penis

CIA Triad

The three foundational goals of information security — Confidentiality, Integrity, and Availability.

Confidentiality

Information is only accessible to authorized parties (e.g., encryption, access controls).

Integrity

Information is accurate and unaltered by unauthorized parties (e.g., hashing, checksums, digital signatures).

Availability

Information and systems are accessible when needed (e.g., redundancy, backups, DDoS protection).

Authenticity

Extension of CIA — verifying that data/users are genuine.

Non-repudiation

Extension of CIA — ensuring an action cannot be denied by the party that performed it.

PI (Personal Information)

Any information about a person; the broadest category. Examples: name, job title, employer, general location.

PII (Personally Identifiable Information)

Information that can identify a specific individual, alone or combined. Examples: SSN, driver’s license #, passport #, full name + DOB, biometrics.

PPI (Protected/Personal Private Information)

Sensitive information requiring special protection, often regulated. Examples: medical records (PHI), financial account numbers, login credentials.

Threat

A potential cause of harm (e.g., a hacker, malware).

Vulnerability

A weakness that can be exploited (e.g., unpatched software).

Risk

The likelihood and impact of a threat exploiting a vulnerability. Risk = Threat × Vulnerability × Impact.

Exploit

Code or technique used to take advantage of a vulnerability.

Attack Surface

All the points where an attacker could attempt to enter a system.

Attack Vector

The specific method or path used in an attack (email, USB, network).

Asset

Something of value being protected (data, systems, people).

Control / Countermeasure

A safeguard that reduces risk.

Hashing

A one-way function that converts input into a fixed-length output (digest); cannot be reversed. Used for integrity checks and password storage.

Hash digest

The fixed-length output produced by a hash function.

Hash collision

When two different inputs produce the same hash output. Bad — breaks integrity assumptions.

MD5

Older hash algorithm, now considered broken (collisions found).

SHA-1

Hash algorithm now deprecated due to collision attacks.

SHA-256

Secure modern hash algorithm in the SHA-2 family; widely used.

bcrypt / scrypt / Argon2

Slow hash functions designed specifically for password storage.

Salt

A random value added to a password before hashing to prevent rainbow table attacks and ensure unique hashes for identical passwords.

Rainbow Table

A precomputed table of hash values used to reverse-lookup hashed passwords. Salting defeats this.

Symmetric Encryption

Encryption where the same key is used to encrypt and decrypt. Fast, but key distribution is the hard part. Examples: AES, DES, 3DES.

Asymmetric Encryption

Encryption using a key pair (public + private). Encrypt with public → decrypt with private (confidentiality); sign with private → verify with public (authenticity). Examples: RSA, ECC, Diffie-Hellman.

Public Key

The shareable half of an asymmetric key pair; used to encrypt to the owner or verify their signatures.

Private Key

The secret half of an asymmetric key pair; used to decrypt data sent to you or sign data as you.

Key Pair

The matched public + private key set used in asymmetric cryptography.

Hybrid Encryption

Using asymmetric encryption to securely exchange a symmetric key, then using symmetric encryption for the actual data. (How TLS works.)

AES

Advanced Encryption Standard — modern symmetric encryption algorithm.

RSA

Common asymmetric encryption algorithm based on factoring large numbers.

ECC

Elliptic Curve Cryptography — asymmetric algorithm with smaller keys for the same strength as RSA.

Diffie-Hellman

Asymmetric key-exchange protocol for securely agreeing on a shared symmetric key.

Malware

Malicious software designed to damage, disrupt, or gain unauthorized access.

Virus

Malware that attaches to a host file and needs user action to spread.

Worm

Self-replicating malware that spreads across networks without user action.

Trojan

Malware disguised as legitimate software; doesn’t self-replicate.

Ransomware

Malware that encrypts data and demands payment to restore access.

Spyware

Malware that secretly collects information (keystrokes, browsing).

Adware

Malware that forces advertisements; sometimes a delivery mechanism for other malware.

Rootkit

Malware that hides itself deep in the OS, often with kernel-level access.

Keylogger

Malware that records keystrokes.

Botnet

A network of infected machines (zombies) controlled by an attacker via C2.

Zombie

An infected host within a botnet, controlled remotely by an attacker.

Fileless Malware

Malware that lives in memory and uses legitimate tools (PowerShell, WMI). Hard to detect.

Logic Bomb

Malware that triggers on a condition (date, action).

IoCs (Indicators of Compromise)

Forensic evidence that a system has been breached.

Examples of IoCs

Unusual outbound traffic, unknown processes, modified system files, unexpected accounts, malware file hashes, beaconing to suspicious IPs, abnormal logins.

Beaconing

Repetitive, periodic outbound traffic from an infected host to a C2 server. A key IoC.

Cyber Kill Chain

Lockheed Martin’s 7-stage model of how an attacker progresses through an attack.

Kill Chain Stage 1 — Reconnaissance

Gathering information on the target through OSINT, scanning, social media, etc.

Kill Chain Stage 2 — Weaponization

Building the payload — e.g., pairing an exploit with malware in a malicious PDF.

Kill Chain Stage 3 — Delivery

Sending the weapon to the victim (phishing email, USB drop, drive-by download).

Kill Chain Stage 4 — Exploitation

Triggering the vulnerability to execute code on the target.

Kill Chain Stage 5 — Installation

Establishing persistence on the system (malware, backdoor, registry keys).

Kill Chain Stage 6 — Command & Control (C2)

Attacker remotely controls the compromised system through a C2 channel.

Kill Chain Stage 7 — Actions on Objectives

Attacker carries out their goal — steal data, encrypt files, pivot, destroy.

Kill Chain Mnemonic (R-W-D-E-I-C-A)

Recon, Weaponize, Deliver, Exploit, Install, C2, Actions.

Social Engineering

Manipulating people instead of systems; exploits trust, authority, urgency, fear, or curiosity.

Phishing

Mass-emailed lure designed to steal credentials or install malware.

Spear Phishing

Targeted phishing using personal details about a specific victim.

Whaling

Phishing aimed at high-value targets like executives.

Vishing

Voice/phone phishing.

Smishing

SMS-based phishing.

Pretexting

Inventing a believable scenario to gain trust (“I’m from IT…”).

Baiting

Leaving infected USB drives or fake downloads to tempt victims.

Tailgating / Piggybacking

Following an authorized person through a secured door without credentials.

Quid Pro Quo

Offering a benefit in exchange for information or access.

Shoulder Surfing

Watching someone enter a password or PIN.

Dumpster Diving

Searching trash for sensitive information.

Defenses Against Social Engineering

Security awareness training, verification procedures, MFA, strict policies, principle of least privilege.

Port

A numbered endpoint on a host that identifies a specific network service (range 0–65535).

Well-Known Ports

Port range 0–1023, reserved for common services.

Registered Ports

Port range 1024–49151, assigned to specific applications.

Dynamic / Ephemeral Ports

Port range 49152–65535, used for short-lived client connections.

Port 20 / 21

FTP — File Transfer Protocol (20 = data, 21 = control). Unencrypted.

Port 22

SSH / SFTP — Secure remote shell and secure file transfer.

Port 25

SMTP — Sending email.

Port 53

DNS — Domain Name Resolution.

Port 80

HTTP — Web traffic, unencrypted.

Port 110

POP3 — Receiving email.

Port 143

IMAP — Receiving email.

Port 443

HTTPS — Web traffic, encrypted with TLS.

Port 3306

MySQL — Database connections.

Port 3389

RDP — Remote Desktop Protocol.

MITM (Man-in-the-Middle)

Attack where the attacker secretly relays or alters communications between two parties who think they’re talking directly.

ARP Spoofing / Poisoning

Tricking devices on a LAN into sending traffic to the attacker by sending forged ARP messages.

DNS Spoofing

Redirecting a domain name lookup to a malicious IP address.

SSL Stripping

Downgrading an HTTPS connection to HTTP so traffic can be read in plaintext.

Evil Twin

A rogue Wi-Fi access point that mimics a real one to lure victims.

Session Hijacking

Stealing a user’s session token or cookie to impersonate them.

Packet Sniffing

Passive interception of network traffic (e.g., Wireshark on open Wi-Fi).

MITM Defenses

HTTPS everywhere, HSTS, certificate pinning, VPNs, encrypted DNS (DoH/DoT), mutual TLS.

HSTS

HTTP Strict Transport Security — forces browsers to only use HTTPS for a domain.

Certificate Pinning

Hard-coding which certificate(s) a client trusts for a server, preventing MITM via fake certs.

Injection Attack

Attack where untrusted input is interpreted as code or commands by the receiving system.

SQL Injection (SQLi)

Inserting SQL statements into form fields/inputs to manipulate a database. Example: ’ OR ‘1’=’1 to bypass login.