ETHICAL HACKING TERMINOLOGIES

There are many terminologies used in the field of ethical hacking, some common ones include:

  1. White Hat Hacker: An ethical hacker or a security professional who uses their hacking skills for defensive purposes, such as identifying vulnerabilities in a network so they can be fixed.
  2. Black Hat Hacker: An individual who uses their hacking skills for illegal or malicious purposes, such as stealing sensitive information or disrupting systems.
  3. Grey Hat Hacker: An individual who may not have malicious intent, but who uses their skills in ways that might not be strictly legal, such as penetrating a network without authorization for the purpose of identifying vulnerabilities.
  4. Penetration Testing: The practice of attempting to identify vulnerabilities in a network or system by simulating an attack from a malicious outsider.
  5. Vulnerability Scanning: The process of identifying vulnerabilities in a network or system using automated tools.
  6. Social Engineering: The practice of tricking people into giving away sensitive information or access to a network or system.
  7. Rootkit: A type of malicious software that is designed to conceal the presence of other malware on a system.
  8. Phishing: A type of social engineering attack that involves tricking people into providing sensitive information, such as login credentials, by disguising oneself as a trustworthy entity.
  9. Malware: software that is designed to damage, disrupt, or control a computer or computer network.
  10. Denial of Service (DoS) attack: A type of attack that aims to make a network or system unavailable to legitimate users by overwhelming it with traffic or otherwise disrupting its normal operation.
  11. Distributed Denial of Service (DDoS) attack: A type of attack that involves multiple systems being used to launch a coordinated attack against a single target.
  12. Firewall: A system or device that is used to control and monitor incoming and outgoing network traffic, in order to prevent unauthorized access and block malicious traffic.
  13. Intrusion Detection System (IDS): A system that is designed to detect and alert on possible security breaches or attempts at unauthorized access to a network or system.
  14. Intrusion Prevention System (IPS): A system that is designed to prevent unauthorized access to a network or system by actively blocking or shutting down connections that match certain criteria.
  15. Authentication: The process of verifying that a person or system is who or what it claims to be.
  16. Encryption: The process of converting plain text into a coded or encrypted format in order to protect it from unauthorized access.
  17. Key: A piece of data that is used in conjunction with an encryption algorithm to encrypt and decrypt data.
  18. SSL (Secure Sockets Layer)/TLS (Transport Layer Security): Protocols that are used to secure communication over networks by encrypting the data that is being sent and verifying the identity of the parties involved.
  19. Honeypot: A system that is set up to mimic a real network or system in order to attract and detect attempts at unauthorized access or malicious activity.
  20. Vulnerability Assessment: The process of identifying, analyzing, and prioritizing vulnerabilities in a network or system in order to determine the risk that they pose and the need for remediation.
  21. Incident Response: The process of identifying, responding to and resolving a security incident.
  22. Compliance: the ability of an organization to adhere to regulatory standards, guidelines and laws related to data privacy and security
  23. Zero-day exploit: An exploit that targets a previously unknown vulnerability in a system or application.
  24. Payload: The actual malicious code or functionality that is delivered by an exploit.
  25. Command and Control (C&C): The process of remotely controlling an infected system after a successful exploit.
  26. Advanced Persistent Threat (APT): A type of cyber-attack that is carried out by a skilled and well-resourced attacker with the intention of maintaining long-term access to a target network or system.
  27. Advanced Evasion Technique (AET): A technique used to evade detection by intrusion prevention systems and intrusion detection systems, by hiding the malicious payload in normal traffic
  28. Malware Sandbox: An isolated environment where files or codes can be executed and analysed for any malicious behaviour without putting the system at risk.
  29. Reverse Engineering: the process of taking apart and analysing the code of an application or software in order to understand its inner workings.
  30. Exploit Kit: A software kit that is used by attackers to automate the process of delivering and exploiting vulnerabilities in a target system.
  31. Botnet: A group of compromised computers that are controlled remotely by a single attacker, and can be used to launch large-scale attacks or distribute malware.
  32. Ransomware: A type of malware that encrypts the files of an infected system, and demands payment in exchange for the decryption key.
  33. Fileless malware: malware that reside in memory and doesn’t leave any traces on the hard drive.

Leave a Reply