Network and application attack terms

Web cache poisoning refers to a security vulnerability during which an attacker manipulates the content of a web cache to serve malware or fake information to unsuspecting users.

Warshipping is a strategic method used in cyberattacks in which an assailant gains remote access to a desired wireless network by dispatching a parcel that conceals a sophisticated device.

War texting, also known as SMS hijacking or SMS spoofing, is a cyber attack that exploits vulnerabilities in mobile networks to gain unauthorized access to a victim’s mobile device.

A vulnerability refers to any flaw in an organization’s information system, internal control systems, system operations, software, or network that exposes users’ devices to the risk of hacker attacks.

VoIP caller ID is a feature in Voice over Internet Protocol telephony services that identifies and displays the phone number and, where available, the name of the incoming caller.

VLAN hopping is an exploit that lets an attacker gain unauthorized access to a Virtual Local Area Network (VLAN).

Virtual machine hyper jumping is a method attackers use to take advantage of weaknesses in the virtualization software (hypervisor) that manages multiple virtual machines on a single physical computer.

UXSS is a security vulnerability that enables an attacker to inject malicious code directly into users’ browsers.

Use-after-free is a type of memory corruption vulnerability that occurs when a program continues to use a memory location after it has been freed or deallocated.

A URL redirection attack is a form of web-based threat where the attacker manipulates URLs to redirect users from a legitimate website to a malicious one, mostly to steal sensitive information or distribute malware.

Unauthorized access is gaining entry to computer resources without permission.

TOCTOU attack is a software exploit that happens when a system's behavior depends on the timing between checking a condition and using the result.

A timing attack is an attack in cryptography when an attacker attempts to compromise a cryptosystem by analyzing the time taken to execute cryptographic algorithms.

A teardrop attack was a type of cyberattack that targeted computer networks.

A TCP reset attack is a type of denial-of-service attack that aims to terminate an established TCP connection between two parties using fake TCP reset packets.

A tampering attack, or data tampering, entails the harmful alteration of information.

A syntax error disrupts the proper structure of code.

A Sybil attack is a type of security threat in peer-to-peer (P2P) networks where a node in the network operates under multiple identities.

Stack smashing is a cyberattack that causes a stack buffer overflow.

An SSL stripping attack is a type of cyberattack that hackers commit by downgrading a device’s or network’s web connection to a less secure one.

SQL injection tool is software designed to exploit vulnerabilities in web applications that use SQL databases.

A spoofing attack is when a person or program poses as another entity by falsifying data to gain an illegitimate advantage.

Software bug refers to a flaw in a computer program that prevents it from functioning properly or opens the program to unauthorized manipulation.

Sidejacking is the remote exploitation of a valid web session to gain unauthorized access to resources in or services on a computer system.

A shimming attack, also known as API hooking, refers to a method where a bad actor introduces a small piece of code, or a shim, into a system.

A shellcode is a small piece of executable code used as a payload, built to exploit vulnerabilities in a system or carry out malicious commands.

Session hijacking is a cyberattack that happens when a hacker takes over a user’s internet session.

A session fixation attack is a way to force someone to use a specific session ID while they browse.

Session cookies are small text files that track users’ actions and temporarily store information about their preferences on their devices.

A scanning attack involves trying to find vulnerabilities or weaknesses in a computer system or network by searching for open ports, services, or other entry points.

Sandbox escape refers to the act of exploiting a software vulnerability to break out of a secure or quarantined environment, often called a sandbox.

A replay attack is when hackers intercept your internet traffic to access your accounts and online profiles.

Remote code execution, frequently shortened to RCE, refers to a class of cybersecurity weaknesses that permit malicious parties to run any code of their choice on a target system from a distant location.

A remote attack (also known as a remote exploit) is when a hacker targets one computer or an entire network.

Reconnaissance in cybersecurity refers to gathering information about a target network or system before planning and executing a cyberattack.

Privilege escalation is exploiting a system vulnerability, misconfiguration, or design flaw to gain unauthorized access to resources and functionalities normally restricted to users with higher privileges.

A pipeline is a system for processing data whereby the output of one element is the input of the next one.

Phreaking is a manipulation of telephone signaling in order to make free phone calls.

A password sniffer is a type of malware that intercepts and steals data packets as they pass over a computer network in order to obtain login credentials.

In cybersecurity, passive reconnaissance collects information about the target network, system, or organization without directly interacting with the system, for instance, without sending any packets to the target.

Parameter tampering, query string manipulation, form field manipulation, or cookie poisoning is a cyber threat where an attacker manipulates the parameters exchanged between the client and server to alter application data.

Overrun refers to a situation where data is written or read beyond the allocated buffer or memory space.

An overflow error occurs when a computer operation produces a result that falls outside the permissible range of the respective data type.

A null session is an anonymous connection (with no username or password) to unprotected shares of a Windows system.

A network intrusion, alternatively referred to as a network breach or cyber intrusion, is defined as unsolicited activity on a digital network.

A man-in-the-middle-attack (MITM) is a cyberattack where a hacker inserts themself into a conversation between two parties — the user and the entity the user is trying to communicate with.

Magecart is a catch-all term for hacking groups known for their involvement in online credit card skimming attacks.

LOLBin is a technique that hackers use to carry out attacks on a system by using programs (executables or binaries) already installed on that system.

Log4Shell is a dangerous security vulnerability in Log4j, a Java-based logging utility that tracks specific applications and sends diagnostic messages.

Local file inclusion is a vulnerability that allows hackers to include and execute local files in web applications through user-supplied input.

A living off the land attack is a cyberattack that exploits legitimate tools already present on a compromised system.

Lateral movement refers to the gradual infiltration of a network to reach the desired target.

A KRACK attack (a key reinstallation attack) is a security vulnerability that affects Wi-Fi networks that use the WPA2 protocol.

JSON hijacking is a security vulnerability during which a website exposes sensitive data in JSON format without adequate protection.

IP surveillance is a digital version of CCTV.

IP spoofing is a technique that allows an attacker to modify the source address of packets to make them appear as though they come from a trusted IP address.

IP hijacking, also referred to as IP address hijacking or BGP hijacking, is a harmful action where an intruder assumes command over one or more IP addresses not officially assigned to them.

Interception attacks are any situation where a hacker intercepts and changes communication between two parties without their knowledge.

An integer overflow takes place when a computational operation generates a value exceeding the capacity of the assigned number of bits within a computer's memory.

An insertion attack is a cyberattack that deliberately adds bad packets to a data stream to confuse intrusion detection systems (IDS).

Insecure direct object reference is a security flaw or vulnerability in web applications.

Insecure deserialization is a vulnerability in cybersecurity that arises when data controlled by an attacker is processed without proper validation.

HTTP request smuggling (HRS) is a high-level security vulnerability that manipulates how internet servers handle HTTP requests.

HTTP parameter pollution (HPP) is a web application vulnerability where an attacker manipulates or injects additional HTTP parameters into a web request, leading to security glitches and unexpected behavior, like data leaks, denial of service, or remote code execution.

Heap spraying is a technique used in exploits to facilitate arbitrary code execution.

A heap spray is a technique or method that allows individuals and organizations to attack and exploit vulnerable systems and networks.

Google dorking is the deliberate use of Google Search (as well as other Google apps) to hunt for valuable or hard-to-find data.

A Google bomb refers to manipulating search engine results to rank a page highly for unrelated search terms.

A golden ticket attack is a cyberattack that grants the attacker access to an organization’s files, users, and the Active Directory.

The GHOST bug is a vulnerability in the GNU C library (glibc) that allows attackers to induce a buffer overflow on Linux devices.

A format string attack represents a class of cyberattacks that capitalize on weaknesses within the format string operations of software programs.

A forever day bug is a software vulnerability that the manufacturer isn’t intending to patch.

Firesheep was a Mozilla Firefox extension that allowed hackers to hijack unencrypted Wi-Fi sessions as well as capture unencrypted session cookies on websites (which then can be used to access the users' accounts).

An exploit is a piece of code, a chunk of data, or a program designed to take advantage of a computer’s or a system’s bugs or vulnerabilities.

An exploit kit is a malicious toolkit cybercriminals use to identify and exploit vulnerabilities in a user's software or operating system.

An exploit chain is a cyber attack when an attacker uses multiple vulnerabilities to compromise the victim step-by-step.

An evil twin attack is a type of cyberattack in which a criminal sets up a fake Wi-Fi network that looks like legitimate Wi-Fi to steal the user’s private data.

Eavesdropping is the act of secretly intercepting unencrypted data passing between two parties.

A drive-by download attack is a sneaky way for malicious programs to enter users’ devices without their knowledge or consent.

Double tagging is a network attack technique that allows a hacker to gain unauthorized access to VLANs (Virtual Local Area Networks).

Domain hijacking is a cyber attack that occurs when an attacker takes over a domain by exploiting vulnerabilities in domain hosting and registrar systems or by directing phishing or other social engineering attacks against the domain owner.

Domain fluxing is a technique used by hackers to obscure their operations by constantly changing the domain name of the server involved in malicious activities.

A dolphin attack involves using ultrasonic commands to hijack voice-controlled assistants (like Siri or Google) and gain unauthorized access to a user’s smartphone.

DNS tunneling is a technique used to bypass network restrictions and involves encapsulating unauthorized or non-standard data within DNS queries and responses.

DNS redirection means redirecting results from DNS queries.

A DNS attack is an exploit in which an attacker targets and exploits the Domain Name System and its infrastructure.

DLL hijacking refers to a technique used by attackers to exploit the way applications load Dynamic Link Libraries (DLLs).

A directory traversal attack is a type of cyberattack that leverages security flaws within web applications or file systems, enabling unauthorized access to otherwise protected files and directories.

A differential fault analysis attack is a technique where an attacker intentionally introduces faults or errors into a cryptographic system or device to exploit vulnerabilities and extract sensitive information.

A DHCP attack, also called DHCP spoofing, happens when a malicious actor intercepts or disrupts communication between devices on a network and the DHCP server.

A data plane is the part of the network that carries user traffic.

A dangling pointer is a pointer (an object that stores a memory address) to a memory location that has been deallocated or freed, resulting in an invalid or unpredictable state.

A cyber-physical attack is a cyber attack aimed at physical systems (power plants, water treatment facilities, factories, traffic control systems, etc.)

Cross-site request forgery (CSRF) is a security vulnerability that allows an attacker to trick a user into unwittingly executing actions on a web application.

CRLF Injection is a cyber attack where hackers insert malicious characters into web application input fields to cause unexpected behavior.

A covert channel is a communication channel that allows entities to transfer information in a way that violates the system's security policy.

Cookie theft refers to a cyberattack where a hacker gets access to the user’s cookie data, small files websites store on the user’s device.

Container breakout is a security vulnerability when an attacker gains unauthorized access to the underlying host system from within a contained environment (for example, a virtual machine).

Computer network exploitation is the act of infiltrating and compromising computer networks, systems, or devices for espionage or cyberattacks.

Clickjacking is an attack in which an attacker utilizes multiple layers, either transparent or opaque, to trick a user into clicking a button or link on a lower-level website when they intend to click on the top-level page.

A buffer overflow attack is a security

Broken authentication attack is an umbrella term for vulnerabilities that can be exploited to impersonate other users online.

Bluesnarfing is a hacking technique that exploits Bluetooth connections to snatch data from a wireless device.

Bluejacking is a cyberattack during which an attacker sends unauthorized messages to Bluetooth devices in the area.

Bluebugging is a cyberattack that seeks to infiltrate the victim’s device through a discoverable Bluetooth connection.

BlueBorne is a cyberthreat that attacks Android, iOS, Linux, Windows, and IoT devices via Bluetooth.

A black box attack is a way to attack the system when the attacker doesn't have previous knowledge of the system, doesn't have access to source code, or any current vulnerabilities.

A bit-flipping attack is a cryptographic attack when an attacker flips bits in the ciphertext to create predictable changes in the plaintext.

Authentication bypass vulnerability allows unauthorized users to skip security checks.

An API attack, also known as an API security breach or API exploitation, is a type of cyber threat where attackers exploit vulnerabilities in application programming interfaces (APIs) to gain unauthorized access, manipulate data, or disrupt services.