This is a list of terms used by Cyber Security professionals. My intention is to explain these terms in language that can be easily understood by people without any extensive technical training.

You can also look in our Glossary of Cyber Security Abbreviations.

This is a list of terms used by Cyber Security professionals. My intention is to explain these terms in language that can be easily understood by people without any extensive technical training.

This page will be regularly updated as we find more terms to explain. If you have a particular term you don’t understand, or you believe the explanation below is incomplete/wrong, please send me a message via the contact form.


Advanced Persistent Threat – This is a cyber attack that is long-term, highly targeted, and continuous. An APT attack is organized and has a central objective. Many advanced persistent threats are sponsored, usually by governments or rival competitors, and are aimed at stealing vital information from their targets. The objective of an APT attack could range from surveillance and stealing trade secrets to taking control of a network and completely disabling it.

Adware – This is not typically malware, but falls into a category of ‘Greyware’ and is typically unwanted software on your computer. This software will deliver adverts to your device (affects phones as well as PC’s) that often go full screen stopping you from using the application you are trying to use. They are often delivered though legitimate applications (see bloatware) as well as apps that masquerade as something you might want. Adware can also be malicious delivering malicious adverts that lure you into sites containing malware. It is often hard to get rid of these applications (see Bloatware/Greyware below).

Air-Gapped System – this is a system/PC that is physically isolated from other systems. These systems will typically be disconnected from internal networks and often will be standalone systems or operating within a network that is physically disconnected from the main network of a company. Such systems are often used by security professionals to investigate malware to remove any chance of infecting other company systems.

Anti-Virus Software – This is a software package you install on your device that protects you (within some limitations) against malware installing itself on your device. There are various vendors of this software, and they are all as good as each other in detecting malware. See also ‘Internet Security Software’.


Baiting – In the context of social engineering, this is an attack that uses physical media and relies on the curiosity, or greed, of the victim to lure them in to clicking on a link to a malicious website. This is likened to the concept of a ‘Trojan Horse’, but using electronic media. An example would be that you have an interest in motorcycles, so you receive an invite to a motorcycle event. The website you visit will then implant malware into your device.

Back Door – This is often something malware will install on a computer system that allows the attacker to gain privileged access to the computer system. These can also exist in systems due to programming mistakes (vulnerabilities, exploits), or by design so that the vendor, or the security services, can access to the system without often requesting access.

Backup – This a copy of your important data that is kept away from, and preferably on a separate device that is not connected to, the device that contains the original (or cloud storage). Preferably the device you backup to should not online and stored either in a separate location and/or in some form of fire safe (budget versions exist for consumers). See also our blog post of Backing up your data.

Black Hat Hacker – See also the definition of ‘Hacker’ and ‘White Hat Hacker’ below. This is typically a hacker where the intent is to utilise computer vulnerabilities to cause harm, or exercise some form of crime (e.g. extortion).

Bloatware – This is typically software that is installed at the same time as a wanted application. For example, you install Adobe PDF reader, and the Chrome web browser installed by default unless you untick a checkbox during installation. This is often used as a mechanism to monetise free software, where the owner of the software hitching a ride pays the vendor to also carry this software. This mechanism can also be used to deliver malware, so you have to be cautions when installing software you download from untrusted websites sites. You will also often find bloatware installed on low priced PC’s and other devices (e.g. phones) as an attempt to deliver you a cheap product. Bloatware, same as greyware, is often difficult to remove, and in the case of Android based devices almost impossible unless you ‘root’ the device.

Bot Net – This is a network of computers (sometimes nothing more than a very small embedded IOT device) that is infected with a form of malware that is used to initial Distributed Denial of Service attacks. The owners of the individual devices forming the Bot net often have no idea they are infected. Internet of Things (IOT) devices that are unprotected by some form of authentication are among the most vulnerable.

Browser Fingerprinting – As browsers become increasingly entwined with the operating system, many unique details and preferences can be exposed through your browser. The sum total of these outputs can be used to render a unique “fingerprint” for tracking and identification purposes. Your browser fingerprint can reflect:

  • the User agent header
  • the Accept header
  • the Connection header
  • the Encoding header
  • the Language header
  • the list of plugins
  • the platform
  • the cookies preferences (allowed or not)
  • the Do Not Track preferences (yes, no or not communicated)
  • the timezone
  • the screen resolution and its color depth
  • the use of local storage
  • the use of session storage
  • a picture rendered with the HTML Canvas element
  • a picture rendered with WebGL
  • the presence of AdBlock
  • the list of fonts.

Brute Force Attack – This is where a cyber attacker is trying to gain access to a computer system, but does not know the precise credentials to use. Therefore the attacker will try all combinations of credentials (e.g. user name/password combinations) to eventually come up with the right combination. The longer and more complex passwords are, the longer it takes for an attacker to come up with the right combination. This is typically automated.

Business Email Compromise Attack – This is a form of cyber crime (abbreviated to BEC) which uses email fraud to attack commercial, Government and non-profit organizations to achieve a specific outcome which negatively impacts the targets organization. Examples of common BEC attacks include invoice scams and spear phishing spoof attacks which are designed to gather data for other criminal activities. Often consumer privacy breaches occur as a results of a BEC attack.

Business Management Controller – (BMC) This is a hardware chip at the core of Intelligent Platform Management Interface (IPMI) utilities that allows sysadmins to remotely control and monitor a server without having to access the operating system or applications running on it. In other words, BMC is an out-of-band management system that allows admins to remotely reboot a device, analyze logs, install an operating system, and update the firmware—making it one of the most privileged components in enterprise technology today.


Certificate – When used in the context of authentication, this is a form of digital identity for a computer, user or organisation to allow the authentication and secure exchange of information. Sometimes also called a Digital Certificate.

Certificate Authority – In cryptography, a certificate authority or certification authority (CA) is an entity that issues digital certificates. You can see this Wikipedia page for more details.

Cipher – This is a mathematical algorithm that is used to encrypt data. There are many different ciphers that are used in various parts of the security landscape.

Clickjacking – This is is a malicious technique of tricking a user into clicking on something different from what the user perceives, thus potentially revealing confidential information or allowing others to take control of their computer while clicking on seemingly innocuous objects, including web pages. This is also classified as a User Interface Redress Attack, UI Redress Attack or UI Redressing.

Cloud – This is typically referencing a set of software defined services that exist in a remote data centre. Such services are:

  • Software as a service – where an application is hosted remotely (e.g. Office 365, Databases). This can also be a platform that can be configured/customised to deliver a service of your own design
  • Platform as a Service – where the hosting provider provides a means to host your on servers in a virtual environment, which can come in managed and unmanaged forms.
  • Storage as a Service – where the hosting provider provides storage for files remotely (e.g. One Drive, Google Drive) – see also Cloud Storage.

Cloud Storage – This is a service offered by a service provided (e.g. Google, Microsoft, Amazon Web Services) that allows you to store a limited amount of files on their service as a form of backup or to allow you to access the files from multiple locations and devices. It is effectively your disk drive in the cloud. These services come in various capacities, an often come with a free allocation in the order of 5Gb. Any additional storage you add will be subject to a monthly subscription charge.

Credential Stuffing – This is where a cyber attacker will attempt to gain access to a computer system (e.g. your favourite shopping website) using information often gained in data breaches. The attacker will typically try previously disclosed credentials en-mass to try to gain access. This is also typically automated, resulting in thousands of credentials being tried in a very short time. See also my blogs on Effective use of Passwords and Bot Based Credential Stuffing.

Cryptocurrency – This is a form of electronic currency that uses cryptography for security. Typically a cryptocurrency is a decentralised commodity that is managed using the Block Chain technology, which is a distributed ledger of all transactions in the cryptocurrency. Most banks will now accept payments in cryptocurrencies. Cryptocurrency if often used to pay ransoms resulting from Ransomware attacks and other illegal activities on the dark web. However dealing in cryptocurrency is totally legal in most countries. Cryptocurrencies you may have heard about are:

  • Bitcoin (the first and most known one)
  • Etherium
  • Monero
  • Ripple.

Cryptojacking – This is an online threat that hides on a computer or mobile device and uses the machine’s resources to “mine” forms of cryptocurrencies. It can take over web browsers, as well as compromise all kinds of devices, from desktops and laptops, to smart phones and even network servers. Like most other malicious attacks, the motive is profit, but unlike many threats it’s designed to stay completely hidden from the user and often uses tactics to detect when the system is idle (i.e. not actively in use) so as to mask its activity.

Cyber Attack – This is any attempt to expose, alter, disable, destroy, steal or gain unauthorized access to or make unauthorized use of a computer system. There are various forms of Cyber Attack, and the following list is just examples

  • Brute Force Attack/Dictionary Attack
  • Business Email Promise Attack
  • Click Jacking
  • Credential Stuffing
  • Cryptojacking
  • Data Breaches
  • Denial of Service (DoS)
  • Distributed Denial of Service (DDoS)
  • DLL Hijacking
  • Elevation of Privilege
  • Keystroke Logging
  • Ransomware
  • Social Engineering
  • Tracking.

Modern cyber attacks often don’t just rely on one attack vector. They will often chain various vulnerabilities and attack vectors to achieve its goal.

Cyber Attack Vector – This is loosely the method by which a cyber criminal uses to attack their victim. Social Engineering is such an example of a Cyber Attack Vector, but there are many others that a hacker can use to exploit vulnerabilities in the computer system they are attacking.


Data Breach – This is where a cyber attacker has gained access to a cache of information (typically an unsecured database of some form) and extracts private information. This could typically be user names, passwords, postal addresses, credit card numbers, medical records among many others. The purpose of data breaches is to gain access to private information so that it can be exploited in other cyber attacks, for example social engineering, credential stuffing.

Decryption – This is the opposite of Encryption (see below) where a recipient of an encrypted message can use the same algorithm used to encrypt it to decrypt it.

Decryption Key – This is an token that is known to one, or both parties in an encrypted exchange which is used in decrypting an encrypted message or device.

Deepfake – A combination of the terms “deep learning” and “fake” — are persuasive-looking but false video and audio files. Made using cutting-edge and relatively accessible AI technology, they purport to show a real person doing or saying something they did not. This is of particular concern when used to distribute fake news and/or disinformation especially in a political election. Examples here.

Denial of Service (DoS) – This is a form of cyber attack that attempts to take legitimate services (e.g. game sites, shopping sites) offline by flooding them with requests. The flood of requests is so great that the host systems cannot cope with the inbound traffic, and either slow to a halt or crash totally. Think of this as being in a crowded/noisy room and you are trying to hear someone talking to you where even if they are shouting you cannot hear them. This form of attack is often perpetrated by criminals out to either destroy, or at the very least disrupt a service.

DevOps – This is a set of software development practices that combine software development (Dev) and information technology operations (Ops) to shorten the systems development life cycle while delivering features, fixes, and updates frequently in close alignment with business objectives.

Dictionary Attack – This is a more refined form of Brute Force Attack (see above) where the attacker uses words and known substitution patterns to gain crack a password so as to gain access to a computer system. This is in contrast to a phrase attack.

Digital Forensics – This is a branch of forensic science ((sometimes known as digital forensic science) encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime.

Directory Traversal Vulnerability – This kind of bug can allow a malicious attacker to upload and plant files on a system in unexpected system locations. If the attacker can fine-tune the attack, he can control the places where the malicious files can end up. There are several locations on a Windows or Linux system where the uploaded files could be executed automatically, leading to a situation where the attacker could run malicious code and take over vulnerable servers entirely.

Distributed Denial of Service (DDoS) – This is an evolution of a Denial of Service attack where the source of the traffic flooding a website is coming from multiple sources. A recent DDoS attack used a lot of unprotected IOT devices across the internet to send small loads of information, that are amplified by other systems that have a vulnerability that can be exploited by the attacker. A usual term associated with this method is ‘Bot Nets’.

DNS, or Domain Name Service – This is essentially a phone book for the internet. You will type in an address for a website (e.g. and the DNS service that is used by your computer translates that into a physical address (IP address similar to that can be used by your web browser to access the website. In accessing a web page your browser makes many (sometimes as many as a 100 or more) requests to access resources on the internet ranging from the actual content you want to see to structural entities you will never see as well as Ads, graphics, videos and download items. DNS queries are typically accessed over an un-encrypted protocol (UDP) that is open for anyone to see even if the website you are accessing is encrypted (https). There is a very good Wikipedia article describing what DNS is at a more technical level.

DNS over HTTPS (DoH) – This is a secure means to execute DNS queries instead of the insecure and un-encrypted protocol used today (UDP), DNS queries are encoded over HTTPS and are therefore encrypted.

DNS over TLS (DoT) – This is a protocol for encrypting and wrapping DNS queries and their replies in TLS (Transport Layer Security). This offers both privacy via TLS encryption and authentication via TLS support for the entire public key infrastructure. So this prevents eavesdropping and any manipulation of DNS data via man-in-the-middle attacks.

DNSSec – This provides cryptographically signed DNS records which allows a DNSsec-aware Operating System (e.g. Windows, MacOS, Android) to verify that the DNS response received has not been tampered with or altered in any way. Since the DNS reply is signed with a private key which no forger can have, this means that the received DNS reply is authentic. However, DNSSec on its own does NOT encrypt and anyone watching the traffic will see the DNS client’s queries and their replies just as if DNSSec was not in use. If you want to learn more about DNSSEC in Windows then please look at this Microsoft blog on the subject (from Windows 7 onward, windows was DNSSEC aware, but your actual DNS service might not be – take a look at this resource and test your setup).

Download Attack – An unintentional download of malicious software (malware) onto a users device without their knowledgeable consent. This is often the result of a Malvertising attack.

Dynamic Link Library (DLL) – These are extensions of different applications. Any application we use may or may not use certain codes. Such codes are stored in different files and are invoked or loaded into RAM only when the related code is required. Thus, it saves an application file from becoming too big and to prevent resource hogging by the application.

Dynamic Link Library (DLL) Hijacking – This is where an original DLL file is replaced with a fake DLL file containing malicious code. Since DLLs are extensions and necessary to using almost all applications on your machines, they are present on the computer in different folders. There are priorities as to where the operating system looks for DLL files. First, it looks into the same folder as the application folder and then goes searching, based on the priorities set by environment variables of the operating system. Thus if a good.dll file is in SysWOW64 folder and someone places a bad.dll in a folder that has higher priority compared to SysWOW64 folder, the operating system will use the bad.dll file, as it has the same name as the DLL requested by the application. Once in RAM, it can execute the malicious code contained in the file and may compromise your computer or networks.


Elevation of Privilege – This results from giving an attacker authorization permissions beyond those initially granted by the user being attacked (e.g. a user may have low level privileges and the elevation gives administrator privileges). This is often achieved by exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. This is always the result of some form of cyber attack.

Encryption – This is a mathematical/algorithmic method that obscures data’s true form by making it unreadable to anyone who does not know how it was encrypted. Encryption is used in https browser requests, and in securing communications and hardware from data extraction by hackers.

Encrypted DNS – There are various forms of encryption for DNS as follows (see appropriate definitions for details):

  • DNSCrypt
  • DNS over TLS (DoT)
  • DNS over HTTPS (DoH).

End Point – Any device that can connect to a network is termed as “endpoint” from desktops, laptops, tablets, smartphones and, more recently, IoT devices. Endpoints are now exposed to ransomware, phishing, malicious advertisements, software subversion, and other attacks. Not to mention that attackers use zero-day attacks that use previously unidentified vulnerabilities to send malicious programs to endpoint computers.

End Point Protection – This refers to a system for network security management that focuses on network endpoints, or individual devices such as workstations and mobile devices from which a network is accessed. The term also describes specific software packages that address endpoint security including suites of security software provided by many security companies (e.g. AVG, Symantec, McAfee, Kaspersky). Endpoint protection may also be called endpoint security.

Entropy (or Information entropy) is the average rate at which information is produced by a stochastic source of data. There is a very good WikiPedia page if you want to find out more, but this does get very mathematical. This is often used as a measure of how complex a password is when subject to a brute force attack.

Exploit – This refers to a vulnerability, or bug, in software or hardware that can be used by hackers to execute some form of cyber attack.

External Drive – This is a disk drive that typically resides outside of a computer and typically connects to a computer by a USB connection. They can contain both normal HDD/spinning disk drives as well as solid state drives (SSD). They also come in many sizes, can have a completely enclosed disk drive, or is=n some cases a removable disk drive. They are very useful for storing backups as well as extending the storage capacity of PC’s.


Free WiFi – This is a wireless network that is normally offered free in Coffee Shops, Hotels and in other public places. There are a number of dangers in using these facilities, but with taking the correct precautions they can be used in relative safety. See our blog post on Using Free and Public WiFi.

Full Backup – This is a backup of all the files that you need to keep as backups. This is typically slow to make, since you are copying a significant amount of data. However it does give you a snapshot in time so that you can recover your files (with additional incremental backups) to the most recent state. See also our blog post of Backing up your data.


Ghidra – This is a tool that was published by the National Security Agency in the US (NSA) that allows penetration testers to ‘de-compile’ applications and inspect the inner working of the apps. More info at

Greyware – This is a term that relates to potentially unwanted software that are not typically classified as malware, but potentially can affect your computer systems. This includes Adware and Spyware. It can also allude to software that is delivered as part f a downloaded package you install on your computer. This could be unwanted toolbars and utilities that seem to have a doubtful purpose, and not something you would necessarily want to keep. Getting rid of these applications is often difficult as they will often install multiple components across your system and you will need to know what is legitimate and what is unwanted. Often the only way to rid yourself of these applications is to do a clean install of the operating system.


Hacker – A computer hacker is any skilled computer expert that uses their skills to solve a problem. However, this term is often referred to as someone who has malicious intent and deploys malware (see also ‘White Hat Hacker’ and ‘Black Hat Hacker’ in this glossary).

Honeypot – (1) This is a service that masquerades as a legitimate service, but can harbour malware (e.g. a fake WiFi network). (2) It can also be used to lure attackers to a decoy service (e.g. a server) thereby reducing the opportunity for a successful cyber attack. Multiple honeypots form a honeynet.

HTTP – This stands for “HyperText Transport Protocol.” and is the technology that allows for a website to be downloaded and rendered in your web browser.

HTTPS – This is the same as HTTP, but uses a secure protocol (SSL) to encrypt the information coming back from the website. Your web browser will decrypt this and allow the website to be displayed to you.


Impersonation – In this content as part of social engineering, an attacker will impersonate someone in authority to trick you into divulging information. An example of an attack is a call from HR requesting information on yourself or another person.

Incremental Backup – This is a form of backup that only stores files that have changed since the last full/incremental backup. In this way, these backups are very quick to create and are often used for daily (or even hourly) backups. They are supported by full backups, that take a copy of the whole file store. See also our blog post of Backing up your data.

Intelligent Platform Management Interface – (IPMI) this is a set of computer interface specifications for an autonomous computer subsystem that provides management and monitoring capabilities independently of the host system’s CPU, firmware (BIOS or UEFI) and operating system. IPMI defines a set of interfaces used by system administrators for out-of-band management of computer systems and monitoring of their operation. For example, IPMI provides a way to manage a computer that may be powered off or otherwise unresponsive by using a network connection to the hardware rather than to an operating system or login shell. Another use case may be installing a custom operating system remotely. Without IPMI, installing a custom operating system may require an administrator to be physically present near the computer, insert a DVD or a USB flash drive containing the OS installer and complete the installation process using a monitor and a keyboard. Using IPMI, an administrator can mount an ISO image, simulate an installer DVD, and perform the installation remotely.

Internet of Things – This is a collection of devices that are not typically identified as computers. They can be anything from light bulbs connected to a home automation system, domestic appliances, sensors on industrial plant, as well as autonomous cars and the components that make up non-autonomous cars including Satellite Navigation, automated braking systems, etc. The danger from these devices is that they often do not require any form of authentication to operate and run on outdated embedded software that is not maintained by the vendor. This also extends to the services these devices use to provide their function, e.g. in the case of a door bell/door monitoring system there will be a subscription service that performs that monitoring and provides the owner of alerts when someone comes to the door. See my blog ‘Securing your Internet of Things‘ for more details.

Insider Attack – This relates to someone who is an employee of a company with legitimate privileged access but uses it to execute a cyber attack, fraud or a data breach.

Internet Security Software – This is a class of software that packages up various defensive software’s that attempt to secure your device. This is distributed by various organisations, and can come pre-installed on your PC/Phone. Windows Defender on Windows 10 is a comprehensive set of defensive software’s that comes as the default protection on new PC’s. This includes software such as:

  • Anti-Virus software
  • Ransomware protection
  • Privacy Protection
  • Website and Email scanning for malware
  • Firewalls
  • Webcam Protection
  • Spam Protection
  • Detecting fake websites
  • Virtual Private Networks (VPN’s).

See also ‘End Point Protection.


JavaScript – This is a programming language largely used to provide extra functionality on webpages.


Key Loggers – This is a form of malware that records all the keystrokes you make on your computer. Typically the attacker is looking for usernames and passwords to gain access to computer systems, but this can also be used to capture private information. Key loggers can be delivered by various means, including a social engineering attack.


Lateral Phishing – This is a Phishing Attack that is conducted from an email address within, rather than outside, the organization. See also Phishing and Business Email Compromise Attack for further information.

Logic Bomb – This is a piece of code intentionally inserted into a software system that will set off a malicious action when a specified condition is met. For example, date is Friday the 13th, if a user hasn’t logged in for a number of days. The effect of a logic bomb is to perform some action, e.g. deleting files, corrupt data, install malware.


MAC Address – A Media Access Control (MAC) address is a 48bit alphanumeric address that uniquely identifies the network card in your device. It us unique to your device and will never be re-used. It is used to establish a connection between your device and a network router (WiFi router, Bluetooth, etc.). This is typically represented in hexadecimal as a sequence of characters similar to F1:A2:CD:E4:5P:8K and is normally printed on your PC’s underside, on your WiFi router, can be found in the settings app of your device or other utility programs (e.g. ipconfig on a PC).

Malicious HotSpot – This typically appears as a free WiFi service, but in reality it is managed by a hacker with the purpose of performing some form of Cyber Attack (e.g. Man in the middle, privacy invasion). See our post on Online Privacy for more information on this.

Malvertising – This is where an advert shown on a webpage that looks legitimate, but harbours a malicious link to a website that will then attempt to initiate a cyber attack of some form (e.g. install malware).

Malware – This is typically a malicious program for which the purpose is to exploit some weakness in a computer system in order to gain access to it, or as the payload of a social engineering attack. There are various types of malware, the following being a set of examples:

  • Viruses
  • Trojan Horses
  • Ransom Ware and Wipers
  • Worms
  • Root Kits
  • Key Loggers
  • Back doors.

Malware as a Service – This is a service offered by Cyber Criminals, either on the surface web or dark web, to other Cyber Criminals who want to use Malware to further some objective, but either don’t have the skills or the time to develop the appropriate exploits and Malware. Subscribers will normally pay a fee or a share of the profits. Such services can provide:

  • Phishing Campaigns
  • Targeted Malware
  • Bot Nets
  • Ransomware
  • Lists of compromised credentials (e.g. email address, passwords) coming from data breaches
  • Crypto Mining
  • Data Exfiltration
  • Selling Zero Day vulnerabilities.

You can also read my blog on this subject here.

Man In The Middle Attack – This is where an attacker intercepts a legitimate network request (e.g. an http request from a web browser), and inserts malicious instructions into either the outbound request (in order to redirect to a malicious service or extract personal data), or inserts malicious code into the return implanting malware into the webpage or return data. This is more prevalent when using unencrypted http requests. As https requests are end to end encrypted, it is harder for an attacker to execute this type of request. A VPN can also defend against this type of request since all traffic going through a VPN is typically encrypted.

Monster-in-the-Middle (MITM) Attack – The security and privacy of HTTPS encrypted communications in web browsers relies on trusted Certificate Authorities (CAs) to issue website certificates only to someone that controls the domain name or website. For example, you and I can’t obtain a trusted certificate for Facebook because these browsers have strict policies for all CAs trusted by the browser which only allow an authorized person to get a certificate for that domain. However, when a user installs the root certificate provided by their ISP, or some other malicious actor, they are choosing to trust a CA that doesn’t have to follow any rules and can issue a certificate for any website to anyone. This enables the interception and decryption of network communications between the browser and the website. This is also similar to a ‘Man in the Middle Attack’.

Munged Password – This is a method that attempts to create a stronger password by character substitution. Typical substitutions might include:

a=@, b=8, c=(, d=6, e=3, f=#, f=£, g=9, h=#, i=1, i=!, k=<, l=1, l=i, o=0, q=9, s=5, s=$, t=+, v=>, v=<, w=uu, w=2u, x=%, y=?

For high-security applications, munging may not be very effective, because it only adds 2-3 bits of entropy, thus increasing the time needed to perform a brute force dictionary attack by a factor of 4–8. It should also be noted that hackers are aware of such substitutions and will be in their arsenal of techniques to try first when attempting a dictionary attack to beak the password.


NAS Drive – NAS stands for Network Addressed Storage. This is a disk drive that is external to a PC but is accessed via the internal network by PC’s and other devices. They come in various capacities, from consumer models to much larger models used by businesses.


Operating System – This is the software that comes with your device that allows you to interact with the device. Typically this is Android, IOS, MAC OS or Windows 10.


Packet Capture – This is the process of intercepting and logging network traffic.

Packet Sniffer/Analyser – This is a computer program or piece of computer hardware (such as a packet capture appliance) that can intercept and log traffic that passes over a digital network or part of a network. As data streams flow across the network, the sniffer captures each packet and, if needed, decodes the packet’s raw data, showing the values of various fields in the packet, and analyzes its content according to the appropriate RFC or other specifications. See also Packet Capture, WiFi Analyzer, Wireless Analyzer. A packet analyzer can also be referred to as a network analyzer or protocol analyzer though these terms also have other meanings.

Password – This is a secret set of characters that is used to authenticate a user to a website or software service that is accompanied also by a user name. It is sometimes accompanied by other factors for authentication purposes (see Two factor Authentication).

Password Spraying – This is when an attacker takes a known password, and attempts to use it on multiple accounts. This is similar to credential stuffing. The defence against this kind of attack is to ensure you have different passwords for each account you use and where possible use 2-factor authentication. See my Guidance on the Effective Use of Passwords.

Penetration Test – This is an authorised simulated cyber attack that seeks to discover any vulnerabilities in computer systems. The process typically uses the same techniques malicious hackers would use, but instead of using this knowledge to cause harm, the vulnerability is responsibly disclosed. This is sometimes abbreviated to PenTest.

Pen Drive – This is a portable and very compact USB storage device based on Flash memory. They come in various sizes and capacities and can typically be attached to a key fob. They are highly useful for storing files on temporarily while you are transporting the data. The USB interface comes in all popular forms (Type A/C).

Penetration Tester – This is typically an ethical hacker that exercised authorised penetration testing (see Penetration Test above).

Pharming – An attack method that focuses on the network infrastructure that results in a user being redirected to an illegitimate website despite the user having entered the correct address.

Phishing – This is typically when you receive an email that claims to be some form of offer, or request for information that is fraudulent. The emails can look genuine (e.g. form your bank), and can trick a lot of people into disclosing their login credentials or key banking information. among other things. See also Lateral Phishing.

Phrase Attack – This is a more refined form of Brute Force Attack (see above) where the attacker uses combinations of words, phrases or known passwords to gain access to a computer system. Typical phrases can be drawn from literature quotes, song titles, etc. This is often a refinement of a dictionary attack.


Quality of Service – This is the ability to provide different priority to different applications, users, or data flows, or to guarantee a certain level of performance to a data flow. It can also refer to the description or measurement of the overall performance of a service, such as a telephony or computer network or a cloud computing service, particularly the performance seen by the users of the network. To quantitatively measure quality of service, several related aspects of the network service are often considered, such as packet loss, bit rate, throughput, transmission delay, availability, jitter, etc.


Ransom Ware – This is a form of malware that typically encrypts your files on your computer and forces you to pay the hacker (normally in some form of Crypto Currency) to provide the key to decrypt your files. In many cases there is no intention by the cyber criminal to provide the unlock code, and you will be left with a totally encrypted, and therefore useless, system. This form of attack often uses a social engineering method to implant the initial malware, or some other vulnerability within the computer system.

Remote Desktop Protocol (RDP) – What this does is allows a user to initiate a connection to a remotely accessible PC/Server via a network that allows the user to interact with the remote machine as if it was local. This feature actually displays the desktop as if you were directly logged into the machine locally. This is a very useful feature as it allows someone to manage servers and PC’s remotely and is a feature actively used by system administrators in just about every kind or organisation. It is also used to access desktop PC’s via corporate VPN’s which means the user does not need an expensive company supported laptop to work remotely – they can just login via their home PC.

Responsible Disclosure – Computer systems are often very complex beasts, that are developed by people with varying degrees of skill, who often make mistakes that allow an attacker to exploit a weakness in the system. Security researchers are always looking or these types of mistakes so that they can be responsibly disclosed to the vendor of the system for them to be fixed. The type of disclosure varies, but often the vendor is given a period of time (say 90 days) to fix the issue and provide an update closing the vulnerability. Once the vulnerability is made public, the vulnerability is immediately exploitable unless a patch has been deployed and installed on all affected devices. This is why you should always install security updates on your devices, and in the case of phones/tablets ensure your vendor actively patches your device.

Root Certificate – This is a public key certificate that identifies a root certificate authority (CA). Any website accessible over https needs to be signed by a root certificate to ensure its authenticity. If you want the technical detail I suggest you look at this Wikipedia Page.

Root Kit – This is a form of malware that often sits in the background gathering information, and in most cases the victim won’t even know it is there. The software can also act as a backdoor allowing the attacker access to otherwise inaccessible parts of the system. Root Kits can reside in the lowest levels of the system (kernel), and can often reside in an area of the hard drive where the operating system resides (boot drive) and can be activated at boot time before all the normal defences are in place. These are particularly an issue with systems that don’t support a secure boot process.

Rooted Device – This normally refers to phones/tablets (both Android and Apple), where changes are made to the boot sequence to allow the user full access to the operating system. In this way you can make changes to the underlying OS. However, in doing this your device becomes much less secure and more vulnerable to malware. You may also void your warranty. This is also referred to as ‘Jail Breaking the phone.

Router – This is a device that allows other devices to communicate with other networks and/or the Internet. It often sits on the boundary of a network between the internal network ad the outside network. It can also sit internally to the network that bridges between internal networks. Consumers will often relate this to WiFi routers or WiFi access points.


Safe Mode – This relates to a mode you can boot your device into that only boots the parts of the operating system that it needs to provide essential functions. It is a mode that allows you to determine of problems with your device are related to an app or hardware drivers and often allows you to perform removal actions to fix the issue. Booting your device into Safe Mode will depend on the device you have and in some cases the manufacturer. A simple internet search should find the method for your device.

Script Kiddy – A script kiddie (also called a skiddie, or skid) is typically an individual who uses scripts or programs developed by others to attack computer systems and networks and deface websites. They generally lack the skill to write such scripts and programs themselves. This does not relate to the age of the individual concerned. The term is considered to be derogatory in popular hacking culture.

Security Update/Patch – Providers of software packages and operating systems will often maintain their products for a period of time following release with updates that close security vulnerabilities. If you are on an flagship smartphone, or you have Windows 10/MacOS on your PC, you will see monthly updates named ‘Security Update’s that install updates to close vulnerabilities that have been reported to the vendor (see also ‘Zero-Day Vulnerability below). It is very important that these updates are provided and installed immediately, but not all devices are supported in this way. This is distinct from Feature Updates, or OS upgrades, which update the version of the Operating System (e.g. Windows 10, MacOS, Android, IOS) or software package to a new generation of the software.

Server – This is typically a dedicated computer system, often a cluster of individual computers working together, that provide the back-end services that make your applications work. These computers host databases and other software commonly referred to as the applications back-end. For example, IMDB on Android/IOS is effectively a front end to a server that hosts a database and set of search engines that deliver the movie information you request.

Session Cookie – This is a Browser Cookie that allow users to be recognized within a website so any page changes or item or data selection you do is remembered from page to page. The most common example of this functionality is the shopping cart feature of any e-commerce site. When you visit one page of a catalog and select some items, the session cookie remembers your selection so your shopping cart will have the items you selected when you are ready to check out. Without session cookies, if you click CHECKOUT, the new page does not recognize your past activities on prior pages and your shopping cart will always be empty. Session Cookie –

Sextortion – This is a form of blackmail where a perpetrator threatens to reveal intimate images of you online unless you give in to their demands. These demands are typically for money, further intimate images, or sexual favours. Perpetrators commonly target their victims through dating apps, social media, webcams or adult pornography sites. While sextortion can be committed by individuals, organised crime is commonly behind it. In most cases, your computer has not been hacked and there is no content. However, the basis of the threat is feasible but in most cases not probable.

Side Jacking – This is a cyber attack where the attacker uses packet sniffing to read network traffic between two parties to steal the session cookie. Many web sites use SSL encryption for login pages to prevent attackers from seeing the password, but do not use encryption for the rest of the site once authenticated. This allows attackers that can read the network traffic to intercept all the data that is submitted to the server or web pages viewed by the client. Since this data includes the session cookie, it allows him to impersonate the victim, even if the password itself is not compromised. Unsecured Wi-Fi hotspots are particularly vulnerable, as anyone sharing the network will generally be able to read most of the web traffic between other nodes and the access point.

SIM Jacking – Sometimes also called SIM Swapping. These attacks allow hackers to take over a person’s cell phone number and usually their digital life along with it. Threat actors typically start by social engineering their way into getting an employee at a cell phone carrier company to port over a phone number to another SIM card. Essentially, they bribe these employees with cryptocurrency or PayPal transfers to have them swap cell service from a victim’s device’s SIM card over to a SIM card in the attacker’s possession. From there, they can take over their victims’ email, social media and financial accounts, extorting cryptocurrency for returned control. Common targets include celebrities or social media influencers, high-profile employees.

Smishing – This is a social engineering attack similar to Phishing, but instead of email they use SMS texting to deliver the request for information.

Social Engineering – The physiological manipulation of people to trick them into divulging confidential information that can be used to hack into websites and other computing resources. There are various forms of social engineering (the definitions are posted throughout this page):

  • Baiting
  • Impersonating
  • Pharming
  • Phishing
  • Smishing
  • Spear Fishing
  • Tailgating
  • Vishing
  • Water Holing
  • Website Cloning
  • Whaling.

Software Defined Perimeter – (SDP) This is an alternative technology to a VPN. It is designed to address the way we use the Internet and the technologies it enables. It does this by establishing dynamic, one-to-one, micro-segmented network connections between users and the resources they have authority to access. SDP supports a  Zero Trust model, which means that each time a user (be they human, IoT device, or AI programme) attempts to access a resource they will have to be authenticated and authorised, using multiple checks, before gaining network access. All other resources that users haven’t been authorised to access will remain invisible to them. This is in stark contrast to traditional VPNs where once someone has access to one part of the network they can see and gain access to everything, regardless of whether it’s relevant to them.

To simplify things, picture a hotel. In a VPN solution any user allowed through the main doors will be able to access any and all rooms. In contrast, in a SDP solution, a single room will be visible and multiple keys required to unlock that one door. 

Spear Phishing – This is similar to the other forms of Phishing (including Vishing and Smishing), where the attack is very focused on an individual. The email will be highly customised to the individual, and is a regular attack method used against enterprise executives. They will typically focus on a particular aspect of your professional interests and requires the attacker to fully research their target.

Spyware – This is a form of ‘Greyware’, bordering on malware that is often installed without the users consent and then attempts to exfiltrate information from the system. This could be system based information, information about your internet usage or private/confidential information. A Key Logger is a form of Spyware, but typically anything that is installed without the users direct consent (implied or otherwise) can be categorized as Spyware.

Steganography – This is a way of encrypting data in plain sight, normally in pictures or text, and if often used for malicious intent. This can also be used to hide malware installers that exploit a vulnerability is a software application (e.g. Adobe Acrobat, Microsoft Word) that are used to read the text/picture.

System Backup – This is an image of your computers operating system that can be stored separately from your computer and used to restore it back to a known configuration in the event of a failure (however caused) or to restore following a cyber attack (e.g. ransomware). These are typically installed by PC manufactures and often provide customised software to restore the PC back to factory conditions. See also our blog post of Backing up your data.


Tailgating – This is where an attacker typically gains access to a building/restricted area by coming in behind an authenticated person. Often the person will look like they are trying to find their pass, or claim they left it at their desk, but they are actually trying to gain access on the back of your authentication. This is more an issue for enterprises, but can also affect consumers in more social contexts e.g. when at the gym and someone tries to gain access without paying or for nefarious purposes.

Tracking – This is the collection of data regarding an individual’s identity or activity across one or more websites using a variety of techniques including tracking cookies, specially crafted URL’s, Browser Fingerprinting, redirects and hyperlink auditing. Even if such data is not believed to be personally identifiable, it’s still tracking. There are several forms of tracking, for example:

  • Cross-site tracking (tracking across multiple first party websites)
  • Stateful tracking (tracking using storage on the user’s device)
  • Covert stateful tracking (is stateful tracking which uses mechanisms that are not intended for general-purpose storage, such as HSTS or TLS)
  • Navigational tracking (tracking through information controlled by the source of a top-level navigation or a sub-resource load, transferred to the destination)
  • Fingerprinting, or stateless tracking (tracking based on the properties of the user’s behavior and computing environment, without the need for explicit client-side storage)
  • Covert tracking (includes covert stateful tracking, fingerprinting, and any other methods that are similarly hidden from user visibility and control).

Trojan Horse – Sometimes just called a Trojan. In the context of malware, this is a piece of software that looks benign, but actually is disguised malware. This malware is typically used in combination with a social engineering attack. The actual purpose of the malware has many forms, but a lot of them install a back door to critical systems that allows attackers to perform additional cyber attacks.

Two Factor Authentication – Typically a user access a computer system by entering a username and password. Where two factor authentication is in place, the user must also provide an additional code/password/passphrase to gain access. This is typically a 6 digit code provided by SMS or by an authenticator app on your phone. This is a stringer form of security/authentication since it is provided by something you know (a username password) and something only you possess (an authenticator app on your phone). A second factor could also be a bio-metric factor, e.g. a fingerprint or iris scan.


User Data-gram Protocol (UDP) – Sometimes referred to as UDP/IP, this protocol was introduced in 1980 and is one of the oldest network protocols in existence. It’s a simple OSI transport layer protocol for client/server network applications, is based on Internet Protocol (IP), and is the main alternative to TCP. Traffic over this protocol cannot be encrypted.

Username – This is a piece of data used to authenticate a user to a website or software service. It is normally accompanied by a password and sometimes other factors to authenticate a user. See also Password and Two Factor Authentication.


Virus – This is a malicious program/malware that exhibits a lot of the characteristics of biological viruses, in that they can self replicate and use the host system to propagate themselves into otherwise unaffected parts of the compute systems by attaching to existing files in the system. They typically exploit vulnerabilities in existing software. They can infect host systems via many methods, including social engineering and targeted attack on unsecured systems.

Vishing – This is a social engineering attack method similar to Phishing, but this is where the attacker will contact you by phone and request you divulge confidential information.

Vulnerability – In this context, this relates to a bug, or error, in the coding of a computer system that allows a cyber attacker to gain access to a computer system. This will typically result in the attacker injecting some form of malware and/or attempting to gain elevated privileges so that they can act as someone who has some form of administrative access to the system. In this way they can roam the system without any restrictions, install malware and extract information (data breach) unhindered.


Water Holing – This is where a fake website is posted that you implicitly trust (e.g. Amazon), but actually is a clone of the website designed to extract personal information. The victim will feel safe in the fact that they trust this site, and often now are posted using an HTTPS secure site. See also ‘Website Cloning’ below.

Website Cloning – There are legitimate reasons why you would want a copy of your live website, e.g. to diagnose a bug. There is software available that allows you to download the publicly available contents of a website and store it locally – a clone/copy of the website. Cyber Criminals can also clone websites with the intention of imitating the legitimate website for nefarious reasons. They will typically infect the clone with malware, post it at a similar URL/address to the target and get victims to access the site normally via some form of Phishing attack. Once the clone is accessed, and the hackers have what they want, you are typically redirected to the genuine site. See also ‘Water Holing above.

Whaling – This is a highly focused form of Phishing attack that is largely targeted at executives. This is similar to Spear Phishing.

White Hat Hacker – See also the definition of Hacker above. Often called a Penetration Tester, this is a hacker that is typically authorised to test the security or integrity of computer systems and responsibly disclose such vulnerabilities. They will typically use the same skills and tools as a Black Hat Hacker.

Wireless Analyzer/WiFi Analyzer – A Packet Analyzer used for intercepting traffic on wireless networks

Wiper – A wiper is a malware program designed to delete data on a computer. Unlike ransomware, which is designed to ransom your encrypted files for a payment, wipers are designed to destroy your data with no way of recovering the files.

Wire Tapping – This is a form of electronic eavesdropping where an attacker will install some device, or software, that allows them to listen in to conversations and/or data transmissions across electronic mediums (e.g. telephone lines, fibre optic cable, wireless/radio communications). It is a form electronic surveillance, often used by law enforcement under a court order, but is also used illegally by cyber criminals to gather information about an organisation as part of a wider cyber attack. This can provide the material needed for a Spear Phishing attack. Wire tapping is not a preferred method of gathering information, as there are other methods that are easier to exploit (e.g. the results of a data breach, or the many social media sites and search engines not withstanding dedicated hacking tools). A wire tap can also be easily detected through discovery of the actual equipment attached to the line, or through monitoring delays in transmission.

Worm – This is very similar to a virus, in that it is self replicating, but typically does not attach to existing files in the system to do so. They often use the computer network to spread their payload. They are often delivered using a social engineering attack via email or instant messaging.


XML – eXtensible Markup Language. XML (similar to HTML) uses tags to markup a document, allowing the browser to interpret the tags and display them on a page. Unlike HTML, XML language is unlimited (extensible) which allows self-defining tags and can describe the content instead of only displaying a page’s content. Using XML other languages such as RSS and MathML have been created, even tools like XSLT were created using XML.

XMPP – eXtensible Messaging and Presence Protocol, is a communications protocol for messaging systems. It is based on XML, storing and transmitting data in that format. It is used for sending and receiving instant messages, maintaining buddy lists, and broadcasting the status of one’s online presence. XMPP is an open protocol standard. Anyone can operate their own XMPP service, and use it to interact with any other XMPP service.


Tottabyte – often abbreviated as YB, this is equal to 1,208,925,819,614,629,174,706,176 (280) bits, or 1,000,000,000,000,000,000,000,000 (1024) bytes and is the largest recognized value used with storage.


Zero-Day Vulnerability – Also known as 0-day. This is a vulnerability that is not previously known to the developer of the software. As a result, hackers may exploit this vulnerability with some impunity and may be actively exploiting it in the wild before it is known to the developer, or people interesting in mitigating the flaw. Once it is known to the developer of the software, they effectively have zero-days to provide a fix.

Headline image provided by Edho Pratama on UnSplash