Cybersecurity Glossary
Key terms and concepts in cybersecurity, networking, and internet scanning. Each term includes a detailed explanation and relevant Zondex search examples.
AES
The Advanced Encryption Standard, a symmetric-key algorithm adopted by the U.S. government, widely used globally for …
descriptionAPI Security
API security focuses on protecting application programming interfaces from attacks, unauthorized access, and data breaches throughout …
descriptionARP
Address Resolution Protocol (ARP) is a communication protocol used to discover the MAC address associated with …
lanASN
Autonomous System Number — a unique identifier assigned to a network or group of IP prefixes …
descriptionActive Reconnaissance
Directly interacting with a target system or network to gather information, involving techniques like port scanning, …
descriptionAdvanced Persistent Threat
An Advanced Persistent Threat (APT) is a sophisticated, long-term cyberattack campaign, often state-sponsored, that gains unauthorized …
descriptionAttack Surface
The attack surface is the sum of all possible points where an unauthorized user can try …
descriptionAttack Vector
An attack vector is the method or path that an attacker uses to gain unauthorized access …
descriptionAuthentication Bypass
A security vulnerability that allows an attacker to gain unauthorized access to a system or application …
BGP
Border Gateway Protocol (BGP) is a path vector routing protocol that facilitates routing decisions on the …
descriptionBackdoor
A backdoor is a method, often secret, that bypasses normal security authentication to gain unauthorized remote …
descriptionBanner
Textual information returned by a network service upon connection, often revealing the service type, software name, …
terminalBanner Grabbing
A technique to gather information about a network service by reading the banner or welcome message …
descriptionBlue Team
The Blue Team is a cybersecurity defense unit responsible for protecting an organization's assets by monitoring, …
descriptionBotnet
A botnet is a network of compromised computers (bots) controlled by a single attacker (bot-herder) to …
descriptionBrute Force
A brute force attack systematically tries every possible combination of characters until the correct password or …
descriptionBuffer Overflow
A buffer overflow occurs when a program tries to write more data into a fixed-size memory …
descriptionBug Bounty
A bug bounty program incentivizes ethical hackers to find and report vulnerabilities in an organization's systems …
C2 Server
A C2 (Command and Control) server is a central hub attackers use to remotely manage compromised …
descriptionCDN
A Content Delivery Network (CDN) is a geographically distributed group of servers that work together to …
hubCIDR
Classless Inter-Domain Routing — a method for allocating IP addresses and IP routing using variable-length subnet …
descriptionCPE
Common Platform Enumeration is a standardized naming scheme for IT systems, software, and hardware, providing a …
descriptionCSRF
Cross-Site Request Forgery (CSRF) is a vulnerability allowing an attacker to trick authenticated users into executing …
bug_reportCVE
Common Vulnerabilities and Exposures — a standardized identifier for known security vulnerabilities in software and hardware.
speedCVSS
Common Vulnerability Scoring System — an open framework for communicating the severity of software vulnerabilities on …
descriptionCWE
Common Weakness Enumeration is a community-developed list of software and hardware weakness types that can lead …
descriptionCertificate Authority
A trusted entity that issues digital certificates, verifying the identity of websites and other entities to …
descriptionCertificate Transparency
An open framework designed to publicly log all SSL/TLS certificates issued by Certificate Authorities (CAs) to …
descriptionCloud Security
Cloud security encompasses policies, technologies, and controls designed to protect data, applications, and infrastructure within cloud …
descriptionCoAP
CoAP is a specialized web transfer protocol for use with constrained nodes and constrained (e.g., low-power, …
descriptionCommand Injection
Command injection is a vulnerability allowing an attacker to execute arbitrary commands on the host operating …
descriptionContainer Security
Container security involves protecting containerized applications throughout their lifecycle, from image creation and deployment to runtime …
descriptionCredential Stuffing
Credential stuffing is an automated cyberattack where large sets of stolen username/password pairs from data breaches …
DDoS
A Distributed Denial of Service (DDoS) attack overwhelms a target system with a flood of internet …
descriptionDHCP
Dynamic Host Configuration Protocol (DHCP) is a network management protocol used on UDP/IP networks for automatically …
descriptionDMZ
A DMZ is a subnetwork that exposes an organization's external-facing services to an untrusted network, typically …
descriptionDNS
The Domain Name System translates human-readable domain names into numerical IP addresses, enabling browsers to locate …
descriptionDigital Certificate
An electronic document used to cryptographically bind a public key to an entity, verifying identity and …
descriptionDigital Forensics
Digital forensics is the process of acquiring, preserving, analyzing, and reporting on electronic data to reconstruct …
descriptionDirectory Traversal
Directory Traversal, also known as path traversal, is a web vulnerability allowing attackers to read arbitrary …
descriptionDocker
A leading containerization platform that packages applications and their dependencies into lightweight, portable, and self-sufficient units …
descriptionDomain Name
A unique, human-readable name that identifies a website or service on the internet, mapping to one …
EDR
EDR is a cybersecurity solution that continuously monitors endpoint activities to detect and investigate threats, enabling …
descriptionEPSS
Exploit Prediction Scoring System (EPSS) is a data-driven standard that predicts the likelihood of a vulnerability …
descriptionElasticsearch
A distributed, RESTful search and analytics engine built on Apache Lucene, widely used for full-text search, …
descriptionEncryption
The process of converting information into a coded format to prevent unauthorized access, ensuring data confidentiality …
descriptionExploit
An exploit is a piece of software, data, or sequence of commands designed to take advantage …
FTP
FTP (File Transfer Protocol) is an unencrypted network protocol used to transfer files between a client …
descriptionFingerprinting
Fingerprinting is the process of identifying specific details about a remote system, such as its operating …
descriptionFirewall
A network security system that monitors and controls incoming and outgoing network traffic based on predetermined …
descriptionFootprinting
Footprinting is the systematic process of gathering information about a target's network, systems, and overall digital …
HSTS
HTTP Strict Transport Security (HSTS) is a web security policy mechanism that helps protect websites against …
descriptionHTTP
Hypertext Transfer Protocol (HTTP) is an application-layer protocol for transmitting hypermedia documents, such as HTML, foundational …
descriptionHTTPS
HTTPS (Hypertext Transfer Protocol Secure) is a secure version of HTTP that uses SSL/TLS encryption to …
descriptionHashing
A one-way cryptographic function that transforms data of any size into a fixed-size string of characters, …
hiveHoneypot
A decoy system designed to attract and detect unauthorized access attempts, used for threat intelligence and …
ICMP
Internet Control Message Protocol (ICMP) is a network layer protocol used by network devices to send …
descriptionICS
Industrial Control Systems (ICS) are categories of control systems used to manage industrial processes, often including …
descriptionIDS
An IDS monitors network traffic and system activity for malicious activity or policy violations, alerting administrators …
descriptionIP Address
A unique numerical label assigned to each device connected to a computer network that uses the …
descriptionIPS
An IPS actively monitors network traffic for malicious activity and automatically takes action to prevent or …
descriptionIPv4
The fourth version of the Internet Protocol, using 32-bit addresses in a dotted-decimal format to identify …
descriptionIPv6
The latest version of the Internet Protocol, utilizing 128-bit hexadecimal addresses to provide a vast number …
descriptionISO 27001
ISO 27001 is an international standard for establishing, implementing, maintaining, and continually improving an Information Security …
descriptionIncident Response
Incident response is a structured approach to managing the aftermath of a cybersecurity breach or attack, …
descriptionIndicators of Compromise
Measurable artifacts observed on a network or operating system that indicate a high probability of a …
descriptionInternet-Wide Scanning
The systematic process of probing a significant portion of the global internet's IP address space to …
KEV
The CISA Known Exploited Vulnerabilities (KEV) Catalog lists vulnerabilities actively exploited in the wild, providing critical …
descriptionKubernetes
Kubernetes is an open-source container orchestration system for automating the deployment, scaling, and management of containerized …
LFI
Local File Inclusion (LFI) is a web vulnerability allowing an attacker to include files on a …
descriptionLateral Movement
Lateral movement is a cyberattack technique where an attacker, having gained initial access, moves through a …
descriptionLoad Balancer
A load balancer distributes network traffic efficiently across multiple servers to ensure high availability and responsiveness …
MITRE ATT&CK
A globally accessible knowledge base of adversary tactics and techniques based on real-world observations, used to …
descriptionMQTT
MQTT is a lightweight, publish-subscribe network protocol designed for constrained devices and low-bandwidth, high-latency, or unreliable …
descriptionMalware
Malware, short for malicious software, is any software designed to disrupt, damage, or gain unauthorized access …
descriptionMan-in-the-Middle
A Man-in-the-Middle (MitM) attack intercepts communication between two parties, allowing the attacker to eavesdrop, alter, or …
descriptionModbus
Modbus is a serial communication protocol used to connect industrial electronic devices, widely adopted in SCADA …
descriptionMongoDB
A popular open-source NoSQL database that stores data in flexible, JSON-like documents, known for its scalability …
NAT
Network Address Translation (NAT) is a method of remapping an IP address space into another, often …
descriptionNIST
The National Institute of Standards and Technology develops cybersecurity frameworks, guidelines, and standards to protect information …
descriptionNVD
The National Vulnerability Database is a U.S. government repository of standards-based vulnerability management data represented using …
descriptionNetwork Scanning
Network scanning is the systematic process of exploring a network to identify live hosts, open ports, …
OSINT
Open-Source Intelligence (OSINT) is the collection and analysis of publicly available information from diverse sources to …
descriptionOT Security
OT Security protects operational technology environments from cyber threats, ensuring the safety, reliability, and availability of …
descriptionOWASP
The Open Worldwide Application Security Project (OWASP) is a non-profit foundation focused on improving software security …
sensorsOpen Port
A network port that is accepting connections, indicating a running service that can be accessed remotely.
Passive Reconnaissance
Gathering information about a target without directly interacting with it, often using publicly available sources to …
descriptionPayload
In cybersecurity, a payload is the part of an exploit or malware that performs the malicious …
descriptionPenetration Testing
Penetration testing is an authorized simulated cyberattack against a computer system, network, or web application to …
descriptionPhishing
Phishing is a cyberattack where malicious actors deceive individuals, often via email or fake websites, into …
radarPort Scanning
The process of sending requests to a range of port numbers on a host to identify …
descriptionPrivilege Escalation
Privilege escalation is the act of gaining higher-level access than initially authorized on a computer system, …
descriptionProxy
A proxy server acts as an intermediary for requests from clients seeking resources from other servers, …
descriptionPublic Key Infrastructure
A set of roles, policies, and procedures required to create, manage, distribute, use, store, and revoke …
descriptionPurple Team
The Purple Team integrates Red Team (offense) and Blue Team (defense) methodologies to enhance an organization's …
RCE
Remote Code Execution (RCE) is a critical vulnerability allowing an attacker to execute arbitrary code on …
descriptionRDP
RDP is a proprietary protocol developed by Microsoft, allowing users to connect to and control a …
descriptionRSA
A widely used public-key cryptosystem for secure data transmission, based on the difficulty of factoring large …
descriptionRansomware
Ransomware is a type of malicious software that encrypts a victim's files, demanding a payment, typically …
descriptionReconnaissance
Reconnaissance is the initial phase of cybersecurity assessment or attack, involving the systematic gathering of information …
descriptionRed Team
A Red Team simulates sophisticated adversaries to test an organization's security defenses, personnel, and processes in …
descriptionRedis
An open-source, in-memory data structure store primarily used as a database, cache, and message broker, known …
descriptionResponsible Disclosure
Responsible disclosure is a cybersecurity practice where a security researcher privately reports a vulnerability to the …
descriptionReverse Proxy
A reverse proxy server sits in front of web servers and forwards client requests to them, …
descriptionRootkit
A rootkit is a stealthy collection of software tools designed to conceal the presence of other …
SCADA
Supervisory Control and Data Acquisition (SCADA) systems monitor and control industrial processes across vast geographical areas …
descriptionSIEM
Security Information and Event Management (SIEM) is a security solution that centralizes and analyzes log and …
descriptionSMB
SMB is a network file sharing protocol primarily used by Microsoft Windows, enabling applications to read/write …
descriptionSMTP
SMTP (Simple Mail Transfer Protocol) is the standard protocol for sending and receiving email messages between …
descriptionSNMP
SNMP (Simple Network Management Protocol) is an application-layer protocol for managing and monitoring network devices, allowing …
descriptionSOAR
SOAR platforms integrate security tools and automate incident response workflows, enabling organizations to efficiently manage and …
descriptionSOC
A Security Operations Center (SOC) is a centralized function within an organization responsible for continuously monitoring …
descriptionSQL Injection
A SQL Injection (SQLi) is a web security vulnerability allowing attackers to interfere with an application's …
descriptionSSH
SSH (Secure Shell) is a cryptographic network protocol for operating network services securely over an unsecured …
descriptionSSL
SSL (Secure Sockets Layer) is a deprecated cryptographic protocol that provided secure communication over a computer …
descriptionSSRF
Server-Side Request Forgery (SSRF) is a vulnerability where an attacker can induce a server-side application to …
descriptionSYN Scan
A port scanning technique that sends a SYN packet to a target port and analyzes the …
descriptionService Enumeration
Service enumeration is the process of identifying and mapping all active services, their associated open ports, …
descriptionShellcode
Shellcode is a small piece of low-level code, typically written in assembly, used as a payload …
descriptionSubnet
A subnet (subnetwork) is a logical subdivision of an IP network, allowing an organization to segment …
TCP
Transmission Control Protocol (TCP) is a core protocol of the internet protocol suite, providing reliable, ordered, …
lockTLS
Transport Layer Security — a cryptographic protocol that provides secure communication over a computer network.
descriptionTLS Handshake
The TLS handshake is the foundational process establishing a secure, encrypted communication channel between a client …
descriptionTelnet
Telnet is an application layer protocol used on the internet or local area networks to provide …
descriptionThreat Hunting
Threat hunting is a proactive cybersecurity activity focused on iteratively searching through networks and systems to …
descriptionThreat Intelligence
Threat Intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications, and actionable advice about an existing …
descriptionThreat Modeling
Threat modeling is a structured process used to identify, evaluate, and mitigate potential security threats and …
descriptionTrojan
A Trojan horse, or Trojan, is a type of malicious software disguised as legitimate software, designed …
X.509
A standard defining the format of public key certificates, commonly used to verify the authenticity of …
descriptionXDR
XDR is a unified security platform that collects and correlates data across multiple security layers (endpoints, …
descriptionXSS
Cross-Site Scripting (XSS) is a web security vulnerability that allows attackers to inject malicious client-side scripts …
Learn by Doing
See these concepts in action. Search the internet's attack surface with Zondex's powerful dork syntax.