Ethical Hacking and Penetration Testing
Expert-defined terms from the Professional Certificate in Ethical Leadership in IT Security course at London School of Business and Administration. Free to read, free to share, paired with a globally recognised certification pathway.
Access Control List (ACL) refers to a set of rules used to filter traffic… #
Related terms include firewall rules, network access control, and authentication protocols. In the context of Ethical Hacking and Penetration Testing, understanding ACLs is crucial to identifying vulnerabilities in network security and exploiting them to gain unauthorized access.
Advanced Persistent Threat (APT) is a type of malicious attack where an a… #
Related terms include zero-day exploits, spear phishing, and social engineering. APTs are often used to steal sensitive information or disrupt critical infrastructure, and Ethical Hackers must be aware of the tactics, techniques, and procedures (TTPs) used by APT actors to detect and prevent such attacks.
Authentication is the process of verifying the identity of a user, device… #
Related terms include authorization, identity management, and single sign-on (SSO). In Ethical Hacking and Penetration Testing, authentication mechanisms are often targeted by attackers to gain unauthorized access to sensitive resources.
Botnet is a network of compromised devices (bots) controlled by an attack… #
Related terms include command and control (C2) servers, zombie networks, and malware botnets. In Ethical Hacking and Penetration Testing, understanding botnet architectures and communication protocols is essential to disrupting and mitigating botnet-based attacks.
Buffer Overflow is a type of vulnerability that occurs when more data is… #
Related terms include stack-based overflows, heap-based overflows, and format string vulnerabilities. Ethical Hackers must be able to identify and exploit buffer overflows to demonstrate the vulnerabilities of a system or application.
Certificate Authority (CA) is an entity that issues digital certificates… #
Related terms include public key infrastructure (PKI), SSL/TLS certificates, and certificate chaining. In Ethical Hacking and Penetration Testing, understanding CA trust models and certificate validation processes is crucial to identifying vulnerabilities in secure communication protocols.
Cloud Computing refers to a model of delivering computing resources over… #
Related terms include infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS). Ethical Hackers must be aware of the security risks and challenges associated with cloud computing, such as data breaches, unauthorized access, and denial-of-service attacks.
Command and Control (C2) Server is a centralized server used by attackers… #
Related terms include botnet architectures, malware communication protocols, and reverse engineering. In Ethical Hacking and Penetration Testing, identifying and disrupting C2 servers is essential to mitigating botnet-based attacks.
Cross #
Site Scripting (XSS) is a type of vulnerability that occurs when an attacker injects malicious code into a web application, which is then executed by the user's browser. Related terms include stored XSS, reflected XSS, and DOM-based XSS. Ethical Hackers must be able to identify and exploit XSS vulnerabilities to demonstrate the weaknesses of web applications.
Denial of Service (DoS) is a type of attack that attempts to make a syste… #
Related terms include distributed denial-of-service (DDoS) attacks, amplification attacks, and botnet-based attacks. In Ethical Hacking and Penetration Testing, understanding DoS attack techniques and mitigation strategies is essential to protecting systems and networks from disruption.
Encryption is the process of converting plaintext data into ciphertext… #
Related terms include decryption, cryptography, and key management. Ethical Hackers must be aware of encryption algorithms, protocols, and techniques used to protect data, as well as methods to bypass or exploit encryption mechanisms.
Firewall is a network security system that monitors and controls incoming… #
Related terms include network access control, intrusion detection systems (IDS), and intrusion prevention systems (IPS). In Ethical Hacking and Penetration Testing, understanding firewall configurations and rule sets is crucial to identifying vulnerabilities in network security.
Honeypot is a decoy system or resource that appears valuable to attackers… #
Related terms include honeynet, deception technology, and threat intelligence. Ethical Hackers use honeypots to detect and study attacker behavior, as well as to identify vulnerabilities in systems and networks.
Identity Management refers to the process of managing and verifying the <… #
Related terms include authentication, authorization, and access control. In Ethical Hacking and Penetration Testing, understanding identity management systems and protocols is essential to identifying vulnerabilities in authentication and authorization mechanisms.
Intrusion Detection System (IDS) is a network security system that monito… #
Related terms include intrusion prevention systems (IPS), network access control, and security information and event management (SIEM) systems. Ethical Hackers must be aware of IDS technologies and techniques used to detect and prevent intrusions.
Malware is malicious software designed to harm or exploit a system… #
Related terms include malware analysis, reverse engineering, and threat intelligence. In Ethical Hacking and Penetration Testing, understanding malware types, behaviors, and propagation methods is crucial to identifying vulnerabilities in systems and networks.
Man #
in-the-Middle (MitM) is a type of attack where an attacker intercepts and alters communication between two parties, often to steal sensitive information or inject malware. Related terms include SSL stripping, DNS spoofing, and ARP spoofing. Ethical Hackers must be able to identify and exploit MitM vulnerabilities to demonstrate the weaknesses of secure communication protocols.
Network Segmentation refers to the process of dividing a network into sma… #
Related terms include virtual local area networks (VLANs), access control lists (ACLs), and network access control. In Ethical Hacking and Penetration Testing, understanding network segmentation strategies and technologies is essential to identifying vulnerabilities in network security.
Penetration Testing is a simulated attack on a system or network to test… #
Related terms include vulnerability assessment, risk assessment, and security auditing. Ethical Hackers use penetration testing to demonstrate the weaknesses of a system or network and provide recommendations for remediation.
Phishing is a type of social engineering attack that attempts to trick… #
Related terms include spear phishing, whaling, and business email compromise (BEC). In Ethical Hacking and Penetration Testing, understanding phishing tactics and techniques is crucial to identifying vulnerabilities in user behavior and security awareness.
Privilege Escalation is a type of vulnerability that occurs when an attac… #
Related terms include privilege abuse, access control, and identity management. Ethical Hackers must be able to identify and exploit privilege escalation vulnerabilities to demonstrate the weaknesses of access control mechanisms.
Remote Access Tool (RAT) is a type of malware that allows an attacker to… #
Related terms include backdoors, Trojan horses, and botnets. In Ethical Hacking and Penetration Testing, understanding RAT architectures and communication protocols is essential to disrupting and mitigating RAT-based attacks.
Risk Assessment is the process of identifying and evaluating security<… #
Related terms include risk management, vulnerability assessment, and penetration testing. Ethical Hackers use risk assessment to identify and prioritize security risks, as well as to provide recommendations for remediation.
Rootkit is a type of malware that hides the presence of an attacke… #
Related terms include backdoors, Trojan horses, and bootkits. In Ethical Hacking and Penetration Testing, understanding rootkit architectures and detection methods is crucial to identifying and removing rootkits from compromised systems.
Secure Sockets Layer/Transport Layer Security (SSL/TLS) is a protocol use… #
Related terms include HTTPS, certificate authorities, and public key infrastructure (PKI). Ethical Hackers must be aware of SSL/TLS vulnerabilities and exploitation techniques, such as SSL stripping and certificate impersonation.
Social Engineering is a type of attack that attempts to trick user… #
Related terms include phishing, pretexting, and baiting. In Ethical Hacking and Penetration Testing, understanding social engineering tactics and techniques is crucial to identifying vulnerabilities in user behavior and security awareness.
Trojan Horse is a type of malware that disguises itself as legitimate<… #
Related terms include backdoors, rootkits, and remote access tools (RATs). Ethical Hackers must be able to identify and exploit Trojan horse vulnerabilities to demonstrate the weaknesses of system or network security.
Virtual Private Network (VPN) is a technology used to create a secure<… #
Related terms include SSL/TLS, IPsec, and VPN protocols. In Ethical Hacking and Penetration Testing, understanding VPN architectures and vulnerabilities is essential to identifying and exploiting weaknesses in secure communication protocols.
Vulnerability Assessment is the process of identifying and evaluating … #
Related terms include penetration testing, risk assessment, and security auditing. Ethical Hackers use vulnerability assessment to identify and prioritize security vulnerabilities, as well as to provide recommendations for remediation.
Web Application Firewall (WAF) is a security system that monitors and con… #
Related terms include intrusion detection systems (IDS), intrusion prevention systems (IPS), and security information and event management (SIEM) systems. In Ethical Hacking and Penetration Testing, understanding WAF configurations and rule sets is crucial to identifying vulnerabilities in web application security.
Zero #
Day Exploit is a type of vulnerability that is unknown to the vendor or developer, and is often exploited by attackers before a patch or fix is available. Related terms include advanced persistent threats (APTs), spear phishing, and social engineering. Ethical Hackers must be aware of zero-day exploit techniques and mitigation strategies to protect systems and networks from unknown vulnerabilities.
Zone Transfer is a process used to transfer DNS zone data between DNS ser… #
Related terms include DNS spoofing, DNS amplification, and domain name system (DNS) security. In Ethical Hacking and Penetration Testing, understanding zone transfer protocols and vulnerabilities is essential to identifying and exploiting weaknesses in DNS security.