Cybersecurity
Protection of computers, networks, programs, and data from unauthorized access or attacks.
Threat
Any potential danger to information systems (e.g., hackers, malware).
Vulnerability
A flaw or weakness in software, hardware, or processes that can be exploited.
Risk
The potential for loss or damage when a threat exploits a vulnerability.
Exploit
A method used to take advantage of a vulnerability (e.g., a malicious script).
Attack Vector
The method or pathway used by a hacker to breach a system (e.g., email, USB).
Phishing
Fraudulent attempt to obtain sensitive data via deceptive emails or messages.
Firewall
Hardware or software that filters incoming and outgoing network traffic.
Malware
Malicious software designed to harm or exploit any device.
Types include:
Virus -
Worm
Trojan Horse
Spyware
Ransomware
Antivirus
Software that detects and removes malicious software.
Encryption
Converting data into unreadable form to protect it from unauthorized access.
Authentication
Verifying identity before granting access (e.g., passwords, biometrics, OTP).
Two-Factor Authentication (2FA)
A second layer of protection combining something you know + something you have.
Patch
A software update fixing bugs or vulnerabilities.
Social Engineering
Manipulating individuals into giving up confidential information (e.g., pretexting).
DDoS (Distributed Denial of Service)
Overwhelming a target system or server with traffic to make it unavailable.
Botnet
A group of infected computers controlled remotely to carry out attacks.
Zero-Day Vulnerability
A flaw unknown to the vendor and exploited before a fix is available.
Penetration Testing (Pentesting)
Ethical hacking to find and fix vulnerabilities in systems or applications.
Red Team vs Blue Team
Red Team simulates attacks (offense)
Blue Team defends against attacks (defense)
Rootkit
Malware that hides its presence and gives attackers privileged access.
Keylogger
Records keystrokes to capture passwords or sensitive data.
Backdoor
Hidden entry point into a system bypassing authentication.
Security Policy
A defined set of rules for protecting an organization’s information assets.
SIEM (Security Information and Event Management)
A system that collects and analyzes log data for threat detection and response.
Threat Intelligence
Knowledge about threats used to prevent and respond to attacks proactively.
APT (Advanced Persistent Threat)
A long-term targeted attack usually carried out by nation-states or organized groups.
Cyber Kill Chain
A model describing stages of a cyberattack: Recon → Weaponize → Deliver → Exploit → Install → Command & Control → Actions.
Insider Threat
Security risk originating from people within the organization (e.g., employees).
Data Breach
Unauthorized access, theft, or exposure of sensitive information.
Forensics
Analyzing compromised systems after an incident to determine the cause and impact.
Incident Response (IR)
Process of handling and recovering from cybersecurity breaches or attacks.
Cryptography
The science of encoding and decoding information to keep it secure.
Privilege Escalation
Gaining higher access rights than intended, usually through exploitation.
Air Gap
A security measure where a system is physically isolated from unsecured networks.
Sandboxing
Running software in a restricted environment to observe behaviour safely.
SOC (Security Operations Center)
A dedicated team or facility for monitoring, detecting, and responding to security incidents.
Decryption
The process of converting encrypted data back to its original form.
Threat Hunting
Proactively searching for threats in an environment that have evaded detection tools.
Zero Trust Architecture
A model where no one is trusted by default — every access is verified.
Threat Surface – The sum of the different points where an unauthorized user can try to enter or extract data.
Risk Assessment – The process of identifying, analyzing, and evaluating risks.
Security Posture – The overall security status of your systems, networks, and data.
Zero Trust – A security model that assumes no user or system is trustworthy by default.
SOC (Security Operations Center) – A centralized unit that deals with security issues on an organizational level.
SIEM (Security Information and Event Management) – A solution that collects and analyzes security data.
EDR (Endpoint Detection and Response) – Security tools focused on detecting and responding to threats on endpoints.
IDS/IPS – Intrusion Detection/Prevention Systems, used to detect or prevent malicious activities.
Living off the Land (LotL) – Attacks that use legitimate tools or features of the system.
Privilege Escalation – Gaining elevated access to resources that are normally protected.
Credential Stuffing – Using leaked usernames/passwords to gain unauthorized access.
Command and Control (C2) – A server or infrastructure used by attackers to control malware.
APT (Advanced Persistent Threat) – Long-term targeted attacks by highly skilled adversaries.
TTPs (Tactics, Techniques, and Procedures) – Common behavior patterns of threat actors.
Threat Hunting – Proactive search for cyber threats in a network
Firewall Rules – Settings that define which traffic to allow or block.
Segmentation – Dividing networks to limit access and control flow.
DMZ (Demilitarized Zone) – A physical or logical subnetwork to expose external-facing services securely.
NIST Framework – Cybersecurity standards provided by the U.S. National Institute of Standards and Technology.
ISO/IEC 27001 – International standard for information security management.
GDPR, HIPAA, PCI-DSS – Compliance laws governing data protection and security.
Security Audit – A systematic evaluation of an organization’s information system.
Red Team – Offensive security team simulating attacks.
Blue Team – Defensive team protecting against attacks.
Purple Team – A mix of Red and Blue, ensuring collaboration.
Penetration Testing – Authorized simulated attack on a system.
XDR (Extended Detection and Response) – Unified threat detection across multiple systems.
SOAR (Security Orchestration, Automation, and Response) – Tools for automating security operations.
Cyber Threat Intelligence (CTI) – Evidence-based knowledge about cyber threats.
IoT Security – Protecting internet-connected devices.
Living off the Land (LotL): Using legitimate software and functions for malicious purposes (e.g., PowerShell for hacking).
Fileless Malware: Malware that operates in memory and does not write files to disk.
Watering Hole Attack: Infecting websites frequently visited by a targeted group.
Rogue Software: Fake antivirus or cleaning tools that trick users into installing malware.
RAT (Remote Access Trojan): Malware that gives hackers complete control over a system.
Logic Bomb: Code inserted into a system that triggers malicious actions when specific conditions are met.
Heap Spraying / Code Injection: Memory-based attacks to execute malicious code.
Darknet: Encrypted part of the internet not indexed by traditional search engines.
Tor Network: Anonymity-preserving network often used for illegal activities.
Onion Routing: Layers of encryption used in anonymized communication.
Cryptojacking: Unauthorized use of someone’s hardware to mine cryptocurrency.
Role-Based Access Control (RBAC): Permissions based on user roles.
Attribute-Based Access Control (ABAC): Access control based on user attributes.
Privilege Creep: Accumulation of unnecessary access rights over time.
Shadow IT: Unauthorized tech systems used by employees without organizational approval.
Just-In-Time (JIT) Access: Granting elevated privileges only for a short duration.
Indicators of Compromise (IoCs): Digital traces left by attackers (IP addresses, hashes, domains).
Indicators of Attack (IoAs): Behavioral signs that an attack is underway.
Digital Forensics Chain of Custody: Documentation of who handled forensic evidence.
Memory Dump: Snapshot of RAM used for forensic investigation.
SOC (Security Operations Center): Facility to monitor and respond to cyber threats.
Playbook (SOAR): Automated set of procedures for incident response.
Log Correlation: Linking multiple log entries to detect patterns.
Anomaly Detection: Identifying unusual patterns in system behaviour.
Baiting: Using false promises to lure victims (e.g., infected USB drives).
Tailgating: Gaining physical access by following authorized personnel.
Quid Pro Quo Attack: Offering service/help in exchange for access.
Pretexting: Creating a fake scenario to steal information.
Shoulder Surfing: Observing someone’s screen or keystrokes.
Ethical Disclosure: Reporting vulnerabilities to vendors ethically.
Cyberwarfare: Nation-state level cyber conflict.
Attribution: Identifying who is behind a cyberattack (very difficult and political).
Cyber Liability Insurance: Coverage for financial damages from breaches.
Shared Responsibility Model: Defines what the cloud provider vs. the customer secures.
Cloud Misconfiguration: Common cause of breaches in cloud environments.
Data Residency: Where data is geographically stored (legal compliance).
IAM Roles/Policies in Cloud: Custom permissions set in platforms like AWS, Azure.
Firmware Attacks: Malicious code injected into device firmware (very hard to detect).
Supply Chain Attack: Compromise at the hardware/software vendor level.
Hardware Trojan: Malicious circuitry embedded in physical components.
Side-Channel Attack: Exploiting physical leakage (power, timing) to extract secrets.
Deception Technology: Honeypots, honeynets, decoy systems to lure attackers.
Digital Twins Security: Cybersecurity of virtual replicas of physical systems.
Cyber-Physical Systems (CPS): Integrates computation with physical processes (e.g., ICS/SCADA).
AI-Powered Attacks: Using ML to optimize attacks (e.g., deepfakes, smart phishing).
Blockchain Security: Attacks like 51% attacks, smart contract exploits.
Federated Learning Security: Risks in collaborative ML training across devices.
NIST, MITRE ATT&CK, CIS Benchmarks: Standards and frameworks used in industry.
OSCP, CEH, CISSP, CompTIA Security+: Common certifications for professionals.
CVE (Common Vulnerabilities and Exposures): Publicly disclosed vulnerabilities database.
CVSS (Common Vulnerability Scoring System): Measures severity of vulnerabilities.
