● 1413 entries
Glossary
Every term, A to Z.
$
3
5
A
- AAA Framework
- Abuse Case
- Access Token
- Account Abstraction (ERC-4337)
- Account Enumeration
- Account Lockout
- Account Takeover (ATO)
- Accounting (AAA)
- Active Defense
- Active Directory
- Adaptive Attack
- Adaptive Authentication
- Address Poisoning
- Advanced Persistent Threat (APT)
- Adversarial Example
- Adversary-in-the-Middle (AiTM) Phishing
- Adware
- AEAD (Authenticated Encryption with Associated Data)
- AES (Advanced Encryption Standard)
- AES-CBC
- AES-CTR
- AES-GCM
- Agent Tesla
- Agentic AI Security
- AI Alignment
- AI Bill of Materials (AIBOM)
- AI Content Detection
- AI Governance
- AI Hallucination
- AI Incident Response
- AI Jailbreak
- AI Model Card
- AI Red Team
- AI Red Teamer
- AI Safety
- AI Supply Chain Risk
- AI Watermarking
- AI-Generated Disinformation
- AI-Generated Malware
- Air-Gapped Network
- Aircrack-ng
- Akira Ransomware
- Alert Fatigue
- Always-On VPN
- Amcache.hve
- AMD SEV / SEV-SNP
- AMSI Bypass
- Android Debug Bridge (ADB)
- Android Keystore System
- Android Malware
- Anomaly-Based Detection
- Anti-Forensics
- Antivirus (AV)
- API Key
- API Security
- APK Repackaging
- AppArmor
- AppInit_DLLs
- Apple App Attest
- Application Allowlisting (Whitelisting)
- Application Security (AppSec)
- Application Security Engineer
- APT Group
- ARC (Authenticated Received Chain)
- Argon2
- ARM TrustZone
- ARP
- ARP Spoofing
- Artifact Analysis
- AS-REP Roasting
- ASLR
- ASN.1
- ASPM (Application Security Posture Management)
- Asset Management
- Assume Breach
- Asymmetric Encryption
- ATM Jackpotting
- Atomic Red Team
- Attack Flow
- Attack Pattern
- Attack Surface
- Attack Surface Management (ASM)
- Attack Vector
- Attribute-Based Access Control (ABAC)
- Attribute-Based Encryption
- Attribution Reporting API
- Authentication
- Authorization
- Autopsy
- AWS IMDSv1 Attack
- AWS IMDSv2
- AWS Lambda Security
B
- Backdoor
- Backdoor Attack (ML)
- BACnet
- BadUSB
- Baiting
- Banking Trojan
- Baseband Attack
- BB84 Protocol
- bcrypt
- Bearer Token
- BEAST Attack
- Behavioral Biometrics
- Behavioral Detection
- BGP Hijacking
- BGP Route Leak
- BIAS Attack
- BIMI
- Biometric Authentication
- BIOS Rootkit
- Black Hat Hacker
- BlackCat / ALPHV
- BlackEnergy
- BLAKE2
- BleedingTooth
- Bleichenbacher Attack
- Blind XSS
- Block Cipher
- Blockchain Security
- BloodHound
- Blowfish
- BLS Signature
- Blue Team
- BlueBorne
- Bluebugging
- Bluejacking
- Bluesnarfing
- Bluetooth LE Security
- Boot Sector Virus
- Bootkit
- Bot Management
- Botnet
- BPF LSM
- BrakTooth
- BREACH Attack
- Bring Your Own Device (BYOD)
- Bring Your Own Key (BYOK)
- Broken Access Control
- Broken Authentication
- Browser Fingerprinting
- Browser Hijacker
- Browser Sandbox
- Brute Force Attack
- Buffer Overflow
- Bug Bounty Hunter
- Bug Bounty Program
- Bulk Extractor
- Burp Suite
- Business Email Compromise
- Business Impact Analysis (BIA)
- BYOVD (Bring Your Own Vulnerable Driver)
C
- C2PA
- CAA Record (Certification Authority Authorization)
- CAC (Common Access Card)
- Cache Poisoning
- Callback Phishing
- Canary Token
- Canvas Fingerprinting
- CAPEC
- CAPTCHA
- Capture the Flag (CTF)
- Carbanak
- Card Skimming
- CASB (Cloud Access Security Broker)
- CCPA
- CCSP
- CDN Security
- CEH
- Cellebrite UFED
- Censys
- CEO Fraud
- Certificate Authority (CA)
- Certificate Pinning
- Certificate Revocation List (CRL)
- Certificate Transparency
- ChaCha20
- ChaCha20-Poly1305
- Chain of Custody
- Change Management
- Chargeback Fraud
- Chief Information Security Officer (CISO)
- CI/CD Security
- CIA Triad
- CIDR Notation
- CIEM (Cloud Infrastructure Entitlement Management)
- Cilium
- Cipher
- Cipher Suite
- Ciphertext
- CIS Controls
- CISA
- CISA Known Exploited Vulnerabilities (KEV) Catalog
- CISM
- CISSP
- Citrix Bleed (CVE-2023-4966)
- Cl0p / Clop Ransomware
- ClickFix Attack
- Clickjacking
- Clipboard Hijacker
- Cloud Control Plane Attack
- Cloud Cryptojacking
- Cloud Data Exfiltration
- Cloud Encryption
- Cloud Forensics
- Cloud Key Leak
- Cloud Metadata SSRF
- Cloud Misconfiguration
- Cloud Security
- Cloud Security Engineer
- Cloud Token Theft
- CMMC
- CNAPP (Cloud-Native Application Protection)
- Cobalt Strike
- COBIT
- Code Injection
- Codecov Bash Uploader Compromise
- Cold Boot Attack
- Cold Wallet
- Collection (MITRE Tactic)
- COM Hijacking
- Command and Control (C2)
- Command Injection
- Compensating Controls
- Compliance
- CompTIA Security+
- Computer Virus
- Computer Worm
- Confidential Computing
- Configuration Management
- ConnectWise ScreenConnect (CVE-2024-1709 / CVE-2024-1708)
- Consent Management
- Container Escape
- Container Image Scanning
- Container Security
- Content Security Policy (CSP)
- Conti Ransomware
- Continuous Authentication
- Control-Flow Integrity
- Conversation Hijacking
- Cookie Hijacking
- Cookie Poisoning
- Coordinated Vulnerability Disclosure (CVD)
- Corrective Controls
- CORS (Cross-Origin Resource Sharing)
- CORS Misconfiguration
- COSE
- Cosign
- Coverage-Guided Fuzzing
- CPRA
- Credential Access
- Credential Harvesting
- Credential Stealer
- Credential Stuffing
- Credential Vault
- Credit Card Fraud
- CRIME Attack
- CRISC
- CRLF Injection
- Cron Persistence
- Cross-Origin Embedder Policy (COEP)
- Cross-Origin Opener Policy (COOP)
- Cross-Site Request Forgery (CSRF)
- Cross-Site Scripting (XSS)
- Cross-Site Tracking
- Crown Jewels Analysis
- Cryptocurrency Laundering
- Cryptocurrency Mixer / Tumbler
- Cryptographic Agility
- Cryptographic Bill of Materials (CBOM)
- Cryptographic Erasure
- Cryptographic Hash Function
- Cryptographic Key
- Cryptography
- Cryptojacking
- Cryptominer
- CRYSTALS-Dilithium
- CRYSTALS-Kyber
- CSPM (Cloud Security Posture Management)
- CSPM Finding
- CSRF Token
- CSV Injection
- Curve25519
- CVE (Common Vulnerabilities and Exposures)
- CVE Numbering Authority (CNA)
- CVSS (Common Vulnerability Scoring System)
- CWE (Common Weakness Enumeration)
- CWPP (Cloud Workload Protection Platform)
- Cyber Insurance
- Cyber Kill Chain
- Cyber Threat Intelligence (CTI)
- Cyber Threat Intelligence (CTI) Analyst
- Cyber-Physical System (CPS)
- Cybercrime-as-a-Service (CaaS)
- Cybersquatting
- CycloneDX
D
- DANE
- Dark Patterns
- Dark Web
- DarkSide Ransomware
- DAST (Dynamic Application Security Testing)
- Data Anonymization
- Data Breach
- Data Broker
- Data Classification
- Data Leak
- Data Loss Prevention (DLP)
- Data Masking
- Data Minimization
- Data Poisoning
- Data Protection Impact Assessment (DPIA)
- Data Protection Officer (DPO)
- Data Residency
- Data Retention
- Data Sovereignty
- Data Subject Access Request (DSAR)
- Database Activity Monitoring (DAM)
- Database Firewall
- dd (Raw Disk Image)
- DDoS Amplification
- DDoS Mitigation
- Decentralized Identifier (DID)
- Deception Technology
- Decryption
- Deep Packet Inspection (DPI)
- Deep Web
- Deepfake
- Defense Evasion
- Defense in Depth
- DeFi
- Demilitarized Zone (DMZ)
- Denial-of-Service (DoS) Attack
- DEP
- Dependency Confusion Attack
- Dependency Pinning
- DES (Data Encryption Standard)
- Detection Engineering
- Detective Controls
- Device Code Flow (OAuth 2.0 Device Authorization Grant)
- Device Code Phishing
- DevSecOps
- DFIR (Digital Forensics and Incident Response)
- DFIR Analyst
- DHCP
- DHCP Spoofing
- DHCP Starvation
- Diameter Protocol
- Diamond Model of Intrusion Analysis
- Dictionary Attack
- Differential Privacy
- Diffie–Hellman Key Exchange
- Digital Forensics
- Digital Identity
- Digital Signature
- Directory Traversal
- Dirty COW (CVE-2016-5195)
- Dirty Pipe (CVE-2022-0847)
- Discovery (MITRE Tactic)
- Discretionary Access Control (DAC)
- Disk Forensics
- Distributed Control System (DCS)
- Distributed Denial-of-Service (DDoS) Attack
- DKIM
- DLL Hijacking
- DLL Injection
- DMARC
- DNP3
- DNS Amplification Attack
- DNS Blocklist (DNSBL)
- DNS Cache Poisoning
- DNS Hijacking
- DNS Leak
- DNS over HTTPS (DoH)
- DNS over QUIC (DoQ)
- DNS over TLS (DoT)
- DNS Rebinding
- DNS Spoofing
- DNS Tunneling
- DNSSEC
- Docker Socket Attack
- DOM Clobbering
- DOM-Based XSS
- Domain Generation Algorithm (DGA)
- Domain Hijacking
- Domain Shadowing
- DORA
- Double Free
- Downloader
- Doxware
- Doxxing
- DPA
- DPDP Act (Digital Personal Data Protection Act, India)
- DPF
- DPoP (Demonstrating Proof of Possession)
- Dragonblood
- DREAD Model
- Drive-by Download
- Dropper
- DROWN Attack (CVE-2016-0800)
- DSPM (Data Security Posture Management)
- DTP Attack
- Dumpster Diving
- Dust Attack
- Dwell Time
E
- E01 (EnCase Evidence) Image Format
- EAP-TLS
- eBPF Security
- ECDH
- ECDSA
- Ed25519
- EDR (Endpoint Detection and Response)
- EIP-712 Signing
- Elastic Stack (ELK)
- ELF Binary Format
- Elliptic Curve Cryptography (ECC)
- Email Spoofing
- Embedding Attacks
- Emotet
- EnCase
- Encryption
- End-to-End Encryption (E2EE)
- Endpoint Isolation
- Enterprise Mobility Management (EMM)
- Enterprise Risk Management (ERM)
- Envelope Encryption
- EPP (Endpoint Protection Platform)
- EPSS (Exploit Prediction Scoring System)
- Equation Group
- Eric Zimmerman's EZ Tools
- EternalBlue (CVE-2017-0144)
- Ethical Hacker
- EU AI Act
- EU Cyber Resilience Act (CRA)
- Eval Injection
- Evasion Attack (ML)
- Evidence Acquisition
- Evil Maid Attack
- Evil Twin Attack
- Excessive Agency
- Execution (MITRE Tactic)
- Exfiltration
- Exploit
- Extended Validation Certificate
- External Attack Surface Management (EASM)
F
- FAIR (Factor Analysis of Information Risk)
- Falco
- Falcon (Signature Scheme)
- False Negative
- False Positive
- Fast Flux
- Fault Injection
- Federated Identity
- Federated Learning
- FedRAMP
- FERPA
- FIDO Security Key
- FIDO2
- Field CISO
- File Carving
- File Integrity Monitoring (FIM)
- Fileless Malware
- FIN Threat Group
- FIPS 140 / FIPS 140-3
- Firewall
- Firmware Malware
- Firmware Over-the-Air (OTA)
- FISMA
- Flash Loan Attack
- Forensic Hash Verification
- Forensic Imaging
- Forensic Readiness
- Forensic Toolkit
- Fork Bomb
- Format String Vulnerability
- Formjacking
- Fortinet FortiOS / FortiManager 2024 Zero-Days
- Forward Proxy
- Fraggle Attack
- FREAK Attack
- Frida Dynamic Instrumentation
- Front-Running (Blockchain)
- FrostyGoop
- FTK
- FTP
- Function as a Service (FaaS)
- Fuzz Testing
G
- GDPR
- GHOST Vulnerability (CVE-2015-0235)
- GIAC Certifications
- Gift Card Fraud
- GitOps Security
- Glitch Attack
- Global Privacy Control (GPC)
- GnuPG (GPG)
- Golden SAML
- Golden Ticket
- Google Chronicle SecOps
- Google Play Integrity API
- GootLoader
- Gramm-Leach-Bliley Act (GLBA)
- GrayKey
- GRC Analyst
- Grey Hat Hacker
- Greylisting
- Greyware
- Grover's Algorithm
- gVisor
H
- Hack-Back
- Hacker
- Hacktivist
- Hardcoded Secrets in Code
- Hardware Attestation
- Hardware Security Module (HSM)
- Hardware Token
- Hardware Trojan
- Hardware Wallet
- Harvest Now, Decrypt Later
- Hash Collision
- Hashcat
- Havex (Dragonfly RAT)
- Headless Browser
- Heap Feng Shui
- Heap Overflow
- Heap Spraying
- Heartbleed (CVE-2014-0160)
- Heuristic Detection
- hiberfil.sys
- HIPAA
- HITRUST
- Hive Ransomware
- HKDF (HMAC-based Key Derivation Function)
- HMAC
- HMAC-Based One-Time Password (HOTP)
- Hold Your Own Key (HYOK)
- Homograph Attack (IDN Homograph)
- Homomorphic Encryption
- Honey Account
- Honeyfile
- Honeynet
- Honeypot
- Honeytoken
- Honeyuser
- Horizontal Privilege Escalation
- Host Header Injection
- Host-Based IDS (HIDS)
- Hot Wallet
- HSRP / VRRP Attack
- HTTP Desync Attack
- HTTP Request Smuggling
- HTTP Response Splitting
- HTTP Security Headers
- HTTP Strict Transport Security (HSTS)
- HTTP/2 Security
- HTTP/3 / QUIC
- HttpOnly Cookie Flag
- HTTPS
- Human-Machine Interface (HMI)
I
- I2P
- IAB TCF (Transparency and Consent Framework)
- IAM Misconfiguration (cloud)
- IAM Privilege Escalation
- IAST (Interactive Application Security Testing)
- IcedID / BokBot
- ICMP
- ICO Scam
- Identity and Access Management (IAM)
- Identity Theft
- Identity-Based Encryption
- IEC 61850
- IEC 62443
- IEEE 802.1X
- IFEO Injection
- iframe sandbox
- IMEI (International Mobile Equipment Identity)
- Impact (MITRE Tactic)
- Impossible Travel Detection
- IMSI (International Mobile Subscriber Identity)
- IMSI Catcher
- in-toto
- Incident Responder
- Incident Response
- Incident Response Plan
- Indicator of Attack (IoA)
- Indicator of Compromise (IoC)
- Indirect Prompt Injection
- Industrial Control System (ICS)
- Industroyer / CrashOverride
- Industroyer2 (CrashOverride 2)
- Inferno Drainer
- Info Stealer
- Infrastructure as a Service (IaaS)
- Infrastructure-as-Code (IaC) Security
- Inherence Factor (Something You Are)
- Inherent Risk
- Initial Access
- Initial Access Broker (IAB)
- Initialization Vector (IV)
- Input Validation
- Insecure Deserialization
- Insecure Direct Object Reference (IDOR)
- Insecure File Upload
- Insecure Output Handling
- Insider Threat
- Integer Overflow
- Integer Underflow
- Intel CET
- Intel SGX
- Intrusion Detection System (IDS)
- Intrusion Prevention System (IPS)
- Invoice Fraud
- iOS Keychain
- iOS Malware
- IoT Botnet
- IoT Security
- IP Address
- IP Fragmentation Attack
- IP Spoofing
- IPsec
- ISO/IEC 27001
- ISO/IEC 27002
- ISO/IEC 27017
- ISO/IEC 27018
- ISO/IEC 42001
- Istio Security
- ITIL
- Ivanti Connect Secure Zero-Days (CVE-2023-46805, CVE-2024-21887)
J
K
- k-Anonymity
- Kali Linux
- KAPE (Kroll Artifact Parser and Extractor)
- KARMA Attack
- Kaseya VSA Supply-Chain Attack
- KASLR
- Kata Containers
- Kerberoasting
- Kerberos
- Kerberos Constrained Delegation
- Kerberos Unconstrained Delegation
- Kernel Mode vs User Mode
- Key Derivation Function (KDF)
- Key Escrow
- Key Management System
- Key Rotation
- Keylogger
- KNOB Attack
- Knowledge Factor (Something You Know)
- Known Exploited Vulnerability (KEV)
- known_hosts File
- KRACK Attack
- kube-bench
- Kubernetes Admission Controller
- Kubernetes Cluster Attack
- Kubernetes Network Policy
- Kubernetes RBAC Misconfiguration
- Kubernetes Security
- Kubescape
- Kyverno
L
- l-Diversity
- LAND Attack
- LastPass Breach (2022)
- Lateral Movement
- Lattice-Based Cryptography
- launchd Persistence
- Layer 2
- LD_PRELOAD Hijacking
- LDAP
- LDAP Injection
- Ledger Wallet
- LGPD
- Linux Capabilities
- Living off the Land
- LLM Firewall
- LLM Guardrails
- LLM System Prompt Leak
- LLMjacking
- LLMNR Poisoning
- Loader
- Local File Inclusion (LFI)
- Location Factor (Somewhere You Are)
- LockBit
- Locky Ransomware
- Log Aggregation
- Log Analysis
- Log Correlation
- Log4Shell (CVE-2021-44228)
- Logic Bomb
- Logjam
- LOLBin / LOLBAS
- Looney Tunables (CVE-2023-4911)
- LoRaWAN Security
- LTE Security
- Lucky 13
- Lumma Stealer
M
- MAC Address
- MAC Spoofing
- Mach-O
- Machine Identity
- Macro Virus
- Magecart Attack
- Magic Link Authentication
- Magnet AXIOM
- Mail Bomb
- Malicious Browser Extension
- Malicious npm Package
- Malvertising
- Malware
- Malware Analysis
- Malware Analyst
- Man-in-the-Middle Attack
- Mandatory Access Control (MAC)
- Mass Assignment
- Mass Surveillance
- Master Key
- Matter Protocol
- Maze Ransomware
- MCP Attacks
- MD5
- MDR (Managed Detection and Response)
- Mean Time to Contain (MTTC)
- Mean Time to Detect (MTTD)
- Mean Time to Recover (MTTR)
- Mean Time to Respond (MTTR)
- Medusa Ransomware
- Meltdown
- Membership Inference Attack
- Memory Corruption
- Memory Forensics
- Memory Leak
- Memory Safety
- Memory-Safe Languages
- Message Authentication Code (MAC)
- Metamorphic Malware
- Metasploit
- MEV (Maximal Extractable Value)
- MFA Fatigue (Push Bombing)
- MFT (Master File Table)
- Microsegmentation
- Microsoft Entra ID
- Microsoft Pluton
- Microsoft Sentinel
- MIME Sniffing
- Mimikatz
- Mirai Botnet
- MISP
- Misuse Case
- mitmproxy
- MITRE ATT&CK
- MITRE Caldera
- MITRE D3FEND
- MITRE Engage
- Mixed Content
- ML-DSA (FIPS 204)
- ML-KEM (FIPS 203)
- MLSecOps
- Mobile App Permissions
- Mobile App Sandbox
- Mobile App Security
- Mobile App Store Attack
- Mobile Application Management (MAM)
- Mobile Device Management (MDM)
- Mobile Forensics
- Mobile Jailbreak Detection (iOS)
- Mobile Malware
- Mobile OTP Interception
- Mobile Root Detection (Android)
- Mobile TLS Pinning Bypass
- Mobile VPN
- MobSF (Mobile Security Framework)
- Modbus
- Model Context Protocol (MCP)
- Model Denial of Service
- Model Extraction
- Model Inversion
- Monte Carlo Risk Simulation
- MOVEit Transfer SQLi (CVE-2023-34362)
- MTA-STS
- MUD (Manufacturer Usage Description, RFC 8520)
- Multi-Factor Authentication (MFA)
- Multisig Wallet
- Mutation Fuzzing
- Mutual Authentication
- Mutual TLS (mTLS)
N
- N-Day Vulnerability
- Nation-State Actor
- NBT-NS Poisoning
- NDR (Network Detection and Response)
- Need-to-Know Principle
- Nessus
- NetFlow
- Network Access Control (NAC)
- Network Address Translation (NAT)
- Network Forensics
- Network Security Engineer
- Network Segmentation
- Network-Based IDS (NIDS)
- Next-Generation Antivirus (NGAV)
- Next-Generation Firewall (NGFW)
- NFC Relay Attack
- NFT Fraud
- Nightshade Attack
- NIS2 Directive
- NIST AI Risk Management Framework (AI RMF)
- NIST Cybersecurity Framework
- NIST Cybersecurity Framework 2.0
- NIST PQC Standardization
- NIST Risk Management Framework
- NIST SP 800-171
- NIST SP 800-30
- NIST SP 800-37
- NIST SP 800-53
- NIST SP 800-61
- Nitrokey
- Nmap
- Noise Protocol Framework
- Nomad Bridge Hack (2022)
- Non-Resident Virus
- Nonce
- NoSQL Injection
- NotPetya
- NTLM Authentication
- NTLM Relay Attack
- NTP Amplification Attack
- Null Pointer Dereference
O
- OAuth 2.0
- OAuth Consent Phishing
- Oblivious HTTP (OHTTP)
- OCSP (Online Certificate Status Protocol)
- OCTAVE Method
- Okta Support System Breach (2023)
- one_gadget RCE
- One-Time Password (OTP)
- Onion Routing
- OPA (Open Policy Agent)
- OPA Gatekeeper
- OPC UA
- Open Redirect
- OpenID Connect (OIDC)
- OpenVPN
- Operational Technology (OT)
- Operational Threat Intelligence
- Opportunistic TLS
- Oracle Manipulation
- Order of Volatility
- ORM Injection
- OSCP
- osquery
- OSSEC
- OSSTMM
- OTX
- Out-of-Bounds Read
- Output Encoding
- OWASP API Security Top 10
- OWASP ASVS
- OWASP Dependency-Check
- OWASP LLM Top 10
- OWASP MASVS
- OWASP Mobile Top 10
- OWASP SAMM
- OWASP Top 10
- OWASP WSTG
- OWASP ZAP
P
- Package Signing
- Packet Filtering
- Padding Oracle Attack
- pagefile.sys
- PAKE (Password-Authenticated Key Exchange)
- Palo Alto GlobalProtect / PAN-OS 2024 Zero-Days
- Parameter Tampering
- Parameterized Query
- Pass-the-Hash
- Pass-the-Ticket
- Passive DNS
- Passkey
- Passphrase
- Password
- Password Entropy
- Password Manager
- Password Policy
- Password Reuse
- Password Spraying
- PASTA Threat Model
- Patch Management
- Payload
- Payment Fraud
- PBKDF2
- PCAP
- PCI DSS
- PDF Exploit
- PE Executable Format
- Pegasus Spyware (NSO Group)
- PEM Format
- Penetration Tester
- Penetration Testing
- Pepper
- Perfect Forward Secrecy
- Permissions-Policy
- Permit2 Phishing
- Persistence
- Personally Identifiable Information (PII)
- PGP
- Pharming
- Phishing
- Phishing-Resistant MFA
- Phreaking
- Pig Butchering Scam
- Piggybacking
- Ping of Death
- PIPEDA
- Pipedream / Incontroller
- PIPL (Personal Information Protection Law, China)
- PIV Card
- Pixie Dust Attack
- PKCE (Proof Key for Code Exchange)
- PKCS#11
- PKCS#12
- PKCS#7
- Plaintext
- Plaso
- Platform as a Service (PaaS)
- Play Ransomware
- Playwright Security
- PMKID Attack
- Pod Security Standards
- Policy as Code
- Polyfill.io Supply-Chain Attack (2024)
- Polymorphic Malware
- POODLE Attack (CVE-2014-3566)
- Port Forwarding
- Port Knocking
- Possession Factor (Something You Have)
- Post-Mortem
- Post-Quantum Cryptography
- Potentially Unwanted Program (PUP)
- Power Analysis Attack
- Predator Spyware (Intellexa)
- Prefetch Files
- Preservation of Evidence
- Pretexting
- Preventive Controls
- Principle of Least Privilege
- PrintNightmare (CVE-2021-34527)
- Privacy by Design
- Privacy Engineer
- Privacy Impact Assessment (PIA)
- Privacy Sandbox
- Private Key
- Private Set Intersection (PSI)
- Privilege Escalation
- Privileged Access Management (PAM)
- Process Injection
- PROFINET
- Programmable Logic Controller (PLC)
- Promiscuous Mode
- Prompt Injection
- Proof-of-Concept Exploit
- Protestware
- Prototype Pollution
- Provenance Attestation
- Proxy Re-Encryption
- Proxy Server
- ProxyLogon (CVE-2021-26855)
- ProxyShell
- Pseudonymization
- PTES
- Public Key
- Public Key Infrastructure (PKI)
- Public-Key Cryptography
- Puppeteer Security
- Purdue Enterprise Reference Architecture
- Purple Team
- Push Authentication
- Pwned Password
- PwnKit (CVE-2021-4034)
- Pyramid of Pain
Q
R
- Raccoon Stealer
- Race Condition
- RADIUS
- RAG
- RAG Security
- Rainbow Table Attack
- Ransomware
- Ransomware Gang
- Ransomware-as-a-Service (RaaS)
- RASP (Runtime Application Self-Protection)
- Rate Limiting
- Reconnaissance
- Recovery Phrase
- Recovery Point Objective (RPO)
- Recovery Time Objective (RTO)
- Red Team
- RedLine Stealer
- Reentrancy Attack
- Referrer Policy
- Reflected XSS
- Refresh Token
- Registry Run Key Persistence
- regreSSHion (CVE-2024-6387)
- RegRipper
- Relay Attack
- Remote Access Trojan (RAT)
- Remote Access VPN
- Remote File Inclusion (RFI)
- Replay Attack
- Reproducible Builds
- Resident Virus
- Residual Risk
- Responder Attack
- Return-Oriented Programming
- Reverse Engineering
- Reverse Proxy
- REvil / Sodinokibi
- RFID Cloning
- Rhysida Ransomware
- Right of Data Portability
- Right of Rectification
- Right to Be Forgotten
- Ring Signature
- Risk Appetite
- Risk Assessment
- Risk Management
- Risk Register
- Risk Tolerance
- Risk Treatment
- Risk-Based Authentication (RBA)
- ROBOT Attack
- robots.txt
- Rogue Access Point
- Rogue DHCP Server
- Rogue Security Software
- Role-Based Access Control (RBAC)
- Romance Scam
- Ronin Bridge Hack (2022)
- Rooting (Android)
- Rootkit
- Rowhammer
- Royal Ransomware
- RPKI (Resource Public Key Infrastructure)
- RSA Algorithm
- RTLO Override (Right-to-Left Override Attack)
- Rug Pull
- Rust Security Properties
- Ryuk Ransomware
S
- S/MIME
- S3 Bucket Misconfiguration
- Safety Instrumented System (SIS)
- Salsa20
- Salt
- Same-Origin Policy (SOP)
- SameSite Cookie
- SAML
- Sandbox / Emulator Detection
- Sandbox Escape
- Sandwich Attack
- Sandworm Team
- SANS Top 25
- Sarbanes-Oxley Act (SOX)
- SASE
- SAST (Static Application Security Testing)
- SCA (Software Composition Analysis)
- SCADA
- Scareware
- SCC
- Scheduled Task Persistence
- Screen Scraper
- Script Kiddie
- scrypt
- SEC Cybersecurity Disclosure Rules (2023)
- seccomp
- secp256k1
- Secure Boot
- Secure Coding
- Secure Cookie Flag
- Secure Email Gateway
- Secure Enclave
- Secure Messaging App
- Secure Multi-Party Computation (MPC)
- Secure Software Development Lifecycle (SSDLC)
- Security Analyst (Tier 1/2/3 SOC)
- Security Architect
- Security as Code
- Security Awareness Trainer
- Security Baseline
- Security by Obscurity
- Security Controls
- Security Engineer
- Security Onion
- Security Operations Center (SOC)
- Security Playbook
- Security Posture
- Security Requirements
- SeDebugPrivilege
- Seed Phrase
- Self-Signed Certificate
- Self-Sovereign Identity (SSI)
- SELinux
- Separation of Duties (SoD)
- Server-Side Request Forgery (SSRF)
- Server-Side Template Injection
- Serverless Security
- Service Account
- Service Account Token
- Service Level Agreement (SLA)
- Service Mesh Security
- Session Fixation
- Session Hijacking
- Session Key
- Session Management
- Session Replay
- Session Token
- Sextortion
- SFTP
- SHA-1
- SHA-256
- SHA-3
- Shadow AI
- Shadow Brokers Leak
- Shadow Stack
- Shamir's Secret Sharing
- Shared Responsibility Model
- Shellbags
- Shellshock (CVE-2014-6271)
- Shift-Left Security
- Shimcache (AppCompatCache)
- Shodan
- Shor's Algorithm
- Shoulder Surfing
- Side-Channel Attack
- SIEM
- SIEM Rule Tuning
- Sigma Rule
- Signal Protocol
- Signature Phishing (Web3)
- Signature-Based Detection
- Sigstore
- Silver Ticket
- SIM Cloning
- SIM Swapping
- Single Point of Failure (SPOF)
- Single Sign-On (SSO)
- SIP Attack
- Site Isolation
- Site-to-Site VPN
- SLH-DSA (FIPS 205)
- Slopsquatting
- SLSA Framework
- Smart Card
- Smart Contract Audit
- Smart Contract Security
- SMB Relay Attack
- SMEP / SMAP
- Smishing
- Smurf Attack
- Snort Rule
- SOAR
- SOC 2
- SOC Analyst
- SOC Maturity Model
- SocGholish
- Social Engineering
- Social Login
- Software as a Service (SaaS)
- Software Bill of Materials (SBOM)
- Software Supply Chain Security
- SolarWinds Sunburst
- Spam (Email)
- Spanning-Tree Protocol Attack
- SPDX (Software Package Data Exchange)
- Spear Phishing
- Spectre
- Speculative Execution Side Channel
- SPF (Sender Policy Framework)
- SPHINCS+
- SPIFFE
- SPIRE Runtime
- Splunk Enterprise Security
- Splunk SPL Query
- Spring4Shell (CVE-2022-22965)
- Spyware
- SQL Injection
- SS7 Attack
- SSE
- SSH
- SSH Agent Forwarding
- SSH Key Types
- SSL (Secure Sockets Layer)
- SSL Stripping
- SSL VPN
- SSL/TLS Downgrade Attack
- SSPM (SaaS Security Posture Management)
- Stack Canary
- Stack Overflow Vulnerability
- Starjacking
- STARTTLS
- Stateful Firewall
- Stateless Firewall
- Stealth Malware
- Steganalysis
- Step-Up Authentication
- Stingray
- STIX
- Stored Procedure Abuse
- Stored XSS
- Strategic Threat Intelligence
- Stream Cipher
- STRIDE Model
- Stuxnet
- Subdomain Takeover
- Subnet
- Subresource Integrity (SRI)
- Supercookie
- Supply Chain Attack
- Suricata
- Swatting
- SWG
- Symbolic Execution
- Symmetric Encryption
- SYN Flood
- Synthetic Media
- Sysmon
- System Hardening
- System Prompt Extraction
T
- t-Closeness
- Tabletop Exercise
- Tabnabbing
- TACACS+
- Tactical Threat Intelligence
- Tactics, Techniques and Procedures (TTPs)
- Tailgating
- TAXII Protocol
- TCP
- TCP Reset Injection
- TCP/IP
- Teardrop Attack
- Tech Support Scam
- TEMPEST Attack
- Tenant Isolation
- Terrapin Attack (CVE-2023-48795)
- Tetragon
- The Sleuth Kit
- Third-Party Cookie
- Third-Party Risk Management (TPRM)
- Threat Actor
- Threat Hunter
- Threat Hunting
- Threat Intelligence
- Threat Landscape
- Threat Modeling
- Threat Vector
- Threshold Cryptography
- Time Bomb
- Time Factor (Authentication)
- Time-Based One-Time Password (TOTP)
- Timeline Analysis
- Timing Attack
- TLP
- TLS (Transport Layer Security)
- TLS Handshake
- TOCTOU Vulnerability
- Token Impersonation
- Token Smuggling
- Tokenization (Privacy)
- Tool-Use Injection
- Topics API
- Tor / Tor Browser
- Tracking Pixel
- Trackware
- Training Data Extraction
- Transferable Adversarial Attack
- Transparent Proxy
- Trezor Wallet
- TrickBot
- Trike
- Triple DES (3DES)
- TRITON / TRISIS
- Trivy
- Trojan Horse
- Trusted Execution Environment (TEE)
- Trusted Platform Module (TPM)
- Trusted Types
- TunnelVision (CVE-2024-3661)
- Two-Factor Authentication (2FA)
- Twofish
- Type Confusion Vulnerability
- Typosquatted Package
- Typosquatting
U
V
- Vector Database Security
- Velociraptor
- Vendor Risk Management
- Vendor Security Assessment
- Verifiable Credential
- VERIS Framework
- Vertical Privilege Escalation
- VEX (Vulnerability Exploitability eXchange)
- Vidar Stealer
- Video Deepfake Attack
- Virtual CISO (vCISO)
- Vishing
- VLAN
- VLAN Hopping
- Voice Cloning Attack
- VoIP Security
- Volatility Framework
- VoLTE Security
- VPN (Virtual Private Network)
- VPN Kill Switch
- VPN Leak
- VPN Split Tunneling
- Vulnerability
- Vulnerability Assessment
- Vulnerability Scanning
W
- WAAP
- Wabbit
- Wallet Drainer
- WalletConnect Security
- WannaCry
- Wardriving
- Watering Hole Attack
- Wazuh
- Weaponized Exploit
- Web Application Firewall (WAF)
- Web Cache Deception
- Web Skimmer / E-Skimming
- WebAssembly Security
- WebAuthn
- WebRTC IP Leak
- WEP (Wired Equivalent Privacy)
- Whaling
- White Hat Hacker
- White Team
- WHOIS Lookup
- Wi-Fi 6E
- Wi-Fi 7
- Wi-Fi Deauthentication Attack
- Wi-Fi Pineapple
- Wildcard Certificate
- Windows Event Log Analysis
- Windows Registry Analysis
- Wiper Malware
- WireGuard
- Wireshark
- WMI Event Subscription Persistence
- Workforce Identity
- Workload Identity
- Wormhole Bridge Hack (2022)
- WPA2
- WPA3
- WPS Attack
- Write Blocker