Cybersecurity Glossary
Key terms and concepts in cybersecurity, networking, and internet scanning. Each term includes a detailed explanation and relevant Zondex search examples.
AES
The Advanced Encryption Standard, a symmetric-key algorithm adopted by the U.S. government, widely used globally for fast and secure data encryption with varying key lengths.
API Security
API security focuses on protecting application programming interfaces from attacks, unauthorized access, and data breaches throughout their lifecycle.
ARP
Address Resolution Protocol (ARP) is a communication protocol used to discover the MAC address associated with a given IP address on a local area network (LAN).
ASN
Autonomous System Number — a unique identifier assigned to a network or group of IP prefixes managed by one or more network operators.
Active Reconnaissance
Directly interacting with a target system or network to gather information, involving techniques like port scanning, ping sweeps, and service enumeration, which may trigger alerts.
Advanced Persistent Threat
An Advanced Persistent Threat (APT) is a sophisticated, long-term cyberattack campaign, often state-sponsored, that gains unauthorized access to a network and remains undetected for an extended period
Attack Surface
The attack surface is the sum of all possible points where an unauthorized user can try to enter or extract data from a system, network, or organization.
Attack Vector
An attack vector is the method or path that an attacker uses to gain unauthorized access to a system, network, or application to deliver a malicious payload or exploit a vulnerability.
Authentication Bypass
A security vulnerability that allows an attacker to gain unauthorized access to a system or application by circumventing authentication mechanisms.
BGP
Border Gateway Protocol (BGP) is a path vector routing protocol that facilitates routing decisions on the Internet by exchanging routing and reachability information between autonomous systems (AS).
Backdoor
A backdoor is a method, often secret, that bypasses normal security authentication to gain unauthorized remote access to a computer system or network.
Banner
Textual information returned by a network service upon connection, often revealing the service type, software name, version, and operating system, useful for reconnaissance but a potential security ri
Banner Grabbing
A technique to gather information about a network service by reading the banner or welcome message it sends upon connection.
Blue Team
The Blue Team is a cybersecurity defense unit responsible for protecting an organization's assets by monitoring, detecting, and responding to cyber threats and vulnerabilities.
Botnet
A botnet is a network of compromised computers (bots) controlled by a single attacker (bot-herder) to perform coordinated malicious tasks, often without the owners' knowledge.
Brute Force
A brute force attack systematically tries every possible combination of characters until the correct password or encryption key is found, often targeting authentication systems.
Buffer Overflow
A buffer overflow occurs when a program tries to write more data into a fixed-size memory buffer than it can hold, overwriting adjacent memory and potentially leading to crashes or code execution.
Bug Bounty
A bug bounty program incentivizes ethical hackers to find and report vulnerabilities in an organization's systems or applications in exchange for recognition or monetary rewards.
C2 Server
A C2 (Command and Control) server is a central hub attackers use to remotely manage compromised systems, send commands, and exfiltrate data from victims.
CDN
A Content Delivery Network (CDN) is a geographically distributed group of servers that work together to provide fast delivery of internet content.
CIDR
Classless Inter-Domain Routing — a method for allocating IP addresses and IP routing using variable-length subnet masking.
CPE
Common Platform Enumeration is a standardized naming scheme for IT systems, software, and hardware, providing a uniform way to identify and classify technology assets.
CSRF
Cross-Site Request Forgery (CSRF) is a vulnerability allowing an attacker to trick authenticated users into executing unwanted actions on a web application where they are currently logged in.
CVE
Common Vulnerabilities and Exposures — a standardized identifier for known security vulnerabilities in software and hardware.
CVSS
Common Vulnerability Scoring System — an open framework for communicating the severity of software vulnerabilities on a 0-10 scale.
CWE
Common Weakness Enumeration is a community-developed list of software and hardware weakness types that can lead to security vulnerabilities, serving as a common language for discussing security flaws.
Certificate Authority
A trusted entity that issues digital certificates, verifying the identity of websites and other entities to secure online communications.
Certificate Transparency
An open framework designed to publicly log all SSL/TLS certificates issued by Certificate Authorities (CAs) to enhance security by making mis-issuances detectable.
Cloud Security
Cloud security encompasses policies, technologies, and controls designed to protect data, applications, and infrastructure within cloud computing environments.
CoAP
CoAP is a specialized web transfer protocol for use with constrained nodes and constrained (e.g., low-power, lossy) networks in the Internet of Things, akin to a lightweight HTTP.
Command Injection
Command injection is a vulnerability allowing an attacker to execute arbitrary commands on the host operating system via an insecure application input, often leading to full system compromise.
Container Security
Container security involves protecting containerized applications throughout their lifecycle, from image creation and deployment to runtime execution.
Credential Stuffing
Credential stuffing is an automated cyberattack where large sets of stolen username/password pairs from data breaches are used to attempt unauthorized logins on other unrelated services.
DDoS
A Distributed Denial of Service (DDoS) attack overwhelms a target system with a flood of internet traffic from multiple sources, making it unavailable to legitimate users.
DHCP
Dynamic Host Configuration Protocol (DHCP) is a network management protocol used on UDP/IP networks for automatically assigning IP addresses and other communication parameters to devices.
DMZ
A DMZ is a subnetwork that exposes an organization's external-facing services to an untrusted network, typically the internet, while isolating them from the internal LAN.
DNS
The Domain Name System translates human-readable domain names into numerical IP addresses, enabling browsers to locate and connect to websites and services.
Digital Certificate
An electronic document used to cryptographically bind a public key to an entity, verifying identity and enabling secure communication over networks.
Digital Forensics
Digital forensics is the process of acquiring, preserving, analyzing, and reporting on electronic data to reconstruct events and gather evidence for legal or security purposes.
Directory Traversal
Directory Traversal, also known as path traversal, is a web vulnerability allowing attackers to read arbitrary files on a server by manipulating file paths, often using `../` sequences.
Docker
A leading containerization platform that packages applications and their dependencies into lightweight, portable, and self-sufficient units called containers.
Domain Name
A unique, human-readable name that identifies a website or service on the internet, mapping to one or more IP addresses via DNS.
EDR
EDR is a cybersecurity solution that continuously monitors endpoint activities to detect and investigate threats, enabling rapid response and remediation to protect organizations.
EPSS
Exploit Prediction Scoring System (EPSS) is a data-driven standard that predicts the likelihood of a vulnerability being exploited in the wild, helping prioritize patching efforts.
Elasticsearch
A distributed, RESTful search and analytics engine built on Apache Lucene, widely used for full-text search, log analysis, and data exploration.
Encryption
The process of converting information into a coded format to prevent unauthorized access, ensuring data confidentiality and integrity.
Exploit
An exploit is a piece of software, data, or sequence of commands designed to take advantage of a bug or vulnerability in a system to cause unintended or malicious behavior.
FTP
FTP (File Transfer Protocol) is an unencrypted network protocol used to transfer files between a client and a server on a computer network, widely used but often replaced by secure alternatives like S
Fingerprinting
Fingerprinting is the process of identifying specific details about a remote system, such as its operating system, software versions, and hardware, based on observed network behavior or responses.
Firewall
A network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules, acting as a barrier against unauthorized access.
Footprinting
Footprinting is the systematic process of gathering information about a target's network, systems, and overall digital presence to create a comprehensive profile before an attack or assessment.
HSTS
HTTP Strict Transport Security (HSTS) is a web security policy mechanism that helps protect websites against downgrade attacks and cookie hijacking by forcing browsers to only interact with servers ov
HTTP
Hypertext Transfer Protocol (HTTP) is an application-layer protocol for transmitting hypermedia documents, such as HTML, foundational for data communication on the World Wide Web.
HTTPS
HTTPS (Hypertext Transfer Protocol Secure) is a secure version of HTTP that uses SSL/TLS encryption to protect data in transit between a user's browser and a website, ensuring privacy and integrity.
Hashing
A one-way cryptographic function that transforms data of any size into a fixed-size string of characters, used for integrity verification and password storage.
Honeypot
A decoy system designed to attract and detect unauthorized access attempts, used for threat intelligence and research.
ICMP
Internet Control Message Protocol (ICMP) is a network layer protocol used by network devices to send error messages and operational information, typically for diagnostic purposes like "ping" and "trac
ICS
Industrial Control Systems (ICS) are categories of control systems used to manage industrial processes, often including SCADA and DCS.
IDS
An IDS monitors network traffic and system activity for malicious activity or policy violations, alerting administrators without blocking the suspicious traffic.
IP Address
A unique numerical label assigned to each device connected to a computer network that uses the Internet Protocol for communication.
IPS
An IPS actively monitors network traffic for malicious activity and automatically takes action to prevent or block detected threats in real-time.
IPv4
The fourth version of the Internet Protocol, using 32-bit addresses in a dotted-decimal format to identify devices on a network.
IPv6
The latest version of the Internet Protocol, utilizing 128-bit hexadecimal addresses to provide a vast number of unique addresses, solving IPv4's exhaustion problem.
ISO 27001
ISO 27001 is an international standard for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS) within an organization.
Incident Response
Incident response is a structured approach to managing the aftermath of a cybersecurity breach or attack, aiming to minimize damage and restore normal operations quickly.
Indicators of Compromise
Measurable artifacts observed on a network or operating system that indicate a high probability of a computer intrusion or successful attack.
Internet-Wide Scanning
The systematic process of probing a significant portion of the global internet's IP address space to discover active hosts, open ports, and running services, often for research or inventory.
JARM
An active TLS server fingerprinting tool that produces a hash representing the TLS configuration of a server.
Jenkins
An open-source automation server widely used for continuous integration (CI) and continuous delivery (CD) pipelines to automate the build, test, and deployment phases.
KEV
The CISA Known Exploited Vulnerabilities (KEV) Catalog lists vulnerabilities actively exploited in the wild, providing critical guidance for immediate remediation.
Kubernetes
Kubernetes is an open-source container orchestration system for automating the deployment, scaling, and management of containerized applications.
LFI
Local File Inclusion (LFI) is a web vulnerability allowing an attacker to include files on a server, often leading to information disclosure, arbitrary code execution, or Denial of Service.
Lateral Movement
Lateral movement is a cyberattack technique where an attacker, having gained initial access, moves through a network to identify and compromise other systems, expanding their reach.
Load Balancer
A load balancer distributes network traffic efficiently across multiple servers to ensure high availability and responsiveness of applications and services.
MITRE ATT&CK
A globally accessible knowledge base of adversary tactics and techniques based on real-world observations, used to describe and analyze cyberattacks.
MQTT
MQTT is a lightweight, publish-subscribe network protocol designed for constrained devices and low-bandwidth, high-latency, or unreliable networks, widely used in IoT applications.
Malware
Malware, short for malicious software, is any software designed to disrupt, damage, or gain unauthorized access to a computer system, network, or data without the owner's knowledge or consent.
Man-in-the-Middle
A Man-in-the-Middle (MitM) attack intercepts communication between two parties, allowing the attacker to eavesdrop, alter, or inject malicious data without either party's knowledge.
Modbus
Modbus is a serial communication protocol used to connect industrial electronic devices, widely adopted in SCADA and ICS environments for data exchange.
MongoDB
A popular open-source NoSQL database that stores data in flexible, JSON-like documents, known for its scalability and flexibility.
NAT
Network Address Translation (NAT) is a method of remapping an IP address space into another, often used to allow multiple devices on a private network to share a single public IP address.
NIST
The National Institute of Standards and Technology develops cybersecurity frameworks, guidelines, and standards to protect information systems and critical infrastructure.
NVD
The National Vulnerability Database is a U.S. government repository of standards-based vulnerability management data represented using the Security Content Automation Protocol (SCAP).
Network Scanning
Network scanning is the systematic process of exploring a network to identify live hosts, open ports, running services, and other network attributes on connected devices.
OSINT
Open-Source Intelligence (OSINT) is the collection and analysis of publicly available information from diverse sources to produce actionable intelligence.
OT Security
OT Security protects operational technology environments from cyber threats, ensuring the safety, reliability, and availability of critical physical processes.
OWASP
The Open Worldwide Application Security Project (OWASP) is a non-profit foundation focused on improving software security through open-source tools, guides, and community initiatives.
Open Port
A network port that is accepting connections, indicating a running service that can be accessed remotely.
Passive Reconnaissance
Gathering information about a target without directly interacting with it, often using publicly available sources to avoid detection and maintain stealth.
Payload
In cybersecurity, a payload is the part of an exploit or malware that performs the malicious action, such as stealing data, installing backdoors, or executing commands.
Penetration Testing
Penetration testing is an authorized simulated cyberattack against a computer system, network, or web application to identify exploitable vulnerabilities and security weaknesses.
Phishing
Phishing is a cyberattack where malicious actors deceive individuals, often via email or fake websites, into revealing sensitive information or deploying malware.
Port Scanning
The process of sending requests to a range of port numbers on a host to identify open ports and available services.
Privilege Escalation
Privilege escalation is the act of gaining higher-level access than initially authorized on a computer system, often transitioning from a standard user to an administrator or root user.
Proxy
A proxy server acts as an intermediary for requests from clients seeking resources from other servers, offering privacy, security, and content filtering.
Public Key Infrastructure
A set of roles, policies, and procedures required to create, manage, distribute, use, store, and revoke digital certificates, ensuring secure communication and identity verification.
Purple Team
The Purple Team integrates Red Team (offense) and Blue Team (defense) methodologies to enhance an organization's overall cybersecurity posture through continuous collaboration and feedback.
RCE
Remote Code Execution (RCE) is a critical vulnerability allowing an attacker to execute arbitrary code on a target machine remotely, leading to full system compromise.
RDP
RDP is a proprietary protocol developed by Microsoft, allowing users to connect to and control a remote computer or virtual desktop over a network connection, providing a graphical interface.
RSA
A widely used public-key cryptosystem for secure data transmission, based on the difficulty of factoring large numbers, enabling both encryption and digital signatures.
Ransomware
Ransomware is a type of malicious software that encrypts a victim's files, demanding a payment, typically in cryptocurrency, to restore access to the data, often with a time limit.
Reconnaissance
Reconnaissance is the initial phase of cybersecurity assessment or attack, involving the systematic gathering of information about a target system, network, or organization.
Red Team
A Red Team simulates sophisticated adversaries to test an organization's security defenses, personnel, and processes in a realistic, unannounced attack scenario.
Redis
An open-source, in-memory data structure store primarily used as a database, cache, and message broker, known for its high performance.
Responsible Disclosure
Responsible disclosure is a cybersecurity practice where a security researcher privately reports a vulnerability to the affected organization before public disclosure, allowing time for a fix.
Reverse Proxy
A reverse proxy server sits in front of web servers and forwards client requests to them, providing load balancing, security, and caching benefits.
Rootkit
A rootkit is a stealthy collection of software tools designed to conceal the presence of other malware or malicious activity on a computer system.
SCADA
Supervisory Control and Data Acquisition (SCADA) systems monitor and control industrial processes across vast geographical areas from a central location.
SIEM
Security Information and Event Management (SIEM) is a security solution that centralizes and analyzes log and event data from various sources to detect, analyze, and respond to security threats.
SMB
SMB is a network file sharing protocol primarily used by Microsoft Windows, enabling applications to read/write files and request services from server programs on a network.
SMTP
SMTP (Simple Mail Transfer Protocol) is the standard protocol for sending and receiving email messages between servers, playing a crucial role in the internet's email delivery system.
SNMP
SNMP (Simple Network Management Protocol) is an application-layer protocol for managing and monitoring network devices, allowing administrators to collect data, identify issues, and configure hardware
SOAR
SOAR platforms integrate security tools and automate incident response workflows, enabling organizations to efficiently manage and respond to security threats and vulnerabilities.
SOC
A Security Operations Center (SOC) is a centralized function within an organization responsible for continuously monitoring and improving an organization's security posture, preventing, detecting, and
SQL Injection
A SQL Injection (SQLi) is a web security vulnerability allowing attackers to interfere with an application's database queries, potentially leading to unauthorized data access or manipulation.
SSH
SSH (Secure Shell) is a cryptographic network protocol for operating network services securely over an unsecured network, most commonly used for remote command-line login and secure file transfer.
SSL
SSL (Secure Sockets Layer) is a deprecated cryptographic protocol that provided secure communication over a computer network; it has been largely superseded by TLS for enhanced security.
SSRF
Server-Side Request Forgery (SSRF) is a vulnerability where an attacker can induce a server-side application to make HTTP requests to an arbitrary domain of the attacker's choosing, often targeting in
SYN Scan
A port scanning technique that sends a SYN packet to a target port and analyzes the response (SYN-ACK for open, RST for closed) without completing the TCP handshake, making it stealthier than a full c
Service Enumeration
Service enumeration is the process of identifying and mapping all active services, their associated open ports, and often their versions on a target system or network.
Shellcode
Shellcode is a small piece of low-level code, typically written in assembly, used as a payload to initiate a command shell on a compromised system.
Subnet
A subnet (subnetwork) is a logical subdivision of an IP network, allowing an organization to segment a single large network into smaller, more manageable parts.
TCP
Transmission Control Protocol (TCP) is a core protocol of the internet protocol suite, providing reliable, ordered, and error-checked delivery of a stream of octets between applications.
TLS
Transport Layer Security — a cryptographic protocol that provides secure communication over a computer network.
TLS Handshake
The TLS handshake is the foundational process establishing a secure, encrypted communication channel between a client (like a web browser) and a server, verifying identities and agreeing on encryption
Telnet
Telnet is an application layer protocol used on the internet or local area networks to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection.
Threat Hunting
Threat hunting is a proactive cybersecurity activity focused on iteratively searching through networks and systems to detect and isolate advanced threats that have evaded existing security solutions.
Threat Intelligence
Threat Intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications, and actionable advice about an existing or emerging threat to assets.
Threat Modeling
Threat modeling is a structured process used to identify, evaluate, and mitigate potential security threats and vulnerabilities in a system, application, or process.
Trojan
A Trojan horse, or Trojan, is a type of malicious software disguised as legitimate software, designed to gain unauthorized access to a computer system.
VPN
A Virtual Private Network (VPN) creates a secure, encrypted connection over a less secure network, like the internet, to provide privacy and anonymity.
Vulnerability Scanning
Vulnerability scanning is an automated process of identifying security weaknesses and misconfigurations in systems, applications, and networks by comparing them against known vulnerability databases.
X.509
A standard defining the format of public key certificates, commonly used to verify the authenticity of websites and other digital entities in secure communications.
XDR
XDR is a unified security platform that collects and correlates data across multiple security layers (endpoints, network, cloud, identity) for enhanced threat detection and response.
XSS
Cross-Site Scripting (XSS) is a web security vulnerability that allows attackers to inject malicious client-side scripts into web pages viewed by other users, often leading to session hijacking or def
No matching terms
Try a different search keyword.
Learn by Doing
See these concepts in action. Search the internet's attack surface with Zondex's powerful dork syntax.