Dictionary Hacker

Global Cyber Intelligence Encyclopedia[ INDEXING THREAT VECTORS, PROTOCOLS, AND DEFENSIVE STRATEGIES ]

        OSINT (Open Source Intelligence)The practice of collecting information from publicly available sources for intelligence purposes.

        Zero Trust Architecture (ZTA)A security framework requiring all users to be authenticated and continuously validated. “Never trust, always verify.”

        SIEM (Security Information and Event Management)Software providing real-time analysis of security alerts generated by applications and network hardware.

        HoneypotA decoy system intended to mimic a target to detect, deflect, or study unauthorized use of systems.

        Air GapA network security measure ensuring a secure computer network is physically isolated from unsecured networks.

        Digital ForensicsThe recovery and investigation of material found in digital devices, often for legal evidence.

        APT (Advanced Persistent Threat)A prolonged, targeted attack where an intruder gains access to a network and remains undetected.

        SQL Injection (SQLi)Exploiting application vulnerabilities to manipulate backend databases via malicious SQL statements.

        Cross-Site Scripting (XSS)Injecting malicious client-side scripts into web pages viewed by other users.

        Buffer OverflowAn anomaly where a program overruns the buffer’s boundary and overwrites adjacent memory locations.

        DDoS (Distributed Denial of Service)Disrupting a server by overwhelming it with a flood of Internet traffic from multiple sources.

        Man-in-the-Middle (MitM)An attacker secretly relays and alters communication between two parties who believe they are talking directly.

        RansomwareMalware that encrypts files and demands a ransom payment for the decryption key.

        RootkitSoftware designed to hide its presence and maintain privileged access to a system undetected.

        Spear PhishingA highly targeted phishing attack aimed at a specific individual, group, or organization.

        CSRF (Cross-Site Request Forgery)Tricking a victim into submitting a malicious request to a web application they are authenticated in.

        SSRF (Server-Side Request Forgery)Abusing server functionality to read or update internal resources that are not intended to be public.

        LFI/RFI (File Inclusion)Attacks that allow an attacker to include local or remote files on a server, often leading to code execution.

        DNS PoisoningExploiting vulnerabilities in DNS to redirect traffic from legitimate servers to malicious ones.

        ARP SpoofingSending fake ARP messages onto a LAN to associate the attacker’s MAC address with a legitimate IP.

        Credential StuffingAutomated login attempts using lists of compromised user credentials from other breaches.

        Password SprayingTesting a few common passwords against a large number of user accounts to avoid account lockout.

        Supply Chain AttackInfiltrating a system through an outside partner or provider with access to your data or systems.

        SIM SwappingA type of identity theft where an attacker convinces a carrier to switch a victim’s number to their SIM.

        Zero-Day ExploitAn attack that targets a software vulnerability which is unknown to the vendor and has no patch.

        RAT (Remote Access Trojan)Malware that includes a back door for administrative control over the target computer.

        KeyloggerA surveillance tool used to record every keystroke made on a keyboard.

        CryptojackingUnauthorized use of someone else’s computer to mine cryptocurrency.

        Side-Channel AttackAn attack based on information gained from the implementation of a computer system (e.g. power, heat).

        Bluejacking / BluesnarfingAttacks targeting Bluetooth-enabled devices to send spam or steal data.

        Juice JackingCyberattack involving a charging port that doubles as a data connection, installing malware.

        ClickjackingDeceiving a user into clicking on something different from what the user perceives.

        BaitingUsing a false promise to pique a victim’s greed or curiosity (e.g., leaving a malicious USB drive).

        Vishing & SmishingPhishing attacks conducted via voice (phone) or SMS (text messages).

        Directory TraversalAn HTTP attack which allows attackers to access restricted directories and execute commands.

        SteganographyHiding secret information within a non-secret file or message to avoid detection.

        Evil TwinA fraudulent Wi-Fi access point that appears to be legitimate but is set up to eavesdrop on wireless communications.