Phishing & Social Engineering
This term describes a fraudulent email designed to trick the recipient into revealing sensitive information.
What is Phishing?
This type of malware encrypts a victim's files and demands payment for the decryption key.
What is Ransomware?
A security system that monitors and controls incoming and outgoing network traffic based on predetermined rules.
What is a Firewall?
The security practice of requiring at least two different forms of identification before granting access.
What is Multi-Factor Authentication (MFA)?
The process of converting information into a code to prevent unauthorized access.
What is Encryption?
Abbreviated as BEC, this type of phishing targets companies to conduct unauthorized transfers of funds.
What is Business Email Compromise?
Named after a Greek myth, this malware disguises itself as legitimate software to gain access to a system.
What is a Trojan Horse?
This technology creates a secure, encrypted "tunnel" over a public network like the internet
What is a VPN (Virtual Private Network)?
The process of updating software to the latest version to fix security vulnerabilities.
What is Patching?
A one-way mathematical function that turns an input into a fixed-size string of characters, often used for storing passwords.
What is Hashing?
This term refers to phishing attacks specifically conducted over voice calls or VoIP.
What is Vishing?
An exploit that takes advantage of a software vulnerability that is unknown to the vendor and has no available patch.
What is a Zero-Day?
The process where two entities on a network confirm each other's identity and agree on encryption parameters.
What is a Handshake (e.g., TLS Handshake)?
A security model based on the principle of "never trust, always verify," regardless of whether the user is inside the network perimeter.
What is Zero Trust?
Random data added to a password before it is hashed to protect against rainbow table attacks.
What is a Salt?
A highly targeted phishing attack aimed specifically at senior executives or high-profile individuals.
What is Whaling?
A network of infected "zombie" computers controlled by a single attacker to launch massive DDoS attacks.
What is a Botnet?
An attack where the perpetrator secretly relays and possibly alters the communications between two parties who believe they are directly communicating.
What is a Man-in-the-Middle (MitM) attack?
This group of security professionals is hired to simulate an attack on an organization to test its defenses.
What is a Red Team?
In asymmetric encryption, this is the key that can be shared with anyone to encrypt a message meant for you.
What is a Public Key?
The social engineering practice of following an authorized person into a secure area without a badge.
What is Tailgating (or Piggybacking)?
An Advanced Persistent Threat (APT) actor that remains undetected in a network for an extended period to steal data.
What is a "Sleeper" or APT?
This type of scan sends packets to a port without completing the three-way handshake to avoid detection by simple logs.
What is a Stealth Scan (or SYN Scan)?
This international standard provides the framework for an Information Security Management System (ISMS).
What is ISO/IEC 27001?
This concept ensures that even if a long-term private key is compromised, past session keys remain secure.
What is Perfect Forward Secrecy?