CERTIFICATION OF THE MONTH LAUNCHED! AVAIL FLAT 30% Discount on Selenium Certification - Use Coupon GROW30
+011 4734 4723[email protected]

Need and Technical Terms

Go back to Tutorial

Need

Due to ever evolving sophistication of cyber attacks due to well-trained, highly motivated, and well organized groups of programmers by huge criminal organizations and nation states, the need for continuous and detailed assessment of organization’s security measures is essential. It is crucial for organizations to have effective infrastructure, procedures, and security policies to prevent or reduce the effects of hacking.

Hackers usually scan for weaknesses, prioritize targets and test entry points. Ethical hacking provides an objective analysis of the security systems. Ethical hacker assesses the security measures of the organization and recommends remedial steps and procedure for future prevention as well.

Technical Terms

Various technical terms used in hacking are

  • Adware – It is an software that automatically generates advertisements in usually free program or like online video game. It also refers to a type of spyware that tracking browsing habits covertly to generate those ads.
  • Anonymous – It is an non-hierarchical hacktivist collective, which uses hacking techniques like distributed denial of services (DDoS) attacks to register political protest in campaigns known as “#ops.” Their past activity involves attacks against the Church of Scientology; Visa, Paypal, and others who withdrew their services from WikiLeaks’ Julian Assange after that group began releasing war documents and #OpTunisia to support the Arab Spring. Other offshoot groups include AntiSec and LulzSec.
  • Asset – An asset is any data, device, or other component of the environment that supports information-related activities that should be protected from anyone besides the people that are allowed to view or manipulate the data/information.
  • Attack – It is an assault on system security and any action that violates security.
  • Back door – It is also called as trap door. It is a hidden entry to a computing device or software that bypasses security measures like logins and password protections. Some have alleged that manufacturers have worked with government intelligence to build backdoors into their products. Malware is often designed to exploit back doors.
  • Bot – A program that automates a usually simple action so that it can be done repeatedly at a much higher rate for a more sustained period than a human operator could do it like hackers use bots for online content delivery, make the content calls to result in denial of service attacks.
  • Botnet – A botnet is a group of computers controlled without their owners’ knowledge and used to send spam or make denial of service attacks. Malware is used to hijack the individual computers, also known as “zombies,” and send directions through them. They are best known in terms of large spam networks, frequently based in the former Soviet Union.
  • Brute force attack – It is an automated and exhaustive key or password search for every possible instance of password. It is an inefficient method as it involves huge computing resources and used when there is no alternative.
  • Clone phishing – Clone phishing is the modification of an existing, legitimate email with a false link to trick the recipient into providing personal information.
  • Code – Code is the machine-readable, usually text-based instructions that govern a device or program. Changing the code can change the behavior of the device or program.
  • Compiler – A compiler is a program that translates high-level language (source code in a programming language) into executable machine language.
  • Cookie – Cookies are text files sent from Web browser to a server, usually to customize information from a website.
  • Denial of service attack (DoS) – It is a attack type used against a website or computer network to make it temporarily unresponsive by sending huge content requests to the site so that the server overloads.
  • Distributed denial of service attack (DDoS) – It is sophisticated type of DoS using a number of separate machines to overwhelm content servers of target. It is accomplished by seeding machines with a Trojan and creating a botnet. Anonymous uses the machines of volunteers.
  • Doxing – Discovering and publishing the identity of an otherwise anonymous Internet user by tracing their online publically available accounts, metadata, and documents like email accounts, as well as by hacking, stalking, and harassing.
  • Exploit– A defined way to breach the security of an IT system through vulnerability. It takes advantage of vulnerability in an asset to cause unintended or unanticipated behavior in a target system, which would allow an attacker to gain access to data or information.
  • Firewall – A system using hardware, software, or both to prevent unauthorized access to a system or machine.
  • Hash – A hash is a number generated by an algorithm from a string of characters in a message in a communications system, the sender uses it to encrypt a message or file send it with the message. On decryption, the recipient generates another hash. If the included and the generated hash are the same, the message or file has almost certainly not been tampered with.
  • IP – Internet protocol address. It’s the distinctive numerical address given in four dotted numbers each can have values from 0 to 255. It identifies the device on the network, track its activity, and discover its location. These addresses are apportioned by the regional Internet registries of the IANA (the Internet Assigned Numbers Authority).
  • IRC – Internet relay chat is a protocol used by both groups and for one-on-one conversations. Often utilized by hackers to communicate or share files. Because they are usually unencrypted, hackers sometimes use packet sniffers to steal personal information from them.
  • Keystroke logging – It is the tracking of keys depressions on a computer (and which touchscreen points are used) to record login IDs and passwords. Keyloggers are usually secreted onto a device using a Trojan delivered by a phishing email.
  • Logic bomb – A virus secreted into a system that triggers a malicious action when certain conditions are met. The most common version is the time bomb.
  • Malware – A software program designed to hijack, damage, or steal information from a device or system and includes spyware, adware, rootkits, viruses, keyloggers, and many more. The software can be delivered in a number of ways, from decoy websites and spam to USB drives.
  • Master – It is the main computer in a botnet that controls, but is not controlled by, all the other devices in the network. It’s also the computer to which all other devices report, sending information, such as credit card numbers, to be processed.
  • Misconfigurations – Systems can also be misconfigured or left at the lowest common security settings to increase ease of use for the user, which may result in vulnerability and an attack.
  • NSA – It belongs to U.S. intelligence group, The National Security Agency is dedicated to intercepting and analyzing data, specifically electronic data.
  • Payload – The cargo of a data transmission is called the payload. In black hat hacking, it refers to the part of the virus that accomplishes the action, such as destroying data, harvesting information, or hijacking the computer.
  • Packet sniffer – Sniffers are programs designed to detect and capture certain types of data. Packet sniffers are designed to detect packets traveling online. Packets are packages of information traveling on the Internet that contain the destination address in addition to content. Packet can be used to capture login information and passwords for a device or computer network.
  • Phishing – It is a hacking technique to trick users into giving their personal information, including login information, credit card numbers, etc. by imitating legitimate companies, organizations, or people online. It is often done via fake emails or links to fraudulent websites.
  • Remote access – It is the process of getting a target computer to recognize keystrokes as its own, like changing a TV with a remote control. Gaining remote access allows hackers to run the target machine completely by own, allowing for the transfer of files.
  • Risk – It is defined as the impact (damage) resulting from the successful compromise of an asset. For example, an organization running a vulnerable apache tomcat server poses a threat to an organization and the damage/loss that is caused to the asset is defined as a risk. Usually, a risk is computed as Risk = Threat * vulnerabilities * impact
  • Rootkit – A rootkit is a set of software programs used to gain administrator-level access to a system and set up malware, while simultaneously camouflaging the takeover.
  • Security – It is a state of well-being of information and infrastructures in which the possibility of successful yet undetected theft, tampering, and disruption of information and services is kept low or tolerable levels. Security is based upon
  • Confidentiality is the concealment of information or resources.
  • Authenticity is the identification and assurance of the origin of information.
  • Integrity refers to the trustworthiness of data or resources in terms of preventing improper and unauthorized changes.
  • Availability refers to the ability to use the information or resource desired
  • Shrink-Wrap Code – Many off-the-shelf programs come with extra features the common user isn’t aware of, and these features can be used to exploit the system. The macros in Microsoft Word, for example, can allow a hacker to execute programs from within the application.
  • Social Engineering – It is an hacking technique, conning people into giving confidential information, such as passwords to their accounts. Given the difficulty of breaking, 128-bit encryption with brute force it is used and includes phishing and spear-phishing.
  • Spam – Unwanted and unsolicited email and other electronic messages that attempt to convince the receiver to either purchase a product or service, or use that prospect to defraud the recipient. Spamming companies often use botnets to send spam.
  • Spear-phishing – It is a type of phishing, targeting a smaller group of targets, from a department within a company or organization down to an individual.
  • Spoofing – Email spoofing is altering the header of an email so that it appears to come from elsewhere like from bank. IP spoofing is the computer version, in which a packet is sent to a computer with the IP altered to imitate a trusted host in the hope that the packet will be accepted and allow the sender access to the target machine.
  • Spyware – Spyware is a type of malware that is programmed to hide on a target computer or server and send back information to the master server, including login and password information, bank account information, and credit card numbers.
  • Target of Evaluation – It is an IT system, product, or component that is identified or subjected as requiring security evaluation as per it’s relevance.
  • Threat – It is an action or event which is a potential violation of security. It represents a possible danger to the computer system. A successful exploitation of vulnerability is a threat.
  • Time bomb – It is a virus whose payload is deployed at or after a certain time.
  • Trojan horse – It is a type of malware that masquerades as a desirable piece of software. Under this camouflage, it delivers its payload and usually installs a back door in the infected machine.
  • Virus – Self-replicating malware that injects copies of itself in the infected machine. A virus can destroy a hard drive, steal information, log keystrokes, and many other malicious activities.
  • Vulnerability – A weak spot hackers can exploit to gain access to a machine. It refers to the presence of a weakness or error in design or implementation that may result in an unexpected, undesirable event compromising the security of the system.
  • Whaling – It is a spear-phishing type that targets the upper management of for-profit companies, either for financial gain, or more exposure for their cause.
  • Worm – It is a self-replicating, standalone malware with no reporting to a master, and it does not need to attach itself to an existing program. It often does no more than damage or ruin the computers it is transmitted to. But it’s sometimes equipped with a payload, usually one that installs back doors on infected machine to make a botnet.
  • Zero day exploit – A zero day attack is a previously unknown vulnerability in a system. A zero day attack is the first such use of the exploit by a cracker.

Go back to Tutorial

Share this post
[social_warfare]
Team Vskills
Ethical Hacking Evolution and Hacktivism
Skills Needed and Stages of Hacking

Get industry recognized certification – Contact us

keyboard_arrow_up