The Top 100 Cybersecurity Terms
The language used by hackers and cybersecurity professionals continues to expand everyday, incorporating a mix of technical jargon, acronyms, and slang. This article aims to explain the top 100 hacking terms and slang, providing you with the essential lexicon to navigate the current cybersecurity landscape.
1. Phishing
Phishing is a cyberattack that uses disguised email as a weapon. The goal is to trick the email recipient into believing that the message is something they want or need — for example, a request from their bank or a note from someone in their company — and to click a link or download an attachment.
2. Malware
Malware, short for malicious software, encompasses any software intentionally designed to cause damage to a computer, server, client, or computer network. By disrupting operations, stealing information, or gaining access to private computer systems, malware acts as the primary tool for cybercrime.
3. Ransomware
Ransomware is a subset of malware where the data on a victim’s computer is locked, typically by encryption, and payment is demanded before the ransomed data is decrypted and access returned to the victim. The motives for ransomware attacks are nearly always monetary, and unlike other types of attacks, the victim is usually notified and given instructions on how to recover from the attack.
4. Botnet
A botnet is a network of private computers infected with malicious software and controlled as a group without the owners’ knowledge. Botnets can be used to perform Distributed Denial of Service (DDoS) attacks, steal data, send spam, and allows the attacker to access the device and its connection.
5. DDoS (Distributed Denial of Service)
A Distributed Denial of Service (DDoS) attack is an attempt to crash a website or online service by overwhelming it with a flood of internet traffic. This is achieved by utilizing multiple compromised computer systems as sources of traffic. DDoS attacks exploit the specific capacity limits that apply to any network resources.
6. Exploit
An exploit is a piece of software, a set of data, or a sequence of commands that takes advantage of a bug or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software or hardware. It often includes gaining control over a computer system or allowing an attacker to introduce malware.
7. Zero-Day
A zero-day vulnerability is one that is unknown to the software vendor or to antivirus vendors before it becomes active and exploitable. This means the attackers have a “zero day” head start, hence the name, making it particularly dangerous.
8. Brute Force Attack
A brute force attack involves trying every possible combination of letters, numbers, and special characters until the correct password is found. This method relies on the computational power at the attacker’s disposal and is often used against web applications to crack passwords and gain access to user accounts.
9. VPN (Virtual Private Network)
A Virtual Private Network (VPN) extends a private network across a public network, allowing users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. This provides the benefits of security, functionality, and management policies of the private network.
10. Trojan Horse
A Trojan horse, or Trojan, is any malware which misleads users of its true intent. The term is derived from the Ancient Greek story of the deceptive Trojan Horse that led to the fall of the city of Troy. Trojans are generally spread by some form of social engineering, for example, where a user is duped into executing an email attachment disguised to appear not suspicious.
11. Rootkit
Rootkits are a type of malware designed to gain unauthorized access to a computer or area of its software and hide the existence of certain processes or programs from normal methods of detection. Rootkits allow viruses and malware to “hide in plain sight” by disguising as necessary files that your antivirus software will overlook.
12. Social Engineering
Social engineering is the art of manipulating people so they give up confidential information. The types of information these criminals are seeking can vary, but when individuals are targeted the criminals are usually trying to trick you into giving them your passwords or bank information, or access your computer to secretly install malicious software.
13. Whitelisting
Whitelisting is a cybersecurity strategy under which a user can only take actions on their computer that an administrator has explicitly allowed in advance. It is the opposite of more common security strategies that block access to unauthorized or unknown applications. This can protect against malware by only allowing pre-approved applications to run.
14. Black Hat
A black hat hacker is an individual with extensive computer knowledge whose purpose is to breach or bypass internet security. The black hat hacker is known for hacking into computer networks with malicious intent, stealing data, corrupting the system, or shutting it down entirely.
15. White Hat
A white hat hacker, also known as an ethical hacker, is a cybersecurity expert who practices hacking to identify security vulnerabilities that a malicious hacker could potentially exploit. White hats aim to improve security by exposing weaknesses before malicious hackers can detect and exploit them.
16. Grey Hat
A grey hat hacker lies between a black hat and a white hat hacker. They may exploit security weaknesses without the owner’s permission or knowledge, but their intentions are to report the vulnerabilities to the owner, sometimes requesting a small fee to fix the issue.
17. Encryption
Encryption is the process of encoding information in such a way that only authorized parties can access it. By converting the original representation of the information, known as plaintext, into an alternative form known as ciphertext, encryption prevents unauthorized individuals from accessing the data.
18. Firewall
A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules. Firewalls have been a first line of defense in network security for over 25 years, establishing a barrier between secured and controlled internal networks that can be trusted and untrusted outside networks.
19. Keylogger
A keylogger is a type of surveillance technology used to monitor and record each keystroke typed on a specific computer’s keyboard. Keylogger software is potentially malicious, allowing hackers to capture sensitive information like passwords and credit card numbers.
20. Spoofing
Spoofing is a fraudulent or malicious practice in which communication is sent from an unknown source disguised as a source known to the receiver. Spoofing can apply to emails, phone calls, and websites, or can be more technical, such as a computer spoofing an IP address, Address Resolution Protocol (ARP), or Domain Name System (DNS) server.
21. Backdoor
A backdoor in a computer system or cryptosystem is a method of bypassing normal authentication, securing unauthorized remote access to a computer, while attempting to remain undetected. The backdoor access can be installed by the system designer, or it can be the result of a flaw, and it allows for remote command and control by unauthorized users.
22. Man-in-the-Middle (MitM) Attack
In a Man-in-the-Middle (MitM) attack, the attacker secretly intercepts and possibly alters the communication between two parties who believe they are directly communicating with each other. This attack can be used to steal personal information, login credentials, or credit card numbers and to eavesdrop on messages.
23. Patch
A patch is a set of changes to a computer program or its supporting data designed to update, fix, or improve it. This includes fixing security vulnerabilities and other critical bugs, with patches usually being issued by the software vendor. Regular patching is often cited as a critical component of comprehensive cybersecurity practices.
24. Penetration Testing (Pen Testing)
Penetration testing, often called “pen testing,” is a simulated cyber attack against your computer system to check for exploitable vulnerabilities. In the context of web application security, penetration testing is used to augment a web application firewall (WAF).
25. Skimming
Skimming is the theft of credit card information used in an otherwise legitimate transaction. It is typically an “inside job” by a dishonest employee of a legitimate merchant and usually involves the employee swiping the card on a small device known as a skimmer to record the information to use in fraudulent transactions later.
26. Smishing
Smishing is a deceptive tactic that uses text messaging to lure victims into providing personal information, such as passwords or credit card details. It combines the terms “SMS” (short message services) and “phishing” and often directs the recipient to a fraudulent website or asks them to install malware.
27. Spear Phishing
Spear phishing is an advanced form of phishing that targets specific individuals, organizations, or businesses. Unlike broad phishing attacks, spear phishing attackers gather and use personal information about their target to better disguise their attack and increase their chances of success.
28. Spyware
Spyware is a type of malware that is installed on a computer without the knowledge of the owner in order to collect the user’s personal information. Spyware can monitor internet activity, access emails, and steal personal information, including credit card details.
29. SQL Injection
SQL injection is a code injection technique used to attack data-driven applications. Malicious SQL statements are inserted into an entry field for execution (e.g., to dump the database contents to the attacker). SQL injection is one of the oldest, most prevalent, and most dangerous web application vulnerabilities.
30. Vishing
Vishing, or voice phishing, involves the use of telephone communication to scam the user into surrendering private information that will be used for identity theft. The scammer usually pretends to be from a legitimate organization and uses social engineering to steal sensitive information.
31. Wardriving
Wardriving involves searching for Wi-Fi wireless networks by a person in a moving vehicle, using a laptop or smartphone to detect and map networks, often exploiting insecure Wi-Fi signals to gain unauthorized access.
32. Worm
A computer worm is a type of malware that spreads copies of itself from computer to computer. A worm can replicate itself without any human interaction, and it does not need to attach itself to a software program in order to cause damage.
33. XSS (Cross-Site Scripting)
Cross-Site Scripting (XSS) is a vulnerability in web applications that allows attackers to inject malicious scripts into content from otherwise trusted websites. XSS attacks enable attackers to bypass access controls and impersonate users, potentially leading to unauthorized access to sensitive information.
34. Zombie Computer
A zombie computer is a machine compromised by a hacker, a virus, or a trojan horse and can be used to perform malicious tasks under remote direction. Botnets, networks of zombie computers, are often used to send spam emails or launch DDoS attacks.
35. Doxxing
Doxxing is the internet-based practice of researching and publicly broadcasting private or identifying information about an individual or organization. The methods employed to acquire this information include searching publicly available databases and social media websites, hacking, and social engineering.
36. Honeypot
A honeypot is a computer system that is set up to act as a decoy to lure cybercriminals and to detect, deflect, or study attempts at unauthorized use of information systems. Honeypots are designed to mimic systems that an intruder would like to break into but limit the access to the system and the data within.
37. Logic Bomb
A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. Unlike viruses, logic bombs do not replicate themselves but can be just as destructive.
38. Pharming
Pharming is a cyberattack intended to redirect a website’s traffic to another, bogus site. Pharming can be conducted either by changing the hosts file on a victim’s computer or by exploitation of a vulnerability in DNS server software.
39. Root Access
Root access refers to having the highest level of control over a computer or network. It allows for the modification of system functionalities and settings, installation of software, and access to all files on the system. Root access provides complete administrative control over a wide variety of system functions and files.
40. Session Hijacking
Session hijacking, also known as cookie hijacking, is the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system. This type of attack involves an attacker stealing a session cookie and using it to impersonate the legitimate user.
41. Credential Stuffing
Credential stuffing is an automated attack where attackers use stolen account credentials to gain unauthorized access to user accounts through massive automated login requests. This attack exploits the common practice of using the same password across multiple services, thereby increasing the risk of successful account breaches across different platforms.
42. Cryptocurrency Mining Malware
Cryptocurrency mining malware covertly utilizes the processing power of the infected computer to mine cryptocurrency, typically without the user’s consent. This type of malware can significantly degrade system performance, increase electricity costs, and often serves as a gateway for other malicious activities.
43. Digital Footprint
A digital footprint comprises the traces of information that individuals leave online through activities like visiting websites, posting on social media, or subscribing to online services. This footprint can reveal a lot about an individual’s preferences, behavior, and identity, making it valuable for both legitimate and malicious actors.
44. Dumpster Diving
Dumpster diving in the context of information security involves searching through physical trash to find documents, storage media, or other items that contain sensitive information. This discarded information can be exploited for identity theft, corporate espionage, or other malicious purposes.
45. Eavesdropping Attack
In an eavesdropping attack, an attacker intercepts and listens to private digital communications without consent. This attack can compromise the confidentiality of personal messages, financial transactions, and other sensitive information, leading to privacy violations and data breaches.
46. Endpoint Detection and Response (EDR)
Endpoint Detection and Response (EDR) solutions provide real-time monitoring and automated response to advanced threats targeting endpoint devices. EDR tools actively seek out and isolate threats, offering detailed threat analysis and insights to prevent future attacks.
47. Evil Twin
An evil twin attack involves setting up a fraudulent Wi-Fi access point that mimics the appearance of a legitimate one to deceive users into connecting. Once connected, attackers can monitor traffic, capture login credentials, and access sensitive information transmitted by unsuspecting users.
48. Fuzzing
Fuzzing is a dynamic code analysis technique used to identify vulnerabilities in software applications. By automatically feeding unexpected or random data inputs into the program, fuzzing aims to trigger errors, crashes, or memory leaks that could be exploited by attackers.
49. Ghostware
Ghostware refers to malware that eludes detection by hiding its presence after executing a malicious activity. This allows the malware to operate or transfer data without being detected by security software, making it particularly challenging to trace and eliminate.
50. Hashing
Hashing is a cryptographic process that transforms any form of data into a unique fixed-size string of characters, which serves as a fingerprint for that data. Unlike encryption, hashing is a one-way process, making it impossible to reverse the hash back to its original data, thus ensuring data integrity.
51. Insider Threat
An insider threat arises from individuals within the organization, such as employees, contractors, or business partners, who misuse their access to harm the organization’s information or systems. Insider threats can manifest through data theft, sabotage, or misuse of access privileges.
52. Jailbreaking
Jailbreaking refers to the process of removing software restrictions imposed by the operating system on devices like smartphones and tablets. This allows users to install unauthorized apps, extensions, and themes, but can also expose the device to security vulnerabilities.
53. Kali Linux
Kali Linux is a Linux distribution designed for digital forensics and penetration testing. It comes preloaded with a comprehensive suite of tools for security auditing, network analysis, and vulnerability assessment, making it a valuable resource for security professionals.
54. Lateral Movement
Lateral movement refers to the techniques used by attackers to navigate through a network, moving from one system to another, to gain access to valuable assets or data. This stage of a cyber attack is critical for expanding the attacker’s foothold within the target environment.
55. Macro Virus
A macro virus is a type of malware that embeds malicious code within macros of document files, such as Word or Excel documents. When the infected document is opened, the macro virus executes, potentially leading to data corruption, file encryption, or other system disruptions.
56. Network Sniffing
Network sniffing involves capturing data packets as they travel across a network. Attackers use sniffing to intercept and analyze traffic for sensitive information, such as passwords and financial data, often without detection.
57. Obfuscation
Obfuscation involves deliberately making source code, machine code, or algorithmic logic difficult to understand. This technique can be used by programmers to protect intellectual property or by attackers to conceal malware’s true purpose from analysis tools and security professionals.
58. Piggybacking
Piggybacking on a wireless network refers to the unauthorized access of someone else’s Wi-Fi network. This practice not only steals network resources but also poses a significant security risk, as it could be used for illegal activities or to gain unauthorized access to networked devices.
59. Quarantine
Quarantining involves isolating a suspected malicious file, software, or device to prevent it from causing harm or spreading within a computer or network. This containment strategy allows for safe analysis and decision-making regarding the disposition of the potential threat.
60. RAT (Remote Access Trojan)
A Remote Access Trojan (RAT) is a type of malware that allows hackers to control a device remotely without the user’s knowledge. RATs can be used for a variety of malicious purposes, including spying, stealing data, or distributing other malware.
61. Sandboxing
Sandboxing is a security technique in which a separate, secure environment is created to run and analyze untrusted programs or code, preventing them from accessing or harming the host device or network.
62. Social Media Engineering
Social Media Engineering form of cyber manipulation that involves tricking individuals on social media platforms into divulging confidential information or performing actions that would compromise their security. This technique leverages the inherent trust and openness found within social networks.
63. Tailgating
An unauthorized person following an authorized person into a secured area, often by closely following them through a door meant to restrict access. Tailgating is a physical security breach that can lead to cyber breaches if intruders gain access to secure locations.
64. Threat Intelligence
Information used by an organization to understand the threats that have, will, or are currently targeting the organization. This data is used to prepare, prevent, and identify cyber threats looking to take advantage of valuable resources.
65. Two-Factor Authentication (2FA)
A security process in which users provide two different authentication factors to verify themselves. This method is a more secure way of authenticating because it adds a second layer of verification beyond just a password.
66. Vulnerability Assessment
The process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a system. It provides the organization with the necessary knowledge, awareness, and risk background to understand the threats to its environment and react appropriately.
67. Whaling
A specific form of phishing aimed at senior executives and other high-profile targets within businesses. The attack may involve social engineering techniques to trick the victim into performing a detrimental action, such as transferring funds or revealing sensitive information.
68. Zero Trust Architecture
A security concept centered on the belief that organizations should not automatically trust anything inside or outside its perimeters and instead must verify anything and everything trying to connect to its systems before granting access.
69. Clickjacking
A technique where the attacker tricks a user into clicking on something different from what the user perceives, potentially revealing confidential information or allowing others to take control of their computer.
70. Drive-by Download
Refers to the unintentional download of malicious code to your computer or mobile device that exploits vulnerabilities in web browsers, operating systems, or apps. It often does not require any user interaction to execute.
71. Egress Filtering
The process of monitoring and potentially restricting the flow of information outbound from one network to another. This can help prevent sensitive data from leaving the network and block unauthorized access.
72. Firmware
Low-level software that is embedded into the hardware of electronic devices. Firmware provides the necessary instructions for how the device communicates with other computer hardware.
73. Grayware
Software that, while not explicitly malicious, can worsen the performance and security of computers, introduce vulnerabilities, and cause significant annoyances to the user.
74. Heuristic Analysis
A technique used by antivirus software to detect previously unknown computer viruses, as well as new variants of viruses already in the “wild,” by examining code for suspicious properties.
75. IOC (Indicator of Compromise)
A piece of forensic data, such as system log entries or files, that identifies potentially malicious activity on a system or network. IOCs help security professionals detect data breaches, malware infections, or other threat activities.
76. Jitterbugging
A method used by cybercriminals to insert jitter, or unpredictable time delays, into network communications. This can disrupt the timing of encryption algorithms and make communications more susceptible to interception and decryption.
77. Kerberoasting
A type of cyberattack against the Kerberos authentication protocol to crack the passwords of service accounts in Windows domains. It exploits the way that Kerberos handles service principal names (SPNs) to retrieve hashed credentials vulnerable to offline brute-force attacks.
78. Logic Gate
In the context of digital circuits, a logic gate is a basic building block of a digital system that is used to perform a boolean function; in cybersecurity, it can refer metaphorically to decision points in security protocols or malware.
79. Mitigation
The process of reducing the severity, seriousness, or painfulness of something. In cybersecurity, it refers to the measures taken to reduce the adverse effects of threats and vulnerabilities on information and information systems.
80. Nonce
A number or bit string used only once, in security engineering, during an authentication process or cryptographic communication. Nonces prevent old communications from being reused in replay attacks.
81. Patch Management
A strategy for managing patches or updates for software applications and technologies. Patch management helps ensure that the software’s security and functionality are up-to-date, mitigating potential vulnerabilities.
82. Red Team
In cybersecurity, a Red Team is a group that plays the role of an adversary, using hacking techniques to test the effectiveness of a system’s security. This practice helps identify weaknesses before actual attackers can exploit them.
83. Blue Team
A group responsible for defending an organization’s use of information systems by maintaining its security posture against a group of mock attackers (Red Team). The Blue Team aims to detect and respond to the attacks effectively.
84. Purple Team
Purple Teaming is a collaborative effort in which the offensive Red Team and defensive Blue Team work closely together to share insights, feedback, and learning outcomes to enhance overall security.
85. Risk Assessment
The process of identifying, analyzing, and evaluating risk. It helps organizations understand the cybersecurity risks to organizational operations (including mission, functions, image, and reputation), organizational assets, and individuals.
86. Security Operations Center (SOC)
A centralized unit that deals with security issues on an organizational and technical level. A SOC within a building or facility is a central location from where staff supervises the site, using data processing technology.
87. Threat Hunting
Threat Hunting is a proactive search through networks to detect and isolate advanced threats that evade existing security solutions. This is a sophisticated, information-driven process that searches for indicators of compromise.
88. VPN Kill Switch
A security feature that automatically disconnects a user from the internet until the VPN connection is restored. This prevents the user’s IP address and personal data from being exposed due to the sudden drop of the VPN connection.
89. WAF (Web Application Firewall)
A security barrier specifically designed to monitor, filter, and block data packets as they travel to and from a website or web application. It applies a set of rules to an HTTP conversation, covering common attacks such as cross-site scripting (XSS) and SQL injection.
90. X.509 Certificate
A standard defining the format of public key certificates. X.509 certificates are used in many Internet protocols, including TLS/SSL, which is the basis for HTTPS, the secure protocol for browsing the web.
91. YARA Rules
In cybersecurity, YARA is a tool used for identifying and classifying malware samples. YARA rules allow researchers to create descriptions of malware families based on textual or binary patterns.
92. Zero-Day Exploit
An attack that targets a previously unknown vulnerability, for which there is no available fix or patch at the time of discovery. The attacker exploits the flaw before developers have an opportunity to address it.
93. Attribution
The process of identifying and assigning responsibility to the perpetrator of a cyber attack. Accurate attribution is often challenging due to the ability of attackers to disguise their identity and location.
94. Beaconing
The process by which malware communicates back to the attacker to indicate that it has successfully infiltrated the target system. Beaconing can also be used to receive commands or exfiltrate data.
95. Chain of Custody
In digital forensics, the chronological documentation or paper trail, showing the seizure, custody, control, transfer, analysis, and disposition of evidence, physical or electronic.
96. Data Exfiltration
The unauthorized transfer of data from a computer or other device. This can be conducted manually by an individual or automatically through malicious programming on the internet or a network.
97. Encryption Key
A string of characters used to encrypt or decrypt data. Keys are used in conjunction with encryption algorithms to securely encode data, ensuring that only those with the correct key can access the original information.
98. Forensic Analysis
The process of examining and analyzing digital information for use as evidence in court. Cyber forensic analysis involves recovering and investigating material found in digital devices, often in relation to computer crime.
99. Geofencing
A location-based service in which an app or other software uses GPS, RFID, Wi-Fi, or cellular data to trigger a pre-programmed action when a mobile device or RFID tag enters or exits a virtual boundary set up around a geographical location, known as a geofence.
100. Hacker Ethics
A set of values that guide the behavior of hackers, which includes access to computers—and anything that might teach you something about the way the world works—should be unlimited and total. It emphasizes freedom of information, improvement to the quality of life, and opposition to monopoly by leveraging technology.
