Category: Scams

Intro

It’s convenient to name drop different types of cyber attacks at a party. I often struggle to name more than a few. I will try to maintain a running list of them.

But I find you cannot speak about cybersecurity unless you also have a basic understanding of information technology so I am including some of those terms as well.

As I write this I am painfully aware that you could simply ask ChatGPT to generate a list of all relevant terms in cybersecurity along with their definitions – at least I think you could – and come up with a much better and more complete list. But I refuse to go that route. These are terms I have personally come across so they have special significance for me personally. In other words, this list has been organically grown. For instance I plowed through a report by a major vendor specializing in reviewing other vendor’s offerings and it’s just incredible just how dense with jargon and acronyms each paragragh is: a motherlode of state-of-the-art tech jargon.

AiTM (Adversary in the Middle)

Baitortion

I guess an attack which has a bait such as a plum job offer combined with some kind of extortion? The usage was not 100% clear.

BYOVD (Bring Your Own Vulnerable Driver)

Clickfix infection chain

Upon visiting compromised websites, victims are redirected to domains hosting fake popup windows that instruct them to paste a script into a PowerShell terminal to fix an issue.

Collision attack

I.e., against the MD5 hash algorithm as done in the Blast RADIUS exploit.

Credential Stuffing Attack

I.e., password re-use. Takes advantage of users re-using passwords for different applications. Nearly three of four consumers re-use password this way. Source: F5. Date: 3/2024

Data Wiper

Authentication Bypass

See for instance CVE-2024-0012

Evasion

Malicious software built to avoid detection by standard security tools.

Password spraying

A type of attack in which the threat actor tries the same password with multiple accounts, until one combination works. 

Port Scan

Host Sweep

Supply Chain attack

Social Engineering

Hacking

Hacktivist

I suppose that would be an activitst who uses hacking to further their agenda.

Living off the land

Data Breach

Keylogger

Darknet

Captcha

Click farms

Jackpotting

This is one of my favorite terms. Imagine crooks implanted malware into an ATM and were able to convince it to dispense all its available cash to them on the spot! something like this actually happened. Scary.

Overlay Attack

Example: When you open a banking app on your phone, malware loads an HTML phishing page that’s designed to look just like that particular app and the malware’s page is overlaid on top.

Payment fraud attack

In a recent example, the victim experienced “multiple fraudulently induced outbound wire transfers to accounts controlled by unknown third parties.”

Skimmer

bot

Anti-bot, bot defense

Mitigation

SOC

Selenium (Se) or headless browser

Obfuscation

PII, Personally Identifiable Information

api service

Reverse proxy

Inline

endpoint, e.g., login, checkout

scraping

Layer 7

DDOS

Carpet bombing DDOS attack

Many sources hitting many targets within the same subnet. See:

https://www.a10networks.com/blog/carpet-bombing-attacks-highlight-the-need-for-intelligent-and-automated-ddos-protection/#:~:text=Carpet-bombing%20attacks%20are%20not,entire%20CIDR%20or%20multiple%20ASNs.

SYN flood

DOS

Visibility

Automation

Token

Post

JavaScript

Replay

Browser Fingerprint

OS

Browser

GDPR

PCI DSS

AICPA Trust Services

Grandparent scam

A social engineering attack where scammers target grandparents by pretending to be a grandchild in a bind.

GUI

(JavaScript) Injection

Command Injection

Hotfix

SDK

URL

GET|POST Request

Method

RegEx

Virtual Server

TLS

Clear text

MTTR

RCA

SD-WAN

PoV

PoC

X-Forwarded-For

JSON

Client/server

Threat Intelligence

Use case

Carding attack

Source code

CEO Fraud

Phishing

Vishing

(Voice Phishing) A form of cyber-attack where scammers use phone calls to trick individuals into revealing sensitive information or performing certain actions.

Business email compromise (BEC)

Deepfake

Threat Intelligence

Social engineering

Cybercriminal

SIM box

Command and control (C2)

Typo squatting

Voice squatting

A technique similar to typo squatting, where Alexa and Google Home devices can be tricked into opening attacker-owned apps instead of legitimate ones.

North-South

East-West

Exfiltrate

Malware

Infostealer

Obfuscation

Antivirus

Payload

Sandbox

Control flow obfuscation

Buffer overflow

Use after free

Indicators of Compromise

AMSI (Windows Antimalware Scan Interface)

Polymorphic behavior

WebDAV

Protocol handler

Firewall

Security Service Edge (SSE)

Secure Access Service Edge (SASE)

Zero Trust

Zero Trust is a security model that assumes that all users, devices, and applications are inherently untrustworthy and must be verified before being granted access to any resources or data.

Zero Trust Network Access (ZTNA)

ZTA (Zero Trust Architecture)

Zero Trust Edge (ZTE)

Secure Web Gateway (SWG)

Cloud Access Security Broker (CASB)

Remote Browser Isolation (RBI)

Content Disarm and Reconstruction (CDR)

Firewall as a service

Egress address

Data residency

Data Loss Prevention (DLP)

Magic Quadrant

Managed Service Provider (MSP)

0-day or Zero day

User Experience (UX)

Watermark

DevOps

Multitenant

MSSP

Remote Access Trojan (RAT)

SOGU

2024. A remote access trojan.

IoC (Indicators of Compromise)

Object Linking and Embedding

(Powershell) dropper

Backdoor

Data Bouncing

A technique for data exfiltration that uses external, trusted web hosts to carry out DNS resolution for you

TTP (Tactics, Techniques and Procedures)

Infostealer

Shoulder surfing

Ransomware

Pig butchering

This is particularly disturbing to me because there is a human element, a foreign component, crypto currency, probably a type of slave trade, etc. See the Bloomberg Businessweek story about this.

Forensic analysis

Sitting Ducks

An entirely preventable DNS hijack exploit. See https://blogs.infoblox.com/threat-intelligence/who-knew-domain-hijacking-is-so-easy/

Attack vector

Attack surface

Economic espionage

Gap analysis

AAL (Authentication Assurance Level)

IAL (Identity Assurance Level)

CSPM (Cloud Security Posture Management)

Trust level

Network perimeter

DMZ (Demilitarized zone)

Defense in depth

Lateral movement

Access policy

Micro segmentation

Least privilege

Privilege Escalation (PE)

Breach

Intrusion

Insider threat

Cache poisoning

I know it as DNS cache poisoning. If an attacker manages to fill the DNS resolver’s cache with records that have been altered or “poisoned.”

Verify explicitly

Network-based attack

Adaptive response

Telemetry

Analytics

Consuming entity

Behavior analysis

Authentication

Authorization

Real-time

Lifecycle management

Flat network

Inherent trust

Cloud native

Integrity

Confidentiality

Data encryption

EDR (Endpoint Detection and Response)

BSOD (Blue Screen of Death)

Everyone’s favorite Windows error!

BSI (Bundesamt für Sicherheit in der Informationstechnik)

German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik)

ICS (Industrial Control System)

Reverse shell

A text-based interfaces that allow for remote server control.

Crypto Miner

RCE (Remote Code Execution)

Threat Actor

APT (Advanced Persistent Threat)

Compromise

Vulnerability

Bug

Worm

Remote Access VPN (RAVPN)

XDR (Extended Detection and Response)

SIEM (Security Information and Event Management)

User Entity Behavior Analytics (UEBA)

Path traversal vulnerability

An attacker can leverage path traversal sequences like “../” within a request to a vulnerable endpoint which ultimately allows access to sensitive files like /etc/shadow.

Tombstoning

Post-exploit persistence technique

Volumetric DDoS

MFA bomb

Bombard a user with notifications until they finally accept one.

Use-after-free (UAF)

A use-after-free vulnerability occurs when programmers do not manage dynamic memory allocation and deallocation properly in their programs.

Cold boot attack

A cold boot attack focuses on RAM and the fact that it is readable for a short while after a power cycle.

Random Prefix Attack

A type of DNS attack. https://developers.cloudflare.com/dns/dns-firewall/random-prefix-attacks/

Famous named attacks

Agent Tesla

Cloudbleed

Heartbleed

log4j

Morris Worm

Explanations of exploits

Critical Path Traversal Vulnerability in Check Point Security Gateways (CVE-2024-24919)

Famous attackers

APT29 (Cozy Bear)

A Russia-nexus threat actor often in the news

Volt Typhoon

2024. A China-nexus threat actor

IT terminology

2FA (2 Factor Authentication)

802.1x

ACL (Access Control List)

AD (Active Directory)

ADO (Azue DevOps)

AFK (Away From Keyboard)

AGI (Artificial General Intelligence)

AGI is the theory and development of computer systems that can act rationally.

ANN (Artificial Neural Network)

Ansible

I would call it an open source orchestrator.

anti-aliasing

When you smooth out color in neighboring pixels.

anycast

apache

A formerly popular open source web server which became bloated with features.

APM (Application Performance Management)

ARIN

ARM

A processor architecture from ARM Corporation, as opposed to, e.g., x86. Raspberry Pis use ARM. I think Androids do as well.

ARP (Address Resolution Protocol)

ASN (Autonomous System Number)

Each AS is assigned an autonomous system number, for use in Border Gateway Protocol routing

ASN.1 (Abstract Syntax Notation One)

A standard interface description language (IDL) for defining data structures that can be serialized and deserialized in a cross-platform way.

ASPA (Autonomous System Provider Authorization)

An add-on to RPKI that allows an ASN to create a record that lists which ASNs can be providers for that ASN. The concepts are “customer” (an ASN) and “providers” (a list of ASNs). This is used to do hop by hop checking of AS paths.

ASR (Aggregation Services Router)

A high-end Interent router offered by Cisco for business customers.

AV (anti-virus)

AWS (Amazon Web Services)

Azure AD

BGP (Border Gateway Protocol)

Blast Radius

One of those dreadully overused terms borrowed from the military that mostly only marketing people like to throw around. It means what you think it might mean.

Blue Team – see Red Team

BOM (Bill of Material)

Boot start

A flag for a driver in Windows that tells it to always start on boot.

broadcast

Browser

BSI (The German Federal Office for Information Security)

BYOD (Bring Your Own Device)

I.e., when employees are permitted to use their personal smartphone to conduct company business.

BYOL (Bring Your Own License)

F5 permits this approach to licensing one of their cloud appliances.

CA (Certificate Authority)

CDN (Content Distribution Network)

CDP (Cisco Discovery Protocol)

This protocol allows devices connected to switch ports to learn what switch and which switch port they are connected to. It is a layer 2 protocol.

CGN (Carrier Grade NAT)

The address space 100.64.0.0/10 is handled specially by ISPs for CGN. RFC 6598

CHAP

Chatbot

A computer program that simulates human conversation with and end user.

CI (Configuration Item)

CI/CD

An ITIL term referring to the object upon which changes are made.

CISA (Cybersecurity and Infrastructure Security Agency)

CISO (Chief Information Security Officer)

CMDB (Configuration Management Database)

CMO (Current Mode of Operations)

CNN (Congruential Neural Network)

Computer Vision

A field of AI that leverages machine learning and neutral networks to enable machines to identify and understand visual information such as images and videos.

CPE (Customer Premise Equipment)

CSR (Certificate Signing Request)

CUPS (Common Unix Printing Systems)

Customer Edge (CE)

CVE

CVEs, or Common Vulnerabilities and Exposures, are a maintained list of vulnerabilities and exploits in computer systems. These exploits can affect anything, from phones to PCs to servers or software.  Once a vulnerability is made public, it’s given a name in the format CVE–. There are also scoring systems for CVEs, like the CVSS (Common Vulnerability Scoring System), which assigns a score based on a series of categories, such as how easy the vulnerability is to exploit, whether any prior access or authentication is required, as well as the impact the exploit could have.

CVSS (Common Vulnerability Scoring System)

Part of CVE lingo.

DAST (Dynamic Application Security Testing)

Data at rest

Data in motion

Data Plane

A physical security appliance separates data traffic from its management traffic, which transits the managemenbt plane.

Data Remanence

The residual representation of data that remains even after attempting to erase or initialize RAM.

DDI (DNS, DHCP and IP address management)

Deep Learning

A subset of machine learningthat focus on using deep neural networks with multiple layers to model complex patterns in data.

Deepfake

A manipulated video or other digital representation produced by sophisticated machine-learning techniquies that yield seemingly realistic, but fabricated images and sounds.

DHCP (Dynamic Host Control Protocol)

DLL

DLP (Data Loss Prevention)

DNS (Domain Name System)

DNSSEC (Domain Name System Security Extensions)

Docker

DoH (DNS over HTTPS)

Domain

DRM (Digital Rights Management)

EAP

East-West

Data movement with a data center, I believe, as oppose to North-South.

EBITDA (Earnings Before Interest, Taxes, Depreciation and Amortization)

Hey, an IT person needs to know some business terminology!

Eduroam

Enhanced Factory Reset (EFR)

Entra

From Microsoft. The new name for Azure AD

EU AI Act

EULA (End User Licnese Agreement)

Exact Data Matching (EDM)

FAQ (Frequently Asked Questions)

FEX (Fabric Extender)

FIFO (First in, First Out)

FMO (Future Mode of Operation)

As opposed to CMO.

FN (False Negative)

Forensics

FOSS (Free and Open Source Software)

FP (False Positive)

Fritz!Box

A popular home router in Germany.

GA (General Availability)

GBIC

A type of fiber optic transceiver that converts electric signals to optical signals.

GCP (Google Cloud Provider)

GDPR (General Data Protection Regulation)

An EU directive to achieve data privacy.

Generative AI

AI which can create new human-quality content, including text, images, audio or video.

GMT – see UTC

GRE

GSLB (global Server Load Balancing)

GUI (Graphical User Interface)

HA (High Availability)

Hallucination

When an LLM perceives patterns that are non-existent creating nonsensical or inaccurate outputs.

Hands and Eyes

When you don’t have physical access to a server, you need someone who does to be this for you.

HIBP (Have I Been Pwned)

https://haveibeenpwned.com/

HPC (High Performance Computing)

HSM (Hardware Security Module)

HTML (HyperText Markup Language)

I started with version 0.9!

Hypervisor

IaaS (Infrastructure as a Service)

E.g., brining up a VM on AWS.

IANA (Internet Assigned Numbers Authority)

ICANN (Internet Corporation for Assigned Numbers and Names)

ICS

IDE (Integrated Development Environment)

IdP (Identity Provider)

IDS (Intrusion Detection System)

Incident Response Team

Variations include: Computer emergency Response team, Security incident Response Team, etc.

IPAM (IP Address Management)

IPI (IP Intelligence)

At least in the world of F5 this means IP Intelligence, i.e., the reputation of a given IP address.

IPS (Intrusion Prevention System)

IPSEC

IPv6 (Internet Protocol version 6)

ISO 9001

ISP (Internet Service Provider)

ITIL (IT Infrastructure Library)

Kanban

Agile way of tracking progress on tasks and brief meetings.

Kerning

Adjusting the spacing between letyters in a proportional font.

Kernel mode

Kubernetes

L2TP (Layer 2 Tunneling Protocol)

L3, L4, L7 (Layer 3, Layer 4, Layer 7)

Refers to ISO 7-layer traffic model.

LAMP (Linux Apache MySQL and PHP)

An application stack which gives a server needed software to do “interesting things.”

LaTEX

A markup language based on TEX I used to use to write a scientific paper. I think it gets transformed into a DVI, and then into a postscript file.

LEC (Local Exchange Carrier)

LLD (Low Level Design)

LLD (Low Level Discovery)

A command-line browser for unix systems.

LLDP (Link layer Discovery Protocol)

See also CDP

LACP (Link Access Control Protocol)

Link

Linux

An open source OS similar to Unix.

LLM (Large Langiuage Model)

lynx

A command-line browser for linux systems.

MAC (Media Access Control) Address

Layer 2 address of a device, e.g., fa-2f-36-b4-8c-f5

Machine Learning

A subfield of AI that deals with creating systems that can learn from data and improve their performance without explicit programming.

Management Plane

See Data Plane.

Mandiant

MD5 (Message Digest 5)

MDM (Mobile Device Management)

Management software used to administer smartphones and tablets.

MFA (Multi Factor Authentication)

MITRE ATT&CK

Modbus protocol

MS-CHAPv2

MSS (Maximum Segment Size)

Set by a TCP option in the beginning of the communcation.

MTU (Maximum transmission unit)

Often 1500 bytes.

multicast

Named pipes

I read it’s a Windows thing. huh. Hardly. It’s been on unix systems long before it was a twinkle in the eye of Bill gates. It acts like a pipe (|) except you give it a name in the filesystem and so it is a special file type. It’s used for inter-process communication.

NDA (Non-Disclosure Agreement)

.NET

NGFW (Next Generation FireWall)

Palo Alto Networks describes their firewalls this way.

NGINX

A web server that is usually superioir to apache for most applications.

NLP (Natural Language Processing)

A branch of AI that uses machine learning to enable computers to understand, interpret, and respond to human language.

NOC (Network Operations Center)

North-South

Data movement from/to the data center. Also see East-West.

NSA (National Security Agency)

OAuth bearer token

A security token with the property that any party in possession of the token (a “bearer“) can use the token in any way that any other party in possession of it can.

OCR (Optical Character Recognition)

Offensive Security – see Red Team

OpenRoaming

openssl

A common open source implementation of SSL/TLS.

OS (Operating System)

OSFP (Open Shortest Path First)

OSS (Open Source Software)

OT (Operational Technology)

OWASP (Open Worldwide Application Security Project)

An online community that produces freely available articles, methodologies, documentation, tools, and technologies in the fields of IoT, system software and web application security.

PAP

Patch

PaaS (Platform as a Service)

PBR (Policy Based Routing)

PDF (Portable Document File)

PDU (Protocol Data Unit)

PEM (Privacy Enhanced Mail)

The format certificates are normally stored in.

PII (Personally Identifiable Information)

PKCS (Public Key Cryptography Standard)

PKI (Public Key Infrastructure)

PLC (programmable logic controller)

PM (Product Manager)

Could also be Project Manager but for me it usually means Product Manager.

PO (Purchase Order)

POC (Point of Contact)

POC (Proof of Concept)

Port Channel

Portable Executable (PE)

POV (Proof of Value)

Private Cloud

Prompt Engineering

The practice of crafting effective prompts that elicit high-quality answers from generative AI tools.

PS (PostScript)

A file type I used to use. It is a vector-oriented language, stack-based, which tells the printer how to move its ink pens around the page. Before there was PDF, there was postscript.

PS (PowerShell)

A versatile scripting language developed by Microsoft and available on all Windows computers.

PTO (Paid Time Off)

Purple Team

Purple teams combine red team and blue team functions. See Red Team.

Python

A popular programming language, not the snake.

QSFP (Quad Small Form factor Pluggable)

A newer kind of SFP.

Rack Unit

RADIUS

RAG (Retrieval Augmented Generation)

A method to train LLMs.

Ray

An open-source unified compute framework used by the likes of OpenAI, Uber, and Amazon which simplifies the scaling of AI and Python workloads, including everything from reinforcement learning and deep learning to tuning and model serving.

RBAC (Role-Based Access Control)

RDP (Remote Desktop Protocol)

Red Team

 In a red team/blue team exercise, the red team is made up of offensive security experts who try to attack an organization’s cybersecurity defenses.

Redirect

Remediation

Addressing a security flaw.

Remote Desktop Licensing (RDL) services

Often deployed on Windows severs with Remote Desktop Services deployed.

Retrieval-Augmented Generation (RAG)

Reverse Proxy

A TCP gateway which terminates a tcp connection and maintains a separate tcp connection to a back-end server.

RFC (Request for Comment)

RFI (Requst for Information)

RFO (Reason for Outage)

RFP (Request for Proposal)

RFQ (Request for Quote)

RIPE

RIR (Regional Internet Registry)

RMA (Return Merchandise Authorization)

You hear this a lot when It guys need to get a replacement for failed equipment.

ROA (Route Origin Authorization)

ROCE (Return on Capital Employed)

Hey, an IT person has to know a few business terms!

RPKI (Resource Public key Infrastructure)

Provides a way to connect Internet number resource information to a trust anchor.

RPi (Raspberry Pi)

A popular small, inexpensive server aimed at the educational crowd.

RPZ (Response Policy Zone)

A concept in DNS for either a DNS firewall or way to overwrite DNS responses.

RR (Resource Record)

RSA

Asymmetric encryption standard named after its creators, Ron Rivest, Adi Shamir and Leonard Adleman.

RTFM (Read The “flippin'” Manual)

SaaS (Software as a Service)

SAML

SANS

Private outfit in the US which specializes in information security and cybersecurity training.

Sans-Serif

A font type which does not have the fancy rounded blobs at the tips of the letter, such as Helvetica.

SASE (Secure Access Service Edge)

SCADA

SDWAN (Software defined WAN)

SEO (Search Engine Optimization)

SFP (Small Form factor Pluggable)

A type of optic transceiver that converts electric signals to optical signals.

SGML (Standard Generalized Markup Language)

If you ask the French they proudly point to this as the predeccesor to the more widely known HTML.

SFTP (Secure file Transfer Protocol)

SHA (Secure Hash Algorithm)

SIEM (Security Information and Event Management)

SRE (Site Reliability Engineer)

SMTP (Secure Mail Transfer Protocol)

SNI (Server Name Indication or similar, I think)

When multiple HTTP[S web sites whare a single IP this technology can be used to identify which certificate to send to a requester.

Spoofing

When a source IP address is faked.

SSH

SSL (Secure Socket Layer)

SOC (System on a Chip)

I believe the RPi is described to be this.

SOC (Security Operations Center)

SSL (Secure Sockets Layer)

SSL labs

A Qualys (so you know it has to be good quality) service where you can test a web site’s SSL certificate.

SSO (Single Sign On)

Steal with Pride

To unashamedly build on someone else’s work.

SVI (Switch virtual Interface)

A layer 3 on-switch routing between vlans on that switch. It’s a Cisco thing.

TAC (Technical Account or something?)

TAM (Technical Account Manager)

Another Cisco term.

Cisco uses this term a lot.

TCP (Transport Control Protocol)

Telnet

Terraform

The epoch

The first moment of January 1st, 1970

TI (Threat Intelligence)

TLP (Traffic Light Protocol)

TLS (Transport Layer Security)

udev rules

udev rules in Linux are used to manage device nodes in the /dev directory. Those nodes are created and removed every time a user connects or disconnects a device.

UI5

SAP’s UI for HTML 5.

Unit testing

UPS (Uninterruptible Power Supply)

URL

UTC (Universal Time Coordinated)

What used to be called GMT.

VLAN

VM (Virtual Machine)

VMWare

Will Broadcom destroy this company the way they did to Bluecoat/Symantec?

VNC (Virtual Networking Computer)

VNC is a software used to remotely control a computer.

VPC (Virtual Private Cloud)

vPC (Virtual Port Channel)

A virtual port channel (vPC) allows links that are physically connected to two different Cisco FEXes to appear as a single port channel by a third device.

VPN – Virtual Private Network

WAF (Web Application Firewall)

Webhook

Website

Wiki

A less formal and usually more collaborative approach to documentation, the prime example being Wikipedia.

Windows PE or Win PE

A small OS for repairing or restoring Windows systems.

WWW (World Wide Web)

x86

A type of processor architecture. Found in most Windows PCs.

YAML

YARA