#1
#2
#3
#4
#5
#6
100

The malicious modification of visual content, typically a form of intimidation or "sending a message".

Defacement

100

Illegal activity that involves a computer, networked device or a network.

Cybercrime

100

Modify existing services, daemons, or agents to establish persistence on the system.

Modify System Process

100

When a data storage resource has the data deleted or corrupted to interrupt availability of the data.

Disk Wipe

100

An echo request packet sent over the maximum size causing issues to freeze or crash.

Ping of Death

100

Security mechanism prohibiting the execution of those programs on a known malicious or undesired list of software.

Blacklist

200

Attacks when an adversary does not take the data, but instead make subtle, stealthy tweaks to data to affect a business process organizational understanding, or decision making.

Data Manipulation

200

The good guy who uses his (or her) capabilities to damage your organization — but only hypothetically. Instead, the real purpose is to uncover security failings in your system in order to help you safeguard your business from the dangerous hackers.

White Hat Hacking

200

Adversaries may break out of a container to gain access to the underlying computing resources. This can allow an adversary access to other containerized resources from the underlying computer level.

Escape to Host

200

Refers to the unintended alteration or damage to the software instructions stored in the permanent software programmed into a read-only memory of a computing device, leading to malfunction or failure of the device.

Firmware Corruption

200

A calling card for ethical hackers to show that a system has been breached or in showing how individuals are susceptible to clicking links when they do not know where they lead.

Rickroll

200

Listening in on a transaction, communication, data transfer or conversation without consent.

Eavesdropping

300

Deleting or disabling various backups or services that would aid in the reconstruction or restoration of an affected computer.

Inhibit System Recovery

300

Using the ability to access, manipulate, or disable computing resources or data to gain social or political power.

Hacktivism

300

The measure of the damage or harm caused by a cyber attack.

Impact Level

300

The unauthorized utilization of a system's computing resources, such as processing power, memory, or network bandwidth, by an attacker or malicious program, often resulting in degraded performance or unavailability of resources for legitimate users.

Resource Hacking

300

A cyber attack is any attempt to harm the functionality of or collect data from a system without proper authorization.

Cyber Attack

300

A type of cyber attack that exploits a vulnerability in software that no one is aware of yet.

Zero Day Attack

400

A security incident in which unauthorized parties gain access to sensitive data or confidential information, including personal data.

Data breach

400

A method of vulnerability testing used by individuals to find exploits and flaws in their systems. This is done by simulating an attack on your system.

Penetration Testing

400

Flooding a server with internet traffic to prevent users from accessing connected online services and sites.

DDOS

400

Falsifying information in a domain name system (DNS) or web proxy for the purpose of harming users.

Cache Poisoning

400

Cyber attack that seeks to damage an organization by targeting less secure elements in the way the organization makes use of computing resources from outside of their control or ownership.

Supply Chain Attack

400

A random string of bits used in an algorithm to scramble and unscramble data.

Encryption Keys

500

Document that provides a comprehensive overview of all security requirements and practices employed to keep your computing devices and data safe.

System Security Plan (SSP)

500

Any action that preserves adversary access to a compromised account, such as modifying credentials or permission groups.

Account Manipulation

500

A computer hacker who regularly violates laws and ethical standards for malicious or self serving reasons.

Black Hat Hacker

500

The act of changing the registration of a domain name without the permission of the original owner, or by abuse of privileges on domain hosting and domain registrar systems.

Domain Hijacking

500

Malware specifically written to take over certain programmable industrial control systems and cause the equipment run by those systems to malfunction.

Stuxnet

500

A string of malicious code inserted intentionally into a program to harm a network as a revenge mechanism on behalf of the writer of the code.

Logic Bomb