Definitions

AST
An abstract syntax tree (AST) is a tree representation of the related structure of source code of a particular programming language. Nodes in the tree are formed by constructs that occur in the source code. The reason that it is abstract is that it is slightly different represented than the original syntax. AST is a term that is often used together with tools that do vulnerability scanning of source code. By looking at the syntax tree, programming flaws can be detected.
Access Control List (ACL)
Access control lists (ACL) implement a measure to store which resources can be accessed by identified subjects like users or systems. An ACL typically will also store the related permissions that the subject has. For example, Bob can access a particular file and read it. Alice can do the same, but also edit the file.
Advanced Persistent Threat
An advanced persistent threat (APT) is a specific type of threat that is characterized by the attacker who has time and resources. Typically it is an ongoing threat, with the goal to finally infiltrate into a network. Attackers who are part the APT, have usually the goal to seek information and to stay as long in the network as possible. For example to gain access to intellectual property (IP), financial data, or communications.
Adware
Adware is software that shows advertisements on your computer system. This may include banners, pop-ups, or other forms, often embedded in other software. While not always harmful, it can slow down your system or internet connection. Adware can become a serious problem when no consent was given by the owner of the system. Especially if it hijacks software components like the internet browser. Typically it results in showing more advertisements and hard to remove from the system.
AppArmor
AppArmor is a framework using Mandatory Access Control (MAC). It can be compared with SELinux and was originally created by Immunix. Immunix was later acquired by Novell, which resulted in AppArmor to be found on SUSE Linux. AppArmor has been ported to others Linux distributions like Debian, Gentoo, and Ubuntu. The biggest difference between AppArmor and SELinux is in the way files (objects) are monitored. AppArmor monitors files by path, where SELinux does it by security labels.
Auditing
Auditing is the process of testing security policies, processes, and procedures. Typically an IT auditor will ask tailored questions. The goal is to ensure that the defined security policies are being adhered to and find room for improvement. During an audit, it is common that the auditor also requests samples to use as a proof that processes are in place and the right procedures are used.
BLE
Bluetooth Low Energy (BLE) is a personal area network using wireless technology to transmit data. It is designed by the Bluetooth Special Interest Group. The main purpose is the technology is reducing power consumption. It targets devices like fitness trackers, beacons, watches, mobile phones, etc. Most of the current mobile operating systems already support Bluetooth Low Energy.
Backdoor
A backdoor is typically a hidden point of entrance to software components or the system itself. Backdoors can come in the form of a trojan horse, providing hidden access to unauthorized individuals. A backdoor may also be used during the development of software, to ensure access for troubleshooting purposes. If the backdoor is not removed in time, then it may be discovered and abused.
Bashware
Bashware is a form of malware that uses the Windows Subsystem for Linux (WSL). It is a feature introduced in Microsoft Windows 10. This feature was introduced in 2016 to support a Linux-based shell inside the Windows operating system. WSL takes the commands provided by Bash, which is the Linux shell used for Windows. Each command is translated to the related Windows system calls. Any response or data is collected and returned the invoking shell command. Due to this internal communication interface, many security software solutions can't properly protect against attacks that happen in this specific area.
BlueBorne
A set of vulnerabilities that were announced in September 2017. These vulnerabilities affect devices using Bluetooth technology. The related operating systems include Android, iOS, Linux, and Microsoft Windows. The vulnerabilities that relate to Linux, include one that consists of an information leak vulnerability. The user space process of the Bluetooth stack does not properly handle too long responses. The second vulnerability related to Linux is a stack overflow weaknesses within the BlueZ kernel. It causes memory corruption that may allow attackers gain full control.
Botnet
A botnet is a collection of infected systems that are controlled by an attacker. Typically systems are joined automatically, by abusing common weaknesses (vulnerabilities) in software. When the attacker manages to break into a system, a little program is activated to join the botnet. From that moment, this new system is considered to be a 'zombie'. The attacker can remotely give all zombies a particular task to complete. Such task might be sending spam emails, attacking other targets, or overwhelm websites with dummy requests.
Brute force attack
The brute force attack is a common way of performing many repeating requests to crack a code or password, or guess a valid username.
Buffer overflow
A buffer overflow happens when a software program stores too much information in reserved block of memory. Typically a program will overwrite other memory blocks, resulting in a crash, errors, or even make the software vulnerable to security problems. Most buffer overflow attacks abuse this type of weakness to overwrite parts of the memory and store code of the attacker. By using memory jumps, the attacker tries to get the code to be executed. This may result in leaking data, create shell access, or simply crashing the system.
Command and Control Center
The command and control center (C&C or C2), is the interface that instructs zombies within a botnet to perform specific tasks. Such tasks can include sending out spam, perform Distributed Denial of Service attacks (DDoS), or send other types of requests. The C&C interface may be centralized or distributed. In the latter, this is done to make it more robust against intelligence firms and their task to disable the C&C systems.
DAST
DAST is the abbreviation for Dynamic Analysis Security Testing, also known as black box testing. This technique looks at the inputs and outputs of software or hardware, to understand how the system works.
Data Leakage
Data leakage is unauthorized exposure of information like data files. Typically it is caused by the failure of protecting sensitive and confidential data. This owner of this data could be the company itself, its customer, or even the public. Data leakage can end in data loss or data theft.
Data Loss
Data loss is the result of accidental behavior, resulting in no longer having access to some information. Opposed to deliberate data theft, it usually happens by losing a device containing data or the lack of well-tested backups.
Data theft
Data theft can originate from inside or outside the organization. In the first case, the insider has typically access to a lot of systems and data sources. He or she can leak data during employment, or use storage devices to store data and get it outside the company premises. Outsiders typically break in via the network and might steal information like intellectual property. Sometimes they will ask the victim to pay a ransom. Another option is selling data to competitors or the black market.
ELK
ELK is short for three open source projects, which are Elasticsearch, Logstash, and Kibana. Each of the tools has their own role. Elasticsearch is the search and analytics engine. Logstash is the data collector and can transform it for further processing. Kibana is the data visualization tool for Elasticsearch.
EWF
EWF files are a binary representation of a disk image. They are created from a storage device, disk volume, or sometimes random access memory (RAM). The disk image can be used for digital forensics, but also as part of incident response and in-depth analysis.
File system journaling
File system journaling is a feature of some file system drivers that can make so-called atomic file system operations. This means that a set of instructions can be guaranteed to succeed. Otherwise, all instructions will be brought back to its previous state. This feature is used on file systems like EXT4 and increases data reliability and integrity.
Footprinting
Footprinting is the technique used for gathering information about computer systems and their owners. Typically this is done with a combination of automatic tooling and manual digging in available resources. This phase of research is performed before an actual attack. Footprinting is also known as reconnaissance, or recon for short.
Google dork
The term Google dork refers to someone who is stupid and reveals or leaks sensitive data. Typically this is information like personal details, device and application information. This information is then easily obtainable via Google, by searching for specific words. Such a word or a set of words combined, could be located on a status page of a device or application.
Google hacking
Google hacking is the process of using the popular search engine to find information about websites, applications, and companies. It focuses on information leaks, like username, application versions, and other details that are useful. They help in the discovery of possible weak targets that can be exploited. Devices like printers may be exposed to the internet. If the Google crawler bots discover them, a status page might be indexed. Using the right Google search query these devices show up. Since printers are devices that are typically online for long periods of time, they are especially vulnerable to this kind of information disclosure.
IDE
An IDE provides a toolkit for software developers. It typically includes an editor to create the code, followed by a compiler or linker to turn the code into an executable binary. The IDE can also contain documentation, built-in help, and syntax and style checks.
IPv6 extension header
IPv6 extension headers allow providing optional Internet Layer information. These headers are placed between a fixed header and the upper-layer protocol header. By using a Next Header field, a headers chain can be created. It is a flexible method to customize IPv6 packets.
KASLR
KASLR is a technique similar to ASLR that is used to randomize memory segments for userspace applications.
Malware
Malware is the family name of threats like viruses, worms, trojan horses, backdoors, and ransomware. These types of malicious software components can all be harmful to your computer or network infrastructure. Some malware like viruses will alter executable files (binaries) to allow itself to be spread to other systems. Ransomware, which is nowadays a serious threat, will focus on encrypting your personal data and ask a ransom in return for the decryption key.
OSINT
OSINT is short for open source intelligence, the practice of gathering data from publicly available resources. The open source in this context is not the same as in software development. Instead, it means that the data is available to anyone with the right knowledge or abilities to discover it.
SMB
Server Message Block (SMB) is also known as Common Internet File System (CIFS). It is the network protocol that allows file sharing within Microsoft Windows. The Samba toolkit opened up this protocol to Linux and other systems, allowing them to join the conversation.
Vulnerability
A weakness that can be exploited.
WVT
Website visitor tracking (WVT) is a method to attempt tracking individual visitors to a website. Using a combination of invisible pixels, cookies, and browser fingerprinting, data is gathered and stored. This data can reveal information about previously visited websites, preferences, or other sensitive information. Privacy enhancing tools can be used to limit website visitor tracking.
XSS
Cross-site scripting (XSS) is the name that refers to a particular weakness in web application security. The weakness is caused by incorrect handling of data input, such as cookie data, URL, or HTTP request parameters. The issue with the weak input sanitization is that some of the data may be returned to the user and perform custom script execution.
Ad blocker
Ad blockers are software components or browser plugins that detect advertisements on websites and block them. While the name implies that it mainly blocks advertisements, it also reduces the risk of retrieving malicious scripts and code. Some ad blockers still allow some advertisements to be displayed, based on their trust and behavior.
Antivirus
Antivirus solutions are software tools to detect malicious software like viruses, worms, and trojan horses. Most antivirus software provides an option to place a detected malware specimen in quarantine or delete the infected file. The scan engine used by most vendors rely heavily on signatures and heuristic analysis. Signatures are like partial fingerprints and are used to see if a file is possibly infected. Heuristic analysis is a method to detect unknown malware by using sandbox technology or decompiling binary code.
Best practice
A procedure or step that is considered to be an effective measure in a particular field of expertise. For example, the advice to use strong passwords to reduce the risk of account compromise.
Canary
A canary in the field of information security is a hardware or software solution that is deployed as a decoy within the network. Upon access of a canary, an alert or event will be sent to a predefined location like an email address or application. The name canary refers to the caged canaries that were in coal mines. Miners would take them with them as an early warning signal against dangerous gases like carbon monoxide. If the canary suddenly died, the miners would know about the presence of the gas and exit the tunnels.
Compliance
Compliance refers to all processes necessary to meet applicable regulations and being able to communicate to stakeholders about it.
Cryptanalysis
The process of studying cryptographic systems with the goal to find implementation weaknesses or information leaks. It involves a wide set of known attacks and specifics attacks related to a particular protocol.
Double free error
A double free error can occur when a particular memory segment is freed up more than once. This is the result of calling the <var>free()</var> function multiple times within in a program. Double free errors may result in unexpected behavior and sometimes allow buffer overflow attacks.
Egress filtering
This term is typically used within networking. It is monitoring and restricting information flows outbound from one network to another. Based on rules, packets are allowed or denied leaving the network segment.
Enumeration
An enumeration is an ordered listing of items in a collection. In the field of information security, it is the retrieval of data lists from systems and applications, like usernames. Similarly, network enumeration is focused on getting all system names on a network.
Fuzzing
Fuzzing or fuzz testing is a technique to automatically test software. By providing the software unexpected inputs, the stability is tested. Any crashes or unexpected errors can reveal a weakness in the software.
Governance
Governance is all of the processes of governing. It defines things management structure, policies, procedures, shareholder relations, etc.
Honeypot
A honeypot mimics the behavior of systems or applications with the goal to trick attackers to focus on that target. Low-interaction honeypots provide basic capabilities, while high-interaction honeypots have more extensive support.
Password
A password is a secret key between the owner of the password and an external resource. The password is often linked to a username and used as proof of the ownership of a user account. The strength of a password can be increased by adding special characters and increasing its length.
Password cracker
A password cracker is a tool to attempt guessing passwords. This can be done against a known password database or directly against an application. The cracking attempt is usually performed using the brute-force method and combined with using dictionary files to improve success rates.
Risk management
The process to identify business and technical risks, including defining the means to mitigate them.
Shellbag
Shellbags is a set of Registry keys on Microsoft Windows that maintain information about directories when Explorer is being used. This information includes the icon, size, view, and position of the folder. They are interesting artifacts for digital forensics, as information is persisted even when the directory is deleted.
System hardening
The process of increasing the security defenses of a system. Typically these defenses are so-called best practices and meant to decrease the risks to the system.
Technical audit
A technical audit is the process of information gathering and analysis of company assets. Typical areas that are checked are compliance with security policies.