that gains hidden, command-level control of a victim device — beyond passive data theft — to place calls, read messages, or relay audio.
BluejackingA largely nuisance-level Bluetooth attack in which an attacker sends unsolicited messages or contacts to nearby discoverable Bluetooth devices.
BluesnarfingAn attack that exploits Bluetooth vulnerabilities to read or copy data — contacts, messages, calendar entries, files — from a nearby device without the owner's consent.
BrakToothA 2021 family of 16+ Bluetooth Classic vulnerabilities in commercial SoCs disclosed by researchers at the Singapore University of Technology and Design.
BREACH AttackA 2013 side-channel attack that recovers HTTPS-protected secrets by exploiting HTTP-level compression and observing response sizes across attacker-influenced requests.
Brute Force AttackAn attack that systematically tries every possible value — typically passwords, PINs, or keys — until the correct one is found.
Bug Bounty ProgramA formal initiative through which an organisation invites external researchers to report security vulnerabilities and pays rewards based on impact.
Business Email CompromiseA targeted fraud in which an attacker impersonates or takes over a corporate mailbox to trick an employee into wiring money, changing payment details, or sending sensitive data.
BYOVD (Bring Your Own Vulnerable Driver)An attack technique where adversaries load a legitimately signed but vulnerable kernel driver, then exploit its flaw to gain kernel-level access and disable security tools.
Callback PhishingA two-stage phishing attack in which a benign-looking email persuades the victim to call a phone number, where a human operator then walks them into installing malware.
Card SkimmingTheft of payment-card data by capturing it at the point of entry, either via a hidden physical device or malicious script on a website checkout.
CEO FraudA subtype of business email compromise in which an attacker impersonates a senior executive to pressure an employee into performing an unauthorised wire transfer or sensitive action.
Chargeback FraudOften called 'friendly fraud': a cardholder makes a legitimate purchase, then disputes the charge with their issuer to obtain both the goods and a refund.
ClickFix AttackA 2024-vintage social-engineering lure that displays a fake CAPTCHA, error dialog, or 'verify you're human' page instructing the victim to paste a pre-copied PowerShell command into Run, delivering info-stealers or loaders.
ClickjackingA UI-redress attack that tricks users into clicking on something different from what they perceive by overlaying or hiding a target page inside an attacker-controlled page.
Code InjectionA class of vulnerabilities where attacker-supplied data is interpreted and executed as code by an application, leading to arbitrary execution in its context.
COM HijackingA persistence technique that redirects a Windows Component Object Model CLSID lookup to attacker code, executing it whenever a host process instantiates that object.
Command InjectionAn attack where user input is passed unsanitized to an operating-system shell, causing the application to execute attacker-supplied commands.
Conversation HijackingAn email attack in which a criminal injects malicious replies into an existing trusted email thread to deliver malware or fraudulent instructions.
Cookie HijackingTheft and reuse of a user's HTTP cookies — typically session or authentication cookies — to impersonate that user against a web application.
Cookie PoisoningAn attack that modifies the contents of HTTP cookies before they are sent back to a web application, in order to alter trust, identity, or business logic decisions.
Coordinated Vulnerability Disclosure (CVD)A process in which a vulnerability finder, the affected vendor, and sometimes a coordinator agree on a timeline before publicly disclosing security flaws.
CORS MisconfigurationAn insecure CORS policy that allows untrusted origins to read authenticated responses, often by reflecting the Origin header and returning Access-Control-Allow-Credentials: true.
Credential StuffingAn automated attack that replays large lists of username/password pairs leaked from one service against other services, exploiting password reuse to take over accounts.
Credit Card FraudUnauthorized use of payment-card data — from card-present skimming to card-not-present online theft and BIN attacks — to extract money from cardholders or merchants.
CRIME AttackA 2012 side-channel attack by Rizzo and Duong that recovers HTTPS session cookies by exploiting TLS-level compression and observing ciphertext lengths.
CRLF InjectionAn attack that inserts carriage-return and line-feed characters into HTTP headers, log files, or other text protocols to forge new lines and change semantics.
Cron PersistenceLinux and Unix persistence technique that uses cron, anacron, or systemd timers to schedule attacker code so it re-executes at a chosen interval or system event.
Cross-Site Request Forgery (CSRF)A web attack that forces an authenticated user's browser to send unwanted requests to a vulnerable site, causing state-changing actions without consent.
Cross-Site Scripting (XSS)A web vulnerability that allows attackers to inject malicious scripts into pages viewed by other users, executing in the victim's browser under the site's origin.
Cryptocurrency LaunderingThe process of obscuring the origin of cryptocurrency obtained from crime by moving it through mixers, chain-hopping, and exchanges before cashing out into fiat.
CSV InjectionAn attack that embeds spreadsheet formulas into exported CSV files so that opening the file in Excel or Sheets executes attacker-controlled actions.
CybersquattingRegistering domain names that contain trademarks or well-known brand names without authorization, typically to extract money from the rights holder or to deceive users.
Dark WebA subset of the internet that requires special software such as Tor or I2P to access and that intentionally hides both client and server identities.
Data BreachA confirmed security incident in which an unauthorised party accesses, exfiltrates, or discloses sensitive, protected, or confidential information.
Data LeakAccidental or negligent exposure of sensitive data, usually through misconfiguration or human error rather than an active attacker breaking in.
DDoS AmplificationA DDoS technique that abuses UDP-based services to reflect responses many times larger than the spoofed request, allowing small attackers to generate massive flood volumes.
Deep WebAll web content that is not indexed by public search engines, including private databases, intranets, and authenticated portals; distinct from the dark web.
Denial-of-Service (DoS) AttackAn attack that exhausts a system's bandwidth, compute, memory, or application resources so that legitimate users can no longer access the service.
Device Code PhishingAn identity attack that abuses the OAuth 2.0 device authorization grant: the attacker starts a device-code flow and lures the victim into typing the resulting code on a legitimate login page, granting the attacker tokens for the victim's account.
DHCP SpoofingAn attack in which an adversary replies to DHCP requests with crafted offers to push a malicious gateway, DNS server, or other options to victim clients.
DHCP StarvationA Layer-2 denial-of-service attack that floods a DHCP server with bogus DISCOVER requests using spoofed MAC addresses until the address pool is exhausted.
Dictionary AttackA targeted password-guessing attack that tries entries from a precompiled list of likely words, leaked passwords, and rule-mutated variations.
Directory TraversalAn attack that uses crafted path sequences such as ../ to escape an application's intended directory and read or write arbitrary files on the server.
Distributed Denial-of-Service (DDoS) AttackA denial-of-service attack carried out from many distributed sources simultaneously — typically a botnet — to overwhelm a target's bandwidth, infrastructure, or application.
DLL HijackingAn attack that abuses Windows DLL search order to make a legitimate program load an attacker-controlled library instead of the intended one.
DLL InjectionA code-injection technique that forces a target Windows process to load and execute an attacker-supplied dynamic-link library.
DNS Amplification AttackA reflection DDoS attack that abuses open DNS resolvers by sending small queries with the victim's spoofed IP, causing resolvers to send large DNS responses to the victim.
DNS Cache PoisoningAn attack that inserts forged records into a DNS resolver's cache so subsequent queries return attacker-chosen addresses until the TTL expires.
DNS HijackingAn attack that redirects DNS resolution to attacker-controlled answers by modifying client settings, router configurations, resolver responses, or authoritative DNS records.
DNS SpoofingAn attack that injects falsified DNS responses to redirect victims from a legitimate domain to an attacker-controlled IP address.
Docker Socket AttackAbusing a container that has /var/run/docker.sock mounted to control the Docker daemon, escape the container, and gain root on the host.
DOM-Based XSSAn XSS variant where the injection and execution happen entirely in the browser as client-side JavaScript writes untrusted data into a sink without sanitization.
Domain Generation Algorithm (DGA)An algorithm used by malware to deterministically generate large numbers of candidate domain names so infected hosts can find their command-and-control server.
Domain HijackingThe unauthorized takeover of control over a registered domain name at the registrar or registry level, allowing an attacker to redirect traffic, email, and trust to malicious infrastructure.
Domain ShadowingAn attack in which a criminal compromises a legitimate domain owner's registrar account and silently creates malicious subdomains beneath the trusted parent domain.
DoxxingPublishing or threatening to publish a person's private identifying information online with the intent to harass, intimidate, or facilitate harm.
DragonbloodA family of side-channel and downgrade attacks against WPA3 SAE (Dragonfly) that can leak the Wi-Fi password to a nearby attacker.
Drive-by DownloadAn attack in which malware is silently installed on a victim's device simply by visiting a compromised or malicious website.
DTP AttackAn attack that abuses Cisco Dynamic Trunking Protocol on an access port to negotiate a trunk with the switch and gain access to multiple VLANs.
Dumpster DivingSearching through an organisation's or person's discarded materials — paper, removable media, hardware — to recover sensitive information.
Email SpoofingForging email headers so a message appears to come from a trusted sender, typically to enable phishing, fraud, or malware delivery.
Eval InjectionA specific code-injection flaw caused by passing untrusted input to dynamic-evaluation primitives such as JavaScript eval() or Python eval/exec.
Evil Maid AttackA physical attack in which an adversary briefly accesses an unattended device to tamper with firmware, bootloader, or hardware and steal secrets later.
Evil Twin AttackA Wi-Fi attack in which an adversary stands up a rogue access point that mimics a legitimate SSID, so victims connect to it and expose traffic or credentials.
Fast FluxA botnet DNS technique that rapidly rotates the IP addresses behind a malicious domain across many compromised hosts to resist takedown and blocking.
FormjackingAn attack in which malicious JavaScript intercepts form submissions in a victim's browser and sends the entered data to a server controlled by the attacker.
Fraggle AttackA UDP variant of the Smurf attack that sends spoofed UDP echo or chargen packets to a network's broadcast address, causing every responding host to flood the victim.
FREAK AttackA 2015 TLS attack (CVE-2015-0204) that downgrades RSA key exchange to 512-bit export-grade keys and factors them to decrypt sessions.
Gift Card FraudFraudulent purchase, draining or laundering of retail gift cards — a near-irreversible payment instrument that has become a favourite of scammers and BEC operators.
Golden TicketA forged Kerberos Ticket-Granting Ticket signed with the krbtgt account hash that lets attackers impersonate any principal in a domain.
Heap Feng ShuiDeterministic heap-grooming technique introduced by Alexander Sotirov in 2007 that arranges allocations to land vulnerable objects next to attacker-controlled ones.
Heap SprayingAn exploitation primitive that fills the heap with many copies of a payload so that a corrupted pointer is highly likely to land on attacker-controlled data.
Homograph Attack (IDN Homograph)A phishing technique that registers a domain using Unicode characters visually identical to ASCII ones — Cyrillic 'а' for Latin 'a', Greek omicron for Latin 'o' — so the attacker URL is indistinguishable from the legitimate one to the eye.
HSRP / VRRP AttackAn attack that injects forged HSRP or VRRP messages with a higher priority to become the active gateway for a subnet and intercept traffic.
I2PThe Invisible Internet Project: a peer-to-peer anonymity network where every node also acts as a router, using unidirectional tunnels and garlic routing.
ICO ScamA fraudulent Initial Coin Offering in which the issuers raise cryptocurrency from investors based on false promises and disappear or collapse after the sale.
Identity TheftThe misuse of another person's personal information to impersonate them, open accounts, obtain credit, claim benefits, or commit other fraud.
IFEO InjectionA persistence and privilege-escalation technique that abuses the Windows Image File Execution Options registry key to run attacker code whenever a target executable launches.
IMSI CatcherA fake cell-site that tricks nearby phones into revealing their IMSI/IMEI and, on weak networks, intercepting calls and SMS.
Insecure File UploadA web vulnerability where an application accepts user-supplied files without proper validation, allowing attackers to upload malicious files that lead to RCE, defacement, or data theft.
Integer UnderflowAn arithmetic flaw (CWE-191) in which subtracting from an unsigned value below zero wraps to a huge number, often enabling oversized allocations or buffer overruns.
Invoice FraudA fraud in which attackers submit fake invoices, or alter genuine ones, so that payment is routed to attacker-controlled bank accounts.
IP Fragmentation AttackA family of network attacks that abuses IP fragmentation - overlapping, undersized, or oversized fragments - to crash hosts, evade IDS/IPS, or trigger denial of service.
IP SpoofingForging the source IP address of network packets to impersonate another host, bypass filters, or amplify denial-of-service attacks.
JSONP VulnerabilityCross-origin data leak caused by JSONP endpoints that return sensitive, authenticated data wrapped in an attacker-supplied callback function.
Juice JackingAn attack in which a public or malicious USB charging port is used to install malware or exfiltrate data from a phone that plugs in, by abusing the data lines of the USB cable.
Jump-Oriented ProgrammingA code-reuse exploitation technique (Bletsch et al., 2011) that chains gadgets ending in indirect jumps via a dispatcher, providing an alternative to ROP without using ret.
KARMA AttackA rogue access point attack in which a malicious AP answers every probe request, masquerading as any preferred network a client is looking for.
KerberoastingAn offline password attack that requests Kerberos service tickets for service accounts and cracks the encrypted portion to recover their cleartext passwords.
KNOB AttackA 2019 protocol flaw (CVE-2019-9506) allowing an attacker to force Bluetooth BR/EDR pairings down to one byte of effective entropy, enabling brute-force decryption.
KRACK AttackA key reinstallation attack against WPA2 that forces nonce reuse in the four-way handshake, letting an attacker decrypt or replay Wi-Fi traffic.
LAND AttackA legacy DoS attack that sends a spoofed TCP SYN packet whose source IP and port equal the destination, causing vulnerable systems to loop or crash.
launchd PersistencemacOS persistence technique that installs a LaunchDaemon or LaunchAgent property list so launchd executes attacker code at boot, login, or on a trigger.
LD_PRELOAD HijackingLinux persistence and library-hijacking technique that uses the LD_PRELOAD environment variable or /etc/ld.so.preload to inject attacker code into dynamically linked processes.
LDAP InjectionAn injection attack that manipulates LDAP search filters or DNs through unsanitized input to bypass authentication or read directory data.
Living off the LandAn attacker tradecraft style that abuses legitimate, pre-installed tools and scripts on a victim system instead of dropping custom malware.
LLMNR PoisoningAn adversary-in-the-middle technique (MITRE T1557.001) that abuses the Link-Local Multicast Name Resolution protocol on UDP/5355 to redirect victims to attacker-controlled hosts.
Local File Inclusion (LFI)A vulnerability that lets an attacker make a server include and execute or display local files chosen via unsanitized input.
LogjamA 2015 TLS attack that downgrades Diffie-Hellman key exchange to weak 512-bit export-grade primes and uses precomputation to break them.
LOLBin / LOLBASA signed, native binary or script (LOLBin/LOLBAS) that attackers misuse for execution, download, persistence, or bypass while looking like a legitimate admin tool.
Lucky 13A 2013 TLS timing attack by AlFardan and Paterson that exploits MAC-then-encrypt CBC processing to act as a padding oracle and recover plaintext.
MAC SpoofingChanging a network interface's hardware MAC address to impersonate another device, bypass MAC-based access controls, or evade tracking.
Magecart AttackA category of digital-skimming attacks in which criminals inject malicious JavaScript into e-commerce checkout pages to steal payment-card data as customers enter it.
Mail BombAn email-based denial-of-service attack that floods a mailbox or mail server with high volume or large messages to overwhelm storage, processing, or attention.
Malicious npm PackageAn npm package that contains hidden code designed to steal data, install malware, or compromise downstream applications when installed.
MalvertisingThe use of online advertising networks to distribute malware, exploits, or scams via legitimate-looking ads served on trusted websites.
Man-in-the-Middle AttackAn attack in which an adversary secretly relays or alters communications between two parties who believe they are talking directly to each other.
NBT-NS PoisoningAn adversary-in-the-middle attack that abuses legacy NetBIOS Name Service traffic on UDP/137 to spoof name responses and harvest NTLM authentications.
NFT FraudAny scheme that exploits the NFT market to defraud buyers or creators, including rugpulls, wash trading, plagiarism, and wallet-draining smart contracts.
NoSQL InjectionAn injection attack that manipulates the operators, JSON, or query DSL of a NoSQL database to bypass logic or extract data.
NTLM Relay AttackAn adversary-in-the-middle attack (MITRE T1557.001) in which an attacker forwards a victim's NTLM authentication to another service to impersonate them without ever knowing the password.
NTP Amplification AttackA reflection DDoS attack abusing the NTP MONLIST (and similar) commands to make NTP servers reply with very large packets to a spoofed victim address.
OAuth Consent PhishingAn identity attack that abuses the OAuth consent flow: instead of stealing a password, the attacker tricks the victim into granting their malicious app standing permissions (mail.read, files.read.all) on the victim's tenant.
one_gadget RCEAn exploitation shortcut in CTFs and real exploits that calls a single libc address to spawn a shell, provided register and stack constraints are met.
Onion RoutingAn anonymous communication technique that wraps a message in nested layers of encryption, with each relay removing one layer until the payload reaches its destination.
Open RedirectA vulnerability where an application forwards users to a URL supplied in a request parameter without validating it, enabling phishing and credential-harvesting campaigns.
ORM InjectionAn injection attack against applications using an Object-Relational Mapper that abuses dynamic queries, mass-assignment, or raw query escape hatches to manipulate data access.
Out-of-Bounds ReadA memory-safety bug (CWE-125) where software reads data before, after, or otherwise outside the intended buffer, leaking adjacent memory contents.
Padding Oracle AttackA cryptographic attack (Vaudenay 2002) that decrypts CBC ciphertext when a server reveals whether a tampered message has correct PKCS#7 padding.
Pass-the-HashA credential-reuse attack that authenticates to Windows systems using a stolen NTLM password hash instead of the cleartext password.
Pass-the-TicketAn Active Directory attack that reuses a stolen Kerberos ticket to impersonate a user or service without ever knowing the underlying password.
Password SprayingA low-and-slow attack that tries a small set of common passwords against many user accounts, staying under lockout and rate-limit thresholds.
Payment FraudAny deceptive scheme that diverts money through the payment system, covering card, wire, ACH, real-time-payment and digital-wallet abuse.
PharmingAn attack that silently redirects users from a legitimate site to a malicious one by tampering with DNS, hosts files, or local routing — without requiring the victim to click a link.
PhishingA social-engineering attack in which an attacker impersonates a trusted party to trick a victim into revealing credentials, transferring money, or running malware.
PhreakingThe classic art of manipulating telephone systems — originally analog PSTN, now VoIP and SS7 — to make free or unauthorized calls.
Pig Butchering ScamA long-running romance and investment scam in which criminals build a relationship with the victim, then steer them into a fake cryptocurrency platform that ultimately steals all deposits.
PiggybackingUnauthorized physical or logical access gained when an authorized person knowingly allows an attacker to follow them past an access control.
Ping of DeathA legacy denial-of-service attack that sends malformed or oversized ICMP echo packets, causing vulnerable TCP/IP stacks to crash, hang, or reboot when reassembling them.
Pixie Dust AttackAn offline attack that recovers the WPS PIN of a vulnerable access point in seconds by exploiting weak nonces in the WPS registration protocol.
PMKID AttackAn offline WPA/WPA2-PSK cracking method that derives the passphrase from a single PMKID field captured from an access point, no client needed.
Polyfill.io Supply-Chain Attack (2024)A June 2024 supply-chain compromise in which the polyfill.io CDN, after being acquired by a Chinese-linked company, began serving malicious JavaScript to an estimated 100,000+ sites embedding its widely-used `<script>` tag.
PretextingA social-engineering technique in which an attacker invents a believable scenario or identity to manipulate a target into disclosing information or performing an action.
Process InjectionA family of evasion techniques in which an attacker runs malicious code inside the address space of a legitimate process to inherit its trust and identity.
Promiscuous ModeA network-interface mode in which the NIC delivers every frame on the wire to the operating system, enabling passive sniffing of traffic on a shared or mirrored segment.
ProtestwareOpen-source software whose maintainer adds politically motivated code that displays a message or sabotages users perceived to be in a targeted country.
Quid Pro Quo AttackA social-engineering attack in which the attacker offers a service or benefit in exchange for information or access from the victim.
QuishingPhishing that hides a malicious URL inside a QR code, prompting victims to scan it with a phone and visit a credential-harvesting or malware page outside corporate defenses.
Quishing (QR Code Phishing)A phishing technique that uses a QR code instead of a clickable link to send victims to a credential-harvesting or malware page.
Rainbow Table AttackA precomputation attack that uses chains of hash and reduction functions stored in a compact table to invert unsalted password hashes much faster than brute force.
Reflected XSSA non-persistent XSS where attacker-controlled input from a request is immediately reflected into the response and executed in the victim's browser.
Registry Run Key PersistenceClassic Windows persistence technique that adds an entry under a Run or RunOnce registry key so a binary or script executes every time a user logs on.
Relay AttackAn attack that forwards an authentication exchange in real time between two parties, so the attacker is authenticated without ever knowing the credentials.
Remote File Inclusion (RFI)A vulnerability that lets an attacker force a server to fetch and execute code from a remote URL of their choosing.
Replay AttackAn attack that captures legitimate network traffic — typically authentication tokens or transactions — and retransmits it later to impersonate the original sender.
Responder AttackAn attack that uses Laurent Gaffie's Responder tool to poison LLMNR, NBT-NS, and mDNS, run rogue authentication servers, and capture or relay NTLM credentials on a local network.
ROBOT AttackA 2017 resurrection of Bleichenbacher's 1998 RSA PKCS#1 v1.5 padding oracle on TLS servers, enabling session decryption or impersonation.
Rogue Access PointAn unauthorised wireless access point connected to a network, either installed maliciously by an attacker or naively by an employee, that bypasses network security controls.
Rogue DHCP ServerAn unauthorized DHCP server connected to a network that hands out IP configurations to clients, intentionally or accidentally redirecting traffic to attacker-controlled infrastructure.
Romance ScamA long-running social-engineering fraud in which an attacker builds a fake romantic relationship with a victim and then exploits that trust to extract money, gifts, or sensitive information.
RTLO Override (Right-to-Left Override Attack)A filename and string obfuscation technique that inserts the U+202E Unicode right-to-left override character to flip the rendered order of characters, masking executables as PDFs, images, or docs.
Scheduled Task PersistencePersistence and execution technique in which an attacker creates or modifies a Windows scheduled task to run their payload on a trigger such as logon, boot, or a timer.
Server-Side Request Forgery (SSRF)A web vulnerability that allows an attacker to coerce a server into making HTTP or other network requests on their behalf, often against internal systems.
Server-Side Template InjectionAn attack that injects template-engine syntax into untrusted input, leading to code execution on the server when the template is rendered.
Session HijackingAn attack that takes over a victim's authenticated session by stealing or forging the session identifier so the attacker can act as the user without their credentials.
SextortionExtortion based on the threat to publish or share intimate images, real or fabricated, unless the victim pays money or complies with further demands.
Shoulder SurfingObserving someone's screen, keyboard, or PIN pad over their shoulder — directly or via cameras — to steal credentials, codes, or sensitive information.
Silver TicketA forged Kerberos service ticket (TGS) created with the password hash of a target service account, granting silent access to that one service.
SIM CloningCopying the secret key Ki from a SIM card so that a second card can impersonate the original on the mobile network.
SIM SwappingA fraud technique in which an attacker tricks or bribes a mobile carrier into transferring a victim's phone number to a SIM the attacker controls.
SIP AttackAn attack against Session Initiation Protocol services, ranging from extension enumeration and password bruteforcing to toll fraud and call hijacking.
SMB Relay AttackA specific NTLM relay variant in which an attacker forwards a victim's SMB authentication to another SMB server to gain code execution or file access as the victim.
SmishingPhishing delivered via SMS or other mobile-messaging channels to trick victims into clicking malicious links, calling fraudulent numbers, or revealing data.
Smurf AttackA legacy amplification DDoS that sends ICMP echo requests to a network's broadcast address with the victim's IP spoofed as the source, causing every host on that network to reply to the victim.
Social EngineeringThe psychological manipulation of people into performing actions or disclosing confidential information that benefits an attacker.
Spam (Email)Unsolicited bulk email sent indiscriminately to many recipients, typically for advertising, fraud, malware distribution, or as a delivery vector for phishing.
Spanning-Tree Protocol AttackA Layer-2 attack that injects forged BPDU frames to manipulate the Spanning-Tree topology, often electing the attacker's host as the root bridge to enable MITM or DoS.
Spear PhishingA targeted phishing attack tailored to a specific individual or organization using personal or professional details collected in advance.
SQL InjectionA code-injection attack that smuggles attacker-controlled SQL into a database query, letting the attacker read, modify, or destroy data.
SS7 AttackAbuse of Signalling System No. 7 inter-carrier messages to locate subscribers, intercept SMS or divert calls anywhere in the world.
SSL/TLS Downgrade AttackAn active man-in-the-middle attack that forces a client and server to negotiate a weaker protocol version, cipher, or key size to enable further compromise.
StarjackingA supply-chain trick where a malicious package falsely links to a popular GitHub repository so it appears to inherit that project's stars, forks, and credibility.
StingrayA commercial cell-site simulator originally made by Harris Corporation that mimics a base station to collect IMSIs and track or intercept mobile devices.
Stored Procedure AbuseExploiting privileged or insecure database stored procedures to execute arbitrary SQL, run OS commands, or escalate privileges from the database layer.
Stored XSSA persistent cross-site scripting flaw where attacker-supplied script is saved on the server and later executed in every visitor's browser.
Supply Chain AttackAn attack that compromises a trusted third-party software, hardware, or service provider in order to reach its downstream customers.
SwattingA criminal hoax in which a false emergency report is filed to provoke an armed police response, typically a SWAT team, against an unsuspecting victim's address.
SYN FloodA TCP-based denial-of-service attack that sends many SYN packets without completing the three-way handshake, exhausting the target's connection-state resources.
TabnabbingAn attack where a background or newly opened browser tab silently rewrites itself to look like a trusted login page, hoping the user returns and re-enters credentials.
TailgatingA physical intrusion technique where an attacker slips through an access control by closely following an authorized person without their consent or awareness.
TCP Reset InjectionAn attack that forges TCP RST segments matching an existing connection so endpoints abruptly close it, breaking or hijacking the session.
Teardrop AttackA legacy DoS attack that sends IP fragments with overlapping, malformed offsets to crash TCP/IP stacks that mishandle reassembly.
Tech Support ScamA fraud in which attackers pose as technical support agents from a well-known vendor to convince victims to install remote-access tools, hand over credentials, or pay for fake services.
Terrapin Attack (CVE-2023-48795)A 2023 prefix-truncation flaw in the SSH transport protocol that allows an active network attacker to silently downgrade or strip extensions during the handshake, weakening features like keystroke timing protection.
Tor / Tor BrowserAn anonymity network and hardened Firefox-based browser that routes traffic through three relays using onion routing to conceal user identity and destination.
TunnelVision (CVE-2024-3661)A 2024 attack that abuses DHCP option 121 (classless static routes) on an attacker-controlled network to override a VPN's routing table, sending the victim's plaintext traffic outside the encrypted tunnel.
Typosquatted PackageA malicious open-source package published under a name that closely resembles a popular library so that developers install it by mistake.
TyposquattingRegistering domain names or package names that are misspellings or visual look-alikes of legitimate ones, to catch users or developers who make typing or recognition errors.
UAC BypassA Windows technique that elevates a medium-integrity process to high integrity without prompting the user, typically by abusing auto-elevating signed binaries.
USB Rubber DuckyA USB device sold by Hak5 that masquerades as a keyboard and injects pre-programmed keystrokes at machine speed when plugged into a target computer.
VishingPhishing conducted over voice channels — phone calls or VoIP — to manipulate victims into revealing credentials, payments, or remote access.
VLAN HoppingA switch attack that lets a host send or receive frames in a VLAN it should not belong to by abusing trunking negotiation or 802.1Q double tagging.
WardrivingThe act of driving, walking or flying through an area while logging Wi-Fi access points, their SSIDs and locations to build wireless coverage maps.
Watering Hole AttackA targeted attack that compromises a website frequently visited by a specific group of users in order to infect them when they browse it.
Web Skimmer / E-SkimmingMalicious code injected into a website that steals payment-card or personal data as customers type it into the page.
WhalingA spear-phishing attack aimed at senior executives or other high-value targets, typically seeking large fraudulent payments or access to strategic information.
Wi-Fi PineappleA commercial wireless auditing platform from Hak5 that automates rogue access point, evil-twin, and man-in-the-middle attacks, widely used in red-team engagements.
WMI Event Subscription PersistencePersistence technique that registers a permanent WMI event filter and consumer so attacker code runs whenever a chosen system event occurs.
WPS AttackAn online brute-force attack on the eight-digit Wi-Fi Protected Setup PIN that recovers the WPA/WPA2 passphrase in hours.
XML InjectionAn attack that inserts malicious XML tags, attributes, or XPath fragments into an application's XML processing to alter logic or extract data.
XPath InjectionAn injection flaw in which untrusted input alters an XPath query against an XML document, allowing data exfiltration or authentication bypass.
XXE AttackAn attack against XML parsers that abuses external entity resolution to read files, scan internal networks, or trigger denial of service.
XZ Utils Backdoor (CVE-2024-3094)A nearly successful 2024 supply-chain attack in which a long-term contributor planted an obfuscated SSH backdoor in the upstream xz/liblzma library shipped by most Linux distributions.