Cat 1
Cat 2
Cat 3
Cat 4
Cat 5
100

A user-definable value that can affect the way running processes will behave on a computer.

Environment Variable

100

An attack where an algorithm systematically checks all possible passwords and passphrases until the correct one is found.

Brute Force

100

The most popular and classic text editor in the Linux family.

vi

100

A method of securely connecting a series of computers and devices in a virtual connection pool, with each user’s IP address being replaced by the network's address

VPN

100

A special isolated folder on a machine's hard disk where the suspicious files detected by antivirus and antimalware protection are placed to prevent further spread of malicious code.

Quarantine

200

A team-based competition in which participants use cybersecurity tools and techniques to find hidden clues or "flags" in the target systems.

CTF event

200

Refers to an organization’s processes and technologies for detecting and dealing with cyber threats, security breaches or cyberattacks.

Incident Response

200

A common command line TCP/IP networking utility available in most versions of Windows, Linux, and Unix to display information on current network connections.

netstat

200

A set of rules that specifies which users or systems are granted or denied permissions to a particular object or system resource.

Access Control List (ACL)

200

Branch of criminal science that focuses on identifying, acquiring, processing, analyzing, and reporting on data stored electronically.

Digital Forensics

300

A Linux system command that returns the registered name of the system.

hostname

300

A file system command which is used for changing the attributes of a file in a directory.

chattr

300

Networking utility with the help of TCP/IP protocol which reads and writes data across network connections.

netcat

300

A type of cyberattack where an attacker positions themselves between a user and an application, either to eavesdrop or to impersonate one of the parties, making it appear as if a normal exchange of information is underway.

Man in the Middle

300

Extracting a system’s key information details such as valid usernames, machine names, share names, directory names, etc.

Enumeration

400

A set of suspected spam or fake emails.

Graylist

400

A type of malicious software that can replicate itself and spread quickly without human interaction.

Worm

400

A software tool designed to test password strength, brute-force encrypted (hashed) passwords, and crack passwords via dictionary attacks

John the Ripper

400

A regular UNIX shell, similar to bash, which does not allow the user to do certain things, like launching certain commands, changing the current directory, and others.

Restricted Shell

400

An incident response tool that aids in the analysis of a potentially compromised endpoint through a memory dump, including various file structures.

Redline

500

Programs that leverage vulnerabilities of the core functionality of an operating system to execute arbitrary code with elevated permissions.

Kernel Exploits

500

Computer software that adds new functions to a host program without altering the host program itself.

plug-in

500

An attack that floods a server with internet traffic to prevent users from accessing connected online services and sites.

DDoS

500

Sensitive data that uniquely identifies a person from all others.

PII

500

Senses anomalous time slices and messages in Linux logs using statistical learning.Senses anomalous time slices and messages in Linux logs using statistical learning.

Detection Engine

M
e
n
u