● Glossary
Index A–Z
● Categories
A
- № 005AAA Framework
- № 006Abuse Case
- № 007Access Token
- № 008Account Enumeration
- № 009Account Lockout
- № 010Account Takeover (ATO)
- № 011Accounting (AAA)
- № 012Active Defense
- № 013Active Directory
- № 014Adaptive Attack
- № 015Adaptive Authentication
- № 016Address Poisoning
- № 017Advanced Persistent Threat (APT)
- № 018Adversarial Example
- № 019Adware
- № 020AES (Advanced Encryption Standard)
- № 021AES-CBC
- № 022AES-CTR
- № 023AES-GCM
- № 024AI Alignment
- № 025AI Bill of Materials (AIBOM)
- № 026AI Content Detection
- № 027AI Governance
- № 028AI Hallucination
- № 029AI Incident Response
- № 030AI Jailbreak
- № 031AI Model Card
- № 032AI Red Team
- № 033AI Safety
- № 034AI Supply Chain Risk
- № 035AI Watermarking
- № 036AI-Generated Disinformation
- № 037AI-Generated Malware
- № 038Air-Gapped Network
- № 039Aircrack-ng
- № 040Akira Ransomware
- № 041Alert Fatigue
- № 042Always-On VPN
- № 043Amcache.hve
- № 044AMD SEV / SEV-SNP
- № 045AMSI Bypass
- № 046Android Debug Bridge (ADB)
- № 047Android Malware
- № 048Anomaly-Based Detection
- № 049Anti-Forensics
- № 050Antivirus (AV)
- № 051API Key
- № 052API Security
- № 053AppArmor
- № 054AppInit_DLLs
- № 055Application Allowlisting (Whitelisting)
- № 056Application Security (AppSec)
- № 057APT Group
- № 058ARC (Authenticated Received Chain)
- № 059Argon2
- № 060ARM TrustZone
- № 061ARP
- № 062ARP Spoofing
- № 063Artifact Analysis
- № 064ASLR
- № 065ASN.1
- № 066Asset Management
- № 067Asymmetric Encryption
- № 068ATM Jackpotting
- № 069Atomic Red Team
- № 070Attack Pattern
- № 071Attack Surface
- № 072Attack Surface Management (ASM)
- № 073Attack Vector
- № 074Attribute-Based Access Control (ABAC)
- № 075Attribute-Based Encryption
- № 076Authentication
- № 077Authorization
- № 078Autopsy
- № 079AWS IMDSv1 Attack
B
- № 080Backdoor
- № 081Backdoor Attack (ML)
- № 082BadUSB
- № 083Baiting
- № 084Banking Trojan
- № 085Baseband Attack
- № 086BB84 Protocol
- № 087bcrypt
- № 088Bearer Token
- № 089BEAST Attack
- № 090Behavioral Biometrics
- № 091Behavioral Detection
- № 092BGP Hijacking
- № 093BGP Route Leak
- № 094BIAS Attack
- № 095BIMI
- № 096Biometric Authentication
- № 097BIOS Rootkit
- № 098Black Hat Hacker
- № 099BlackCat / ALPHV
- № 100BlackEnergy
- № 101BLAKE2
- № 102BleedingTooth
- № 103Bleichenbacher Attack
- № 104Blind XSS
- № 105Block Cipher
- № 106Blockchain Security
- № 107BloodHound
- № 108Blowfish
- № 109BLS Signature
- № 110Blue Team
- № 111BlueBorne
- № 112Bluebugging
- № 113Bluejacking
- № 114Bluesnarfing
- № 115Bluetooth LE Security
- № 116Boot Sector Virus
- № 117Bootkit
- № 118Bot Management
- № 119Botnet
- № 120BPF LSM
- № 121BrakTooth
- № 122BREACH Attack
- № 123Bring Your Own Device (BYOD)
- № 124Bring Your Own Key (BYOK)
- № 125Broken Access Control
- № 126Broken Authentication
- № 127Browser Fingerprinting
- № 128Browser Hijacker
- № 129Browser Sandbox
- № 130Brute Force Attack
- № 131Buffer Overflow
- № 132Bug Bounty Hunter
- № 133Bug Bounty Program
- № 134Burp Suite
- № 135Business Email Compromise
- № 136Business Impact Analysis (BIA)
C
- № 137C2PA
- № 138CAC (Common Access Card)
- № 139Cache Poisoning
- № 140Callback Phishing
- № 141Canary Token
- № 142Canvas Fingerprinting
- № 143CAPEC
- № 144CAPTCHA
- № 145Capture the Flag (CTF)
- № 146Carbanak
- № 147Card Skimming
- № 148CASB (Cloud Access Security Broker)
- № 149CCPA
- № 150CCSP
- № 151CDN Security
- № 152CEH
- № 153Cellebrite UFED
- № 154Censys
- № 155CEO Fraud
- № 156Certificate Authority (CA)
- № 157Certificate Pinning
- № 158Certificate Revocation List (CRL)
- № 159Certificate Transparency
- № 160ChaCha20
- № 161ChaCha20-Poly1305
- № 162Chain of Custody
- № 163Change Management
- № 164Chargeback Fraud
- № 165Chief Information Security Officer (CISO)
- № 166CI/CD Security
- № 167CIA Triad
- № 168CIDR Notation
- № 169CIEM (Cloud Infrastructure Entitlement Management)
- № 170Cilium
- № 171Cipher
- № 172Cipher Suite
- № 173Ciphertext
- № 174CIS Controls
- № 175CISA
- № 176CISM
- № 177CISSP
- № 178Citrix Bleed (CVE-2023-4966)
- № 179Cl0p / Clop Ransomware
- № 180Clickjacking
- № 181Clipboard Hijacker
- № 182Cloud Cryptojacking
- № 183Cloud Data Exfiltration
- № 184Cloud Encryption
- № 185Cloud Forensics
- № 186Cloud Key Leak
- № 187Cloud Metadata SSRF
- № 188Cloud Misconfiguration
- № 189Cloud Security
- № 190Cloud Token Theft
- № 191CMMC
- № 192CNAPP (Cloud-Native Application Protection)
- № 193Cobalt Strike
- № 194COBIT
- № 195Code Injection
- № 196Codecov Bash Uploader Compromise
- № 197Cold Boot Attack
- № 198Cold Wallet
- № 199Collection (MITRE Tactic)
- № 200COM Hijacking
- № 201Command and Control (C2)
- № 202Command Injection
- № 203Compensating Controls
- № 204Compliance
- № 205CompTIA Security+
- № 206Computer Virus
- № 207Computer Worm
- № 208Confidential Computing
- № 209Configuration Management
- № 210Consent Management
- № 211Container Escape
- № 212Container Image Scanning
- № 213Container Security
- № 214Content Security Policy (CSP)
- № 215Conti Ransomware
- № 216Continuous Authentication
- № 217Control-Flow Integrity
- № 218Conversation Hijacking
- № 219Cookie Hijacking
- № 220Cookie Poisoning
- № 221Coordinated Vulnerability Disclosure (CVD)
- № 222Corrective Controls
- № 223CORS (Cross-Origin Resource Sharing)
- № 224CORS Misconfiguration
- № 225COSE
- № 226Cosign
- № 227Coverage-Guided Fuzzing
- № 228CPRA
- № 229Credential Access
- № 230Credential Harvesting
- № 231Credential Stealer
- № 232Credential Stuffing
- № 233Credential Vault
- № 234Credit Card Fraud
- № 235CRIME Attack
- № 236CRISC
- № 237CRLF Injection
- № 238Cron Persistence
- № 239Cross-Site Request Forgery (CSRF)
- № 240Cross-Site Scripting (XSS)
- № 241Cross-Site Tracking
- № 242Cryptocurrency Laundering
- № 243Cryptocurrency Mixer / Tumbler
- № 244Cryptographic Agility
- № 245Cryptographic Bill of Materials (CBOM)
- № 246Cryptographic Erasure
- № 247Cryptographic Hash Function
- № 248Cryptographic Key
- № 249Cryptography
- № 250Cryptojacking
- № 251Cryptominer
- № 252CRYSTALS-Dilithium
- № 253CRYSTALS-Kyber
- № 254CSPM (Cloud Security Posture Management)
- № 255CSPM Finding
- № 256CSRF Token
- № 257CSV Injection
- № 258Curve25519
- № 259CVE (Common Vulnerabilities and Exposures)
- № 260CVE Numbering Authority (CNA)
- № 261CVSS (Common Vulnerability Scoring System)
- № 262CWE (Common Weakness Enumeration)
- № 263CWPP (Cloud Workload Protection Platform)
- № 264Cyber Insurance
- № 265Cyber Kill Chain
- № 266Cyber Threat Intelligence (CTI)
- № 267Cyber-Physical System (CPS)
- № 268Cybercrime-as-a-Service (CaaS)
- № 269Cybersquatting
D
- № 270DANE
- № 271Dark Web
- № 272DarkSide Ransomware
- № 273DAST (Dynamic Application Security Testing)
- № 274Data Anonymization
- № 275Data Breach
- № 276Data Classification
- № 277Data Leak
- № 278Data Loss Prevention (DLP)
- № 279Data Masking
- № 280Data Minimization
- № 281Data Poisoning
- № 282Data Protection Impact Assessment (DPIA)
- № 283Data Residency
- № 284Data Retention
- № 285Data Sovereignty
- № 286Data Subject Access Request (DSAR)
- № 287Database Activity Monitoring (DAM)
- № 288Database Firewall
- № 289dd (Raw Disk Image)
- № 290DDoS Amplification
- № 291DDoS Mitigation
- № 292Decentralized Identifier (DID)
- № 293Deception Technology
- № 294Decryption
- № 295Deep Packet Inspection (DPI)
- № 296Deep Web
- № 297Deepfake
- № 298Defense Evasion
- № 299Defense in Depth
- № 300DeFi
- № 301Demilitarized Zone (DMZ)
- № 302Denial-of-Service (DoS) Attack
- № 303DEP
- № 304Dependency Confusion Attack
- № 305Dependency Pinning
- № 306DES (Data Encryption Standard)
- № 307Detection Engineering
- № 308Detective Controls
- № 309DevSecOps
- № 310DFIR (Digital Forensics and Incident Response)
- № 311DHCP
- № 312DHCP Spoofing
- № 313DHCP Starvation
- № 314Diameter Protocol
- № 315Diamond Model of Intrusion Analysis
- № 316Dictionary Attack
- № 317Differential Privacy
- № 318Diffie–Hellman Key Exchange
- № 319Digital Forensics
- № 320Digital Identity
- № 321Digital Signature
- № 322Directory Traversal
- № 323Dirty COW (CVE-2016-5195)
- № 324Dirty Pipe (CVE-2022-0847)
- № 325Discovery (MITRE Tactic)
- № 326Discretionary Access Control (DAC)
- № 327Disk Forensics
- № 328Distributed Control System (DCS)
- № 329Distributed Denial-of-Service (DDoS) Attack
- № 330DKIM
- № 331DLL Hijacking
- № 332DLL Injection
- № 333DMARC
- № 334DNP3
- № 335DNS Amplification Attack
- № 336DNS Blocklist (DNSBL)
- № 337DNS Cache Poisoning
- № 338DNS Hijacking
- № 339DNS Leak
- № 340DNS over HTTPS (DoH)
- № 341DNS over TLS (DoT)
- № 342DNS Rebinding
- № 343DNS Spoofing
- № 344DNS Tunneling
- № 345DNSSEC
- № 346Docker Socket Attack
- № 347DOM-Based XSS
- № 348Domain Generation Algorithm (DGA)
- № 349Domain Hijacking
- № 350Domain Shadowing
- № 351DORA
- № 352Double Free
- № 353Downloader
- № 354Doxware
- № 355Doxxing
- № 356DPA
- № 357DPF
- № 358Dragonblood
- № 359DREAD Model
- № 360Drive-by Download
- № 361Dropper
- № 362DROWN Attack (CVE-2016-0800)
- № 363DTP Attack
- № 364Dumpster Diving
- № 365Dust Attack
E
- № 366E01 (EnCase Evidence) Image Format
- № 367eBPF Security
- № 368ECDH
- № 369ECDSA
- № 370Ed25519
- № 371EDR (Endpoint Detection and Response)
- № 372Elastic Stack (ELK)
- № 373ELF Binary Format
- № 374Elliptic Curve Cryptography (ECC)
- № 375Email Spoofing
- № 376Embedding Attacks
- № 377Emotet
- № 378EnCase
- № 379Encryption
- № 380End-to-End Encryption (E2EE)
- № 381Endpoint Isolation
- № 382Enterprise Mobility Management (EMM)
- № 383Enterprise Risk Management (ERM)
- № 384Envelope Encryption
- № 385EPP (Endpoint Protection Platform)
- № 386EPSS (Exploit Prediction Scoring System)
- № 387Equation Group
- № 388Eric Zimmerman's EZ Tools
- № 389EternalBlue (CVE-2017-0144)
- № 390Ethical Hacker
- № 391EU AI Act
- № 392Eval Injection
- № 393Evasion Attack (ML)
- № 394Evidence Acquisition
- № 395Evil Maid Attack
- № 396Evil Twin Attack
- № 397Execution (MITRE Tactic)
- № 398Exfiltration
- № 399Exploit
- № 400Extended Validation Certificate
- № 401External Attack Surface Management (EASM)
F
- № 402FAIR (Factor Analysis of Information Risk)
- № 403Falco
- № 404Falcon (Signature Scheme)
- № 405False Negative
- № 406False Positive
- № 407Fast Flux
- № 408Fault Injection
- № 409Federated Identity
- № 410Federated Learning
- № 411FedRAMP
- № 412FERPA
- № 413FIDO Security Key
- № 414FIDO2
- № 415File Carving
- № 416File Integrity Monitoring (FIM)
- № 417Fileless Malware
- № 418FIN Threat Group
- № 419FIPS 140 / FIPS 140-3
- № 420Firewall
- № 421Firmware Malware
- № 422Firmware Over-the-Air (OTA)
- № 423FISMA
- № 424Flash Loan Attack
- № 425Forensic Hash Verification
- № 426Forensic Imaging
- № 427Forensic Readiness
- № 428Forensic Toolkit
- № 429Fork Bomb
- № 430Format String Vulnerability
- № 431Formjacking
- № 432Forward Proxy
- № 433Fraggle Attack
- № 434FREAK Attack
- № 435Front-Running (Blockchain)
- № 436FTK
- № 437FTP
- № 438Function as a Service (FaaS)
- № 439Fuzz Testing
G
- № 440GDPR
- № 441GHOST Vulnerability (CVE-2015-0235)
- № 442GIAC Certifications
- № 443Gift Card Fraud
- № 444GitOps Security
- № 445Glitch Attack
- № 446GnuPG (GPG)
- № 447Golden Ticket
- № 448Google Chronicle SecOps
- № 449Gramm-Leach-Bliley Act (GLBA)
- № 450GrayKey
- № 451Grey Hat Hacker
- № 452Greylisting
- № 453Greyware
- № 454Grover's Algorithm
- № 455gVisor
H
- № 456Hack-Back
- № 457Hacker
- № 458Hacktivist
- № 459Hardcoded Secrets in Code
- № 460Hardware Attestation
- № 461Hardware Security Module (HSM)
- № 462Hardware Token
- № 463Hardware Trojan
- № 464Hardware Wallet
- № 465Harvest Now, Decrypt Later
- № 466Hash Collision
- № 467Hashcat
- № 468Headless Browser
- № 469Heap Feng Shui
- № 470Heap Overflow
- № 471Heap Spraying
- № 472Heartbleed (CVE-2014-0160)
- № 473Heuristic Detection
- № 474hiberfil.sys
- № 475HIPAA
- № 476HITRUST
- № 477Hive Ransomware
- № 478HMAC
- № 479HMAC-Based One-Time Password (HOTP)
- № 480Hold Your Own Key (HYOK)
- № 481Homomorphic Encryption
- № 482Honey Account
- № 483Honeyfile
- № 484Honeynet
- № 485Honeypot
- № 486Honeytoken
- № 487Honeyuser
- № 488Horizontal Privilege Escalation
- № 489Host Header Injection
- № 490Host-Based IDS (HIDS)
- № 491Hot Wallet
- № 492HSRP / VRRP Attack
- № 493HTTP Desync Attack
- № 494HTTP Request Smuggling
- № 495HTTP Response Splitting
- № 496HTTP Security Headers
- № 497HTTP Strict Transport Security (HSTS)
- № 498HTTP/2 Security
- № 499HTTP/3 / QUIC
- № 500HttpOnly Cookie Flag
- № 501HTTPS
- № 502Human-Machine Interface (HMI)
I
- № 503I2P
- № 504IAM Misconfiguration (cloud)
- № 505IAM Privilege Escalation
- № 506IAST (Interactive Application Security Testing)
- № 507IcedID / BokBot
- № 508ICMP
- № 509ICO Scam
- № 510Identity and Access Management (IAM)
- № 511Identity Theft
- № 512Identity-Based Encryption
- № 513IEC 62443
- № 514IEEE 802.1X
- № 515IFEO Injection
- № 516iframe sandbox
- № 517IMEI (International Mobile Equipment Identity)
- № 518Impact (MITRE Tactic)
- № 519Impossible Travel Detection
- № 520IMSI (International Mobile Subscriber Identity)
- № 521IMSI Catcher
- № 522in-toto
- № 523Incident Responder
- № 524Incident Response
- № 525Incident Response Plan
- № 526Indicator of Attack (IoA)
- № 527Indicator of Compromise (IoC)
- № 528Indirect Prompt Injection
- № 529Industrial Control System (ICS)
- № 530Industroyer / CrashOverride
- № 531Info Stealer
- № 532Infrastructure as a Service (IaaS)
- № 533Inherence Factor (Something You Are)
- № 534Inherent Risk
- № 535Initial Access
- № 536Initial Access Broker (IAB)
- № 537Initialization Vector (IV)
- № 538Input Validation
- № 539Insecure Deserialization
- № 540Insecure Direct Object Reference (IDOR)
- № 541Insecure File Upload
- № 542Insider Threat
- № 543Integer Overflow
- № 544Integer Underflow
- № 545Intel CET
- № 546Intel SGX
- № 547Intrusion Detection System (IDS)
- № 548Intrusion Prevention System (IPS)
- № 549Invoice Fraud
- № 550iOS Malware
- № 551IoT Botnet
- № 552IoT Security
- № 553IP Address
- № 554IP Fragmentation Attack
- № 555IP Spoofing
- № 556IPsec
- № 557ISO/IEC 27001
- № 558ISO/IEC 27002
- № 559Istio Security
- № 560ITIL
- № 561Ivanti Connect Secure Zero-Days (CVE-2023-46805, CVE-2024-21887)
K
- № 576k-Anonymity
- № 577Kali Linux
- № 578KAPE (Kroll Artifact Parser and Extractor)
- № 579KARMA Attack
- № 580Kaseya VSA Supply-Chain Attack
- № 581KASLR
- № 582Kata Containers
- № 583Kerberoasting
- № 584Kerberos
- № 585Kernel Mode vs User Mode
- № 586Key Derivation Function (KDF)
- № 587Key Escrow
- № 588Key Management System
- № 589Key Rotation
- № 590Keylogger
- № 591KNOB Attack
- № 592Knowledge Factor (Something You Know)
- № 593Known Exploited Vulnerability (KEV)
- № 594known_hosts File
- № 595KRACK Attack
- № 596kube-bench
- № 597Kubernetes Admission Controller
- № 598Kubernetes Cluster Attack
- № 599Kubernetes Network Policy
- № 600Kubernetes Security
- № 601Kubescape
- № 602Kyverno
L
- № 603l-Diversity
- № 604LAND Attack
- № 605LastPass Breach (2022)
- № 606Lateral Movement
- № 607Lattice-Based Cryptography
- № 608launchd Persistence
- № 609Layer 2
- № 610LD_PRELOAD Hijacking
- № 611LDAP
- № 612LDAP Injection
- № 613Ledger Wallet
- № 614LGPD
- № 615Linux Capabilities
- № 616Living off the Land
- № 617LLM Firewall
- № 618LLM Guardrails
- № 619LLM System Prompt Leak
- № 620LLMNR Poisoning
- № 621Loader
- № 622Local File Inclusion (LFI)
- № 623Location Factor (Somewhere You Are)
- № 624LockBit
- № 625Locky Ransomware
- № 626Log Aggregation
- № 627Log Analysis
- № 628Log Correlation
- № 629Log4Shell (CVE-2021-44228)
- № 630Logic Bomb
- № 631Logjam
- № 632LOLBin / LOLBAS
- № 633Looney Tunables (CVE-2023-4911)
- № 634LoRaWAN Security
- № 635LTE Security
- № 636Lucky 13
M
- № 637MAC Address
- № 638MAC Spoofing
- № 639Mach-O
- № 640Machine Identity
- № 641Macro Virus
- № 642Magecart Attack
- № 643Magic Link Authentication
- № 644Magnet AXIOM
- № 645Mail Bomb
- № 646Malicious Browser Extension
- № 647Malicious npm Package
- № 648Malvertising
- № 649Malware
- № 650Malware Analysis
- № 651Man-in-the-Middle Attack
- № 652Mandatory Access Control (MAC)
- № 653Mass Assignment
- № 654Mass Surveillance
- № 655Master Key
- № 656Maze Ransomware
- № 657MCP Attacks
- № 658MD5
- № 659MDR (Managed Detection and Response)
- № 660Mean Time to Contain (MTTC)
- № 661Mean Time to Detect (MTTD)
- № 662Mean Time to Recover (MTTR)
- № 663Mean Time to Respond (MTTR)
- № 664Medusa Ransomware
- № 665Meltdown
- № 666Membership Inference Attack
- № 667Memory Corruption
- № 668Memory Forensics
- № 669Memory Leak
- № 670Memory Safety
- № 671Memory-Safe Languages
- № 672Message Authentication Code (MAC)
- № 673Metamorphic Malware
- № 674Metasploit
- № 675MEV (Maximal Extractable Value)
- № 676MFA Fatigue (Push Bombing)
- № 677MFT (Master File Table)
- № 678Microsegmentation
- № 679Microsoft Pluton
- № 680Microsoft Sentinel
- № 681MIME Sniffing
- № 682Mimikatz
- № 683Mirai Botnet
- № 684MISP
- № 685Misuse Case
- № 686mitmproxy
- № 687MITRE ATT&CK
- № 688MITRE D3FEND
- № 689MITRE Engage
- № 690Mixed Content
- № 691MLSecOps
- № 692Mobile App Permissions
- № 693Mobile App Sandbox
- № 694Mobile App Security
- № 695Mobile App Store Attack
- № 696Mobile Application Management (MAM)
- № 697Mobile Device Management (MDM)
- № 698Mobile Forensics
- № 699Mobile Malware
- № 700Mobile OTP Interception
- № 701Mobile VPN
- № 702Modbus
- № 703Model Extraction
- № 704Model Inversion
- № 705Monte Carlo Risk Simulation
- № 706MOVEit Transfer SQLi (CVE-2023-34362)
- № 707MTA-STS
- № 708Multi-Factor Authentication (MFA)
- № 709Multisig Wallet
- № 710Mutation Fuzzing
- № 711Mutual Authentication
- № 712Mutual TLS (mTLS)
N
- № 713N-Day Vulnerability
- № 714Nation-State Actor
- № 715NBT-NS Poisoning
- № 716NDR (Network Detection and Response)
- № 717Need-to-Know Principle
- № 718Nessus
- № 719NetFlow
- № 720Network Access Control (NAC)
- № 721Network Address Translation (NAT)
- № 722Network Forensics
- № 723Network Segmentation
- № 724Network-Based IDS (NIDS)
- № 725Next-Generation Antivirus (NGAV)
- № 726Next-Generation Firewall (NGFW)
- № 727NFC Relay Attack
- № 728NFT Fraud
- № 729Nightshade Attack
- № 730NIS2 Directive
- № 731NIST Cybersecurity Framework
- № 732NIST PQC Standardization
- № 733NIST Risk Management Framework
- № 734NIST SP 800-171
- № 735NIST SP 800-30
- № 736NIST SP 800-37
- № 737NIST SP 800-53
- № 738NIST SP 800-61
- № 739Nitrokey
- № 740Nmap
- № 741Non-Resident Virus
- № 742Nonce
- № 743NoSQL Injection
- № 744NotPetya
- № 745NTLM Authentication
- № 746NTLM Relay Attack
- № 747NTP Amplification Attack
- № 748Null Pointer Dereference
O
- № 749OAuth 2.0
- № 750OCSP (Online Certificate Status Protocol)
- № 751OCTAVE Method
- № 752Okta Support System Breach (2023)
- № 753one_gadget RCE
- № 754One-Time Password (OTP)
- № 755Onion Routing
- № 756OPA (Open Policy Agent)
- № 757OPA Gatekeeper
- № 758OPC UA
- № 759Open Redirect
- № 760OpenID Connect (OIDC)
- № 761OpenVPN
- № 762Operational Technology (OT)
- № 763Operational Threat Intelligence
- № 764Opportunistic TLS
- № 765Oracle Manipulation
- № 766Order of Volatility
- № 767ORM Injection
- № 768OSCP
- № 769OSSEC
- № 770OSSTMM
- № 771OTX
- № 772Out-of-Bounds Read
- № 773Output Encoding
- № 774OWASP API Security Top 10
- № 775OWASP ASVS
- № 776OWASP Dependency-Check
- № 777OWASP LLM Top 10
- № 778OWASP MASVS
- № 779OWASP Mobile Top 10
- № 780OWASP SAMM
- № 781OWASP Top 10
- № 782OWASP WSTG
- № 783OWASP ZAP
P
- № 784Package Signing
- № 785Packet Filtering
- № 786Padding Oracle Attack
- № 787pagefile.sys
- № 788Parameter Tampering
- № 789Parameterized Query
- № 790Pass-the-Hash
- № 791Pass-the-Ticket
- № 792Passive DNS
- № 793Passkey
- № 794Passphrase
- № 795Password
- № 796Password Entropy
- № 797Password Manager
- № 798Password Policy
- № 799Password Reuse
- № 800Password Spraying
- № 801PASTA Threat Model
- № 802Patch Management
- № 803Payload
- № 804Payment Fraud
- № 805PBKDF2
- № 806PCAP
- № 807PCI DSS
- № 808PDF Exploit
- № 809PE Executable Format
- № 810Pegasus Spyware (NSO Group)
- № 811PEM Format
- № 812Penetration Tester
- № 813Penetration Testing
- № 814Pepper
- № 815Perfect Forward Secrecy
- № 816Permit2 Phishing
- № 817Persistence
- № 818Personally Identifiable Information (PII)
- № 819PGP
- № 820Pharming
- № 821Phishing
- № 822Phreaking
- № 823Pig Butchering Scam
- № 824Piggybacking
- № 825Ping of Death
- № 826PIPEDA
- № 827PIV Card
- № 828Pixie Dust Attack
- № 829PKCS#11
- № 830PKCS#12
- № 831PKCS#7
- № 832Plaintext
- № 833Plaso
- № 834Platform as a Service (PaaS)
- № 835Play Ransomware
- № 836Playwright Security
- № 837PMKID Attack
- № 838Pod Security Standards
- № 839Policy as Code
- № 840Polymorphic Malware
- № 841POODLE Attack (CVE-2014-3566)
- № 842Port Forwarding
- № 843Port Knocking
- № 844Possession Factor (Something You Have)
- № 845Post-Mortem
- № 846Post-Quantum Cryptography
- № 847Potentially Unwanted Program (PUP)
- № 848Power Analysis Attack
- № 849Predator Spyware (Intellexa)
- № 850Prefetch Files
- № 851Preservation of Evidence
- № 852Pretexting
- № 853Preventive Controls
- № 854Principle of Least Privilege
- № 855PrintNightmare (CVE-2021-34527)
- № 856Privacy by Design
- № 857Privacy Impact Assessment (PIA)
- № 858Private Key
- № 859Private Set Intersection (PSI)
- № 860Privilege Escalation
- № 861Privileged Access Management (PAM)
- № 862Process Injection
- № 863PROFINET
- № 864Programmable Logic Controller (PLC)
- № 865Promiscuous Mode
- № 866Prompt Injection
- № 867Proof-of-Concept Exploit
- № 868Protestware
- № 869Prototype Pollution
- № 870Provenance Attestation
- № 871Proxy Re-Encryption
- № 872Proxy Server
- № 873ProxyLogon (CVE-2021-26855)
- № 874ProxyShell
- № 875Pseudonymization
- № 876PTES
- № 877Public Key
- № 878Public Key Infrastructure (PKI)
- № 879Public-Key Cryptography
- № 880Puppeteer Security
- № 881Purdue Enterprise Reference Architecture
- № 882Purple Team
- № 883Push Authentication
- № 884Pwned Password
- № 885PwnKit (CVE-2021-4034)
- № 886Pyramid of Pain
R
- № 895Race Condition
- № 896RADIUS
- № 897RAG
- № 898RAG Security
- № 899Rainbow Table Attack
- № 900Ransomware
- № 901Ransomware Gang
- № 902Ransomware-as-a-Service (RaaS)
- № 903RASP (Runtime Application Self-Protection)
- № 904Rate Limiting
- № 905Reconnaissance
- № 906Recovery Phrase
- № 907Recovery Point Objective (RPO)
- № 908Recovery Time Objective (RTO)
- № 909Red Team
- № 910Reentrancy Attack
- № 911Referrer Policy
- № 912Reflected XSS
- № 913Refresh Token
- № 914Registry Run Key Persistence
- № 915regreSSHion (CVE-2024-6387)
- № 916Relay Attack
- № 917Remote Access Trojan (RAT)
- № 918Remote Access VPN
- № 919Remote File Inclusion (RFI)
- № 920Replay Attack
- № 921Reproducible Builds
- № 922Resident Virus
- № 923Residual Risk
- № 924Responder Attack
- № 925Return-Oriented Programming
- № 926Reverse Engineering
- № 927Reverse Proxy
- № 928REvil / Sodinokibi
- № 929RFID Cloning
- № 930Right of Data Portability
- № 931Right of Rectification
- № 932Right to Be Forgotten
- № 933Ring Signature
- № 934Risk Appetite
- № 935Risk Assessment
- № 936Risk Management
- № 937Risk Register
- № 938Risk Tolerance
- № 939Risk Treatment
- № 940Risk-Based Authentication (RBA)
- № 941ROBOT Attack
- № 942robots.txt
- № 943Rogue Access Point
- № 944Rogue DHCP Server
- № 945Rogue Security Software
- № 946Role-Based Access Control (RBAC)
- № 947Romance Scam
- № 948Rooting (Android)
- № 949Rootkit
- № 950Rowhammer
- № 951RSA Algorithm
- № 952Rug Pull
- № 953Rust Security Properties
- № 954Ryuk Ransomware
S
- № 955S/MIME
- № 956S3 Bucket Misconfiguration
- № 957Safety Instrumented System (SIS)
- № 958Salsa20
- № 959Salt
- № 960Same-Origin Policy (SOP)
- № 961SameSite Cookie
- № 962SAML
- № 963Sandbox / Emulator Detection
- № 964Sandbox Escape
- № 965Sandwich Attack
- № 966Sandworm Team
- № 967SANS Top 25
- № 968Sarbanes-Oxley Act (SOX)
- № 969SASE
- № 970SAST (Static Application Security Testing)
- № 971SCA (Software Composition Analysis)
- № 972SCADA
- № 973Scareware
- № 974SCC
- № 975Scheduled Task Persistence
- № 976Screen Scraper
- № 977Script Kiddie
- № 978scrypt
- № 979seccomp
- № 980secp256k1
- № 981Secure Boot
- № 982Secure Coding
- № 983Secure Cookie Flag
- № 984Secure Email Gateway
- № 985Secure Enclave
- № 986Secure Messaging App
- № 987Secure Multi-Party Computation (MPC)
- № 988Secure Software Development Lifecycle (SSDLC)
- № 989Security Analyst (Tier 1/2/3 SOC)
- № 990Security Architect
- № 991Security as Code
- № 992Security Awareness Trainer
- № 993Security Baseline
- № 994Security by Obscurity
- № 995Security Controls
- № 996Security Engineer
- № 997Security Onion
- № 998Security Operations Center (SOC)
- № 999Security Playbook
- № 1000Security Posture
- № 1001Security Requirements
- № 1002SeDebugPrivilege
- № 1003Seed Phrase
- № 1004Self-Signed Certificate
- № 1005Self-Sovereign Identity (SSI)
- № 1006SELinux
- № 1007Separation of Duties (SoD)
- № 1008Server-Side Request Forgery (SSRF)
- № 1009Server-Side Template Injection
- № 1010Serverless Security
- № 1011Service Account
- № 1012Service Account Token
- № 1013Service Level Agreement (SLA)
- № 1014Service Mesh Security
- № 1015Session Fixation
- № 1016Session Hijacking
- № 1017Session Key
- № 1018Session Management
- № 1019Session Replay
- № 1020Session Token
- № 1021Sextortion
- № 1022SFTP
- № 1023SHA-1
- № 1024SHA-256
- № 1025SHA-3
- № 1026Shadow AI
- № 1027Shadow Brokers Leak
- № 1028Shadow Stack
- № 1029Shamir's Secret Sharing
- № 1030Shared Responsibility Model
- № 1031Shellbags
- № 1032Shellshock (CVE-2014-6271)
- № 1033Shift-Left Security
- № 1034Shimcache (AppCompatCache)
- № 1035Shodan
- № 1036Shor's Algorithm
- № 1037Shoulder Surfing
- № 1038Side-Channel Attack
- № 1039SIEM
- № 1040SIEM Rule Tuning
- № 1041Sigma Rule
- № 1042Signal Protocol
- № 1043Signature-Based Detection
- № 1044Sigstore
- № 1045Silver Ticket
- № 1046SIM Cloning
- № 1047SIM Swapping
- № 1048Single Point of Failure (SPOF)
- № 1049Single Sign-On (SSO)
- № 1050SIP Attack
- № 1051Site Isolation
- № 1052Site-to-Site VPN
- № 1053SLSA Framework
- № 1054Smart Card
- № 1055Smart Contract Audit
- № 1056Smart Contract Security
- № 1057SMB Relay Attack
- № 1058SMEP / SMAP
- № 1059Smishing
- № 1060Smurf Attack
- № 1061Snort Rule
- № 1062SOAR
- № 1063SOC 2
- № 1064SOC Maturity Model
- № 1065Social Engineering
- № 1066Social Login
- № 1067Software as a Service (SaaS)
- № 1068Software Bill of Materials (SBOM)
- № 1069Software Supply Chain Security
- № 1070SolarWinds Sunburst
- № 1071Spam (Email)
- № 1072Spanning-Tree Protocol Attack
- № 1073Spear Phishing
- № 1074Spectre
- № 1075Speculative Execution Side Channel
- № 1076SPF (Sender Policy Framework)
- № 1077SPHINCS+
- № 1078SPIFFE
- № 1079SPIRE Runtime
- № 1080Splunk Enterprise Security
- № 1081Splunk SPL Query
- № 1082Spring4Shell (CVE-2022-22965)
- № 1083Spyware
- № 1084SQL Injection
- № 1085SS7 Attack
- № 1086SSE
- № 1087SSH
- № 1088SSH Agent Forwarding
- № 1089SSH Key Types
- № 1090SSL (Secure Sockets Layer)
- № 1091SSL Stripping
- № 1092SSL VPN
- № 1093SSL/TLS Downgrade Attack
- № 1094SSPM (SaaS Security Posture Management)
- № 1095Stack Canary
- № 1096Stack Overflow Vulnerability
- № 1097Starjacking
- № 1098STARTTLS
- № 1099Stateful Firewall
- № 1100Stateless Firewall
- № 1101Stealth Malware
- № 1102Steganalysis
- № 1103Step-Up Authentication
- № 1104Stingray
- № 1105STIX
- № 1106Stored Procedure Abuse
- № 1107Stored XSS
- № 1108Strategic Threat Intelligence
- № 1109Stream Cipher
- № 1110STRIDE Model
- № 1111Stuxnet
- № 1112Subdomain Takeover
- № 1113Subnet
- № 1114Subresource Integrity (SRI)
- № 1115Supercookie
- № 1116Supply Chain Attack
- № 1117Suricata
- № 1118Swatting
- № 1119SWG
- № 1120Symbolic Execution
- № 1121Symmetric Encryption
- № 1122SYN Flood
- № 1123Synthetic Media
- № 1124Sysmon
- № 1125System Hardening
T
- № 1126t-Closeness
- № 1127Tabletop Exercise
- № 1128Tabnabbing
- № 1129TACACS+
- № 1130Tactical Threat Intelligence
- № 1131Tactics, Techniques and Procedures (TTPs)
- № 1132Tailgating
- № 1133TAXII Protocol
- № 1134TCP
- № 1135TCP Reset Injection
- № 1136TCP/IP
- № 1137Teardrop Attack
- № 1138Tech Support Scam
- № 1139TEMPEST Attack
- № 1140Tenant Isolation
- № 1141Tetragon
- № 1142The Sleuth Kit
- № 1143Third-Party Cookie
- № 1144Third-Party Risk Management (TPRM)
- № 1145Threat Actor
- № 1146Threat Hunter
- № 1147Threat Hunting
- № 1148Threat Intelligence
- № 1149Threat Landscape
- № 1150Threat Modeling
- № 1151Threat Vector
- № 1152Threshold Cryptography
- № 1153Time Bomb
- № 1154Time Factor (Authentication)
- № 1155Time-Based One-Time Password (TOTP)
- № 1156Timeline Analysis
- № 1157Timing Attack
- № 1158TLP
- № 1159TLS (Transport Layer Security)
- № 1160TLS Handshake
- № 1161TOCTOU Vulnerability
- № 1162Token Impersonation
- № 1163Token Smuggling
- № 1164Tokenization (Privacy)
- № 1165Tor / Tor Browser
- № 1166Tracking Pixel
- № 1167Trackware
- № 1168Transferable Adversarial Attack
- № 1169Transparent Proxy
- № 1170Trezor Wallet
- № 1171TrickBot
- № 1172Trike
- № 1173Triple DES (3DES)
- № 1174TRITON / TRISIS
- № 1175Trivy
- № 1176Trojan Horse
- № 1177Trusted Execution Environment (TEE)
- № 1178Trusted Platform Module (TPM)
- № 1179Trusted Types
- № 1180Two-Factor Authentication (2FA)
- № 1181Twofish
- № 1182Type Confusion Vulnerability
- № 1183Typosquatted Package
- № 1184Typosquatting
U
- № 1185U2F (Universal 2nd Factor)
- № 1186UAC Bypass
- № 1187UBA (User Behavior Analytics)
- № 1188UDP
- № 1189UEBA (User and Entity Behavior Analytics)
- № 1190UEFI Rootkit
- № 1191UNC Cluster (Uncategorized)
- № 1192USB Rubber Ducky
- № 1193Use-After-Free
- № 1194User Account Control (UAC)
- № 1195User-Agent Spoofing
- № 1196Username Enumeration
- № 1197UTM (Unified Threat Management)
V
- № 1198Vector Database Security
- № 1199Vendor Risk Management
- № 1200Verifiable Credential
- № 1201VERIS Framework
- № 1202Vertical Privilege Escalation
- № 1203Video Deepfake Attack
- № 1204Virtual CISO (vCISO)
- № 1205Vishing
- № 1206VLAN
- № 1207VLAN Hopping
- № 1208Voice Cloning Attack
- № 1209VoIP Security
- № 1210Volatility Framework
- № 1211VoLTE Security
- № 1212VPN (Virtual Private Network)
- № 1213VPN Kill Switch
- № 1214VPN Leak
- № 1215VPN Split Tunneling
- № 1216Vulnerability
- № 1217Vulnerability Assessment
- № 1218Vulnerability Scanning
W
- № 1219WAAP
- № 1220Wabbit
- № 1221Wallet Drainer
- № 1222WannaCry
- № 1223Wardriving
- № 1224Watering Hole Attack
- № 1225Wazuh
- № 1226Weaponized Exploit
- № 1227Web Application Firewall (WAF)
- № 1228Web Cache Deception
- № 1229Web Skimmer / E-Skimming
- № 1230WebAuthn
- № 1231WebRTC IP Leak
- № 1232WEP (Wired Equivalent Privacy)
- № 1233Whaling
- № 1234White Hat Hacker
- № 1235White Team
- № 1236WHOIS Lookup
- № 1237Wi-Fi 6E
- № 1238Wi-Fi 7
- № 1239Wi-Fi Deauthentication Attack
- № 1240Wi-Fi Pineapple
- № 1241Wildcard Certificate
- № 1242Windows Registry Analysis
- № 1243Wiper Malware
- № 1244WireGuard
- № 1245Wireshark
- № 1246WMI Event Subscription Persistence
- № 1247Workforce Identity
- № 1248Workload Identity
- № 1249WPA2
- № 1250WPA3
- № 1251WPS Attack
- № 1252Write Blocker