A utility that is used to perform multiple functions on user accounts, including resetting passwords.

A method of storing user account information in a Windows system that is used in larger network environments, such as those present in mid- to enterprise-level businesses.

A form of operating system fingerprinting that involves actively requesting information from the target system. This means getting the information faster but also at greater risk of exposure than is the case in passive fingerprinting.

Designed to obtain a password that the attacker is not authorized to possess using aggressive methods, such as brute-force and dictionary attacks.

The process of searching for and identifying a session and taking it over to interact with the victim’s system. Performed on networks where switches are in play.

The process of sniffing network traffic when a switch is involved and splitting the network into different logical collision domains.

Used to map a known Internet Protocol (IPv4) address to an unknown physical or MAC address.

The process of overwhelming a switch with bogus MAC addresses in an attempt to exceed the limitations of a switch.

Software specifically designed to display legitimate-looking ads on a victim’s computer with the intention of getting the victim to purchase goods or services. Software in this category can also download and update with new advertisements, which it will randomly display.

The steps required to solve a problem.

A feature of the NTFS file system that allows each file to store data in different segments, or areas (also called streams).

An open source network scanner that runs on multiple operating systems.

A method of detecting activity that deviates from established normal behavior.

In the IT realm, something of value that needs to be protected, such as data, software, or hardware.

An algorithm that uses a pair of cryptographic keys to perform encryption/decryption functions on information; also referred to as using public and private keys, which describe who has access to and possession of the keys.

The process of confirming that someone is who he or she claims to be, such as with a username and password.

A device that an attacker leaves behind on a system that will allow the attacker to reenter the system later; also, defined as an entry point on a system that an attacker uses to gain entry to a system.

Banner information is data that reveals telling information such as version and service data that will help an attacker.

A mechanism that authenticates an individual using physical traits, such as fingerprints, facial recognition, voiceprints, or other distinguishing characteristics.

A kind of testing of a computer system in which the testing team must approach it like a “black box,” meaning with no prior knowledge of it.

Accessing a Bluetooth-enabled device to use its services for the benefit of the attacker.

Sending unsolicited messages to another device that is using Bluetooth to get the recipient to open them and potentially infect the device.

Accessing a Bluetooth-enabled device with the intention of stealing data.

Short-range wireless technology used to support communication between devices, such as mobile phones, tablets, and laptops; an open standard designed to support personal area networking (PAN) environments.

Physical barriers that can take the form of heavy steel or concrete posts or subtle structures, such as brick and concrete flowerbeds, that are designed to prevent ramming attacks from motor vehicles.

The part of a hard drive or disk that is used to load an operating system.

A group of infected systems that are used to collectively attack another system.

An effort to break a password by using all possible combinations of characters until a combination works.

Error that occurs when an application, process, or program attempts to put more data in a buffer than it was designed to hold.

A plan that defines how an organization will maintain normal day-to-day operations in the event of a security incident or other disruptive events.

The process of analyzing existing risks and documenting how each risk could affect the organization.

The process of tracking and carefully processing evidence from collection to trial to the return to its owner.

The formula or process used to perform encryption or decryption.

A surveillance system whereby video cameras transmit a signal to a limited number of monitors.

Represents a logical region of a network in which two or more data packets can collide.

An interface that is navigated completely from text commands entered into the computer.

The act of engaging in crime through the use of a computer or similar type of device.

An organized group of trained professionals tasked with responding to computer incidents in an efficient and effective manner.

The memory present on a switch that is used to look up the MAC address to port mappings that are present on a network.

A communication mechanism that uses normal communications or other operations to covertly pass information.

Someone who breaks into computer systems without authorization.

Relies on a variation of the input validation attack, but the target is different because the goal is to go after a user instead of the application or data.

The practice of modifying data in such a way that it is only readable to authorized consumers.

Deploying multiple layers of security controls to protect assets.

An attack in which a service is overwhelmed by traffic so that its legitimate use is prevented or denied.

A process of securing logical or physical assets by first denying all access and then allowing access on only a case-by-case basis.

An attack in which a predefined list of words is tried to see whether one of them is a user’s password.

Documented procedures that define how personnel and assets will be safeguarded in the event of a disaster and how those assets will be restored and brought back to an operating state after a disaster passes.

An attack launched simultaneously from large numbers of hosts that have been compromised and that act after receiving a command.

A hierarchical system of servers and services specifically designed to translate IP addresses into domain names (forward lookups) as well as the reverse (reverse lookups).

Gathering material that has been discarded or left in unsecured receptacles, such as trash cans or dumpsters.

Refers to the capability of a system or protocol to rewrap or encapsulate one protocol within another.

Documents that appear onscreen prior to installing software; outline the usage guidelines and rights of the user and creator of the software package.

The process of probing services, systems, and applications to discover detailed information that can be used to attack a target system; has the ability to reveal user accounts, passwords, group names, and other information about a target.

Someone who knows how hacking works and understands the dangers it poses but uses those skills for good purposes; often known as a white-hat hacker.

Any observable occurrence in a computer, device, or network.

Information or physical remnants collected from a crime scene and used to determine the extent of a crime and potentially prove a case in court.

A piece of software, data, or other similar item that can take advantage of a vulnerability or weakness inherent in a system.

A failure response resulting in open and unrestricted access or communication.

A metric used to describe the probability that a biometric system will incorrectly accept an unauthorized user.

A metric used to describe the probability that a biometric system will incorrectly reject an authorized user.

Regulates the flow of traffic between different networks; acts as a point of entry and exit to a network, sometimes called a chokepoint.

The process or technique of managing the flow, timing, sending, receiving, and overall transmission of data with the goal of ensuring that the traffic does not overwhelm or exceed the capacity of a connection.

The process of gathering information about a target site (its computer systems and employees) by passive means without the organization’s knowledge.

A methodical scientific process used to collect information from a crime scene; generally undertaken only by experienced professionals.

Represents a logical structure that holds addressing, data information, and the payload or data itself.

The software license that governs the Linux kernel and other open source software.

The technique of using advanced operators in the Google search engine to locate specific strings of text within search results, including strings that identify software vulnerabilities and misconfigurations.

An interface designed to present clickable icons and other items that are easy to interact with.

Originally referred to the technology enthusiasts of the 1960s, who today would be known as geeks; widely used to refer to a prankster or criminal.

The unique number produced by a hash algorithm when applied to a data set; verifies the integrity of data.

A collection of multiple honeypots in a network for luring and trapping hackers.

A closely monitored system that usually contains a large number of files that appear to be valuable or sensitive and serve as a trap for hackers; distracts hackers from real targets, detects new exploitations, and learns the identities of hackers.

A software application that is designed to detect unusual activity on an individual system and report or log this activity as appropriate.

A simple device that connects networks; possesses no intelligence, so broadcasts received on one port are transmitted to all ports.

A form of offline attack to crack passwords that functions much like a dictionary attack but with a brute-force attack pass for each word in the attack dictionary.

A situation whereby an attacker has breached security.

A detailed plan that describes how to deal with a security incident when it occurs.

A specific team assembled to handle incident response activities.

Applications designed without security devices.

The scientific body that establishes network standards, such as 802.3 and 802.11.

The ability to verify that information has not been altered and has remained in the form originally intended by the creator.

A website that archives and maintains previous copies of most websites.

The body responsible for the global coordination of the DNS root, IP addressing, and other IP resources.

The part of TCP/IP that supports diagnostics and error control. Ping is a type of ICMP message.

Devices, appliances, vehicles, and other objects of many types that have network communication hardware and software installed in them that allow them to connect to networks.

The unauthorized use or access of a system by an individual, a party, or a service; any activity that should not occur on an information system but is.

The technique of uncovering successful or attempted unauthorized access to an information system.

Software or hardware device that is designed to detect suspicious or anomalous behavior and report it to the system owner or administrator.

Intercepts potentially hostile activity prior to its being processed.

The core component of the Linux operating system; controls all the low-level system functions, such as resource management, input and output operations, and the CPU.

Intercepting characters as they are typed, often to capture a password as a user is entering it.

The process of carefully considering everything that possibly could happen to an encryption key, from securing it on the local device to securing it on a remote device and providing protection against corruption and loss.

Software designed to capture the keystrokes of the user and then be retrieved by an attacker later.

Used to enable secure communication between points on a virtual private network (VPN).

A version of Linux that is designed to run entirely from removable media, such as a disk or flash drive.

Mechanical or electronic device designed to secure, hold, or close items operated by a key, combination, or keycard; tends to be the most widely used security device.

A piece of code designed to cause harm that is intentionally inserted into a software system to be activated by some predetermined trigger.

A logical construct in memory that allows a switch to look up which MAC address is located on which port on the switch.

A class of software that does not offer anything beneficial to the user or system owner; included are software types such as the virus, worm, logic bomb, and Trojan horse.

Any software that is inherently hostile, intrusive, or annoying in its operation and performs any action or activity without the knowledge or consent of the system’s owner.

A section of hard drive records responsible for assisting in locating the operating system to boot the computer; conventionally, located in the first sector of the hard drive.

The address that is physically embedded or hard coded into a network card, connection device, or appropriate physical layer device that is attached to the network.

The improper use of privileges or resources within an organization; not necessarily malicious in nature.

The ability to detect activity that matches known misuse of resources or privileges.

A wireless transmission technology designed to provide higher-performance wireless transmissions; relies on the use of multiple antennas at both the sending and receiving ends to provide better performance than a single antenna.

A software application designed to detect and report suspicious or unusual activity on a network segment.

A port scanner that can perform a number of scan types.

An application that allows a user to enter a hostname and find the corresponding IP address.

A feature present in Windows operating systems used to connect to a system remotely; can reveal usernames and share information on a target system.

A form of password attack carried out on a previously downloaded password file that relies on weaknesses in how passwords are stored on a system.

The practice of identifying the operating system of a networked device through either passive or active techniques.

A method of identifying the operating system of a targeted computer or device by listening to and analyzing existing traffic, without injecting traffic or packets into the network.

Obtaining a password simply by listening for it.

The process of locating and identifying a session and taking it over by just observing instead of interacting with the victim; performed on networks in which a hub is present; in practice, identical to sniffing.

The process of sniffing on a network that has a hub; does not transmit data on the network and is therefore hard to detect.

The activity of obtaining a password by using methods designed to determine or capture the password.

Software that organizes and tracks various usernames and passwords.

A series of simulated attacks on a computing environment, carried out by an authorized individual, to assess the strength of existing security controls.

A capability implemented through Bluetooth technology.

Any mechanism by which an individual can be granted or denied physical access to some asset.

Mechanisms put in place to detect when unauthorized individuals access some protected asset.

The infrastructure that connects the network and allows for the transmission of information; includes hubs, bridges, switches, and routers.

The collection of safeguards that limit physical access to assets.

A network utility that sends an Internet Control Message Protocol (ICMP) message.

The process of sending ping requests to a series of devices or to the entire range of networked devices.

A process in which a communication process is redirected to a port different from the normal or expected one.

Connection point on a system for the exchange of information, such as web server traffic or File Transfer Protocol (FTP).

Technique that sends network messages to identify open and closed ports and the services running on a given system or group of systems.

The stored result of one or more input values processed by a hash function. Such values can be used for attacks without incurring the overhead of hash computation during the attack.

A technique used to share a passphrase or password with multiple parties before use; commonly implemented on small-scale wireless networks in which more advanced key distribution systems do not exist or would be prohibitive.

The process of increasing privileges above what one would otherwise possess with a user account; performed by cracking the password of an existing account or changing the password of an account that already has access.

A special mode that a network card can be switched to that will allow the card to observe all traffic that passes by on the network, including the traffic not addressed to the specific network card.

An older hardware interface for keyboards and mice that is being phased out in favor of universal serial bus (USB).

A collection of software utilities developed by Microsoft to help manage computers running the Microsoft Windows operating system.

A type of attack targeted toward passwords in which every combination of characters is hashed and then compared later to a hashed password.

Malware that encrypts files or even entire volumes and forces the victim to pay a ransom to get the decryption key.

Regional organizations that oversee the allocation and registration of Internet number resources.

The process of using utilities and devices to collect realtime metrics from computers and devices that are connected to a network.

Resolves MAC addresses to IP addresses; in essence, the reverse process of ARP.

A piece of software placed on a system to do any number of tasks on behalf of an attacker; has the ability to hand over control of a system to an attacker at a very fundamental level.

The primary piece of equipment at the Network or Internet Layer; differs from a switch in that it directs traffic using a logical address rather than a physical address, as a switch does.

A scanning tool that is designed to scan a single host up to large-scale networks quickly and then return results about the network.

Malware created to entice victims into purchasing and downloading useless and potentially dangerous software.

The part of the Windows operating system that holds user account and associated passwords in a hashed format.

A technical and nontechnical mechanism that enforces the security policy.

An organized collection of software and devices that help security professionals manage their environments by monitoring systems for security events, generating alerts, and assisting in responding to alerts.

A high-level description of how an organization defines a secure environment.

A document or collection of documents that presents a methodology for implementing protocols to create a secure environment.

A largely obsolete protocol that was originally designed for use in connections established by modems.

Represents a temporary connection that a client has with the server application to accomplish some task.

The process of locating and identifying a session and taking it over.

A cipher that works by substituting each character in a message with the character a certain number of positions to the left or right of the current character.

A method of obtaining a password or other data entered by observing a user while typing.

A technique that compares sniffed traffic or other activity with that stored in a database.

A protocol used to manage network devices.

Hardware- or software-based device that can observe traffic on a network and help a network administrator or an attacker construct what is happening on the network; also, defined as a device implemented via hardware or software that is used to intercept, decode, and in some cases record network traffic; also referred to as protocol analyzers or packet sniffers.

A utility designed to detect SNMP-enabled devices on a network. The utility is designed to locate and identify devices that are vulnerable to SNMP attacks.

The practice of tricking or coercing people into revealing information they should keep confidential or violating normal security practices.

A website or service that allows individuals and organizations to construct public or semipublic profiles and share information with others with similar interests, connections, or activities, such as Facebook, Twitter, LinkedIn, Snapchat, and Instagram.

The creation and maintenance of personal and business relationships online through social media outlets, such as Facebook, Twitter, LinkedIn, Snapchat, and Instagram.

Software designed to track or observe the usage of a computer system; can intercept information for purposes of identity theft or financial gain or to obtain other information.

An attack on software applications and databases that extends valid SQL queries by adding, or injecting, specially crafted SQL statements to carry out unauthorized access to data or assets.

Used to interact with databases and makes it possible to access, manipulate, and change data in databases to differing degrees.

A method of separating a network into segments for better management and performance.

A Windows-based port scanner developed by Foundstone and designed to scan TCP and UDP ports, perform ping scans, run Whois queries, and use Traceroute.

A device used to break a network into logical segments known as collision domains.

Uses the same key to encrypt and decrypt information.

A type of DoS attack where a stream of packets is sent toward a target, each with a spoofed source address.

A software utility used to scan computers and devices to determine which ports are open and what application is listening to each port.

A software tool used to trace the route taken by data packets.

A mechanism that is used to encrypt communication between two parties.

Function that is easy to compute in one direction but hard to compute in the other direction.

A Linux distribution that is specifically designed to be run from a CD or USB drive to recover and repair both Windows and Linux systems that are otherwise unbootable or unrecoverable; can easily be maliciously used to escalate privileges by resetting passwords of accounts that someone would not otherwise have access to.

A specific type of malware designed to hide on a system and open up backdoors through which an attacker can gain access, control, or other insight into a system.

A software development kit specifically designed to facilitate the design and development of Trojan horses.

A US Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system.

A one-way gate or access control mechanism used to limit traffic and control the flow of people; commonly observed in locations such as subways and amusement parks.

An interface standard for devices such as keyboards, mice, flash drives, and other types of hardware.

A connectionless protocol that is not designed to provide robust error-recovery features but instead trades error recovery for higher performance during the sending and receiving of information.

A software emulation of a computer system.

A piece of software that infects a system and can perform any action, from corrupting data or system files to formatting drives.

The absence or weakness of a safeguard in an asset.

A technique used to mark the presence of access points with special symbols and glyphs used to inform others who might follow about the presence of a Wi-Fi network.

The process of locating wireless access points and gaining information about the configuration of each point by driving from place to place while monitoring nearby wireless access points.

A kind of testing in which the testing team is given advance knowledge of the system to be tested; contrasts with black-box testing.

A software tool used to identify the IP address and owner of a specific domain.

A trademark owned by the Wi-Fi Alliance demonstrating that a specific piece of equipment has met testing standards designed to ensure compatibility with other Wi-Fi devices.

A setup created by wireless networking technologies that is designed to extend or replace wired networks.

A malware program designed to replicate without attaching to or infecting other files on a host system; typically responsible for system slowdowns and similar behaviors.

A commonly used active fingerprinting software utility that relies on a unique method to identify an operating system known as fuzzy signature matching.