In step with digitization, it is becoming increasingly important that you have your information in a secure and controlled environment so that no unauthorized person can access it. This probably means that you need to familiarize yourself with the area of security and what measures you must take to avoid intrusions. When you do, you will surely become familiar with a lot of new words and abbreviations that are not entirely easy to understand. Therefore, we have produced a glossary of the most common and perhaps most complicated of them.
We hope it will help you understand the concepts and their meaning.
The attack allows attackers to impersonate your computer and take all your traffic. The attacker manipulates the position between MAC addresses and IP addresses, which means that they gain access to all traffic intended for the real user.
Refers to a method by which authorized and unauthorized users can bypass normal security measures and gain access to a computer system, network, or application.
A method used to, for example, enumerate passwords, either by using a predefined list of passwords or by randomly generating passwords.
A buffer overflow is a vulnerability in an application that allows an attacker to manipulate and overwrite a memory buffer with text or instructions to nearby locations in memory to change the execution flow of the application. This can cause the application to execute malicious code.
The Common Vulnerability Scoring System provides a way to use a vulnerability’s main characteristics to produce a numerical score that reflects the severity of the vulnerability. The scoring result can then be translated into a qualitative representation (Low, Medium, High, or Critical) to help organizations assess and prioritize their vulnerability management process.
Used in contexts where an individual’s or company’s data is illegally copied, transferred from, or moved from a system.
Is a late-stage attack where an attacker simulates the behavior of a domain controller to, for example, synchronize passwords through a so-called domain replication. Once an attacker has access to a privileged account with domain replication rights, attackers can exploit these protocols to impersonate a domain controller.
DDoS – Distributed Denial of Service
DDoS is an overload attack against computer systems or networks. The attack involves the attacker sending large amounts of traffic towards the network so that the website or network is knocked out. More and more people are affected by this type of attack.
Defines the process where one systematically, for example via an active connection to a system, finds valuable information regarding potential attack vectors, computer or server information, user accounts, services, applications, etc.
It is a software testing technique that involves finding implementation errors using an automatic data injection.
GPG – GNU Privacy Guard
What distinguishes GnuPG and PGP is largely that PGP is a solution owned by Symantec and GPG is fundamentally an Open-Source project. Functionally, they are identical to each other.
IoT – Internet of Things
Is a collective term for systems that relate to and communicate with each other via, for example, network protocols. Examples of these are fitness watches, sensors, machines, locks, etc.
LLMNR / Net BIOS Name Resolution (NBT-NS)
LLMNR (Link-Local Multicast Name Resolution) is a protocol based on DNS (Domain Name System) packet format which allows machines on a network to do name lookups against machines on the same local network. NBT-NS is similar in that it is used to identify systems on the local network by using their NetBIOS names.
LSASS – Local Security Authority Subsystem Service
Is a process in Microsoft Windows that is responsible for enforcing the security policy on the system. It verifies users logging on to the system, handles password changes, and creates tokens. Typically a process an attacker exploits by dumping its process memory and then reading and extracting the user and its password in plaintext.
It is a process where you actively change your MAC address for one or more network cards, for example to blend in more easily with regular equipment in the network.
MitM – Man-in-the-middle attack
An attack where the attacker sits between two computers and intercepts traffic and relays messages between the two parties to secretly obtain information. The two parties believe they are communicating directly with each other.
OWASP Top 10
The Open Web Application Security Project is a global non-profit organization focused on improving software security. Their Top 10 list is a collection of the most common flaws in web applications. This list has become an industry standard to follow when it comes to security and awareness of security in web applications.
Refers to a technique where an attacker is allowed to authenticate against a remote server or service by exploiting the underlying NTLM or LanMan hash of a user’s password, instead of using a clear-text password normally used to log on.
Equivalent to pass-the-hash but relies on TGT’s (ticket-granting-tickets) for users instead of their hashes.
PCI-DSS – Payment Card Industry Data Security Standard
Is an information security standard for organizations that handle known credit cards from the major card systems (e.g., American Express, Visa, Mastercard, etc.). The PCI Standard is mandated by the card brands and administered by the Payment Card Industry Security Standard Council.
PGP – Pretty good privacy
PGP has become a mainstay when it comes to security and privacy. It is a program that is used to encrypt and decrypt e-mail for the most part, but you can also encrypt files, texts, and your hard drive with this program. The PGP encryption means that you don’t have to share the code in advance when you want to send an encrypted message to someone.
A technique used by attackers to obtain valuable information such as your password and bank account. Many times, you get an email that on the surface appears to be a legitimate source, but don’t be fooled. The attacker will try to get you to respond with valuable information, ask you to click a link or run an attachment.
Is a process of accessing networks that an attacker would not be able to reach under normal conditions, by using compromised computers or servers as gateways. By using this method, an attacker can exploit compromised computers or servers in networks that have rights to access other parts of the network by forwarding their traffic through them in order to access servers, computers or equipment in other isolated parts of the network.
Is a method where you enumerate which ports/services are open on servers, computers, or other network equipment in a network.
The attacker uses the software to encrypt files on the system, then extort a ransom from the victim to gain access to the key needed to decrypt the files.
RCE – Remote Code Execution
A vulnerability that allows an attacker to send commands that are interpreted and executed by the underlying operating system by bypassing application layer and security mechanisms. This vulnerability usually results in huge consequences.
Consists of extensive testing of a system or environment from an external perspective, usually without caveats or limitations. The tests performed include all conceivable and unusual tactics to identify and exploit flaws.
Root access is specific to Unix, Linux or Android which is Linux-like. When an attacker manages to gain access to a system of the above type, the most privileged account you can reach is, most often, the root account. Having ‘root access’ means that you have achieved just this for a system. Also called superuser by many.
It is a term that includes intrusive activities that occur through human interactions. The attacker tricks the user who has access to important systems into giving away important information or making a security breach through psychological manipulation. The process usually takes place in different stages, first the attacker examines the victim in terms of background information and weak security protocols, then the attacker wants to gain the victim’s trust to finally reach sensitive information.
SQL Injection attack
This attack relies on flawed validation of user-controllable data, combined with insecurely written SQL queries that allow the attacker to either alter the query or add other queries that allow the attacker to exfiltrate data from potentially other databases, tables or columns.
Threat modeling is a process where potential vulnerabilities, such as structural vulnerabilities, can be identified, enumerated, and prioritized—all from the perspective of a hypothetical attacker.
It is a term that describes a person who goes around and locates wireless networks in an area. To do this, a laptop and a wireless network card are used, via a mobile phone for example.
These are concepts that describe different levels of knowledge or access to information that a tester has access to during a test, they also define the approach that must be taken during a penetration test. The white box approach is the way in which the tester has access to the most information before the test. The black box approach is the way in which no information is available before the test other than the direct objectives underlying the test. The gray box approach is right in the middle between the two mentioned approaches.
Since time and money are a big factor, the white box approach is the most efficient because the tester does not have to spend most of hens time acquiring information that would potentially be missing in a gray or black box approach.
XSS – Cross-site scripting