New full list of terms from Pre assesment

Social Engineering

A manipulation technique that exploits human psychology rather than technical vulnerabilities to trick individuals into divulging confidential information or performing actions that compromise security.

Social Engineering Lifecycle

The four-stage process used in social engineering attacks: information gathering (researching the target), developing rapport (building trust), exploitation (executing the attack), and exit (disengaging without raising suspicion).

Influence Principle – Authority

A social engineering tactic where the attacker poses as a figure of authority such as an executive, IT admin, or law enforcement to pressure the target into compliance.

Influence Principle – Familiarity

A social engineering tactic where the attacker builds a sense of friendship or common ground with the target to lower their defenses.

Influence Principle – Intimidation

A social engineering tactic where the attacker uses threats or aggressive pressure to force the target into taking an action.

Influence Principle – Trust

A social engineering tactic where the attacker establishes credibility or impersonates a trusted person or organization to gain cooperation.

Influence Principle – Consensus

A social engineering tactic where the attacker implies that others have already complied with the request to pressure the target into doing the same.

Influence Principle – Scarcity

A social engineering tactic that creates a false sense of limited time or resources to pressure the target into acting quickly without thinking critically.

Influence Principle – Urgency

A social engineering tactic that pressures the target to act immediately, bypassing their normal judgment or verification procedures.

Dumpster Diving

A physical reconnaissance technique where an attacker searches through discarded materials such as documents, drives, or printouts to find sensitive information useful for an attack.

Shoulder Surfing

A physical attack where an attacker observes a target's screen, keyboard, or actions in person to steal passwords, PINs, or other sensitive information.

Tailgating

A physical security attack where an unauthorized person follows an authorized individual through a secured door or access point without their knowledge or consent.

Piggybacking

A physical security attack similar to tailgating, but the authorized person knowingly allows the unauthorized individual to follow them through a secured entry point.

Pretexting

A social engineering technique where the attacker fabricates a believable scenario or false identity to manipulate the target into providing information or access.

Phishing

A social engineering attack conducted via email where the attacker impersonates a trusted entity to trick the recipient into clicking malicious links, providing credentials, or downloading malware.

Spear Phishing

A targeted form of phishing directed at a specific individual or organization using personalized information to make the attack more convincing.

Vishing

A social engineering attack conducted over voice calls where the attacker impersonates a trusted entity to extract sensitive information from the target.

Smishing

A social engineering attack conducted via SMS text messages where the attacker tricks the target into clicking a malicious link or providing sensitive information.

Whaling

A highly targeted spear phishing attack directed at senior executives or high-value individuals within an organization.

Business Email Compromise (BEC)

A sophisticated social engineering attack where the attacker impersonates a company executive or trusted partner via email to trick employees into transferring funds or sensitive data.

Disinformation

Deliberately false or misleading information spread intentionally to deceive, manipulate, or cause harm.

Misinformation

False or inaccurate information spread without deliberate intent to deceive, though it can still cause harm.

Malvertising

A cyberattack technique that injects malicious code into legitimate online advertising networks to deliver malware to users who view or click the ads.

Watering Hole Attack

An attack where the attacker compromises a website frequently visited by the target group, infecting visitors with malware when they access the site.

Typosquatting

An attack where the attacker registers domain names that are common misspellings of legitimate websites to capture users who mistype URLs and redirect them to malicious content.

Pharming

An attack that redirects users from legitimate websites to fraudulent ones by corrupting DNS settings or the hosts file, without requiring the user to click a malicious link.

Malware

Malicious software designed to disrupt, damage, or gain unauthorized access to computer systems. Includes viruses, worms, ransomware, trojans, and other harmful programs.

Virus

A type of malware that attaches itself to a legitimate file or program and spreads when that file is executed, requiring human interaction to propagate.

Fileless Virus

A type of malware that operates entirely in memory without writing files to disk, making it harder to detect with traditional antivirus tools.

Worm

A type of malware that self-replicates and spreads across networks automatically without needing to attach to a file or require user interaction to propagate.

Bot / Botnet

A bot is a malware-infected device under remote attacker control. A botnet is a network of many such infected devices used collectively to conduct attacks such as DDoS, spam campaigns, or credential stuffing.

Cryptomalware

A type of malware that uses the victim's computing resources to mine cryptocurrency without their knowledge or consent, degrading system performance.

Ransomware

A type of malware that encrypts the victim's files or locks their system and demands payment in exchange for restoring access.

Spyware

A type of malware that secretly monitors user activity, collects sensitive information such as browsing habits or credentials, and transmits it to the attacker.

Keylogger

A type of malware or hardware device that records keystrokes made by the user to capture passwords, credit card numbers, and other sensitive input.

Bloatware

Unwanted pre-installed software that consumes system resources and may create security vulnerabilities, though it is not always malicious in intent.

Trojan / Remote Access Trojan (RAT)

A trojan is malware disguised as legitimate software to trick the user into executing it. A RAT is a specific type of trojan that gives the attacker remote control over the infected system.

Potentially Unwanted Program (PUP)

Software that is not overtly malicious but is unwanted, often bundled with legitimate software, and may degrade performance, display ads, or collect data.

Backdoor

A hidden method of bypassing normal authentication or security controls to gain unauthorized access to a system, often installed by malware or malicious insiders.

Logic Bomb

Malicious code that remains dormant until a specific condition or trigger is met, such as a date, time, or user action, at which point it executes its payload.

Rootkit

A type of malware designed to hide its presence and provide persistent privileged access to a system. Types include kernel-level (deepest, hardest to detect), application-level, and firmware-level rootkits.

DDoS (Distributed Denial-of-Service)

An attack that overwhelms a target system, server, or network with traffic from multiple sources simultaneously, making it unavailable to legitimate users. Variants include network layer, protocol layer, application layer, amplified, and reflected attacks.

DNS Poisoning / Spoofing

An attack that corrupts a DNS resolver's cache with fraudulent records, redirecting users who request a legitimate domain to a malicious IP address.

DNS Cache Poisoning

A specific form of DNS poisoning where false DNS records are inserted into a resolver's cache so that subsequent queries return the attacker's fraudulent address instead of the legitimate one.

Domain Hijacking

An attack where the attacker gains unauthorized control of a domain name registration, allowing them to redirect traffic, intercept email, or take down services.

URL Redirection

An attack that exploits improperly validated redirect functions in web applications to send users from a legitimate URL to a malicious destination.

ARP Poisoning / Spoofing

An attack where the attacker sends fake ARP (Address Resolution Protocol) messages on a local network to link their MAC address with a legitimate IP address, enabling traffic interception or man-in-the-middle attacks.

MAC Flooding

A network attack that overwhelms a switch's MAC address table with fake entries, causing it to broadcast traffic to all ports and enabling the attacker to intercept data.

MAC Spoofing / Cloning

An attack where the attacker changes their device's MAC address to impersonate another device on the network, bypassing MAC-based access controls.

Unicast Flooding

A network condition or attack where a switch forwards unicast frames out all ports because it cannot find the destination MAC in its table, potentially exposing traffic to unintended recipients.

On-Path Attack / Man-in-the-Middle (MitM)

An attack where the attacker secretly intercepts and potentially alters communications between two parties who believe they are communicating directly with each other.

Man-in-the-Browser (MitB)

A type of on-path attack where malware infects a web browser and intercepts or modifies transactions in real time, often targeting online banking sessions.

SQL Injection

An application attack where malicious SQL code is inserted into an input field to manipulate the backend database, potentially exposing, modifying, or deleting data.

Cross-Site Scripting (XSS)

An application attack where malicious scripts are injected into trusted web pages and executed in the browsers of other users, enabling session hijacking, credential theft, or malicious redirects.

Cross-Site Request Forgery (CSRF)

An attack that tricks an authenticated user's browser into submitting an unauthorized request to a web application, exploiting the trust the application has in the user's session.

Broken Access Control

A vulnerability where an application fails to properly enforce restrictions on what authenticated users are allowed to do, allowing unauthorized access to data or functions.

Cryptographic Failures

A vulnerability category where weak, outdated, or improperly implemented cryptography exposes sensitive data such as passwords, financial records, or personal information.

Insecure Design

A vulnerability category representing flaws in the architecture or design of an application that cannot be fixed by proper implementation alone, requiring redesign of the system.

Security Misconfiguration

A vulnerability caused by improperly configured security settings in applications, servers, cloud environments, or network devices, often leaving default credentials or unnecessary features enabled.

Vulnerable / Outdated Components

A vulnerability where applications use libraries, frameworks, or other software components with known security flaws that have not been patched or updated.

Identification / Authentication Failures

A vulnerability category where weaknesses in how a system confirms user identity allow attackers to compromise passwords, session tokens, or credentials.

Software / Data Integrity Failures

A vulnerability category where code or data pipelines lack protections against tampering, such as unsigned updates or insecure deserialization that allows attackers to inject malicious content.

Security Logging / Monitoring Failures

A vulnerability category where insufficient logging, alerting, or monitoring allows attacks to go undetected or prevents effective incident response.

Server-Side Request Forgery (SSRF)

An attack where the attacker tricks a server into making requests to unintended internal or external resources, potentially exposing internal services or cloud metadata.

Threat Actor

Any individual, group, or entity that poses a threat to an organization's information systems by attempting to exploit vulnerabilities or cause harm.

White Hat Hacker

An ethical security professional who tests systems for vulnerabilities with authorization, helping organizations improve their security posture.

Gray Hat Hacker

A hacker who operates between ethical and unethical boundaries, sometimes finding vulnerabilities without authorization but typically disclosing them without malicious intent.

Black Hat Hacker

A malicious hacker who exploits vulnerabilities for personal gain, financial reward, or to cause damage without authorization.

Script Kiddie

A low-skill threat actor who uses pre-written tools or scripts created by others to conduct attacks without fully understanding the underlying techniques.

APT (Advanced Persistent Threat)

A sophisticated, long-term cyberattack typically conducted by well-resourced groups who gain unauthorized access to a network and remain undetected for extended periods to steal data or cause damage.

State Actor

A threat actor backed or sponsored by a nation-state that conducts cyberattacks for espionage, sabotage, or geopolitical objectives.

Hacktivist

A threat actor who conducts cyberattacks motivated by political, social, or ideological beliefs rather than financial gain.

Cyber Syndicate

An organized criminal group that conducts large-scale cyberattacks for financial profit, often operating like a business with specialized roles.

Competitor

A threat actor who is a business rival that conducts or sponsors cyberattacks or espionage to gain a competitive advantage.

Information Security (InfoSec)

The practice of protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction to ensure confidentiality, integrity, and availability.

Confidentiality

The principle that information is accessible only to those authorized to access it, preventing unauthorized disclosure.

Integrity

The principle that information and systems are accurate, complete, and protected from unauthorized modification.

Availability

The principle that information and systems are accessible and operational when needed by authorized users.

CIA Triad

The foundational model of information security consisting of three core principles: Confidentiality, Integrity, and Availability.

AAA Security Model

A framework for controlling access to resources consisting of Authentication (verifying identity), Authorization (granting appropriate access), and Accounting (tracking user activity).

Authentication

The process of verifying the identity of a user, device, or system before granting access.

Authorization

The process of determining what resources or actions an authenticated user or system is permitted to access or perform.

Accounting

The process of tracking and recording user activity within a system for auditing, billing, and security monitoring purposes.

Single-Factor Authentication

An authentication method that relies on only one type of credential, such as a password, to verify identity.

MFA (Multi-Factor Authentication)

An authentication method that requires two or more verification factors from different categories (knowledge, possession, inherence) to confirm identity before granting access.

Knowledge Factor

An authentication factor based on something the user knows, such as a password, PIN, or security question answer.

Possession Factor

An authentication factor based on something the user has, such as a hardware token, smart card, or mobile device receiving an OTP.

Inherence Factor

An authentication factor based on something the user is, such as a fingerprint, retina scan, or facial recognition.

Risk-Based Authentication

An authentication approach that dynamically adjusts the level of verification required based on contextual risk signals such as location, device, or behavior patterns.

Certificate-Based Authentication

An authentication method that uses digital certificates issued by a trusted Certificate Authority (CA) to verify the identity of users or devices.

Biometric Authentication

An authentication method that uses unique physical or behavioral characteristics such as fingerprints, facial features, or voice patterns to verify identity.

RBAC (Role-Based Access Control)

An access control model where permissions are assigned to roles rather than individual users, and users are granted access based on the roles they are assigned within the organization.

Zero Trust Architecture

A security model that assumes no user, device, or network segment is inherently trusted and requires continuous verification of every access request regardless of location.

Policy Engine (PE)

The component in a Zero Trust Architecture responsible for making access decisions based on defined policies, user identity, device health, and contextual signals.

Policy Administrator (PA)

The component in a Zero Trust Architecture that communicates the Policy Engine's decisions to the Policy Enforcement Point, establishing or terminating access sessions.

Policy Enforcement Point (PEP)

The component in a Zero Trust Architecture that enforces access decisions by allowing or blocking communication between users and resources.

SDP (Software-Defined Perimeter)

A security framework that dynamically creates one-to-one network connections between users and the resources they are authorized to access, making infrastructure invisible to unauthorized users.

Principle of Least Privilege

A security principle that states users, systems, and processes should be granted only the minimum level of access required to perform their function.

Just-in-Time Access

An access control practice where elevated privileges are granted only when needed for a specific task and automatically revoked afterward to minimize exposure.

Automatic Permission Expiration

A security control that automatically removes or revokes access rights after a defined period to reduce the risk of stale or unnecessary privileges.