Cybersecurity 101: A Complete Cybersecurity Glossary

Cybersecurity is becoming even more important in today’s world. From people protecting their personal information to organizations safeguarding their sensitive data, you need to understand these cybersecurity terms. 


Check out Huntress's comprehensive cybersecurity glossary to learn key cybersecurity terminology and the most commonly used words and phrases of cybersecurity professionals use. Consider this your cybersecurity encyclopedia to help you make informed decisions about online security and stay updated on emerging threats.

Glitch effectGlitch effectGlitch effect
A
Access Control List (ACL)

An access control list (ACL) is a list of permissions or rules that define who or what has permission to access a specific resource, such as computer systems and network resources.

Account Takeover (ATO)

An account takeover, or ATO, is an attack that occurs when a threat actor gains unauthorized access to a user’s account credentials and takes over the account to commit malicious activity, such as fraud or data theft.

Active Directory

A Microsoft Windows directory service that helps administrators configure permissions and network access to ensure security.

Active Directory Security

A directory service offered by Microsoft Windows, Active Directory (AD) helps administrators configure permissions and network access. AD controls who can access what resources, like files and printers, and makes it easier for IT teams to manage the entire network.

Address Resolution Protocol (ARP) Spoofing

A cyberattack where a hacker intercepts data by tricking a device into sending messages to the hacker instead of the intended recipient. Also referred to as ARP poisoning.

Advanced Persistent Threat (APT)

An APT is a sophisticated and long-term cyberattack where threat actors secretly gain access to a network to steal sensitive data. These attacks are often highly targeted and difficult to detect, as attackers aim to remain hidden for extended periods.

Adversarial AI

Adversarial AI or adversarial machine learning (ML) looks to ruin the performance of AI/ML systems by manipulating or misleading them. These attacks on machine learning systems can occur at multiple stages across the model development life cycle.

Adversary-in-the-Middle (AITM) Attack

An attack where the attacker intercepts data from a sender to the recipient and then from the recipient back to the send. AITM enables attackers to not just harvest credentials, but steal live sessions, allowing them to bypass traditional phishing prevention controls such as MFA, EDR, and email content filtering. It was formerly known as a Main-in-the-Middle (MitM) attack.

Adware

Adware is software that displays unwanted advertisements on your computer or mobile device. These ads can appear as pop-ups or banners, or even take over your entire screen. While usually not as harmful as other types of malware like viruses or ransomware, adware can be annoying and intrusive, slowing down your device's performance and potentially tracking your online activity for targeted advertising purposes.

Agent

A background program that performs tasks on a computer without direct user interaction.

Air Gap/Wall

An air gap is a security measure that physically isolates a network or device from external networks, including the internet, to prevent unauthorized access.

Algorithm

A set of rules or steps a computer follows to solve problems or perform tasks, often used in encryption and data processing.

Allowlisting

Allowlisting is a security measure that permits only pre-approved applications to run on a device or network.

Amazon Web Services (AWS) Cloud Security

Best practices and recommendations for scaling and enhancing security in AWS cloud environments.

Antivirus (AV)

Antivirus is a type of software that is designed to prevent, search for, detect and remove viruses and other malware from a computer. AV software is typically installed on the endpoint to block malicious software from infecting the machine, mobile device or network. It works by scanning a file, program or application and comparing a specific set of code with information stored in its database. If the software finds code that is identical or similar to a piece of known malware in the database, that code is deemed malicious and is quarantined or removed.

API Security

Security that entails implementing strategies to protect data confidentiality, integrity, and availability. This includes establishing authentication and authorization protocols to ensure that only authorized users and applications can access the API.

Application Access

When an application is running in an environment, it has access to everything in that environment, including sensitive files and networked devices.

Application Definition

The set of files and custom rules that make up a particular application.

Application Exploits

These occur when cyber threat actors take advantage of vulnerabilities within an application, usually to gain unauthorized access.

Application Security Orchestration and Correlation (ASOC)

ASOC tools are a category of application security (AppSec) solutions designed to streamline and automate key workflows and security processes. These tools assist development teams in automating vulnerability management, risk assessment, and remediation and orchestrating data from various security solutions, thereby enhancing vulnerability testing and remediation through workflow automation.

Application Security Posture Management (ASPM)

ASPM is a vital practice focused on ensuring applications meet stringent security standards and identifying vulnerabilities.

AppSec

The process of finding, fixing and preventing security vulnerabilities at the application level, as part of the software development process.

Attack Vectors

An attack vector is the method or combination of methods that cybercriminals use to breach or infiltrate a victim’s network illegally. Attack vectors are often complex and involve gathering intelligence and identifying weak points for exploitation to gain network access.

Audit Event

Any security-relevant occurrence within a system that is logged for review.

Audit File

A file containing a collection of audit events, providing a record of system activity.

Authentication

Authentication is the process of verifying a user's or device's identity. Methods include passwords, biometrics (fingerprints, facial recognition), and security tokens.

B
Backdoor Attacks

Similar to a secret entrance into a house, backdoor attacks are hidden ways of bypassing normal authentication to get unauthorized access to a system. Backdoors can be intentionally created by attackers or unintentionally left by developers during the software development process.

Backup

Typically involving online or offsite storage, a backup or backing up saves data to a separate location to ensure its recovery in case of loss or damage.

Behavioral Analytics

User behaviors are analyzed within networks and applications to find unusual activity that may mean “security threat”. This can involve monitoring user activities like logins, file access, and email interactions, to find deviations from typical patterns and examining the system itself for anomalies like unexpected resource consumption, unusual network traffic, or unexpected software changes.

Black Hat

A black hat describes a threat actor who uses advanced hacking skills for malicious purposes. They exploit vulnerabilities to steal data, disrupt services, or cause harm.

Blocklist

As the name implies, a blocklist is a security mechanism that blocks or prohibits the execution of programs on a known malicious list. It’s also a firewall list created to block IPs with malicious reputations.

Bootkit

A type of malware that subverts the booting mechanism and operating system of a computer in order to avoid detection.

Botnet

A botnet is a collection of computers compromised by malicious code used to run a remote control agent, granting an attacker the ability to take advantage of system resources. Typically used for DDOS attacks, hosting false web services, or transmitting spam.

Bring Your Own Device (BYOD)

A policy allowing employees to use personal devices for work, which can introduce security risks if not properly managed.

Brute Force Attack

A brute force attack is a type of cyber attack that use trial-and-error to guess login credentials and encryption keys systematically until successful.

Built-in Tools

Tools included in the basic functionality of a platform without requiring additional modifications.

Business Email Compromise (BEC)

Business email compromise (BEC) is a phishing scam where threat actors impersonate a trusted source to convince others to give them sensitive information or take specific action.

C
Canaries

Named after the songbirds, Ransomware Canaries describe the physical or virtual devices that mimic other devices to lure attackers, helping study their behaviors.

CIS Benchmarks

Developed by the Center for Internet Security, CIS benchmarks are comprehensive security configuration guidelines for specific technologies to help organizations fight cyber threats.

ClickFake Interview

A clickfake interview is a fake job interview designed by cybercriminals to deceive targets into clicking malicious links, downloading malware, or sharing sensitive information. Think of it as a social engineering trap aimed at job seekers and companies alike.



Cloud Access Security Broker (CASB)

A security checkpoint between cloud users and applications, CASB manages and enforces data security policies including authentication and encryption.

Cloud Application Security

Cloud application security is the process of securing cloud-based software applications throughout the development lifecycle.

Cloud Application Security

Protecting cloud-based software applications throughout their development lifecycle.

Cloud Compromise Assessment

In-depth evaluations of cloud infrastructures to identify and mitigate security risks, ensuring a strong security posture.

Cloud Computing

Providing online access to shared pools of configurable computing resources like servers, storage, applications, and services.

Cloud Data Security

Technologies and policies that protect data in the cloud from loss, leakage, misuse, breaches, and unauthorized access.

Cloud Governance

Policies and rules for managing cloud computing deployment, ensuring data security, system integration, and proper management.

Cloud Incident Response

Procedures to follow when a cybersecurity incident occurs in a cloud environment.

Cloud Native

Principles and practices for building secure applications in the cloud, essential for modern software development.

Cloud Security Architecture

The comprehensive framework of hardware, software, and infrastructure protecting cloud environments and their components.

Cloud Security Best Practices

Recommended practices for organizations to implement during cloud adoption to protect against cyberattacks.

Cloud Security Frameworks

Sets of guidelines and controls for securing data, applications, and infrastructure in cloud computing environments.

Cloud Workload Protection (CWP)

Continuous monitoring and removal of threats from cloud workloads and containers.

Cloud-based

Systems, applications, and operations hosted or conducted over the internet.

Code Security

The practice of writing and maintaining secure code, addressing vulnerabilities early in the development process to prevent them from reaching live environments.

Cold Storage

Data stored on a database that is typically not quickly accessible and stored for a long period of time.

Command and Control Server

A computer used by attackers to communicate with and control compromised devices.

Container

A lightweight package of application code with dependencies such as a specific version of programming language runtime and libraries required to run a software service. Common container software are

Cookies

Cookies are small text files created by websites and stored on your browser, used to recognize you and track certain aspects of your activity.

Credential Stuffing

A brute force attack using real, stolen credentials from a data breach.

Credential Theft

The act of stealing personal information such as usernames, passwords, and financial information to gain unauthorized access.

Cryptocurrency

Digital or virtual currency, often demanded in ransomware attacks due to its decentralized and untraceable nature.

CTF

Capture The Flag (CTF), a cybersecurity exercise where participants find hidden text strings, called "flags", in vulnerable programs or websites. The Huntress CTF, is our our yearly month-long competition of daily challenges designed for experts and enthusiasts alike.

Cyber Insurance

Cyber insurance is financial protection for businesses if a cyberattack happens. It can cover costs associated with data breaches like legal fees, reputation damage, and business interruption.

Cyber Threat

Any potential harm originating from an online source, aiming to damage or disrupt operations.

Cyberattack

A cyberattack is defined as any malicious attempt to disrupt, damage, or gain unauthorized access to computer systems, networks, or devices.

Cybercriminals

Cybercriminals are individuals or groups who initiate cyberattacks, also known as threat actors.

Cybersecurity

Cybersecurity refers to the practices, technologies, and processes designed to protect internet-connected systems, including computers, networks, and data, from cyber threats like malware and ransomware.

Cybersquatting

Cybersquatting is registering and using an internet domain name identical or similar to trademarks, service marks, personal names, or company names with the intent of hijacking traffic for financial profit or delivering malware payloads.

D
Dark Web Monitoring

Dark web monitoring is the process of searching for and tracking your organization's information on the dark web. This includes leaked passwords, stolen credit card information, or even intellectual property. By detecting these breaches early on, people and organizations can take steps to mitigate the damage and prevent further harm.

Data Breach

A data breach describes a security incident where data is illegally accessed, stolen, or released by an unauthorized individual or group. This can include personal data like Social Security numbers and financial information, as well as corporate data like customer records and intellectual property.

Data Encryption

Converting plain text into an encoded format to protect against unauthorized access.

Data Exfiltration

Data exfiltration refers to the unauthorized transfer of data from a device or network. Cybercriminals use malware, insider threats, or exploiting vulnerabilities to steal data and transmit it to locations under their control. Threat actors can then use stolen data for malicious purposes like identity theft, espionage, or financial gain.

Data Loss Prevention (DLP)

A set of policies, practices, and tools used to make sure sensitive data isn’t lost, misused, or accessed by unauthorized users. DLP solutions perform both content inspection and contextual analysis of data sent from or across corporate networks to give visibility into who is accessing data and systems (and from where) and filter data streams to restrict suspicious or unidentified activity. 

You can use DLP solutions to reduce the risk of sensitive data leaking outside your organization, and some solutions go beyond simple monitoring and detection to give alerts, enforce encryption, and isolate data as needed.

Data Obfuscation

Disguising confidential or sensitive data to protect it from unauthorized access through tactics like masking, encryption, and tokenization.

Data Poisoning

Compromising a training dataset used by an AI/ML model to manipulate its operation.

Data Portability

The ability to transfer personal data easily from one service provider to another.

Data Privacy

Ensuring proper storage, access, retention, and security of sensitive data to meet regulatory requirements and protect confidentiality.

Data Protection vs. Data Security

Data protection focuses on safeguarding personal data from corruption, compromise, or loss, while data security encompasses all measures to guard against unauthorized access to digital data.

Database Monitoring

Database monitoring involves continuously tracking database activities to optimize performance and ensure security. This combines performance monitoring like CPU usage and memory consumption, security monitoring for suspicious activities, and accessibility monitoring. 

DDOS

Denial of Service and Distributed Denial of Service

Default Deny

A strict security policy that blocks all actions unless explicitly permitted.

Dependencies

Files required for software to run, such as DLLs in Windows.

Disaster Recovery (Plan)

Procedures to recover data and operations following a cyberattack.

DLP

Data Loss Prevention is a solution that detects and blocks the extraction of sensitive data by internal or external sources.

Domain Admin Groups

Groups with administrative rights across all domains within an organization.

Doxware

A type of ransomware that threatens to release sensitive data if the ransom is not paid.

Dynamic ACLs

Advanced ACLs requiring user authentication before accessing resources.

E
EDR vs MDR vs XDR

Learn the differences between endpoint detection and response (EDR), managed detection and response (MDR) and extended detection and response (XDR).

Elevation Control

Users typically have limited access to a system. To do certain tasks (like installing software or modifying system settings), they might need more privileges (like administrator rights). Elevation control lets users run specific applications as administrators without having admin privileges.

Email Spoofing

Email spoofing is a type of cyberattack that targets businesses by using emails with forged sender addresses. Because the recipient trusts the alleged sender, they’re more likely to open the email and click on things like malicious links or attachments.

Encryption

Converting data into a coded format to prevent unauthorized access.

Endpoint

Devices like computers, mobile phones, and servers that connect to and communicate with a network.

Endpoint Detection and Response (EDR)

An integrated endpoint security solution designed to detect, investigate and respond to cyber threats. EDR solutions offer greater visibility into what’s happening on endpoints by recording granular endpoint activity and monitoring for signs of malicious behavior. If the EDR technology detects any of these malicious signs, it will provide security analysts with the necessary information to conduct both reactive and proactive threat investigations and minimize the impact of an attack.

Endpoint Monitoring

Endpoint monitoring involves the continuous monitoring and management of devices that connect to a network, such as computers, mobile devices, and servers.

Endpoint Protection Platforms (EPP)

Security technologies such as antivirus, data encryption, and data loss prevention that work together to detect and prevent security threats.

Enterprise Solutions

Software designed to integrate multiple systems within an organization to streamline processes.

Executables

Code files or programs that instruct a computer to perform specific actions when opened.

Exploit

Taking advantage of vulnerabilities in systems or software to perform malicious acts.

Extended Detection and Response (XDR)

XDRs collect and correlate data from various sources, including endpoints, cloud workloads, networks, and emails, to help mitigate cyber threats, unauthorized access, and other forms of misuse.

F
False Flag

A false flag in cybersecurity is when bad actors launch an attack but pretend to be someone else.

Federal Information Security Management Act (FISMA)

FISMA is a U.S. federal law enacted in 2002 that requires federal agencies to implement information security programs to protect their data and information systems. It sets standards for how agencies should assess, manage, and mitigate cybersecurity risks.

File Integrity Monitoring (FIM)

File Integrity Monitoring is a security process that monitors and analyzes the integrity of assets including file systems, directories, databases, and the Operating System.

Fileless Malware

Fileless malware operates entirely within a computer's memory without ever touching the hard drive. This malicious software may either use legitimate tools or embed code in legitimate files, making detection difficult.

Firewall

A firewall is a security system that monitors and filters incoming and outgoing network traffic to prevent unauthorized access to an organization's network. It acts as an outer barrier that either allows or blocks network traffic based on a predefined set of rules. It scans specific data packets—units of communication sent over networks—for malicious code or known threats. If a data packet is flagged, the firewall prevents it from entering the network.

Footholds

Methods used by threat actors to reinstall malware on a device after it has been cleaned. Also known as “Persistence Mechanisms.”

Full Disk Access (FDA)

A macOS TCC permission that allows software to access sensitive user information.

G
General Data Protection Regulation (GDPR)

The GDPR is a European Union regulation on information privacy that governs how the personal data of people in the EU can be processed and transferred.

Glitching

Glitching is disrupting a device’s hardware in carefully targeted ways to force the device to behave unexpectedly, potentially bypassing its security measures.

Golden Ticket Attack

This type of attack refers to exploiting weaknesses in Kerberos to gain unauthorized access to Windows Active Directory controls, requiring initial system access.

Google Cloud Platform (GCP)

Google Cloud Platform is one of the 3 major cloud providers. GCP lets businesses use Google's infrastructure and technology to build and run applications, analyze data, and power their operations.

H
Hacktivism

Hacktivism is the use of computer hacking techniques to promote or push ideological, political, or social agendas. Unlike traditional hacking, which often focuses on financial gain or curiosity, hacktivism is fueled by motivations such as resisting censorship, advancing human rights, combating surveillance, or advocating for social or environmental justice. 

Hashing

Hashing is a one-way cryptographic function that converts any input (such as a file, password, or message) into a fixed-length string of characters known as the hash value, or digest. Whether the input is large or small, the output length remains consistent for any given hashing algorithm.

Health Insurance Portability and Accountability Act (HIPAA)

A US federal law established in 1996, HIPAA mandates the protection and confidential handling of people’s medical information.

Honeypots

Honeypots are cybersecurity mechanisms that gather intelligence on cybercriminals' identities, methods, and motivations. They use decoy targets to lure cybercriminals away from legitimate targets.

I
Incident Response

Incident response in cybersecurity refers to the strategies and procedures for responding to cyber threats and attacks in a network.

Information Security or InfoSec

InfoSec is the policies and procedures put in place by the organization to protect sensitive data from unauthorized access.

Infrastructure-as-a-Service (IaaS)

IaaS is a type of cloud computing where the provider offers the customer the ability to create virtual networks within a cloud-based computing environment.

Initial Access

Initial access refers to the adversary’s first successful entry point into a target network or system. It represents the critical foothold that enables attackers to establish a presence, often through tactics like phishing, exploiting vulnerabilities, or leveraging stolen credentials.

Integrations

In cybersecurity, integrations describe the capability of different computers and software systems to work together and exchange data.

Intrusion Detection System (IDS)

IDS is a security tool that detects the presence of cyber threats and notifies administrators. HIDS (Host-based Intrusion Detection) and NIDS (Network-based Intrusion Detection) can also be used, which are IDS tools used specifically for either the endpoints (host) or the network.

IP (Internet Protocol) Address

A unique identifier for a device connected to the internet, represented as a string of numbers and characters.

IPS (Intrusion Prevention System)

Intrusion Prevention System is a form of network security that can identify malicious activity, collect information about said activity, report it and attempt to block or stop it. An IPS works by actively scanning and analyzing network traffic for malicious activities and known attack patterns. Similar to an IDS, intrusion prevention systems are designed to warn of suspicious activity, but the key difference is that they can also take automated action and respond to active threats based on a predetermined set of rules.

ITDR

Identity Threat Detection and Response (ITDR) is a cybersecurity framework that helps protect user identities and systems from cyberattacks.

ITDR (Identity Threat Detection and Response)

A cybersecurity discipline that focuses on helping organizations and individuals protect their identity infrastructure and assist with remediation related to identity-centric attacks.

J
Just-in-time (JIT)

JIT refers to enabling specific privileges only when needed and disabling it when no longer required. This significantly reduces the window of vulnerability and minimizes the risk of unauthorized access or misuse of elevated privileges.

K
Kerberos

Using cryptography, Kerberos is an authentication protocol that verifies the identity of users and hosts.

Keylogger

A keylogger is a software that an attacker uses to record keystrokes remotely on a physical keyboard and capture passwords or other critical information.

Keystroke Logging

Keystroke logging (or keylogging) is a method of tracking and recording every keystroke you make on a keyboard. Keyloggers can monitor anything you type, from passwords and emails to credit card numbers and private messages.

L
LAN (Local Area Network)

A LAN is a grouping of electronic devices in the same physical location.

Lateral Movement

Lateral movement in cybersecurity refers to an attacker’s ability to move across a network after gaining initial access. Attackers use lateral movement to gain deeper access, steal valuable data, escalate privileges, or even set the stage for a massive ransomware attack.

Least Privilege

Least privilege access is the principle of giving users the minimum access necessary to perform their job functions. It is a security measurement that limits access to sensitive data to only the people who truly need it for their work.

LOLBins

LOLBins stands for Living Off the Land Binaries. These are legitimate, preinstalled programs or tools that come with the operating system (like Windows or MacOS).  Attackers exploit these legitimate tools for malicious purposes instead of introducing new, suspicious files.

Long Term Evolution (LTE)

LTE, short for Long Term Evolution, is a fourth-generation (4G) wireless communication standard established by the 3rd Generation Partnership Project (3GPP).

M
Machine Learning (ML)

Machine learning lets computers learn from data and make decisions or predictions without being programmed to do so.

Malspam

Malspam is a spam email that delivers malware, often through malicious attachments (like infected documents or executables) or links that, when clicked, download malware onto the recipient's device.

Malware

Malicious software designed to harm a computer, network, or server. Malware includes things like viruses, worms, Trojans, ransomware, spyware, or adware.

Malware Analysis

Malware analysis is the process of understanding the behavior and purpose of suspicious files or URLs to help detect and mitigate potential threats.

Man-in-the-middle

This type of cyber attack involves a threat actor putting themselves in the middle of two parties, normally a user and an application, to intercept their communications or data exchanges to use for malicious purposes.

Managed Detection and Response (MDR)

A cybersecurity service combining technology and human expertise to perform threat hunting, monitoring, and response. MDR technology collects and analyzes information from logs, events, networks, endpoints and user behavior—which is then paired with a team of experts who can take over to validate incidents, escalate critical events and provide recommended response actions so threats can be quickly remediated. MDR services are managed or co-managed by an outside partner to provide value to organizations that either have limited resources or lack the expertise to keep eyes on all of their potential attack surfaces.

Managed IT Services

Managed IT services are services managed outside an organization by external vendors, where these service providers give businesses the expertise and resources to manage their IT infrastructure and operations. This can include tasks like network management, cybersecurity, data backup and recovery, and software updates, freeing up internal IT staff to focus on strategic initiatives.

Managed Security Service Providers (MSSP)

Third-party organizations providing outsourced security services.

Mobile Device Management (MDM)

Enrolling business devices in a SaaS that allows for easily deploying software to a large number of devices at once. Primarily used on macOS.

Multi-Factor Authentication (MFA)

An authentication method that requires users to provide two or more verification factors before granting access or signing in. These factors can include something only the user would know (e.g., password/PIN), something only the user would have (e.g., token) or something only the user is (e.g., biometric). MFA then uses these factors to confirm the identity of someone who is requesting access to an application, website or another resource. MFA is a key factor in account takeover defense.

N
National Institute of Standards and Technology (NIST)

NIST is a US agency advancing measurement science, standards, and technology to enhance economic security.

Network Control

Endpoint firewalls that enable total control over network traffic using dynamic ACLs.

Network Detection and Response (NDR)

An integrated network security solution designed to detect threats and suspicious behavior on an organization's networks using non-signature-based techniques (such as machine learning and other analytical techniques). NDR solutions track north/south network traffic that crosses the perimeter, as well as east/west lateral traffic to establish a baseline of normal behavior and raise alerts when anomalous behavior is detected. NDR solutions give security teams real-time visibility and awareness over network traffic and the ability to respond to perceived threats.

Next-Generation Antivirus (NGAV)

An expanded version of antivirus that goes beyond performing signature-based detection—typically by incorporating some type of advanced technology—to prevent a wider range of attacks. Unlike traditional AV, next-generation AV focuses on events (files, processes, applications, network connections, etc.) to help identify malicious intent or activity. NGAV has emerged in recent years to address the proliferation of new types of malware and viruses that can easily bypass traditional AV.

O
Observability

Observability refers to the ability to infer the internal state of a system by examining its external outputs, like metrics, logs, and traces.

On-Prem

On-premises is a physical infrastructural setup deployed, running, and maintained within the confines of an organization typically in a datacenter or COLO (Colocation Facility).

Open Source Intelligence (OSINT)

OSINT refers to the gathering and analysis of publicly available data for intelligence purposes.

Open Web Application Security Project (OWASP)

OWASP is an internet community focused on understanding web technologies and exploitations, also known as the OWASP Top 10.

P
Packet Capture (PCAP)

PCAP is a network practice of intercepting data packets traveling over a network which a security team stores and analyzes.

Parser

A parser is a program that takes input data, often text, and transforms it into a structured format that a computer can understand and process. This transformation involves analyzing the input to determine its grammatical structure, a process known as parsing.

Password Management Tool

A password management tool is software that stores and protects confidential information like usernames and passwords for local applications and online services. A password manager will house a user’s passwords, as well as other information, in one convenient location with one master password. The information is encrypted and often requires multi-factor authentication to access.

Payment Card Industry Data Security Standard (PCI-DSS)

PCI-DSS is a set of rules and guidelines for companies that handle credit card transactions to keep this information safe.

Penetration Testing (Pen Test)

A pen test is a security exercise where a security expert tries to find and exploit vulnerabilities on a computer system. Pen tests are different from vulnerability scans in that they involve an actual attempt to exploit vulnerabilities, while vulnerability scans simply report on possible vulnerable code, applications, configurations, or operating systems.

Persistence

Persistence enables malware by letting the malware keep running—all while the attacker stays undetected.

Persistent Foothold

A persistent foothold is an attacker mechanism to automatically re-trigger some malware (maybe a stub or even fully loaded malware) across potential interruptions like restarts or user logoffs.

Phishing

Malicious attempts to trick users into revealing sensitive information through deceptive emails or links. Learn more about phishing through our guide, What is Phishing (and How Does It Affect Your Business)?

Platform-as-a-Service (PaaS)

PaaS is a complete cloud environment that includes everything developers need to build, run and manage applications.

Privilege Escalation

Privilege escalation refers to the act of gaining higher-level permissions or access rights within a system, often beyond what is legitimately authorized for a user or process.

Proxy

A system or router that acts as a middleman between a user and the internet.

Punycode

Punycode is a special encoding system that converts Unicode characters (used in scripts like Chinese, Cyrillic, and Arabic) into ASCII format so they can be processed by DNS.

Q
Quantum Computing

Very different from classical computing, quantum computing refers to advanced computing using quantum-mechanical phenomena.

R
Race condition

A race condition occurs when the outcome of a program or process depends on the timing or sequence of multiple threads or processes that are accessing and modifying shared resources. This lack of proper synchronization creates unpredictable behavior, which can lead to security vulnerabilities, data inconsistencies, and system instability.

Ransomware

Ransomware is malicious software that encrypts data and demands payment, usually in the form of cryptocurrency, for its release.

Red Team

A red team is a group of internal or external IT experts who simulate the actions of adversarial malicious attacks on a network as an exercise.

Remote Access

As the name implies, remote access refers to accessing network resources from a geographical distance through a network connection.

Remote Code Execution (RCE)

Remote code execution (RCE) is a security flaw that allows threat actors to run commands or code on a target computer remotely.

Rogue Apps

Rogue Apps is a new Managed ITDR capability that enables Huntress to identify unsafe applications installed in a protected tenant. Rogue Apps represents Managed ITDR’s next step in wrecking hacker identity tradecraft. With this new capability, Huntress detects “Traitorware,” which are legitimate apps used badly that we detect by name, and “Stealthware,” which refers specifically to unknown apps that our algorithm marks as suspicious.

S
Security Operations Center (SOC)

A centralized unit that deals with security issues on an organizational and technical level. SOCs are typically staffed with a team of domain experts (either in-house or outsourced) who focus on preventing, detecting, analyzing and responding to cybersecurity incidents. A SOC acts as a central command post that continuously monitors an organization’s environments and toolsets and improves its security posture. Learn more about what the Huntress SOC brings to your tech stack.

Security Orchestration, Automation and Response (SOAR)

A collection of software solutions and tools that aggregate security intelligence and context from disparate systems, and applies machine intelligence to streamline (or even completely automate) the threat detection and response process. SOAR combines three software capabilities: the management of threats and vulnerabilities (orchestration), automating security operations (automation) and responding to security incidents (response). Due to its aggregation and automation capabilities, SOAR solutions are often used by security operation centers (SOCs) to collect threat-related data from a range of sources and automate the responses to certain threats.

Session

A session is a time-limited conversation between two or more devices over the internet.

Session Hijacking

Session hijacking is an attack where a threat actor manipulates a session token to gain unauthorized access to information.

SIEM stands for security, information, and event management. SIEM is a software solution that aggregates and analyzes activity from many different sources across an entire IT infrastructure. A SIEM gathers immense amounts of data from an entire networked environment, then consolidates and makes that data human accessible. With the data categorized and laid out, SIEM solutions are often used by security operation centers (SOCs) to streamline visibility across an environment, centralize data for security monitoring and investigate logs and events for incident response.

Skimmer

skimmer is a small device that criminals attach to legitimate card readers. It’s designed to record information from the magnetic stripe of your credit or debit card when you use it to pay or withdraw cash. 

Software-as-a-Service (SaaS)

SaaS is a software licensing model which allows access to software on a subscription basis using external servers.

SPAN

A switched port analyzer (SPAN) is a dedicated port on a switch that sends a mirrored copy of network traffic from within the core switch or firewall to a destination. People use it to review network traffic using software like Wireshark.

Spear Phishing

Spear phishing is a targeted phishing attack using researched information to deceive specific individuals.

SQL Injection (SQLi)

A cyberattack that injects malicious SQL code into an application to view or modify a database.

SSL

SSL (Secure Sockets Layer) is an encryption-based security protocol designed to protect internet communications to ensure that data shared between a user and a website is scrambled into an unreadable format for security.

Stealthware

Unknown and rare applications with broad permissions that provide attackers with a backdoor into the tenant environment. These globally unique, single, or multi-tenanted malicious applications often fly under the radar of traditional security tools and can be leveraged for persistent access, phishing campaigns, and data theft.

Suricata

Suricata is an open source detection engine that acts as an IDS (Intrusion Detection System).

Syslog

A protocol that computer systems use to send event data logs to a central location for storage.

T
TCP/IP

TCP/IP (Transmission Control Protocol and Internet Protocol) is a set of standardized rules that allow devices to connect and exchange data on a network (aka, it’s what powers the internet). 

Text Bomb

A text bomb, also called SMS bomb, is a malicious tactic where an attacker or automated system sends massive number of unsolicited texts to a phone in rapid succession.

Threat Actor

Threat actor refers to people or groups conducting cyberattacks with malicious intent.

Threat Hunting

Proactively searching across various telemetry for threats is referred to as threat hunting. This involves analyzing system logs, network traffic, and other data sources to uncover malicious activity that may have evaded existing security controls.

Traitorware

Legitimate applications often abused by attackers, such as eM Client, PerfectData Software, and Newsletter Software Supermailer. These applications may appear harmless but can be exploited for malicious activities like phishing, data exfiltration, and financial fraud.

Transparency, Consent, & Control (TCC)

A database stored locally on macOS computers designed to restrict software from accessing sensitive user information. Commonly used for applying Full Disk Access for software.

Trojan Bitcoin Miner

A Trojan Bitcoin miner is a piece of malware that hijacks your computer’s resources to mine cryptocurrency without your knowledge or consent.

Tunnel

In cybersecurity, a tunnel is a secure, encrypted connection that lets data be transmitted privately over an untrusted network.

U
UEFI

Unified Extensible Firmware Interface (UEFI) is a modern replacement for the legacy BIOS (Basic Input/Output System) that handles the critical first steps of your computer's boot process.

Unauthorized Access

Unauthorized or unwanted access occurs when a person or entity gains access without permission to connect to or use a system and perform malicious actions.

Unified Audit

Unified audits combine multiple logs into a single location for centralized viewing and analysis. They comprehensively view security events across the entire IT infrastructure, including endpoints, servers, networks, and cloud environments.

User and Entity Behavior Analytics (UEBA)

UEBA is a cybersecurity solution that uses algorithms and machine learning to detect anomalies in the behavior of users as well as routers, servers and endpoints in a network.

V
Virtual Machines (VM)

A virtual computer image that behaves like an actual computer, a virtual machine can run its own separate computing environment, typically inside of a server.

Virtual Private Network (VPN)

Remote work environments often use VPNs as an encrypted tunnel for secure network resource access.

Vishing

Vishing is short for voice phishing and involves fraudulent phone calls that trick a victim into giving sensitive data like login credentials, credit card numbers, or bank details.

Vulnerability

Vulnerabilities are weaknesses in software or hardware that can be exploited by malicious actors. Examples include a flaw in software, a misconfiguration, or a human error.

W
Weaponization

In cybersecurity, weaponization uses non-harmful tools or documents maliciously to inflict harm.

Web Application Firewall (WAF)

Web Application Firewall (WAF) is a tool that helps protect web-based applications, mobile apps, and APIs from cyber attacks by filtering and monitoring HTTP traffic between them and the Internet.

Web Server

A web server is a computer system or software that hosts websites and delivers web pages to users when requested. Think of it as the engine that powers the internet, making sure you can access your favorite cat videos, online shopping carts, or even this very article.

X
XSS (Cross-Site Scripting)

XSS (cross-site scripting) is a code injection attack where malicious code is inserted into a legitimate website.

Y
Yara Rules

Yara rules define patterns using a specialized rule-writing language. When a file or process is analyzed, Yara compares it against these rules. If the file or process matches the criteria defined in a rule, it's flagged as potentially malicious.

Z
Zero Trust Architecture

A Zero Trust Architecture refers to the way network devices and services are structured to enable a Zero Trust security model.

Zero Trust Network Access (ZTNA)

ZTNA is an IT technology solution that requires all users to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data.

Zero Trust Security

Zero Trust is a security concept requiring all users to be authenticated and authorized before granting access to applications and data.

Zero-Day Vulnerabilities

Zero-day vulnerabilities are security vulnerabilities unknown to developers, which become exploited by attackers before developers can release a fix.

Zeus trojan

The Zeus trojan (also called Zbot) is a form of malware used by cybercriminals to steal sensitive information, mostly online banking credentials. It silently infects a computer, logs your keystrokes, and sends your private data back to attackers without you knowing.

Zip Bomb

A zip bomb, also known as a “decompression bomb” or “zip of death,” is a type of malicious archive file designed to overwhelm a system’s resources when decompressed. Unlike most malware, which corrupts or steals data, zip bombs create chaos by exhausting a system’s CPU, RAM, and storage capacity.