16/1 Near SBI BANK, Sultanpur, New Delhi - 110030
+91 11 4065 6797

Ethical Hacking – 100 Terms you need to know

Ethical Hacking Terms

ethical-hacking-terms
                            Ethical Hacking Terms
  • Cache – Storing responses temporarily for future use.
  • Cipher – algorithms used for encrypting and decrypting data
  • Code injection – a malicious code is injected into a system by exploiting a vulnerability.
  • Cross-site scripting – A type of attack, in which a malicious code is injected along with a legitimate website.
  • Compliance – rules defined by authorities to protect customer’s data. Eg à PCI-DSS, HIPAA
  • Dictionary Attack – a type of attack done with a pre-defined username and password list.
  • Dumpster diving – looking into someone’s trash container for pressure to perform attacks.
ethical hacking terms
                              Ethical Hacking Terms

Ethical Hacking Terms:- Denial of services & Distribution denial of services – Attack in which server’s resources are exhausted by sending multiple requested and flooding the network is termed as  Denial of services. When a botnet is used to perform the attack it is then termed as Distribution denial of services.

Ethical Hacking And Penetration Test 100 – Terms you need to know.

  • Directory Traversal – Vulnerability that allows the attacker to view all files and folders of a system.
  • Domain Name System (DNS) – converts the domain names into IP addresses
  • DNS Spoofing – misleading the victim to a malicious website by tricking a system’s DNS
  • Encryption – The process of encoding data so that it can not be accessed by a 3rd party without the key.
  • Exploit – a piece of code that takes advantage of a vulnerability in a system and causes unwanted behavior.
  • Enumeration – Viewing all the network components just by gaining access to a single system of a network.
  • Footprinting – Collecting information on the target system.
  • Flooding – exhausting a system by sending too many packets.
  • Firewall – a network device that monitors and filters the malicious request on a network
  • Fork Bomb – Process of exhausting system resources, similar to Denial of Service attack.
  • Fuzzing – Automated software testing technique to test the exception handling capacity of the system.
  • Hardening – Secures the system from attacks by blocking the unused ports.
  • Hash Function – A function used to map data into a fixed value string. This maintains the data integrity.
  • Honey pot – Intentionally created system that is vulnerable to lure the attacker.
  • HIPAA – Health Insurance Portability and Accountability Act. While working with healthcare-related data it is mandatory to be HIPAA compliant to ensure data privacy.
  • Input Validation – Monitoring the user input before connecting to the database. Checking is done to prevent a website from SQL injection attacks.
  • Integrity – ensuring that data is not tempered, ie. The client must receive the same data sent by the server.
  • Intrusion Detection System – Alters the user if any malicious activity occurs on the network.
  • IP Spoofing – Masking the original source IP address to trick the target that request is coming from a legitimate IP.
  • John The Ripper – It is an excellent password cracking tool.
  • Kerberos – Network authentication protocol used by Microsoft for a strong encryption system.
  • Keyloggers – A program that records all the keystrokes of the victim.
  • Logic bombs – A malicious code that is executed when a certain condition is satisfied.
  • Lightweight directory access protocol (LDAP) –  Stores usernames and passwords to authenticate a user on a network.
  • Malware – This stands for “malicious software”. Malware is a collective term used for viruses, ransomware, spyware, and many more.
  • MAC Address – “Media Access Control address” is a unique address assigned to the Network interface card.
  • Multi-factor authentication – Using more than one method for authentication purposes.
  • MD5 –  Popular hashing algorithm.
  • Metasploit – Penetration testing framework widely used to gain access to a system by exploiting a vulnerability.
  • Mull-Bytes Injection – – An exploit that returns random data which might be useful for the attacker.
  • Network Interface card (NIC) – Hardware component that helps in connecting to the internet.
  • Network address translation – Translates local IP address into global Ip address.
  • Nmap – A popular network scanning tool that provides information regarding open ports, services, and much more.
  • Netcat – A tool that helps in viewing and recording data on a TCP or UDP connection.
  • Nikto – A tool that helps to find a vulnerability in a web application.
ethical hacking term
                        Ethical Hacking Terms  
  • Nessus — It scans a computer and increases an alert if it detects any vulnerabilities provides advanced threat detection, vulnerability, scalability, and vulnerability management.
  • Packet — It is a small amount of data sent over a network and it contains information like source IP, destination IP, protocol, and other information.
  • Password Cracking — It’s the art of getting an encrypted password by trying every possible combination of characters like brute-force cracking that gives access to a system protected by an authentication approach.
  • Password Sniffing — Password sniffing is like performing Man-in-the-middle attacks on the Internet that is used to steal user names and passwords from the network.
  • Patch — This includes fixing security vulnerabilities and other bugs in a software system that is identified after the release of the software.
  • Phishing — Phishing is the fraudulent attempt to obtain sensitive information by building fake websites appearance remarkably much like valid websites and often used to steal user data, including login credentials and credit card numbers.
  • Ping Sweep —A network scanning technique that tries to ping a system and identify if the hosts are alive.
  • Public Key Cryptography — Public-key cryptography uses a couple of keys to encrypt and decrypt information to protect it in opposition to unauthorized get right of entry. The sender will encrypt a message by the usage of your public key which then you may decrypt by the use of your non-public key.
  • Public Key Infrastructure — A public key infrastructure (PKI) is the granting of digital certificates to shield sensitive data, provide unique digital identities for customers, gadgets, and applications, and secure throughout communications and this enables device admins to verify that a specific public key belongs to an especially authorized entity.
  • Personally Identifiable Information (PII) — It is data that can be used to identify, locate, or contact an individual. eg. Address, Phone number, etc.
  • Payload — Payload is a piece of code that can range from stealing personal information to deleting the contents of a hard drive.
  • PCI-DSS — Payment Card Industry Data Security Standard is a set of security standards in which all companies that process, store, or transmit credit card information maintain a secure environment.
  • Ransomware — Ransomware is a sort of malware that limits users from accessing their device, either with the aid of locking the device’s display screen or by way of locking the customers’ documents until a ransom is paid.
  • Rainbow Table — It involves the use of a rainbow hash table that will help you crack password hashes faster.
  • Reconnaissance — It is a set of processes for finding data or collecting information about a target system by the use of methods along with google search, social media, and other publicly available data.
  • Reverse Engineering —It is the process of rebuilding a piece of software program primarily based on its functions.
  • Role-Based Access- It is also known as role-based security, which is a mechanism that restricts system access and involves setting permissions and privileges to permit get right of entry to authorized customers.
  • Rootkit — A rootkit is a malware that enables hackers to install malicious software that steals sensitive information.
  • Scanning —It identifies active hosts, ports, and services, sends packets to a system, and gains information about the target system using the packets received.
  • Secure Shell (SSH) — It is a network protocol that establishes a secure way to access a computer over an unsecured network.
  • Session — A session is a duration in which the user interacts with your website that takes place within a given time frame.
  • Session Hijacking — Taking on someone else’s session with the aid of pretending to the customer and that is done by using stealing cookies and session tokens.
  • Social Engineering — It uses psychological manipulation to trick people into making them do something that is not in their best interest.
  • Secure Hashing Algorithm (SHA) —It is a family of cryptographic functions designed to keep data secured and a widely used family of encryption algorithms. It aims to provide an additional level of security to the increasing and massive data you have to deal with hackers
  • Sniffing — Sniffing is the manner of monitoring and capturing all the data packets passing through a given network using sniffing
  • Spam — Spam is the use of messaging systems to send malware in digital communication, including email, social media messages to large numbers of the receiver and it usually tries to get you into a malicious website.
  • Syslog — System logging protocol, is a standard protocol used to send system log or event messages to a specific server and it is used by system administrators to capture all activity on a server.
  • Secure Sockets Layer (SSL) — Secure Socket Layer(SSL) provides security to the data and encrypts the link between a web server and a browser which ensures that all data passed between them remain private and makes a secure internet connection.
  • Snort — It is a network-based, lightweight open-source Intrusion Detection System and monitors network traffic in real-time.
  • SQL Injection — In this attacker tries to inject SQL query as an input and if the web application is not sanitizing the user input then that query is being executed on the database and the attacker can dump all the data from the database.
  • Trojan — A Trojan Horse is a type of malware hidden within useful software that pretends to be something useful, beneficial while inflicting damage or stealing data.
  • Traceroute — Traceroute, also called a trace path is a tool that records the route a packet takes between the source and destination.
  • Tunnel — It is a protocol that allows for the secure movement of data from one network to another and it only allows devices on the network that can communicate through this tunnel.
  • Virtual Private Network —VPN is an encrypted connection over the Internet that protects your internet connection and privacy online.
  • Virus — A piece of malicious code that is created to perform a specific action on the target systems without the target’s knowledge and perform malicious actions.
  • Vulnerability — Vulnerabilityrefers to any kind of exploitable weak point that can be exploited to allow unauthorized access.
  • War Driving — Wardriving is the practice of physically searching for unsecured wifi networks illegitimately for malicious purposes.
  • WHOIS — WHOISis an Internet service used to look up information about who owns a domain name and how to get in contact with them.
  • Wireshark — Itis the world’s foremost and widely-used network protocol analyzer which analyze network traffic and filter requests and responses for network debugging.
  • Worm — A worm is a type of malware that replicates itself without any human interaction from computer to
  • Wireless Application Protocol (WAP) — It is designed for micro-browsers and it helps mobile devices connect to the internet.
  • Web Application Firewall (WAF) —A WAF creates protection between a web app and the internet and this shield can help to reduce many common attacks.
  • Zero-Day — It is a newly discovered software security flaw in a system for which there is no patch yet. It is the most dangerous type of security flaw since there is no possible way to protect against one.
  • Zombie —It is a device infected by malware that is controlled by an attacker.

These Ethical Hacking Terms very need to know about in cybersecurity services.

Related Posts

Leave a reply