Terms and Topics in Cybersecurity that you should know

The Cybersecurity field is one of the fields that has been growing rapidly and steadily in recent years, as the demand for it grew more and more, and trust me, this is not a good thing to be haunted by a particular vulnerability.

But, in case you do want to work in that field, or learn about it, there are some important terms and general concepts you need to know and understand deeply.

Let’s talk about some of them :

  • Software – software is a set of programs built from different rules and functions written in code that “tell” a computer\machine to perform certain tasks.

These instructions are compiled into a package that, with the correct tools, users can install and use on their own machines, for example, a Video Game is an application software, which was built with the hands of others, running functions and reacting to the user accordingly.

  • Domain – A Network Domain is an administrative grouping of multiple private computer networks or local hosts within the same infrastructure.

Domains can be identified using a domain name, domains which need to be accessible from the public Internet can be assigned a globally unique name within the Domain Name System (DNS) which gives IP addresses their alternative names.

  • Cyber – many have heard about it, but they do not know the meaning of the word, Cyber is an abbreviation for the word Cybernetics, this is a field that deals with the study of communication processes, control systems and the principles of feedback between human beings, organizations and machines.
  • Malware (Malicious software) – a very scary word nowadays, Malware is a malicious software designed to cause harm to our machine\information in a certain way, the most common ones are Viruses, Worms and Trojans.
  • IP Address – just like your home address, your computer gets one when connected to the Internet, it’s like an ID he gets when communicating with him online.
  • Asset – an asset is anything that has value to the organization, it’s important to understand that there are Tangible Assets (such as employees or computers) and Intangible Assets (such as Database, contact lists and user accounts).
  • Vulnerability – Vulnerability is a flaw in the system or the design, through which an attacker could bypass security mechanisms.
  • Exploit – this is an attack tool, or a certain way, in which the attacker exploits the vulnerability.
  • Payload – to take advantage of the vulnerability, we use Exploit which sends Payload to the victim.
    Payload is the code or any other “Proof” that will be executed in the target system to exploit a vulnerability that exists in the target system.
    Payload can also be presented as information that the Exploit software sends to the victim.
  • Threat – A threat poses a potential danger of exploiting vulnerability to undermine security and cause possible harm.
  • Risk – the threat becomes a risk only when there is a way of Exploiting the Vulnerability (an untreated one), this means that it can be realized.

  • Firewall – some sort of defensive technology designed to keep the “Baddies” out, Firewalls can be either hardware or software-based.
  • Bot\Botnet\”Zombie” – a type of software application or script that perform tasks when commanded, allowing an attacker to take complete control remotely of an affected workstation, therefore, their nicknames, since their function is “Brain-Less”.
  • Advanced Persistent Threat (APT) – APT is an attack that is usually performed by highly skilled and well-funded attackers.
    These attackers are usually military units, government intelligence agencies, or very organized groups
    who carry out these targeted attacks.
  • Zero-day (unpublished) vulnerabilities – every day new vulnerabilities are revealed, Zero-day vulnerabilities are new vulnerabilities that has been discovered and kept secret, meaning only the malicious person knows of them.
  • Types of Attacks
  1. DoS (also DDoS) – the main purpose of these attacks is to prevent a service station from providing a particular service to users.
  2. Phishing – by disguising himself to something he does not, the attacker will retrieve information from the victim, in this case the victim will provide the sensitive information himself.
  3. Social Engineering – through manipulation and deception, the attacker gain sensitive and private information, these types of attacks and their outcome is based on the conduct of people accordingly

  • Pen-testing – you’ve probably heard of it before, Pen-testers sole purpose is to try and “Break” through the system’s lines of defense in order to find possible Vulnerabilities.
  • Hats – you can read more here, but it’s important for you to understand that there are many types of Attackers, ranging from Ethical (good) ones to those acting out of their malicious personal goals.

I hope that this article has been very helpful to you and that you have indeed found what you were looking for, of course there are other Terms and “Slangs” you will learn along the way, and I wish you good luck!

Stay safe, choose Kayran.

What is a CWE ?

Similar to the article written on CVEs, in this article we will answer the questions :What is CWE ? and, what is the difference between

Read More »