TryHackMe Terms Flashcards
1
Q
XXXXX XXX XXXXXXXX (XXX) is a comprehensive cloud computing platform offered by Amazon. It provides a wide range of services such as computing power, storage, databases, networking, analytics, and more, delivered over the internet on a pay-as-you-go basis.
A
AWS
Amazon Web Services
2
Q
xxxxxxxxx is a Windows feature that allows administrators to control which applications and scripts users are allowed to run on a system.
A
AppLocker
3
Q
xxxxxx is the most widely used web server software. Developed and maintained by xxxxxx Software Foundation, xxxxxx is an open source software available for free.
A
Apache
4
Q
—————————————— is responsible for finding the MAC (hardware) address related to a specific IP address. It works by broadcasting an — query, “Who has this IP address? Tell me.” And the response is of the form, “The IP address is at this MAC address.”
A
Address Resolution Protocol (ARP)
5
Q
——————————- is a list of permissions that determine who can access a specific resource in a computer network. It is used to grant or deny access to files, folders, printers, and other network resources.
A
An Access Control List (ACL)
6
Q
—————————– is a program or set of programs that are designed to prevent, search for, detect, and remove software viruses, and other malicious software like worms, trojans, adware, and more.
A
AV
Antivirus software
7
Q
——————————– is a symmetric block encryption algorithm. It can use cryptographic keys of sizes 128, 192, and 256 bits.
A
The Advanced Encryption Standard (AES)
8
Q
A low-level programming language that uses symbolic code as a direct representation of machine code. It enables a programmer to write instructions that the computer’s processor can execute directly. Each line corresponds to a specific machine operation, often based on a sequence of numbers, letters, and symbols.
A
ASM
9
Q
——————————— is a set of rules and protocols for building software and applications. An — allows different software programs to communicate with each other. It defines methods of communication between various components, including the kinds of requests that can be made, how they’re made, the data formats that should be used, and conventions to follow.
A
API, which stands for Application Programming Interface,
10
Q
—————– serves as a standardized interface enabling Windows applications to seamlessly communicate with any existing anti-malware solutions present on the system.
A
The Windows Anti-malware Scan Interface (AMSI)
11
Q
——————- is a guideline for classifying and describing cyberattacks and intrusions.
A
The Adversarial Tactics, Techniques, and Common Knowledge or MITRE ATT&CK
12
Q
—————————- is a directory service developed by Microsoft for Windows domain networks. It stores information about network objects such as computers, users, and groups. It provides authentication and authorisation services, and allows administrators to manage network resources centrally.
A
AD Active Directory
13
Q
————————— is a stealthy threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period.
A
An advanced persistent threat (APT)
14
Q
——————— is included in the response from one website to a request originating from another website, and identifies the permitted origin of the request. A web browser compares the Access-Control-Allow-Origin with the requesting website’s origin and permits access to the response if they match.
A
ACOA The Access-Control-Allow-Origin header
15
Q
———————— is a managed Kubernetes service from the Azure Cloud Service Provider.
A
Azure Kubernetes Service (AKS)
16
Q
—————- is an authenticated encryption algorithm that combines the AES encryption with the GCM mode of operation. It provides both confidentiality (encryption) and integrity (authentication) by generating an authentication tag to verify the authenticity of the encrypted data
A
AES-GCM (Advanced Encryption Standard - Galois/Counter Mode)
17
Q
——————– is an authenticated encryption mode that combines AES encryption with the Counter (CTR) mode for confidentiality and the CBC-MAC (Cipher Block Chaining Message Authentication Code) for integrity. It ensures both data encryption and authentication, protecting against tampering and providing data authenticity.
A
AES-CCM (Advanced Encryption Standard - Counter with CBC-MAC)
18
Q
——————– is a study of real-world software security initiatives and reflects the current state of software security.
A
Building Security In Maturity Model (BSIMM)
19
Q
——————- is a technology used in certain computer operating systems for programs that need to, among other things, analyze network traffic. BPF supports filtering packets, allowing a userspace process to supply a filter program that specifies which packets it wants to receive.
A
The Berkeley Packet Filter (BPF)
20
Q
—————- comprises cyber security and technology professionals whose aim is to protect an information system from impending cyber threats by performing and implementing defensive actions.
A
A blue team
21
Q
————————————- is the term given for devices that are owned by an employee but are usually used for work-related activities. For example, an employee uses their personal device to access emails. A BYOD policy outlines what type of devices are acceptable, what behaviour is acceptable, as well as any necessary steps to secure the device (for example, requiring anti-virus)
A
Bring Your Own Device BYOD
22
Q
————————— is a boot firmware that provides runtime services for the operating system (OS). The BIOS starts, checks specific hardware components, and loads the OS depending on boot priority.
A
The Basic Input/Output System (BIOS)
23
Q
——————– is a set of compiled code written in a C-language that interacts with the Windows API to enable additional functionality within a C2 agent.
A
Beacon Object Files (BOF)
24
Q
————- is an integrated platform for performing security testing of web applications. It includes various tools for scanning, fuzzing, intercepting, and analysing web traffic. It is used by security professionals worldwide to find and exploit vulnerabilities in web applications.
A
Burp Suite
25
------------- , this term is given to a publicly disclosed vulnerability
Common Vulnerabilities and Exposures (CVE)
26
--------------------------. These web applications are used to manage content on a website. For example, blogs, news sites, e-commerce sites and more!
Content Management System (CMS)
27
--------------------- is the opposite of Disclosure, Alternation, and Destruction (DAD).
Confidentiality, Integrity, and Availability (CIA)
28
Common Vulnerability Scoring System
CVSS
29
---------------- is evidence-based knowledge about adversaries, including their indicators, tactics, motivations, and actionable advice against them.
CTI
Cyber Threat Intelligence
30
--------------- is a software development practice that involves automatically building, testing and implementing changes to an application's source code
CI Continuous Integration
31
------------------- is a set of guidelines and measures for organisations to manage and improve their cybersecurity posture by identifying, assessing, and managing their cybersecurity risks.
Cyber Security Framework (CSF)
32
------------------- are computer programs designed to be used from a text interface; think of it as if you're using an application without a user interface.
CLI Command-line applications
33
A hairy, bear-like creature that performs Quality Analysis in DevOps
ChewBa-QA
34
--------------------- is a software development term for deploying code to production environments automatically without any interaction from a human. For example, the automation of tests and then deployment of the code.
CD Continuous Deployment
35
They are a set of practices and principles that enable automated software releases.
CI/CD CI/CD stands for Continuous Integration/Continuous Delivery.
36
-------------------- are a set of programs used to communicate with a victim machine. This is comparable to a reverse shell, but is generally more advanced and often communicate via common network protocols, like HTTP, HTTPS and DNS.
Command and Control (C2) Infrastructure
37
------------------- is a vulnerability that occurs when an attacker manipulates input fields to inject malicious commands into a vulnerable application. This can lead to unauthorised execution of arbitrary commands on the targeted server, potentially resulting in data breaches, system compromise, or unintended operations.
Command Injection
38
---------------------- is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform. It allows an attacker to partly circumvent the same origin policy, which is designed to prevent different websites from interfering with each other.
Cross-site request forgery (also known as CSRF)
39
----------------------- is the most important processor in a given computer. Its electronic circuitry executes instructions of a computer program, such as arithmetic, logic, controlling, and input/output (I/O) operations. This role contrasts with that of external components, such as main memory and I/O circuitry,[1] and specialized coprocessors such as graphics processing units (GPUs).
A central processing unit (CPU)—also called a central processor or main processor—
40
------------------------------ is the person that is responsible for an organisations technology. Working together with the CIO, they run a company's IT infrastructure.
CTO Chief Technology Officer
41
----------------are incredible ML structures that have the ability to extract features that can be used to train a neural network. In essence, ------------------ are normal neural networks that simply have the feature-extraction process as part of the network itself.
Convolutional Neural Networks (CNNs)
42
CLI
Command Line Interface
43
------------------- are packages of software that bundles up code, and all its dependencies so it can be run reliably in any environment.
Containers
44
------------------ is a mechanism for integrating applications. CORS defines a way for client web applications that are loaded in one domain to interact with resources in a different domain.
Cross-origin resource sharing (CORS)
45
------------------- is a company which offers scalable cloud computing resources on demand. The cloud resources ------------ offer include computing power, data storage and applications.
A Cloud Service Provider CSPs
46
----------------------- is a non-profit organisation that helps collect and define standards that can be implemented as preventative measures against cyber attacks
CIS CIS (Centre for Internet Security)
47
The process of securing a Kubernetes cluster following best security practices.
Cluster Hardening
48
--------------- is the opposite of Confidentiality, Integrity, and Availability (CIA).
Disclosure, Alternation, and Destruction (DAD)
49
DPI
Deep Packet Inspection
50
-------------- is the protocol responsible for resolving hostnames, such as tryhackme.com, to their respective IP addresses.
Domain Name System (DNS)
51
----------------- is a symmetric encryption block encryption algorithm which uses a cryptographic key size of 56 bits. AES became the new standard in 2001.
The Data Encryption Standard (DES)
52
DAST
Dynamic Application Security Testing scans running applications for vulnerabilities
53
A computer operating system that provides a file system for operations such as reading, writing, and erasing data on a disk. It is a non-graphical line-oriented command-driven computer operating system designed for the IBM PC. Several variations of ------------ were developed, such as MS-------- (Microsoft) and PC------------ (IBM).
DOS
54
DFIR
Digital Forensics and Incident Response
55
Reporting, and Conformance, or DMARC, is a technical standard that helps protect email senders and recipients from spam, spoofing, and phishing.
DMARC Domain-based Message Authentication,
56
for packet I/O. The -------- replaces direct calls to libpcap functions with an abstraction layer that facilitates operation on a variety of hardware and software interfaces without requiring changes to Snort.
DAQ Data Acquisition library,
57
----------------- are used by Windows systems to specify who can access a given resource. While they are often referenced when talking about files, they also apply to other components as registry keys, services and scheduled tasks.
DACL Discretionary Access Control Lists
58
--------------------- is a perimeter network that protects and adds an extra layer of security to an organization’s internal local-area network from untrusted traffic. The end goal of a demilitarized zone network is to allow an organization to access untrusted networks, such as the internet, while ensuring its private network or LAN remains secure
A DMZ or demilitarized zone
59
--------------- is a set of practices, tools, and a cultural philosophy that automate and integrate the processes to build software.
DevOps
60
----------------- is an email security standard designed to make sure messages aren't altered in transit between the sending and recipient servers.
DKIM (DomainKeys Identified Mail)
61
------------------------- is a library that contains code and data that can be used by more than one program at the same time. For example, in Windows operating systems, the Comdlg32 DLL performs common dialog box related functions. Each program can use the functionality that is contained in this DLL to implement an Open dialog box. It helps promote code reuse and efficient memory usage.
A DLL file, short for Dynamic Link Library,
62
---------------------- software detects potential data breaches/data ex-filtration transmissions and prevents them by monitoring,[1] detecting and blocking sensitive data while in use (endpoint actions), in motion (network traffic), and at rest (data storage).
Data Loss Prevention (DLP)
63
The process of analyzing malware by running it in a controlled environment like a sandbox.
Dynamic Analysis
64
-------------- is a network management protocol used on Internet Protocol (IP) networks for automatically assigning IP addresses and other communication parameters to devices connected to the network using a client–server architecture.
The Dynamic Host Configuration Protocol (DHCP)
65
A system used by microsoft to assess risk to computer security threats
DREAD
66
------------ is an attack on the target's availability to make the target service/system unavailable to legitimate users.
Denial of Service (DoS)
67
------------ attacks the target's availability. It is "distributed" because it is launched from many sources, usually a botnet.
Distributed Denial of Service (DDoS)
68
---------------------- is a server that manages security authentication requests in a Windows Server network. It stores user account information and controls access to resources on the network. It is a critical component for managing and securing a network infrastructure.
DC A domain controller
69
---------------------- is a free and open-source web application security scanner. It can be used to find hidden directories and files on web servers. It can use various techniques to brute-force directories and files, including dictionary attacks, brute-force attacks, and hybrid attacks.
DirBuster
70
Fosters the same culture and principles as ---------- with the addition of security into the development process, ensuring security is integrated from an early stage.
DevSecOps
71
------------------- is a framework used to handle the Incident Response process. It is mapped on the NIST Incident Response Lifecycle
DAIR - Dynamic Approach to Incident Response
72
----------------- is a series of tools that monitor devices for activity that could indicate a threat.
Endpoint detection and response (EDR)
73
It is a file format used to store event logs generated by the Windows Event Logging system.
An EVTX file is a Windows XML event log file.
74
----------- is a solution deployed on endpoint devices to prevent file-based malware attacks, detect malicious activity, and provide the investigation and remediation capabilities needed to respond to dynamic security incidents and alerts.
An endpoint protection platform (EPP)
75
-------------------- is a service provided by Amazon Web Services (AWS) that allows you to rent virtual PCs on the cloud. The machines can be used just as any regular PC, and their specs can be dimensioned according to your specific needs.
Elastic Compute Cloud (EC2)
76
The measure of randomness of data in a file is known as --------------. -------------- is very useful in identifying compressed and packed malware. Packed or compressed files usually have a high -------------.
Entropy
77
---------------- is a security information and event management (SIEM) platform that helps organisations collect, analyse, and respond to security threats. It can collect data from various sources, including logs, events, network traffic, and cloud metadata. It can use machine learning to identify and prioritise threats. It can automate response actions, such as blocking malicious traffic or isolating infected hosts.
Elastic SIEM
77
These are three open-source tools that are commonly used together to collect, store, analyse, and visualise data.
ELK stands for Elasticsearch, Logstash, and Kibana.
78
------------------- is a distributed, scalable, and highly available search engine. It is used to store and index data so that it can be quickly searched and analysed.
Elasticsearch
79
---------------------- is a broad concept that includes public or private information stored in an electronic or digital medium, such as data available from computers (including email), CD-ROM discs, DVDs, Internet, cloud storage, personal digital assistants (PDAs), smart phones, tablets, GPS systems, satellites, and drones. ESI includes writings, drawings, graphs, charts, photographs, sound recordings, images, video recordings, data compilations, computer-aided design files such as blueprints or maps, metadata, equipment/process control and data logging system files, and any other data that is stored electronically.
Electronically Stored Information (ESI)
80
---------------------- is a managed Kubernetes service from the Amazon Web Services Cloud Service Provider.
Elastic Kubernetes Service (AKS)
81
------------------- is a way to encrypt data using smaller keys while still providing strong security. It is based on the math of elliptic curves.
ECC
82
Images store metadata (date and time, camera settings, GPS coordinates, etc.) within them. This metadata of image files is stored in a standardized format known as Exchangeable Image File Format
EXIF
83
---------- is United States legislation that defines a comprehensive framework to protect government information, operations and assets against natural or man-made threats. --------- was signed into law part of the Electronic Government Act of 2002.
FISMA is an acronym that stands for the Federal Information Security Modernization Act.
83
A security tool, hardware or software that is used to filter network traffic by stopping unauthorized incoming and outgoing traffic.
Firewall
84
------------------------- is a protocol designed to help the efficient transfer of files between different and even non-compatible systems. It supports two modes for file transfer: binary and ASCII (text).
File Transfer Protocol (FTP)
85
is a form of user interface that allows users to interact with electronic devices through graphical icons and audio indicators such as primary notation, instead of text-based UIs, typed command labels or text navigation. GUIs were introduced in reaction to the perceived steep learning curve of command-line interfaces (CLIs),which require commands to be typed on a computer keyboard.
The graphical user interface, or GUI,
86
---------------- is a free and open-source directory and file enumeration tool. Penetration testers and security professionals use it to find hidden directories and files on web servers.
Gobuster
87
--------------- is a distributed version control system used for tracking changes in files and coordinating work among multiple contributors. It provides efficient branching, merging, and collaboration capabilities for software development projects.
Git
88
It is a free and open-source encryption software that uses public-key cryptography. ---------------- can be used to encrypt files and messages, and to sign files and messages. Encryption makes it so that only the intended recipient can decrypt the file or message while signing makes it so that the recipient can verify that the file or message was sent by the person it claims to be from.
GPG stands for GNU Privacy Guard.
89
A software reverse engineering framework developed by the National Security Agency (NSA) in the United States. Comprising of a suite of software analysis tools. ------------ disassembles executables into code that humans can understand.
Ghidra
90
----------------- is a feature in Windows Server that allows administrators to control user and computer settings across the network. It provides a centralised way to manage and configure operating systems, applications, and user settings.
Group Policy Object (GPO)
91
It is available from the GNU project and is a common bootloader shipped with many Linux distributions.
GRUB stands for Grand Unified Bootloader.
92
----------- protects workstations and servers through software that resides on the system. It catches suspect activity on the system and then either allows or disallows the event to happen, depending on the rules. Finally, it can also monitor data requests and read or write attempts and network connection attempts, potentially allowing it to be used as a compensating control for other requirements.
Host Intrusion Prevention System (HIPS)
93
The primary law in the United States that governs the privacy of healthcare information
Health Information Portability and Accountability Act (HIPAA).
94
-------------- files are files that contain HTML, JScript, and or VBScript code that can be executed on client system. This can to lead to more dynamic applications or remote code execution on a client or victim.
HTML Application (HTA)
95
----------------- analyzes system state, system calls, file-system modifications, application logs, and other system activity.
Host Intrusion Detection System (HIDS)
96
-------------------- is a form of “on the ground” information gathering using human sources to collect information. In the context of Threat Intelligence, this can include infiltrating and engaging with threat actors on underground crime networks, forums and marketplaces, chat platforms, and other target environments, to include the dark web.
Human Intelligence (HUMINT)
97
--------------- is the protocol that specifies how a web browser and a web server communicate. Your web browser requests content from the TryHackMe web server using the ---- -------- as you go through this room.
Hypertext Transfer Protocol (HTTP)
98
---------- is a free and open-source password-cracking tool. It can try numerous passwords till the correct password is found. It can be used to crack passwords for various network services, including SSH, Telnet, FTP, and HTTP.
Hydra
99
----------------- is a powerful, object-oriented query language similar to SQL but designed specifically for Hibernate ORM framework. --- abstracts the database-specific SQL and allows developers to write queries using the entity objects defined in the Hibernate mappings, rather than directly interacting with the database tables.
Hibernate Query Language (HQL)
100
----------------------- is a structured approach to managing and addressing the aftermath of a security breach or cyberattack, also known as an IT incident, computer incident, or security incident. It involves identifying, investigating, handling, and learning from security events or incidents to prevent a similar occurrence.
Incident Response (IR)
101
---------------------- is a protocol for receiving email. Protocols standardize technical processes so computers and servers can connect with each other regardless of whether or not they use the same hardware or software.
The Internet Message Access Protocol (IMAP)
102
---------------------------- is a standards organization for the Internet and is responsible for the technical standards that comprise the Internet protocol suite.
The Internet Engineering Task Force (IETF)
103
---------------- refers to the network of physical objects, or "things", that are embedded with sensors and software which allow them to collect and exchange data over the Internet. These objects can include various devices, from everyday household items like thermostats, refrigerators, and lightbulbs, to industrial equipment, vehicles, and more.
IoT (Internet of Things)
104
-------- denotes systems responsible for overseeing and conducting functions that support critical infrastructure, such as water, power, transportation, and manufacturing.
ICS
105
It is a security principle that is used to protect systems and data. IAAA ensures that only authorized users can access a system and that their actions can be tracked.
IAAA stands for Identification, Authentication, Authorization, and Accountability.
106
---------------- is a device or application that detects and stops intrusions attempts proactively. They are usually deployed in front of the protected asset and block any potential threat from reaching their target.
Intrusion Prevention System (IPS)
107
----------- combines SAST and DAST and scans source code as well as running applications
Interactive Application Security Testing
108
--------------- are a type of access control vulnerability that arises when an application uses user-supplied input to access objects directly. The term IDOR was popularized by its appearance in the OWASP 2007 Top Ten.
Insecure direct object references (IDOR)
109
Indicator of Compromise is a forensic artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion.
IOC
110
The mitigation of violations of security policies and recommended practices.
Incident Handling (IH).
111
IRC
Internet Relay Chat
112
------------------ is a standards organization that oversees global IP address allocation, autonomous system number allocation, root zone management in the Domain Name System (DNS), media types, and other Internet Protocol-related symbols and Internet numbers
The Internet Assigned Numbers Authority (IANA)
113
---------------- is a system that detects unauthorised network and system intrusions. Examples include detecting unauthorised devices connected to the local network and unauthorised users accessing a system or modifying a file.
Intrusion Detection System (IDS)
114
refers to the use of digital technologies to access, process, and communicate information.
ICT stands for Information and Communication Technology and
115
----------- is an IETF protocol, as well as the name of the IETF working group defining the protocol. It was created based on the need for a common, universal standard of export for Internet Protocol flow information from routers, probes and other devices that are used by mediation systems, accounting/billing systems and network management systems to facilitate services such as measurement, accounting and billing. The IPFIX standard defines how IP flow information is to be formatted and transferred from an exporter to a collector.
Internet Protocol Flow Information Export (IPFIX)
116
Inter-process Communication is the definition of the mechanism that allows processes to communicate and share data between each other
IPC
117
----------- is a framework/process for controlling and securing digital identities and user access in organisations.
Identity and Access Management (IAM)
118
------------ is an open-source automation server widely used in DevOps for building, testing, and deploying software applications.
Jenkins
119
------------ is an open standard file and data interchange format that uses human-readable text to store and transmit data objects consisting of attribute–value pairs and arrays.
JavaScript Object Notation
120
-------------- is a free and open-source password-cracking tool. It can crack passwords stored in various formats, including hashes, passwords, and encrypted private keys. It can be used to test passwords' security and recover lost passwords.
John the Ripper
121
--------------- is a tool that is used to record user keystrokes on a physical computer.
A keylogger
122
A tool created by Eric Zimmerman used to parse and extract forensic artifacts from a system.
Kroll Artifact Parser and Extractor. (KAPE)
123
----------------- is a computer network authentication protocol that operates based on tickets, allowing nodes to securely prove their identity to one another over a non-secure network. It primarily aims at a client-server model and provides mutual authentication, where the user and the server verify each other's identity. The Kerberos protocol messages are protected against eavesdropping and replay attacks, and it builds on symmetric-key cryptography, requiring a trusted third party.
Kerberos
124
--------- is a web-based visualisation tool for exploring data stored in Elasticsearch. It can be used to create interactive dashboards and charts that help users to understand data.
Kibana
125
------------- is a container orchestration system used for automating deployment, scaling and management of applications.
Kubernetes
126
---------- is a command line operating system based on unix. There are multiple operating systems that are based on --------.
Linux
126
Both are query languages used to explore and process data based on search terms and filters.
KQL can refer to Kusto Query Language in the context of Azure, and Kibana Query Language in the context of Elastic.
127
------------------ is a protocol based on the Domain Name System (DNS) packet format that allows both IPv4 and IPv6 hosts to perform name resolution for hosts on the same local link.
The Link-Local Multicast Name Resolution (LLMNR)
128
------------------- is a security vulnerability that occurs when a web application allows users to include files from the local file system. Attackers exploit ------ by manipulating input fields to retrieve sensitive files or execute malicious code. This can lead to unauthorised access to system files, data leakage, and potential remote code execution.
Local File Inclusion (LFI)
129
--------------- is a cryptographic disk encryption standard for Linux systems. It uses symmetric and asymmetric encryption to protect data on encrypted disks and partitions. ------ is a versatile encryption method that can be used to encrypt any block device, including hard drives, USB drives, and even entire operating systems.
Linux Unified Key Setup (LUKS)
130
These files are often used to point to a file or folder from another location, making it convenient to access frequently used files and folders.
LNK Files with a .lnk file extension refers to "link files" or "desktop shortcuts".
131
-------- is a tool for collecting and processing data from a variety of sources. It can be used to collect logs from applications, servers, and other systems. It can also be used to parse and transform data before it is stored in Elasticsearch.
Logstash
132
The -------- usually receives an email from an email client or another -----.
Mail Transport Agent. The MTA
133
--------------- is an Internet standard that extends the format of email messages to support text in character sets other than ASCII, as well as attachments of audio, video, images, and application programs.
Multipurpose Internet Mail Extensions (MIME)
134
------------- refers to the email client that the user relies on to send and receive email. Examples of ------- are Thunderbird and MS Outlook. The ------ connects to a Mail Transport Agent (MTA) to send its message, and it connects to a Mail Delivery Agent (MDA) to download its email messages.
Mail User Agent. MUA
135
-------------- is a cryptographic hash function that takes any input and produces a 128-bit hexadecimal number. The output of an MD5 hash function is called a digest. MD5 digests are often used to verify the integrity of files or data; however, MD5 is no longer considered secure and should not be used for sensitive applications.
Message Digest 5 (MD5)
136
Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK)
MITRE
137
Malware Information Sharing Platform is is an open-source threat information platform used to facilitate the collection and sharing of threat information.
MISP
138
---------------- is a catalog of malware objectives and behaviors, created to support malware analysis-oriented use cases, such as labeling, similarity analysis, and standardized reporting.
The Malware Behavior Catalog (MBC)
139
MTU
Maximum Transmission Unit
139
----------------- is a security process that requires users to provide two or more forms of identification before accessing an account or system. This enhances security by adding an additional layer of protection against unauthorised access.
MFA stands for Multi-Factor Authentication,
140
------------------- involves an individual placing themselves in-between a communication process to intercept traffic
MITM A Man in the Middle attack
141
----------- is responsible for delivering the email messages from a Mail Transport Agent (MTA) to the email client.
Mail Delivery Agent. The MDA
142
------------ is an open-source penetration testing framework that helps security professionals find and exploit vulnerabilities in computer systems. It includes a database of known vulnerabilities and tools and scripts for exploiting them.
Metasploit
143
---------------- is the term used to describe algorithms and functions used to get computers to think and act the way humans and nature do.-
ML Machine Learning
144
---------------- refers to the software being broken up into smaller independent services which communicate using APIs.
A microservice architecture
145
------------------- is a Metasploit attack payload that provides an interactive shell from which an attacker can explore the target machine and execute code. It is typically deployed using in-memory DLL injection to reside entirely in memory.
Meterpreter
146
This organisation develops frameworks and policies for information security that is used all throughout the industry.
National Institute of Standards and Technology (NIST).
147
---------------- is an independent platform that examines network traffic patterns to identify intrusions for an entire network.
Network Intrusion Detection System (NIDS)
148
----------------------- is based upon the collection of data to perform detection and analysis. With the collection of a large amount of data, it makes sense that a SOC should have the ability to generate statistical data from existing data, and that these statistics can be used for detection and analysis.
NSM
Network Security Monitoring
149
------------- is a suite of security protocols offered by Microsoft to authenticate users’ identity and protect the integrity and confidentiality of their activity.
Windows New Technology LAN Manager (NTLM)
150
------------------- typically provide the same functionality as packet sniffers, protocol analyzers, and SEM software in a single product. Whereas SEM software concentrates on correlating events among existing data sources (which typically include multiple network traffic related sources), -------- software focuses primarily on collecting, examining, and analyzing network traffic. --------- software also offers additional features that further facilitate network forensics.
Network forensic analysis tools (NFAT)
151
----------------------- sensors and programs examine network traffic to identify security threats that generate unusual traffic flows, such as distributed denial of service (DDoS) attacks, certain forms of malware and policy violations
Network Behaviours Analysis (NBA)
152
------------------------- is a method of monitoring network availability and activity to identify anomalies, including security and operational issues
Network traffic analysis (NTA)
153
------------------------- is a networking protocol designed to synchronize the clocks of computers over a network. It uses a designated reference time source, such as an atomic or GPS clock, to coordinate the system time for all networked devices. It ensures that all computers within the network have the same accurate time, which is crucial for various applications, including logging, security, and data integrity.
NTP (Network Time Protocol)
154
------------------------ is a network security solution, although HIPS protects hosts. It monitors all network traffic for suspect activity and either allows or disallows the traffic to pass. For a ------ to work properly, it needs to be positioned in-line on the network segment so that all traffic traverses through the -----. The implementation of a NIPS is similar to a NIDS with one exception: because a NIPS has two NICS, a network TAP, switch, or hub is not required.
Network Intrusion Prevention System (NIPS)
155
---------------------- is an assembly language instruction that does nothing during the execution cycle of a program. It is commonly used for timing purposes, debugging, to occupy space that will be replaced with active instructions later, or to prevent certain processor optimizations. Despite doing nothing, ------- instructions still consume CPU cycles while being processed.
NOP, or No Operation,
156
It provides services related to the session layer of the OSI model allowing applications on separate computers to communicate over a local area network.
NetBIOS is an acronym for Network Basic Input/Output System.
157
----------- is a open-source tool used for network discovery and security auditing. It also assists in the exploration of network hosts and services, providing information about open ports, operating systems, and other details.
Nmap (Network Mapper)
158
--------------- is an operating-system daemon that sets and maintains a computer system's system time in synchronization with Internet-standard time servers. It is a complete implementation of the Network Time Protocol (NTP) version 4, but retains compatibility with versions 1, 2, and 3 as defined by RFC 1059, RFC 1119, and RFC 1305, respectively.
The ntpd program
159
-------------, a network protocol developed for Cisco routers by Cisco Systems, is widely used to collect metadata about the IP traffic flowing across network devices such as routers, switches and hosts. The traffic flow data informs a company’s IT professionals as to how much traffic there is, where it’s coming from and going to, and the paths being used.
NetFlow
160
----------------- refers to containers that hold users, groups and computers to which similar policies should apply. In most cases, OUs will match departments in an enterprise.
In Windows domains, Organizational Unit (OU)
161
OGNL
Object-Graph Navigation Language
162
-------------- is a set of principals and tactics used to attempt to protect the security of an operator or operation. An example of this may be using code names instead of your real names, or using a proxy to conceal your IP address.
Operational Security (OPSEC)
163
--------------- is a layer between the hardware and the applications. From the application's perspective, the OS provides an interface to access the different hardware components, such as CPU, RAM, and disk storage. Examples of OS are Android, FreeBSD, Linux, macOS, and Windows.
Operating System (OS)
164
--------------------- is a nonprofit foundation focused on understanding web technologies and exploitations and provides resources and tools designed to improve the security of software applications.
The Open Web Application Security Project
165
----------------- is the act of gathering and analyzing publicly available data for intelligence purposes.
Open source intelligence (OSINT)
166
-------------------------is a programming technique that allows developers to interact with a database using an object-oriented paradigm
Object-Relational Mapping (ORM)
167
A scripting language mostly used for web development.
PHP
168
------------- is often a piece of code or an application that is used to demonstrate an idea or theory is possible. Proof of Concepts are often used to demonstrate vulnerabilities
A Proof of Concept
PoC
169
PII
Personally Identifiable Information is any representation of data that can be used to identify an individual directly.
170
Malware often tries to keep a footprint in the system such that it keeps running even after a system restart. This is called persistence. For example, If a malware adds itself to the startup registry keys, it will persist even after a system restart.
Persistence
171
In the context of operating systems, ---- stands for Process ID. It is a unique identifier assigned to each running process in a system. ------- are usually assigned in sequential order as processes are created, but can be recycled once a process has completed and terminated.
PID
172
When emails are sent to a target(s) purporting to be from a trusted entity to lure individuals into providing sensitive information.
Phishing
173
---------------is a task automation and configuration management program from Microsoft, consisting of a command-line shell and the associated scripting language.
PowerShell
174
----------------- is a networking practice involving the interception of data packets travelling over a network. Once the packets are captured, they can be stored by IT teams for further analysis. The inspection of these packets allows IT teams to identify issues and solve network problems affecting daily operations.
Packet capture (PCAP)
175
----------- is short for Process for Attack Simulation and Threat Analysis; it is a risk-centric threat modelling framework.
PASTA
176
Are a set of automated processes and tools that allows both developers and operations professionals to build and deploy code to a production environment.
Pipelines
177
In the context of operating systems, ------------------ . It refers to the process ID of the parent process that spawned the particular process. ------------ indicate the hierarchy and relationship of all running processes in a system, which also describes how every process is connected to one another.
PPID stands for Parent Process ID
178
------------------- makes it possible for different entities to communicate securely over a network. Consequently, we can protect the confidentiality and integrity of the communications, among other aspects.
Public Key Infrastructure (PKI)
179
-------------------- is an alternative protocol for receiving emails that downloads emails from the server to a local device. Using ----------, a recipient cannot access their emails again from a different device because they are stored locally and then deleted from the email server.
Post Office Protocol Version 3 (POP3)
180
A file format for executables, object code, DLLs, FON Font files, and others used in 32-bit and 64-bit versions of Windows operating systems. The ---- format is a data structure that encapsulates the information necessary for the Windows OS to manage the wrapped executable code.
PE
181
------------------------. An information security standard administered by the Payment Card Industry Security Standards Council that is for organizations that handle branded credit cards from the major card schemes.
Payment Card Industry Digital Security Standard (PCI DSS)
182
Tools that compress and encrypt executable files. It compresses the target executable and embeds it within a new executable file that serves as a wrapper or container. This dramatically reduces the size of the file, making it ideal for easy distribution and installation.
Packers
183
A -------- server is a system or router that provides a gateway between users and the internet. Therefore, it helps prevent cyber attackers from entering a private network. It is a server, referred to as an “intermediary” because it goes between end-users and the web pages they visit online.
proxy
184
a person being monitored, sought, or questioned concerning a criminal investigation or security operation, especially as a potential suspect.
Person of Interest: POI
185
Pod Security Standards (used in Kubernetes) define 3 different policies that broadly cover the security spectrum: privileged, baseline and restricted.
PSS
186
Pod Security Admission (used in Kubernetes) enforces Pod Security Standards (PSS).
PSA
187
------------------------ is an extension to the OAuth 2.0 authorization framework. It is designed to provide an additional layer of security for public clients, such as mobile and JavaScript-based applications, which are unable to securely store client secrets. PKCE is particularly useful in mitigating authorization code interception attacks.
PKCE (Proof Key for Code Exchange)
188
Also known as a Caesar cipher, is a simple form of substitution cipher used in cryptography. It involves replacing each letter in the text by a letter some fixed number of positions down or up the alphabet.
ROT
189
Runtime Application Self-Protection is a tool / software built at the runtime environment and it can control application execution to detect real time attacks
RASP
190
-------------- is a document that gives permission to a penetration tester, defining the targets that the engagement applies to and the behaviours/techniques that
ROE
The Rules of Engagement
191
-------------------- is a protocol used to establish remote graphical sessions over the network.
RDP
Remote Desktop Protocol
192
RCE
Remote Code Execution
193
-------------------- is a publication in a series from the principal technical development and standards-setting bodies for the Internet, most prominently the Internet Engineering Task Force (IETF).
A Request for Comments (RFC)
194
------------------- is a family of cryptographic hash functions developed in 1992 (the original RIPEMD) and 1996 (other variants). There are five functions in the family: RIPEMD, RIPEMD-128, RIPEMD-160, RIPEMD-256, and RIPEMD-320, of which RIPEMD-160 is the most common.
RIPEMD (RIPE Message Digest)
195
--------------------- is a cyber attack where an attacker exploits a vulnerability in a web application to include malicious files from a remote server. By injecting URLs into input fields, attackers can execute arbitrary code on the target server, leading to potential system compromise or unauthorised access.
Remote File Inclusion (RFI)
196
------------------------ is a form of electronic computer memory that can be read and changed in any order, typically used to store working data and machine code.
Random-access memory (RAM; /ræm/)
197
---------------------- is a software architectural style that was created to guide the design and development of the architecture for the World Wide Web. ----- defines a set of constraints for how the architecture of a distributed, Internet-scale hypermedia system, such as the Web, should behave. The ----- architectural style emphasises uniform interfaces, independent deployment of components, the scalability of interactions between them, and creating a layered architecture to promote caching to reduce user-perceived latency, enforce security, and encapsulate legacy systems.
REST (representational state transfer)
198
--------------- refers to access to resources being restricted on a role basis in an organisation. Can be used in (but not limited to) Kubernetes to restrict access to cluster resources.
RBAC
199
------is a method for encrypting data using two keys: one to lock (encrypt) and another to unlock (decrypt) it, relying on the difficulty of factoring large number.
RSA
200
------------------- is a software engineering concept which is the structured process of developing an application
SDLC
Software Development Life Cycle
201
-------------------------- is a protocol used to send the email to an SMTP server, more specifically to a Mail Submission Agent (MSA) or a Mail Transfer Agent (MTA).
Simple Mail Transfer Protocol (SMTP)
202
A short period of time wherein a development team works to complete specific tasks, milestones, or deliverables.
Sprint
203
------------------------- is an Excel spreadsheet containing a carefully maintained collection of Indicators of Compromise (IoCs). These IoCs act as warning signs, alerting security experts to suspicious behaviour or potential system breaches. By keeping track of these indicators, the SoD offers a detailed snapshot of possible threats, allowing for quick identification, analysis, and response. Whether it involves tracking IP addresses, URLs, file hashes, or other distinguishing features associated with malicious activities, the SoD is vital in bolstering security protocols and keeping cyber attackers at bay.
The Spreadsheet of Doom (SoD)
204
---------------------- is an extension of DevOps practices, focused on building secure products.
SSDLC (Secure Software Development lifecycle)
205
Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service (DoS), and Elevation of Privilege
STRIDE
206
------------------------- system that is used to aggregate security information in the form of logs, alerts, artifacts and events into a centralized platform that would allow security analysts to perform near real-time analysis during security monitoring.
Security Information and Event Management
SIEM
206
------------------- refers to a cryptographic network protocol used in secure communication between devices. SSH encrypts data using cryptographic algorithms, such as Advanced Encryption System (AES) and is often used when logging in remotely to a computer or server.
Secure Shell (SSH)
207
It is a solution that helps organisations to streamline and automate their security operations, including incident management, threat intelligence, and vulnerability response.
SOAR stands for Security Orchestration, Automation, and Response.
208
-------------------- is a web vulnerability where an attacker manipulates a vulnerable application to make requests to internal or external resources on behalf of the server. This can lead to data exposure, unauthorised access to internal systems, or service disruptions.
Server Side Request Forgery (SSRF)
209
The manipulation of individuals to divulge sensitive information, through various forms of communication
Social Engineering
210
The process of analyzing malware without executing it, but in a controlled environment.
Static Analysis
211
------------------------ which is a Windows system service and device driver developed by Microsoft that is designed to monitor and log various events happening within a Windows system.
Sysmon refers to System Monitor,
212
SPL
Search Processing Language. A processing language used for searching in Splunk
213
-------------------- is a type of cyber attack where malicious SQL (Structured Query Language) code is injected into a vulnerable application's input fields. This can manipulate the application's database queries, potentially granting unauthorised access to the database or allowing attackers to retrieve, modify, or delete data.
SQL Injection (SQLi)
214
------------------- is a cryptographic hash function that takes any input and produces a 256-bit hexadecimal number. ------------ is often used to verify the integrity of files or data and to create digital signatures. ------------ is considered very secure and is widely used in applications such as Bitcoin and blockchain technology.
Secure Hash Algorithm 256 bits (SHA-256)
215
------------------- is a session and user authentication service that permits a user to use one set of login credentials -- for example, a username and password -- to access multiple applications. SSO can be used by enterprises, small and midsize organizations, and individuals to ease the management of multiple credentials.
Single sign-on (SSO)
216
--------------------- is a service provided by Amazon Web Services (AWS) that allows you to store data in a scalable and reliable way. Data is stored on buckets, which act as a folder in the cloud where you can store files, applications, backup information or anything you need.
Simple Storage Service (S3)
217
SEC3PO
A DevSecOps engineer / part Android
218
Microsoft's ----- is a collection of mandatory security activities grouped by the traditional software development lifecycle phases.
SDL
219
----------------- is an open framework to help organisations formulate and implement a software security strategy tailored to the organisation's specific risks
he Software Assurance Maturity Model (SAMM)
220
-------------------- is an email authentication method designed to detect forging sender addresses during the delivery of the email.
Sender Policy Framework (SPF)
221
A robot working as a System Administrator
S2D2
222
Static Application Security Testing for scanning code
SAST
223
-------------------- is a team of IT security professionals tasked with monitoring, preventing , detecting , investigating, and responding to threats within a company’s network and systems.
Security Operations Center (SOC)
224
This involves sending of targeted emails to specific individuals or groups within an organisation, often with a malicious attachment or link.
Spear-Phishing
225
A---- port (sometimes called a mirror port) is a software feature built into a switch or router that creates a copy of selected packets passing through the device and sends them to a designated ----- port. Using software, the administrator can easily configure or change what data is to be monitored. Since the primary purpose of a switch or router is to forward production packets, ----- data is given a lower priority on the device. The ---- also uses a single egress port to aggregate multiple links, so it is easily oversubscribed.
SPAN
226
------------------------- is an application security methodology in which development teams can quickly track and analyze any open source component
SCA
Software Composition Analysis
227
-------------------------- is a communication protocol[1] originally developed in 1983 by Barry A. Feigenbaum at IBM[2] and intended to provide shared access to files and printers across nodes on a network of systems running IBM's OS/2. It also provides an authenticated inter-process communication (IPC) mechanism.
Server Message Block (SMB)
228
This Linux signal occurs when a program attempts to access a memory position that is unavailable or lacks the necessary permissions.
SIGSEGV
229
-------------------- is a programming language for storing and processing information in a relational database. A relational database stores information in tabular form, with rows and columns representing different data attributes and the various relationships between the data values. You can use ----- statements to store, update, remove, search, and retrieve information from the database. You can also use ---- to maintain and optimize database performance.
Structured query language (SQL)
230
------------------ is a free and open-source penetration testing tool that automates finding and exploiting ---- injection vulnerabilities on web applications. It can extract data from databases, execute commands on the underlying operating system, and even take control of the target server.
SQLMap
230
------------is a platform for collecting, storing, and analysing machine data. It provides various tools for analysing data, including search, correlation, and visualisation. It is a powerful tool that organisations of all sizes can use to improve their IT operations and security posture.
Splunk
231
------------is the daemon program for ssh(1). Together these programs replace rlogin(1) and rsh(1), and provide secure encrypted communications between two untrusted hosts over an insecure network.
sshd (OpenSSH Daemon)
232
----------------------- is a critical security mechanism that restricts how a document or script loaded by one origin can interact with a resource from another origin. It helps isolate potentially malicious documents, reducing possible attack vectors.
Same-origin policy
SOP
233
----------------------- is a method of providing software to users. This software/application will run in the cloud and users will pay to use it via subscription (as a service) rather than buying it.
Software as a Service (SaaS)
234
------------------------ is a configuration standard consisting of cybersecurity requirements for a specific product (e.g. Kubernetes) provided by DISA (US Department of Defence Systems Agency).
Security Technical Information Guidelines (STIG)
235
------------------------------- is a messaging protocol specification for exchanging structured information in the implementation of web services in computer networks. It uses XML Information Set for its message format, and relies on application layer protocols, most often Hypertext Transfer Protocol (HTTP), although some legacy systems communicate over Simple Mail Transfer Protocol (SMTP), for message negotiation and transmission.
SOAP (formerly an acronym for Simple Object Access Protocol)
236
A process or service which runs in parallel (and supports) a primary application.
Sidecar
236
A ---------------------- is a dedicated infrastructure layer used to control and manage service-to-service communication in a Microservices Architecture.
Service Mesh
237
------------ refers to the amount of time or “hops” that a packet is set to exist inside a network before being discarded by a router. ------- is also used in other contexts including CDN caching and DNS caching.
Time to live (TTL)
238
TTP
Tactics, Techniques and Procedures describe the methodologies, tools, behavioural patterns and strategies that adversaries use to plan and execute attacks against target networks and organisations.
239
---------------- is a connection-oriented protocol requiring a --- three-way-handshake to establish a connection. --- provides reliable data transfer, flow control and congestion control. Higher-level protocols such as HTTP, POP3, IMAP and SMTP use ---.
Transmission Control Protocol (TCP)
240
--------------- serves as a user's proof of authentication and allows a user to request service tickets from the KDC, which can then be used to connect to services across the network.
In Kerberos, a Ticket Granting Ticket (TGT)
241
----------------- is a discontinued software application used for on-the-fly encryption (OTFE). It can create a virtual encrypted disk within a file or encrypt a partition or the entire storage device. --------------- was originally designed to protect sensitive data on computers and prevent unauthorized access.
TrueCrypt
242
----------------------is a simple device that connects directly to the cabling infrastructure. Instead of two switches or routers connecting directly to each other, the network TAP sits between the two devices and all data flows through the TAP. Using an internal splitter, the ----- creates a copy of the data for monitoring while the original data continues unimpeded through the network
A network TAP (Test Access Point)
243
-------------- is an online cyber security training platform to help individuals and teams break into and up skill in cyber security. The site you are on right now.
TryHackMe
244
----------------------- provides an interface between the operating system (OS) and the platform firmware. The UEFI replaces the BIOS.
The Unified Extensible Firmware Interface (UEFI)
245
------------------------ or User and Entity Behavior Analytics (UEBA),[1] is the concept of analyzing the behavior of users, subjects, visitors, etc. for a specific purpose.[2] Il allows cybersecurity tools to build a profile of each individual's normal activity, by looking at patterns of human behavior, and then highlighting deviations from that profile (or anomalies) that may indicate a potential compromise.[3][4][5]
User behavior analytics (UBA)
246
----------------------- is a connectionless protocol; UDP does not require a connection to be established. UDP is suitable for protocols that rely on fast queries, such as DNS, and for protocols that prioritise real-time communications, such as audio/video conferencing and broadcast.
User Datagram Protocol (UDP)
247
-------------------- helps prevent malware from damaging a PC and helps organizations deploy a better-managed desktop. With UAC, apps and tasks always run in the security context of a non-administrator account, unless an administrator specifically authorizes administrator-level access to the system. UAC can block the automatic installation of unauthorized apps and prevent inadvertent changes to system settings.
User Account Control (UAC)
248
-------------------- is a 128-bit value used to uniquely identify an object, entity or information within a particular system or knowledge database.
UUID - Universal Unique Identifier
249
As a connection is processed by Zeek/Bro, a unique identifier is assigned to each session. This unique identifier is generally included in any log file entry associated with that connection and can be used to cross-reference different log files
UID
250
Coordinated Universal Time or--- is the primary time standard by which the world regulates clocks and time
UTC
251
UKC
Unified Kill Chain
252
URI
Uniform Resource Identifier
253
VM
Virtual Machine
254
VPR
Vulnerability Priority Rating
255
A ------------------ is a way to create a secure "tunnel" between two networks. For example, you use a VPN on TryHackMe to access the private network on which the machines operate. VPNs are also commonly used for an employee to log into their workplace when they are not on site (such as working from home or travelling for business matters). ------- are also used where networks (such as coffee shops) do not provide encryption, and are a great way of preventing others from reading your network traffic.
Virtual Private Network (VPN)
256
A ------------------ is an isolated, private cloud inside of a public cloud environment. -------- are granted to users of cloud providers so that their resources aren't accessible by other users in the same public cloud.
virtual private cloud (VPC)
257
Scanning of a system or network for known vulnerabilities
Vulnerability Assessment
258
Testing of a system or network for vulnerabilities, and trying to penetrate into a system or network.
Vulnerability Assessment and Penetration Testing (VAPT)
259
A -------------------- tracks changes to a file or set of files over time. Examples include GitHub, GitLab etc
Version Control System (VCS)
260
------------------- is a Wi-Fi protocol that has better security mechanisms than protocols such as WEP by means of handling user authentication and keys more securely. ---- has been further improved by versions such as ----2 and ----3
Wi-Fi Protected Access (WPA)
261
------------- refers to the reconnaissance of neighbourhoods for Wi-Fi wireless networks, often by driving around in a vehicle equipped with a Wi-Fi-enabled device and mapping these networks.
War driving
262
An attack where a legitimate website frequently visited by a target is compromised and geared towards infecting visitors with malware.
Watering Hole Attack
263
This is an action of using technology to automatically scan a range of phone numbers in order to reveal connected devices such as computers, modems, and office appliances.
Wardialing
264
------------------------------- analyze the radio spectrum throughout a wireless network to detect and report intrusion, network policy violations, and unauthorized use
Wireless Intrusion Prevention System (WIPS)
265
-------------------------is the infrastructure for management data and operations on Windows-based operating systems. It is used to automate administrative tasks on remote computers and supply management data to other parts of the operating system and products.
Windows Management Instrumentation (WMI)
266
------------is a free and open-source security platform that provides threat detection, integrity monitoring, incident response, and compliance capabilities. --------- can collect data from various sources, including logs, events, network traffic, and cloud metadata. It can automate response actions, such as blocking malicious traffic or isolating infected hosts.
Wazuh
267
The ---------------------Integrated Scripting Environment (ISE) is a host application for ------------------------------------. In the ISE, you can run commands and write, test, and debug scripts in a single Windows-based graphic user interface. The ISE provides multiline editing, tab completion, syntax coloring, selective execution, context-sensitive help, and support for right-to-left languages. Menu items and keyboard shortcuts are mapped to many of the same tasks that you would do in the ----------------------------- console. For example, when you debug a script in the ISE, you can right-click on a line of code in the edit pane to set a breakpoint.
Windows PowerShell (ISE)
268
---------------------- is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access.
XML external entity injection (also known as XXE)
269
------------------- is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable
Extensible Markup Language (XML)
270
Is a binary operation that is commonly used for encryption and decryption of data. ----------- operates on binary data (bits) and is based on the principles of Boolean algebra. The operation involves two bits. The result of the operation is "1" if the two bits are different, and "0" if they are the same.
XOR
271
Part time space pilot, full time DevOps Engineer
X Fighter Dev
272
A type of security vulnerability typically found in web applications. It allows attackers to inject malicious scripts into web pages viewed by other users. These scripts can then steal sensitive information, like user's cookies, session tokens, or other sensitive data.
XSS
273
Cross-site request forgery (also known as CSRF) is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform. It allows an attacker to partly circumvent the same origin policy, which is designed to prevent different websites from interfering with each other.
XSRF
274
------------- is a data serialisation language that is human-readable and useful for managing data.
YAML Ain't Markup Language
275
A compromised computer or device controlled remotely by an attacker, typically part of a botnet used for malicious activities.
Zombie
276
The process of replicating DNS zone data from one DNS server to another, which needs to be secured to prevent unauthorized access.
Zone Transfer
277
ZTNA
Zero Trust Network Architecture.
278
A security model that treats every entity (user, device, application) as potentially untrusted and requires continuous verification before granting access.
Zero Trust Archititect
279
-------- (formerly Bro) is the world's leading platform for network security monitoring. Flexible, open source, and powered by defenders.
Zeek
280
--------------------- is a free and open-source web application security scanner. It is a powerful tool that penetration testers and security professionals can use to test the security of web applications.
Zed Attack Proxy (ZAP)
