Access Control List (ACL)Access control lists (ACL) implement a measure to store which resources can be accessed by identified subjects like users or systems. An ACL typically will also store the related permissions that the subject has. For example, Bob can access a particular file and read it. Alice can do the same, but also edit the file.
Advanced Persistent ThreatAn advanced persistent threat (APT) is a specific type of threat that is characterized by the attacker who has time and resources. Typically it is an ongoing threat, with the goal to finally infiltrate into a network. Attackers who are part the APT, have usually the goal to seek information and to stay as long in the network as possible. For example to gain access to intellectual property (IP), financial data, or communications.
AdwareAdware is software that shows advertisements on your computer system. This may include banners, pop-ups, or other forms, often embedded in other software. While not always harmful, it can slow down your system or internet connection. Adware can become a serious problem when no consent was given by the owner of the system. Especially if it hijacks software components like the internet browser. Typically it results in showing more advertisements and hard to remove from the system.
AuditingAuditing is the process of testing security policies, processes, and procedures. Typically an IT auditor will ask tailored questions. The goal is to ensure that the defined security policies are being adhered to and find room for improvement. During an audit, it is common that the auditor also requests samples to use as a proof that processes are in place and the right procedures are used.
BackdoorA backdoor is typically a hidden point of entrance to software components or the system itself. Backdoors can come in the form of a trojan horse, providing hidden access to unauthorized individuals. A backdoor may also be used during the development of software, to ensure access for troubleshooting purposes. If the backdoor is not removed in time, then it may be discovered and abused.
BashwareBashware is a form of malware that uses the Windows Subsystem for Linux (WSL). It is a feature introduced in Microsoft Windows 10. This feature was introduced in 2016 to support a Linux-based shell inside the Windows operating system. WSL takes the commands provided by Bash, which is the Linux shell used for Windows. Each command is translated to the related Windows system calls. Any response or data is collected and returned the invoking shell command. Due to this internal communication interface, many security software solutions can't properly protect against attacks that happen in this specific area.
BlueBorneA set of vulnerabilities that were announced in September 2017. These vulnerabilities affect devices using Bluetooth technology. The related operating systems include Android, iOS, Linux, and Microsoft Windows. The vulnerabilities that relate to Linux, include one that consists of an information leak vulnerability. The user space process of the Bluetooth stack does not properly handle too long responses. The second vulnerability related to Linux is a stack overflow weaknesses within the BlueZ kernel. It causes memory corruption that may allow attackers gain full control.
BotnetA botnet is a collection of infected systems that are controlled by an attacker. Typically systems are joined automatically, by abusing common weaknesses (vulnerabilities) in software. When the attacker manages to break into a system, a little program is activated to join the botnet. From that moment, this new system is considered to be a 'zombie'. The attacker can remotely give all zombies a particular task to complete. Such task might be sending spam emails, attacking other targets, or overwhelm websites with dummy requests.
Brute force attackThe brute force attack is a common way of performing many repeating requests to crack a code or password, or guess a valid username.
Buffer overflowA buffer overflow happens when a software program stores too much information in reserved block of memory. Typically a program will overwrite other memory blocks, resulting in a crash, errors, or even make the software vulnerable to security problems. Most buffer overflow attacks abuse this type of weakness to overwrite parts of the memory and store code of the attacker. By using memory jumps, the attacker tries to get the code to be executed. This may result in leaking data, create shell access, or simply crashing the system.
Command and Control CenterThe command and control center (C&C or C2), is the interface that instructs zombies within a botnet to perform specific tasks. Such tasks can include sending out spam, perform Distributed Denial of Service attacks (DDoS), or send other types of requests. The C&C interface may be centralized or distributed. In the latter, this is done to make it more robust against intelligence firms and their task to disable the C&C systems.
Data LeakageData leakage is unauthorized exposure of information like data files. Typically it is caused by the failure of protecting sensitive and confidential data. This owner of this data could be the company itself, its customer, or even the public. Data leakage can end in data loss or data theft.
Data LossData loss is the result of accidental behavior, resulting in no longer having access to some information. Opposed to deliberate data theft, it usually happens by losing a device containing data or the lack of well-tested backups.
Data theftData theft can originate from inside or outside the organization. In the first case, the insider has typically access to a lot of systems and data sources. He or she can leak data during employment, or use storage devices to store data and get it outside the company premises. Outsiders typically break in via the network and might steal information like intellectual property. Sometimes they will ask the victim to pay a ransom. Another option is selling data to competitors or the black market.
File system journalingFile system journaling is a feature of some file system drivers that can make so-called atomic file system operations. This means that a set of instructions can be guaranteed to succeed. Otherwise, all instructions will be brought back to its previous state. This feature is used on file systems like EXT4 and increases data reliability and integrity.
Google dorkThe term <strong>Google dork</strong> refers to someone who is stupid and reveals or leaks sensitive data. Typically this is information like personal details, device and application information. This information is then easily obtainable via Google, by searching for specific words. Such a word, or set of words, could be located on a status page of a device or application.
Google hackingGoogle hacking is the process of using the popular search engine to find information about websites, applications, and companies. It focuses on information leaks, like username, application versions, and other details that are useful. They help in the discovery of possible weak targets that can be exploited. Devices like printers may be exposed to the internet. If the Google crawler bots discover them, a status page might be indexed. Using the right Google search query these devices show up. Since printers are devices that are typically online for long periods of time, they are especially vulnerable to this kind of information disclosure.
KASLRKASLR is a technique similar to ASLR that is used to randomize memory segments for userspace applications.
MalwareMalware is the family name of threats like viruses, worms, trojan horses, backdoors, and ransomware. These types of malicious software components can all be harmful to your computer or network infrastructure. Some malware like viruses will alter executable files (binaries) to allow itself to be spread to other systems. Ransomware, which is nowadays a serious threat, will focus on encrypting your personal data and ask a ransom in return for the decryption key.
shellbagShellbags is a set of Registry keys on Microsoft Windows that maintain information about directories when Explorer is being used. This information includes the icon, size, view, and position of the folder. They are interesting artifacts for digital forensics, as information is persisted even when the directory is deleted.
Technical AuditA technical audit is the process of information gathering and analysis of company assets. Typical areas that are checked are compliance with security policies and discover known vulnerabilities.
VulnerabilityA weakness that can be exploited.