Security+ Threats, Vulnerabilities & Mitigation section:

Phishing

A social engineering attack where criminals impersonate a trusted organization

Spear Phishing

A targeted phishing attack directed at a specific individual or organization using personalized information

Vishing

A phishing attack conducted over voice calls to trick victims into revealing sensitive information

Smishing

A phishing attack conducted via SMS/text messages

Whaling

A spear phishing attack specifically targeting high-level executives or privileged users

Watering hole attack

An attacker poisons a third party website/software that a company uses

Business Email Compromise (BEC)

An attacker impersonates a trusted business contact via email to authorize fraudulent transactions

Pretexting

Creating a fabricated scenario to manipulate a victim into providing information or access

Tailgating

Physically following an authorized person into a restricted area without their knowledge

Shoulder surfing

Observing someone's screen or keyboard to steal credentials or sensitive data

Memory injection

Malware injects itself directly into a known process running in memory

DLL (Dynamic Link Library)

A Windows library containing code and data

DLL injection

Malware forces a legitimate process to load a malicious DLL into memory

Buffer overflow

Overwriting a buffer of memory to execute arbitrary code

Integer overflow

An arithmetic operation produces a value too large for the data type, causing unexpected behavior that can be exploited

Race conditions

Abusing the time that two programs are running at the same time and exploiting the interactions between them

TOCTOU (Time-of-Check to Time-of-Use)

When a system checks the state of a resource but the resource changes before it is used, allowing an attacker to manipulate the outcome

SQL injection

A crafted statement that retrieves or manipulates unauthorized information from a SQL database

XSS (Cross-Site Scripting)

A web security vulnerability where an attacker injects malicious scripts into a trusted website

Stored XSS

Malicious script is permanently saved on the target server and served to all users who visit the page

Reflected XSS

Malicious script is embedded in a URL and executed immediately when the victim clicks it

CSRF (Cross-Site Request Forgery)

Tricks an authenticated user's browser into sending unauthorized requests to a web application

Directory traversal

An attacker navigates outside the intended directory using ../ sequences to access restricted files

XML injection

An attacker inserts malicious XML content to manipulate an application's processing or database

LDAP injection

An attacker manipulates LDAP queries to bypass authentication or retrieve unauthorized directory data

Command injection

An attacker injects operating system commands into an application input field to execute them on the server

EOL (End of Life)

Manufacturer stops selling a product but still offers support

EOSL (End of Service Life)

Manufacturer stops selling a product and no longer offers any support

Legacy system

An outdated system still in use that may no longer receive patches or security updates

DoS (Denial of Service)

An attack that overwhelms a system or service to make it unavailable to legitimate users

DDoS (Distributed Denial of Service)

A large army of compromised computers attempting to take down a service or services

Amplification attack

An attacker spoofs a victim's IP and sends small requests to servers that reply with much larger responses, overwhelming the victim

SYN flood

An attacker sends many SYN packets without completing the TCP handshake, exhausting server connection resources

Zero-day

A vulnerability that the developer is unaware of and has no patch available

Virus

Malware that reproduces itself by attaching to files or spreading through a network

Worm

Malware that is self-contained and spreads automatically without user interaction

Trojan

Malware disguised as legitimate software that creates a backdoor when executed

Ransomware

Malware that encrypts a victim's data and demands payment for the decryption key

Spyware

Malware that secretly monitors user activity and transmits data to an attacker

Adware

Software that automatically displays unwanted advertisements and may track browsing behavior

Keylogger

Records keystrokes to capture credentials and sensitive information

Rootkit

Modifies internal system files to hide malware and maintain persistent privileged access

Backdoor

A hidden method of bypassing normal authentication to maintain remote access to a system

Botnet

A network of compromised machines controlled by an attacker to carry out coordinated attacks

Command and Control (C2)

The infrastructure an attacker uses to communicate with and control compromised systems

Fileless malware

Malware that runs entirely in memory without writing files to disk, evading traditional antivirus detection

RFID cloning

Duplicating RFID signals to copy ID badges or access cards

Bluetooth attack (Bluejacking/Bluesnarfing)

Bluejacking sends unsolicited messages

Evil twin

A rogue wireless access point that mimics a legitimate one to intercept traffic

DNS attack

Modifying the DNS server to redirect users to a malicious server

DNS poisoning (Cache poisoning)

Corrupting a DNS resolver's cache to redirect users to fraudulent sites without their knowledge

Domain hijacking

Gaining full control over a domain's registration to redirect or take over its traffic

Typosquatting

Registering a domain name similar to a legitimate one to capture traffic from users who mistype the URL

Wireless deauthentication

Sending forged deauth frames to forcibly disconnect a device from a wireless network

802.1X

A network access control protocol that authenticates devices before allowing them onto a network

On-path attack (Man-in-the-Middle)

Redirects traffic through the attacker who reads or alters it before passing it to the destination

Replay attack

Capturing valid data transmitted between a client and server and retransmitting it to gain unauthorized access

SSL stripping

Downgrades an HTTPS connection to HTTP so an on-path attacker can read plaintext traffic

Out-of-cycle patching

Releasing a security patch outside the normal patch schedule in response to a critical vulnerability

FDE (Full Disk Encryption)

Encrypts all data on a drive so it cannot be read without the correct credentials

EDR (Endpoint Detection and Response)

Security solution that continuously monitors endpoints to detect and respond to threats

HIPS (Host-based Intrusion Prevention System)

Monitors and blocks malicious activity on an individual host

NIDS (Network Intrusion Detection System)

Monitors network traffic for suspicious activity and alerts administrators

NIPS (Network Intrusion Prevention System)

Monitors network traffic and actively blocks detected threats

Vulnerability scan

An automated tool that identifies known vulnerabilities in systems without exploiting them

Penetration testing

Authorized simulated attack on a system to identify and exploit vulnerabilities before attackers do

Threat intelligence

Collected information about current and emerging threats used to inform security decisions

IOC (Indicator of Compromise)

Evidence such as file hashes, IPs, or domain names that suggest a system has been breached

SIEM (Security Information and Event Management)

Aggregates and correlates log data from multiple sources to detect and alert on security events

Data exfiltration

Unauthorized transfer of data from an organization to an external destination controlled by an attacker

Credential stuffing

Using large lists of stolen username/password pairs to attempt logins across many services

Password spraying

Attempting a small number of common passwords against many accounts to avoid lockout thresholds

Brute force attack

Systematically trying every possible password combination until the correct one is found

Dictionary attack

Using a list of common words and passwords to attempt to crack credentials

Rainbow table attack

Using precomputed hash-to-password tables to reverse password hashes

Salting

Adding a random value to a password before hashing to defeat rainbow table attacks

MFA (Multi-Factor Authentication)

Requiring two or more verification factors to authenticate a user

Principle of least privilege

Users and systems are granted only the minimum access rights needed to perform their function

Patch management

The process of regularly applying updates to software and systems to remediate known vulnerabilities

Attack vector

The path or method an attacker uses to gain unauthorized access to a system

Attack surface

The total number of entry points an attacker can use to try to access a system

Threat actor

Any individual or group that carries out or sponsors malicious cyber activity

APT (Advanced Persistent Threat)

A sophisticated, long-term attack by a well-resourced threat actor targeting a specific organization

Insider threat

A security risk that originates from within the organization such as an employee or contractor

Supply chain attack

Compromising a trusted vendor or software update to gain access to downstream targe