Attack
A method of vulnerability testing used by individuals to find exploits and flaws in their systems. This is done by simulating an attack on your system.
Penetration Testing
A security incident in which unauthorized parties gain access to sensitive data or confidential information, including personal data.
Data breach
Flooding a server with internet traffic to prevent users from accessing connected online services and sites.
DDoS
Illegal activity that involves a computer, networked device or a network.
Cybercrime
The good guy who uses his (or her) capabilities to damage your organization — but only hypothetically. Instead, the real purpose is to uncover security failings in your system in order to help you safeguard your business from the dangerous hackers.
White Hat Hacking
Any action that preserves adversary access to a compromised account, such as modifying credentials or permission groups.
Account Manipulation
Attacks where an adversary does not take the data, but instead makes subtle, stealthy tweaks to data to affect a business process, organizational understanding, or decision-making.
Data Manipulation
Document that provides a comprehensive overview of all security requirements and practices employed to keep your computing devices and data safe.
System Security Plan (SSP)
A calling card for ethical hackers to show that a system has been breached or to show how individuals are susceptible to clicking links when they do not know where they lead.
Rickroll
Using the ability to access, manipulate, or disable computing resources or data to gain social or political power.
Hacktivism
The measure of the damage or harm caused by a cyber attack.
Impact Level
Listening in on a transaction, communication, data transfer or conversation without consent.
Eavesdropping
Refers to the unintended alteration or damage to the software instructions stored in the permanent software programmed into a read-only memory of a computing device, leading to malfunction or failure of the device.
Firmware Corruption
The unauthorized utilization of a system's computing resources, such as processing power, memory, or network bandwidth, by an attacker or malicious program, often resulting in degraded performance or unavailability of resources for legitimate users.
Resource Hijacking
Modify existing services, daemons, or agents to establish persistence on the system.
Modify System Process
A random string of bits used in an algorithm to scramble and unscramble data.
Encryption Keys
When a data storage resource has the data deleted or corrupted to interrupt the availability of the data.
Disk Wipe
Falsifying information in a domain name system (DNS) or web proxy for the purpose of harming users.
Cache Poisoning
An echo request packet sent over the maximum size causing issues to freeze or crash.
Ping of Death
Adversaries may break out of a container to gain access to the underlying computing resources. This can allow an adversary access to other containerized resources from the underlying computer level.
Escape to Host
The act of changing the registration of a domain name without the permission of the original owner, or by abuse of privileges on domain hosting and domain registrar systems.
Domain Hijacking
The malicious modification of visual content, typically a form of intimidation or "sending a message".
Defacement
Deleting or disabling various backups or services that would aid in the reconstruction or restoration of an affected computer.
Inhibit System Recovery
A string of malicious code inserted intentionally into a program to harm a network as a revenge mechanism on behalf of the writer of the code.
Logic Bomb
A computer hacker who regularly violates laws and ethical standards for malicious or self-serving reasons.
Black Hat Hacker