Glossary

1
Sl No:TypeTermDescription
2
1AnalysisAbuse Box feedAn email box where users may submit complaints against any concerned domain. Mandated according to IEEE's regulations.
3
2AnalysisBack links / Inward linksA backlink is any link received by a web node (web page, directory, website, or top level domain) from another web node.
4
3AnalysisDomain Registration AlertsCTM360 Domain Registration Alerts to detect typosquatting, cybersquatted or potential phishing or cyber evil twin websites
5
4AnalysisMail bounce back feedMail bounce back are system generated files when emails are not sent due to a wrong email or there is an inbox space issue. The same mail bounce back feed may also be leveraged by attackers
6
5AnalysisMonitoring Domain for up/downMonitoring the availability and performance of web pages of web applications. When not accessible, notifications are sent and corrective actions can be triggered. Website performance monitoring feature checks for various attributes such as response time, etc.
7
6AnalysisMonitoring URL for contentChecks a single URL for its availability, and then continues to search the page for a predefined string of text. If an identical text string isn't identified, an alert is sent to the Monitoring Team. Ideal for sites that demand uptime, contain several critical pages, dynamic content or complex applications/environments.
8
7AnalysisPassive honey potA method of acquiring spam for analysis, via planting of bogus email addresses which are rigged to forward emails to a specific mailbox.
9
8AnalysisPhish taggingDatabase with phish links
10
9AnalysisSpam Feed Processing Scoring various aspects of a spam email, often with a different weightage.
11
10AnalysisReverse WHOISThe Reverse whois will do a reverse IP lookup. If an IP address is typed, it will attempt to locate a DNS PTR record for that IP address. Reverse WHOIS provides clients with ownership and relationship information for entities on the Internet, including domain names, IP addresses, registrars, registries and ISPs.
12
11AnalysisWHOISPronounced "WHO IS," this is a query and response protocol that is widely used for querying databases that store information on registered users
13
12AnalysisSearch Engine rankingRefers to the position at which a particular site appears in the results of a search engine query
14
13AnalysisText sharing sitesWebsites that provide online storage of text, similar to an online Notepad. Often, a source for copywrite infringement
15
14AnalysisWRLAWeb Referral Log Analyzer: This is a small & simple tool, used for the early detection of Phish attacks. This tool extracts Suspicious URLs from the web server's referral logs, compares it with white list & sends the rest of the URL' to a specified email. The SOC team may analyze those emails & take necessary actions if required.
16
15AttackBrand InfringementBrand infringement is an encroachment, violation, misappropriation, and/or disparagement of a message, identity, goodwill, talent, work, products, and intellectual property rights of a brand.
17
16AttackBrand jackingActivity whereby someone acquires or otherwise assumes the online identity of another entity for the purposes of acquiring that person's or business's brand equity.
18
17AttackCybersquattingDomain name similar to any of client domains with slight variations in spelling
19
18AttackData leakageClient's confidential data being published anywhere on the internet inclusive of Email addresses
20
19AttackDDoSIn computing, a denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users.

Distributed denial-of-service attacks are sent by two or more persons, or bots, whereas denial-of-service attacks are sent by one person or system.
21
20AttackDefacementWebsite defacement is an attack on a website that changes the visual appearance of the site or a webpage. These are typically the work of system crackers, who break into a web server and replace the hosted website with one of their own. Defacement is generally meant as a kind of electronic graffiti, although recently it has become a means to spread messages by politically motivated "cyber protesters" or hacktivists.
The most common method of defacement is using SQL injections which allows gaining administrative access. Another method of defacement is through FTP once the username and password are obtained.
22
21AttackDNS poisoningDNS spoofing (or DNS cache poisoning) is an attack whereby data is introduced into a Domain Name System (DNS) name server's cache database, causing the name server to return an incorrect IP address, diverting traffic to another computer.
23
22AttackDomain SquattingRegistering, selling or using a domain name with the intent of profiting from the goodwill of someone else's trademark.
24
23AttackDoS or DDoSIn computing, a denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users.
25
24AttackDoS layer 3A denial of service attack that targets the Network layer. This attack, similar to DoS Layer 4, depends on flooding the attacker with very high volume of data to reduce the system's perfomance and users from accessing the system.
26
25AttackDoS layer 4A denial of service attack that targets the Transport layer. This attack depends on flooding the attacker with very high volume of data to reduce the system's perfomance and users from accessing the system.
27
26AttackDoS layer 7A denial of service attack that targets the Application layer. This attack targets features such as HTTP, SNMP, FTP. Additionally, this type of attack is hard to detect as the traffic resembles real users.
28
27AttackDrive by malware Malware delivery technique that is triggered simply because the user visited a website.
29
28AttackHijacking accountsAccount hijacking is a process through which an individual's email account, computer account accessed by an unauthorized user
30
29AttackHost File poisoningInjecting new entries for Internet sites
31
30AttackHigh-yield investment program (HYIP) fraudAn investment scam that promises unsustainably high return on investment by paying previous investors with the money invested by new investors
32
31AttackImpersonationAct of pretending to be another person for the purpose of entertainment or fraud.
33
32AttackInframe hijackingHijacking nested browsing context, effectively embedding another HTML page into the current page.
34
33AttackJob ScamA suspicious job posting associated with the client on job sites
35
34AttackMITB Man in the browserA proxy Trojan horse that infects a web browser by taking advantage of vulnerabilities in browser security to modify web pages, modify transaction content or insert additional transactions, all in a completely covert fashion invisible to both the user and host web application.
36
35AttackMITM Man in the middleAttacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.
37
36AttackMtoken AppA software once activated, displays a new eight-digit tokencode once every minute.
38
37Attack419 EmailEmail address being used in Advance Fee Fraud scams that reflect an association with client's organization/Staff
39
38AttackNTP based DDoSNetwork Time protocol Denial of Service Attack
40
39AttackPay Per Click (PPC)An internet advertising model used to direct traffic to websites, in which advertisers pay the publishers
41
40AttackPharmingDNS poisoning to redirect legitimate internet traffic of your websites to a fraudulent page
42
41AttackPhishingWebpage impersonating the client with the objective of collecting their customers' information
43
42AttackSmishingSMS as the carrier of Phish URL
44
43AttackSpear PhishingSpear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. Spear phishing attempts are not typically initiated by "random hackers" but are more likely to be conducted by perpetrators out for financial gain, trade secrets or military information.
45
44AttackTilde PhishTilde Phish use a unique style of multiple URLs that point to websites on several domains, when in reality they send the user to the same phishing website. This method uses the fact that some web servers are configured to all al-low file path viewing on any virtual domain hosted on that server. The URLs contain a tilde (~), hence the name
46
45AttackTraffic diversionChanging Site Traffic
47
46AttackUnauthorized affiliationDeclaring affiliation to a company or individual without consent
48
47AttackUnauthorized Job postingPosting a job declaring affiliation to a company or individual without consent
49
48AttackUnauthorized Mobile ApplicationCreating an app declaring affiliation to a company without consent
50
49AttackUnauthorized profileCreating a profile displaying affiliation to a company or individual without consent
51
50AttackUnauthorized usage of trademark/logoUsing company's trademark, logo, without consent of the company
52
51AttackVishingVoIP termination as collector
53
52AttackWatering hole attackAn attack strategy targeting a large group of individuals by observing the websites most visited and infecting them with malware
54
53AttackWhalingWhaling is a type of fraud that targets high-profile end users such as C-level corporate executives, politicians and celebrities.
55
54AttackBusiness email compromise (BEC)Business email compromise (BEC) scams that attempt to trick senior staff at medium and large corporations into transferring large sums of money typically rely on the same formats - either compromising the CEO's account, spoofing the CEO's email address, or using a form of typo-squatting where the email address uses a domain which resembles the targeted company's actual domain
56
55DataA-recordAddress Record
57
56DataDNS recordList of DNS record types is an overview of resource records (RRs) permissible in zone files of the Domain Name System (DNS)
58
57DataMX recordMail Exchange Record
59
58DataPhish hostPhish Creator
60
59DataRBLRealtime Blackhole List
61
60DataSecurity News feedsA security news feed is list of newly published security news content on a website
62
61DataSpam feedA feed of identified spam mails
63
62DataTwitter feeds Tweet the last posts published via RSS feed.
64
63DataWeb Referral LogLogs to help analyze traffic to a site
65
64DataWHOIS recordDatabases that store the registered users
66
65DataZone filesA DNS zone is a subset, often a single domain, of the hierarchical domain name structure of the DNS
67
66RegistryAccredited domain registrars of a registryRegistrars that are officially recognized by a Registry to provide domain-related services
68
67RegistryDonuts.coDiverse group of new, relevant and expressive Internet domain names.
69
68RegistryVeriSignService provider of domain names
70
69RegulatoryDMCADigital Millennium Copyright Act
71
70RegulatoryIANAInternet Assigned Numbers Authority
72
71RegulatoryICANNThe Internet Corporation for Assigned Names and Numbers
73
72RegulatoryInter-NICThe Internet's Network Information Center
74
73Regulatory.ARPAA top-level domain (TLD) in the Domain Name System of the Internet
75
74ResponseAccount suspensionRemoval of emails or accounts
76
75ResponseBrand CastingPromoting a brand, product or service by streaming video of events, product demonstrations and other offline experiences through online media channels.
77
76ResponseCease & DesistA document sent to an individual or business to halt purportedly unlawful activity ("cease") and not take it up again later ("desist")
78
77ResponseDe-indexing in search enginesRemoving fradulent sites from search engine rankings
79
78ResponseDelist domains from RBLsRemoving links/emails from Blackhole list
80
79ResponseDefensive (Domain) RegistrationBuy more domain names, "just in case."
81
80ResponseDilutionFalse data is submitted to phish sites to dilute the quality of information collected by the phisher
82
81ResponseDomain suspensionGoing to a domain authority and requesting the suspension of a domain
83
82ResponseFraudcastingProviding security vendors fraudulent IP and Domains to be blocked in real-time through browsers, email firewalls, ISPs, proxies and any other relevant security products
84
83ResponseReclaim AccountsA process to regain control over a hijacked account
85
84ResponseShutdownShutting down of Content and Websites related to Phishing Activities. Asking host to takedow certain content
86
85ResponseTakedownShutting down of specific fraudulent profiles (not the full website) that affect a brand or individual including cybersquatting.
87
86ResponseUDRPUniform Domain-Name Dispute-Resolution Policy
88
87Service SuiteBrand ManagementThe activity of supervising the promotion of a particular brand of goods.
89
88Service SuiteBrand ProtectionThe ​act of preventing someone from ​illegally making and ​selling a ​product using a ​brand ​name ​owned by another ​company
90
89Service SuiteDomain ManagementDomain portfolio management services are dedicated services offered to help companies to manage big portfolio of domain name
91
90Service SuiteIP ManagementIP address management (IPAM) is a means of planning, tracking, and managing the Internet Protocol address space used in a network.
92
91Service SuitePatent Portfolio managementA patent portfolio is the list of patents owned by an individual or a company. Managing your patent portfolio and comparing it to those of other companies is essential to helping you better determine the economic value of your own patents and remaining competitive.
93
92TerminologyApp permissionsAn app asking the user to grant permission to be able to execute tasks on thier device without consent or without informing the user.
94
93TerminologyAPTAdvanced Persistent Threats are attacks in which the attacker stays inside the system to spy and steal information rather than penetrate the network to cause damage.
95
94TerminologyAS numberAutonomous system
96
95TerminologyBGP peersWhen BGP runs between two peers in the same autonomous system (AS), it is referred to as Internal BGP (iBGP or Interior Border Gateway Protocol). When it runs between different autonomous systems, it is called External BGP (EBGP or Exterior Border Gateway Protocol).
97
96TerminologyBGP routeWhen BGP runs between two peers in the same autonomous system (AS), it is referred to as Internal BGP (iBGP or Interior Border Gateway Protocol). When it runs between different autonomous systems, it is called External BGP (EBGP or Exterior Border Gateway Protocol).
98
97TerminologyBlack Hat SEOIn search engine optimization (SEO) terminology, Black Hat SEO refers to the use of aggressive SEO strategies, techniques and tactics that focus only on search engines and not a human audience, and usually does not obey search engines guidelines.
99
98TerminologyBotnetBotnet comprises of multiple Internet-connected devices, each of which is running one or more bots. Botnets may be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allows the attacker to access the device and its connection.
100
99TerminologyBullet proof hostingBulletproof hosting (sometimes known as bulk-friendly hosting) is a service provided by some domain hosting or web hosting firms that allows their customer considerable leniency in the kinds of material they may upload and distribute.
101
100TerminologyC&C Command and ControlCommand and control refers to the main server used by a DDoS attacker to control the botnets used in a DDoS attack.
102
101TerminologyCC TLDCountry Code Top Level Domain
103
102TerminologyCousin DomainA registered domain name that is deceptively similar to a target name, which can be a domain name or the name of a known entity
104
103TerminologyCyber espionageThe use of computer networks to gain illicit access to confidential information, typically that held by a government or other organization.
105
104TerminologyCyber WarThe use of computer technology to disrupt the activities of a state or organization, especially the deliberate attacking of communication systems by another state or organization.
106
105TerminologyDNSSECThe Domain Name System Security Extensions (DNSSEC)
107
106TerminologyDomain expiryThe expiration of a domain (after which it will no longer be online)
108
107TerminologyDomain RegistrarA domain name registrar is an organization or commercial entity that manages the reservation of Internet domain names.
109
108TerminologyDomain tastingThe practice of a domain name registrant using the five-day “grace period” (the Add Grace Period or AGP) at the beginning of the registration of an ICANN-regulated second-level domain to test the marketability of the domain.
110
109TerminologyFast FluxFast flux is a DNS technique used by botnets to hide phishing and malware delivery sites behind an ever-changing network of compromised hosts acting as proxies.
111
110TerminologyFraudulent Unjustifiably claiming or being credited with particular accomplishments or qualities.
112
111TerminologygTLDA generic top-level domain (gTLD) is one of the categories of top-level domains (TLDs) maintained by the Internet Assigned Numbers Authority (IANA) for use in the Domain Name System of the Internet. It is visible to Internet users as the suffix at the end of a domain name
113
112TerminologyHacktivistThe subversive use of computers and computer networks to promote a political agenda.
114
113TerminologyIDN tablesIANA maintains the collection of “IDN tables”, which represent permitted code points (letters) allowed for Internationalised Domain Name registrations in particular registries.
115
114TerminologyMoney MuleA money mule or sometimes referred to as a "smurfer" is a person who transfers money acquired illegally (e.g., stolen) in person, through a courier service, or electronically, on behalf of others. The mule is paid for their services, typically a small part of the money transferred. Money mules are often dupes recruited on-line for what they think is legitimate employment, not aware that the money they are transferring is the product of crime. The money is transferred from the mule's account to the scam operator, typically in another country. Similar techniques are used to transfer illegal merchandise.
116
115TerminologyName Based Virtual HostingConfiguring DNS servers to map each hostname to the correct IP address and then configure the HTTP Server to recognize the different hostnames
117
116TerminologyNigerian 419The scam typically involves promising the victim a significant share of a large sum of money, which the fraudster requires a small up-front payment to obtain
118
117TerminologyPatent A patent is a set of exclusive rights granted by a sovereign state to an inventor or assignee for a limited period of time in exchange for detailed public disclosure of an invention. An invention is a solution to a specific technological problem and is a product or a process. Patents are a form of intellectual property. The procedure for granting patents, requirements placed on the patentee, and the extent of the exclusive rights vary widely between countries according to national laws and international agreements. Typically, however, a granted patent application must include one or more claims that define the invention. A patent may include many claims, each of which defines a specific property right. These claims must meet relevant patentability requirements, such as novelty and non-obviousness. The exclusive right granted to a patentee in most countries is the right to prevent others from commercially making, using, selling, importing, or distributing a patented invention without permission
119
118TerminologyPhish hopping
120
119TerminologyReserved domainsDomain has been reserved via the dropcatcher service. Incase the user decides not to renew the domain, another person can take it.
121
120TerminologyRoot ZoneRoot Zone refers to the highest level of the Domain Name System (DNS) structure. It contains the names and the numeric IP addresses for all the top level domain names such as the gTLDs (.com, .net, .org, .jobs), and all the country code top level domains (ccTLDs), for example (.us, .uk .ph), including the entire list of all the root servers. The DNS root zone contains only 280 delegations of generic, country code and internationalized top level domain names (TLD)s and its size is more or less 80,000 bytes. It also changes slowly and absorbs only one minor change per TLD every year. The National Telecommunications Information Administration (NTIA), ICANN, Verisign and the Root Server Operators play significant roles in the management and process of the root zone. NTIA is an agency under the United States Department of Commerce, which represents the federal government in a contract entered in with ICANN and Verisign, which grants the organizations separate functions in managing the performance of the root zone. NTIA is responsible in reviewing and approving whatever changes that need to be implemented within the root zone. ICANN is the operator of the Internet Assigned Numbers Authority (IANA), which is responsible for the day-to-day management of the DNS root zone. IANA assigns the operators of the top level domain and ensures the maintenance and the administrative details of the TLDs. It is also responsible for the coordination of the Internet Protocol (IP) and Autonomous System Numbers (ASN) to the Regional Internet Registries (RIR). Verisign, and formerly Network Solutions, serves as the root zone administrator under a cooperative agreement entered with the United States government; this has been in effect since 1998. The Root Server Operators' primary role is to make sure that the operations of the root zone is always accurate, available, reliable and secure. There are thirteen Root Server Operators in the database of the root zone, which include: A - Verisign Global Registry Services B - Information Sciences Institute C - Cogent Communications D - University of Maryland E - NASA Ames Research Center F - Internet Systems Consortium, Inc. G - U.S. DOD Network Information Center H - U.S. Army Research Lab I - Autonomica/NORDUnet K - RIPE NCC L - ICANN M - WIDE Project
122
121TerminologySCADASupervisory control and data acquisition
123
122TerminologySearch Engine Optimization SEOThe process of affecting the visibility of a website or a web page in a search engine's unpaid results
124
123TerminologySocial Media FraudSuspicious Profiles on any social media websites that have association with the client
125
124TerminologySuspicious Mobile AppMobile App published on the internet claiming to be published by client's organization
126
125TerminologyTLDTop Level Domain
127
126TerminologyTrademarkAny word, name, symbol, or design, or any combination thereof, used in commerce to identify and distinguish the goods of one manufacturer or seller
128
127TerminologyWater MarkIs an identifying image or pattern in paper that appears as various shades of lightness/darkness when viewed by transmitted light, caused by thickness or density variations in the paper.
129
128TerminologyIP PaymentsIP Payments is a PCI Level 1 compliant financial services organisation that provides payments, accounts receivable automation and PCI DSS compliance solutions.
130
129TerminologyPatent CitationWhen referenced in a document, patents must be cited like books, journal articles, or any other resource. While its presentation varies according to individual style requirements, a citation for a patent should enable your reader to locate the patent and understand the basics (title, inventor, date, whether it is an application or a patent). The citation should enable readers to distinguish the patent in question from similar or related patents.
131
130TerminologyUDRPUniform Domain-Name Dispute-Resolution Policy
132
131TerminologyURSUnited Research Service
133
132TerminologyAn encrypted network that is not indexed by normal search engines. Can only be accessed using specialized software.An encrypted network that is not indexed by normal search engines. Can only be accessed using specialized software.
134
133TerminologyDark WebDark Web is a small part of the Deep Web.
135
134TerminologyDeep WebParts of the WWW which have not been indexed by search engines as they are encrypted. Requires certain software to be able to access the Deep Web.
136
135TerminologyClear NetThe unencrypted part of the internet which is accessible by everyone using standard browsers.
137
136TerminologyTrollingThe act of trash talking or annoying someone using the internet for fun. Trolling usually involves using sarcasm to get on the nerves of that person.
138
137TerminologyDoxingDoxing simply refers to the process of gathering or deducing other people’s information such as name, age, email, address, telephone number, photographs etc. using publicly available sources such as the Internet.
139
138TerminologyShadow ITOr Stealth IT, is a term often used to describe information-technology assets without explicit IT approval.
140
139TerminologyBusiness Email Compromise (BEC)Business Email Compromise (BEC) is a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.
141
140TerminologyEmail Wire FraudThe purpose of this type of email is very simple—to get the recipient to process a payment for non-existent goods or services by way of a wire or credit transfer. The scammers send an email to a target recipient, usually pretending to be from the CEO or a senior executive of an organization. The scammers will usually send the fake wire transfer emails to employees working in the finance department of a company, as those employees will have the ability to action payment requests.
142
141TerminologyTailored Trustworth SpaceA cyberspace environment that provides a user with confidence in its security, using automated mechanisms to ascertain security conditions and adjust the level of security based on the user’s context and in the face of an evolving range of threats.
143
142TerminologyTRAP10Binary Trading (commonly also known as Binary Options Trading or Binary Options) is a type of option where the trader takes a yes or no position on the price of a stock or other assets, with the resulting payoff being all or nothing. Questionable activities such as brand infringement, unregistered establishments, identity theft, misrepresentation of potential gains and back-end manipulation of software to cheat users is common in the name of BOT. As there does not appear to be an explicit legal framework to govern binary trading, online companies continue to operate and trap victims. This type of scam is known as TRAP10.
144
143TerminologyBitsquattingRefers to the registration of a domain names one bit different than a popular domain. The name comes from typo-squatting: the act of registering domain names one key press different than a popular domain.
145
144TerminologyDomain Validation certificateIs an X.509 digital certificate typically used for Transport Layer Security (TLS) where the identity of the applicant has been validated by proving some control over a DNS domain
146
145TerminologyOrganization Validation certificateIs a certificate that confirms the existence of the organisation.
147
146TerminologyExtended validation certificateAn Extended Validation Certificate (EV) is a certificate used for HTTPS websites and software that proves the legal entity controlling the website or software package
148
147TerminologyTypopiracy/typosquattingTyposquatting, also called URL hijacking, a sting site, or a fake URL, is a form of cybersquatting, and possibly brandjacking which relies on mistakes such as typos made by Internet users when inputting a website address into a web browser.
149
148TerminologyURL shorteningIs a technique on the World Wide Web in which a Uniform Resource Locator (URL) may be made substantially shorter and still direct to the required page.
150
149TerminologyURL redirectionA URL Redirection Attack is a kind of vulnerability that redirects you to another page freely out of the original website when accessed, usually integrated with a phishing attack.
151
150TerminologyAFFAdvance Fee Fraud is a fraud in which the scammer convinces the victim to send an upfront money in return for services or higher pay back.
152
151Credit CardsAcquirerThe acquiring bank (also merchant bank or acquirer) is the financial institution that maintains the merchant’s bank account. The contract with the acquirer enables merchants to process credit and debit card transactions. The acquiring bank passes the merchant’s transactions along to the applicable issuing banks to receive payment.
153
152Credit CardsIssuerThe issuing bank is the financial institution that issues credit cards to consumers on behalf of the card networks (Visa, MasterCard). The issuer acts as the middle-man for the consumer and the card network by contracting with the cardholders for the terms of the repayment of transactions.
154
153TerminologyBuffer OverflowWhen data being entered exceeds a buffer's fixed length, the data then starts overflowing adjacent memory space causing system shutdown, data corruption, or give the attacker access to the rest of the system.
155
154TerminologyTailgate/PiggybackingIllegally accessing a service/system using another persons's authorized credintials.
156
155TerminologyZero-Day VulnerabilityA vulnerability in the system that the developer does not know about. These vulnerabilites are difficult to detect as they do not have a signature which anti malware or intrusion prevention systems depend on to find vulnerabilities. The vulnerability is called Zero-Day because it takes zero days for the first attack to occur since the vulnerability has been made public.
157
156AttackDowngrade AttackAn attack in which the victim is negotiated into using older and more vulnerable security protocols, making it easier for the attacker to launch the attack.
158
157TerminologyDead Man's SwitchA system that requires often human interaction to prevent a process from being triggered. Extortionists use a Dead Man's Switch to force the victim to comply and not go to the authorities. In case the extortionist gets arrested, the process will be triggered and the information will be released to the public.
159
158TerminologyRed Team - Blue TeamAn exercise in which a system's security is tested by security experts. Red team is in charge of attacking and gaining access/control of an objective while the blue team is responsible for defending it. This exercise is meant to test the system and reveal vulnerabilites and measure the readiness of the security team responsible for defending it.
160
159TerminologyBlackbox Testing - Whitebox testing - Graybox TestingScenarios that an ethical hacker will face while performing penetrations testing.
Blackbox testing: the hacker does not know the in/outs of the IT infrastructure. Usually launches a full scale brute force attack to reveal vulnerabilities. Can be very time consuming.
Whitebox testing: attacker has full knowledge and access to the source code and infrastructure. A more thorough test can be performed in this type of pen testing.
Graybox testing: attacker has partial knowledge/access, and can focus on specific weaknesses and discover more as he moves along.
161
160TerminologySkill SquattingAn attack which takes advantage of speech recognition systems' errors. Example: A person with bad intent can create a malicious mobile application called Ramazon. When a user tries to install Amazon application on their phone using voice commands, the voice recognition system might hear "Ramazon" instead of "Amazon" and end up downloading the malicious application.
162
161TerminologyCCD-COECooperative Cyber Defense - Center of Excellence. A military organization that falls under the NATO umbrella. This organization is responsible for training NATO members and protecting NATO nations from cyberattacks. Additionally, CCD-COE created a manual, the Tallinn Manual, that explains how a nation can respond to cyberattacks while taking international laws in cosideration.
163
162TerminologyCyber DeterrentA factor which disencourages the attacker from initiating the attack.
164
163TerminologyLayered SecurityAlso known as layered defense, it is the practice of having multiple layers of security protecting the data.
165
164TerminologyUnified Threat ManagementUTM is a software or hardware that combines several network security functions such as IDS/IPS, VPN, Firewall, Gateway Anti-Virus and others under one platform, making it easier to manage and monitor through a single interface.
166
165TerminologyAngler PhishingAn attack in which the fraudster will masquerade as a customer support representative on social media to send phishing links to customers in order to get their information such as username and password as well as other personal information.
167
166TerminologySocialbotsSocialbots are softwares programmed to behave like humans on social media by posting pictures, retweeting, and even chatting with people. Socialbots can be used for malicious purposes such as distorting public opinion during political campaigns, marketing, and spreading scams.
168
167TerminologyDolphin Attack (Inaudible Voice Commands) An attack where hackers use ultrasonic frequencies to launch a voice command to phones to unlock them and steal information.
169
168TerminologyScarewareA form of social engineering where victims are tricked into thinking that their device is infected with a virus, encouraging them to download an anti virus software, which in fact is malicious.
170
169TerminologyPotentially Unwanted ProgramPUP is a program that piggybacks software downloaded by the user. It is an unwanted program that downloads with the user's consent such as spyware, adware, or toolbars for browsers.
171
170TerminologyPhishing KitsPhishing kits are kits provided by hackers for people with basic computer skills to launch phishing attacks. The kit includes several items which make launching a wide scale phishing attack easy such as spamming software, source code, and script to launch the attack.
172
171TerminologyDoppelganger domainA doppelganger domain is similar to typosquatting domain. It is a domain which is missing "." (dot) in a domain name. For example, an instance of Doppelganger domain for mail.google.com is mailgoogle.com (notice the missing dot). When the content on these domain matches branding and content of the original website, users are not able to tell the difference and are more likely to be tricked by an attacker (e.g., for credential harvesting or financial fraud).
173
172TerminologyPagejackingIf you click on a link and find yourself at an unexpected website, you may have been ‘pagejacked’. This happens when someone steals part of a real website and uses it in a fake site. If they use enough of the real site, Internet search engines can be tricked into listing the fake site and people will visit it accidentally. The fake site could contain unwanted or offensive material. As an online merchant trading via a website, you need to know that your site isn’t being stolen in this way. Unfortunately you can’t prevent pagejacking; you can only deal with it after you know it’s a problem.
174
173TerminologyChange of BillingA form of fraud where a criminal who gained access to a victim's bank account changes the billing address to prevent the victim from receiving the monthly bills, thus allowing the fraudster to remain undetected.
175
174TerminologyAstroturfingAstroturfing is abusing the power of customer reviews on sites like Yelp, Facebook, Amazon and others. Either a place of business will post rave reviews from fake customers about their product, or a business will post bad reviews about a competitor.
176
175TerminologyBlended AttackA cyber attack that comprises multiple attack vectors and malware is known as a blended attack. Such attacks usually cause severe damage to targeted systems.
177
176TerminologyForm GrabberMalware designed to record sensitive information that the targeted user provides in forms on the Internet. These malware particularly target the victim’s financial information.
178
177TerminologyPolymorphic VirusA polymorphic virus is a malicious program that modifies itself when it replicates. This technique enables it to evade detection by security software.
179
178TerminologyTwishingTwishing refers to phishing scams that are carried over Twitter. The attacker might tweet a post interesting or strange enough to trick users into visiting a fraudulent website and logging in with their credentials.
180
179TerminologyWeb SkimmerWeb skimming is when a malicious code is inserted into a payment page. Whenever the customer attempts to pay online, the malicious code will steal the payment information (card number, expiry date, holder namer, security code...) and send it to the attacker.
181
180TerminologyTTPsTactics (or Tools), Techniques, and Procedures is the behavior of attackers or adversaries in the cyber space. TTPs are usually deeply analyzed to understand how the adversary works and how to expect and prepare for future attacks.
182
181TerminologyAir GapHaving a critical computer or machine in a physically isolated location as well as disconnecting it from the internet.
183
182TerminologyCVECommon Vulnerabilities and Exposures is a database that contains all known vulnerabilities. These vulnerabilities have been tagged by a specific code such as: CVE-2019-5736
184
183TerminologyRandom ForestGrouping the output of multiple decision trees together into a final result. This should be used when a single decision tree does not provide accurate results for all scenarios.
185
184TerminologyPassword SprayingIt is an advanced brute-force technique that attempts to attack multiple user accounts with commonly used passwords
186
185TerminologyPrivilege EscalationAn attack in which the user will attempt to exploit bugs in the system allowing them to reach and use resources which should not be accessed by them.
187
186TerminologyDefang URLThe process of rewriting the URL into a form that cannot be clicked.
188
187TerminologySteganography It is a technique used to hide the existence of a message, files, or any other information. For example, hiding a text message inside an image file to avoid being discovered (Data hidden within data).
189
188Terminology Inference AttackAn inference attack is a data mining technique used to illegally access information about a subject or database by analyzing data. This is an example of breached information security. Such an attack occurs when a user is able to deduce key or critical information of a database from trivial information without directly accessing it.
190
189TerminologyBastion hostA host with very few services/applications running on it, usually put between the internal network and the internet. This point acts as a proxy and is the only entry point to the internal network.