This is the collected output of the previous articles:
The process or action of verifying the identity of a user or process. This could be username and password combinations, SSH Keys or combined with something like fingerprints or a hardware token to fully allow the user appropriate access to a resource.
The action, fact or permission of authorizing or being authorized. So, once you’ve authenticated, it’s time to verify your authorization and checking that you’ve got permission to perform an action or view the requested resources. Remember to enact best practices and grant the lowest amount of priveleges that user needs.
Audits typically are only a form of inspection. With regard to cybersecurity, someone is going to inspect an entire segment of your organization or the entire thing in a bid to uncover any form of vulnerability.
ACL – Access Control List
An access control list or ACL for short, is a list of users and their level of access to any system. You could create a list with pre-defined permissions and then assign individual users to it or create policies and assign the users to a policy. Either way, grant your users the least access level possible.
Aircrack-NG is a suite of command-line tools to assess WiFi network security. It does this by focusing on monitoring, attacking, testing or cracking WiFi protocols.
A backdoor is a way in again should your main point of access get compromised and closed down. Typically, you’ll have fought for a good while to gain that toehold and it will suck to start all over again.
Portswigger offers this web security testing toolkit for free with limits and other editions that cost ~$400 to over $4k per seat. You get fine grained control over requests and responses and if you’re a bug bounty hunter, this will be your main application.
When you run a scan of some sort against a machine or network, you might encounter basic info about the machine. It might have a MOTD (Message Of The Day) that tells the software and version or a footnote telling the framework used. This could include the type of web server software in use and you grab that banner for later use.
Botnets are compromised machines that act together to perform attacks. Distributed Denial of Service (DDoS) attacks often take advantage of botnets to do their dirty deeds or they turn the machines into spambots.
A brute-force attack is a rather noisy method of trying to guess a PIN code or password. Typically, you start at 0000 and move up by 1 each time it doesn’t let you in (0001, 0002, 0003+). This can be mitigated by ensuring that you have a certain number of failed attempts before lockout.
Programs have access to a very specific amount of memory on the host machine. When your program tries to store more than it’s meant to, it can overflow into other buffers and leads to corruption of existing data on those other areas. Buffer Overflows are still part of the OSCP training.
When it comes to computing, a cache is either a special portion of memory or a portion of the CPU meant to provide quick access to frequently accessed “things” to maintain efficiency. Why ask for things that are on a slow, spinning disk when you can keep them in the fastest parts of your machine for near-instant access?
A cipher is when you encode or decode some data using one of the many cryptographic algorithms that exist. You will use these often.
Penetration testers rely on being able to send arbirtary code into applications to see if they cause a vulnerability by exploiting a bug in a specific version of an application.
Cross-Site Scripting (XSS)
If a web application doesn’t sanitize user inputs when a script is run, it could lead to you exploiting a system by executing a client-side script on the website.
The rules the government or other agencies define to keep customer sensitive data secure. NIST, ISO and others fill these roles.
An attack on a system with a pre-defined list of information, usually username and password combinations or password hashes.
The act of finding sensitive information in the dumpster or shred bins.
Denial of Service(DoS)/Distributed Denial of Service(DDoS)
A single machine preventing access to a resource by sending too many requests is a denial of service. When multiple machines across a wide area send too many requests, it’s a distributed denial of service attack.
A form of systems designs where you combine DEVelopers and SECurity with OPerations to form your initial system design.
This is a type of vulnerability where an attacker gains access to files and folders present on the server. You could also exploit the server to display system configurations or passwords.
Domain Name System (DNS)
DNS is the translator standing between humans and computers. DNS works by looking up the IP address for Google and making it into 188.8.131.52.
DNS spoofing is an attack technique where you hijack a legitimate request to a site and redirect the user to your malicious site. Often used by phishing attacks.
Encoding and decoding messages with a secret key that only appropriate persons can read the message.
A piece of code that takes advantage of a vulnerability present on the target system. Buffer overflows, for example, can get you root access on the server.
The action of establishing the number of something. In cybersecurity, this usually stands in for mapping out a network after gaining access to a single system.
This is a method of information gathering through active methods such as scanning and enumeration.
Sending an extreme amount of data to a target system in an attempt to exhaust all resources and render the system inaccessible. This could be a Denial of Service attack by a different name.
A software or hardware filter that can be configured to prevent many different sorts of attacks.
A technique which forks processes infinitely on a target system to exhaust all available resources and render the system unavailable.
A form of vulnerability testing where one sends random data in an automated manner to see if a program has appropiate error handling capacity.
Hardening a resource or system is a method of limiting access from the outside. This could be closing unused ports, disabling or enabling different options throughout the OS or web app.
Hash functions in programming are used to maintain or confirm data integrity by mapping fixed values into a string.
A honeypot is an intentionally vulnerable system used to lure attackers. Once the attackers are exploiting the honeypot, you can observe their tactics or feel slightly smug watching them waste their time on a (hopefully) secured and isolated machine.
HIPAA is the Health Insurance Portability and Accountability act and it exists to protect patient privacy for anyone working with healthcare data.
This is a method of ensuring that data a user inputs before sending elsewhere in your system is sanitized and hardened against database vulnerabilities.
The state of being whole and undivided. Fitting since you want to ensure the data received by the client is the same as what the server actually sent. To ensure no tampering of the data has occurred, you’d use hasing or encryption.
Intrusion Detection System (IDS)
These range from software to dedicated hardware but these are similar to firewalls. They can filter in addition to sounding the alarm when someone has made it past your defenses. Tune your alerts accordingly so you don’t inundate your people with false positives.
This is when you change the source IP address of any packet to fool a target machine into thinking the request it received was from a legitimate machine.
JTR is an open-source password security auditing and recovery tool available for most operating systems. It tests for weak passwords and hundreds of additional hashes and ciphers.
Kerberos is the default authorization system used in Microsoft Windows. Kerberos makes use of a much more robust encryption system.
Keyloggers come in either a software or a hardware variety. The aim is the same, capture all keystrokes that the user(s) make on a system.
A logic bomb is a string of malicious code inserted intentionally into a program to harm a machine or the wider network after certain conditions are met.
Lightweight Directory Access Protocol (LDAP)
LDAP is a lightweight client/server protocol on Windows machines, it;s a central part of authentication. LDAP stores usernames and passwords to continually validate users on a network.
Malware is a combination word of “Malicious” and “software”. If the code is dangerous in what it tries to accomplish, it should be malware. Full stop. This covers everything from cryptominers to worms and trojan horses and so on.
Media Access Control address is a unique identifier assigned to a network interface card (NIC) for use as a network address in communications within a network segment. That’s a lot of words to say “every internet device has a MAC address”.
Multi-Factor Authentication (MFA)
If you’re using mre than one method of authentication to access an account, resource or service, you’re using MFA. Most often this is paired with needing a PIN code from a text message or a hardware token or a mobile app like Google’s Authenticator. If you’re not using this with your personal service, you need to sort that, like, right now maaaan.
The Message Digest Algorithm is a crytographically broken but still widely used hash function producing a 128-bit hash value. It had a good run for an algorithm that was first published in 1992.
Released as an all-in-one penetration testing platform meant to aid in the successful exploitation of vulnerable targets.
An advanced Metasploit payload that embraces “living off the land” and persists in memory and is consequently a bit harder to trace.
A method to bypass the protections of various systems. Null bytes (%00, or 0x00) added to URLs can cause the web servers to return random and unwanted data which can then be useful for the attackers.
Network Interface Card (NIC)
This is the hardware in your comptuer that helps you get and stay connected to your network. Most often this is an ethernet port.
Network Address Translation (NAT)
A way to mitigate running out of IP addresses. Every device internally has its own address but when something wants to connect outside, only one external IP is used by the router.
A powerful (and popular) network mapping tool which gives information about what operating system is running, open ports, running services and OS versions.
SImple, yet powerful tool that will view and record data from the NIC on TCP and UDP network connections. This utility is no longer maintained and NCat is now the preferred tool.
Nikto is a powerful web application scanner that is trained to find 6,700+ vulnerabilities from server configuration errors to installed web server software.
Nessus is a commercial alternative to Nmap and provides a detailed list of vulnerabilities following a scan.
Data that is sent and received by systems uses packets to travel through the Intertubes. Packets have data written into them or encapsulated, and contain info such as source/destination IP, protocol(s) and other necessary information.
The act of deciphering a password you don’t know. This attack could use something like JohnTheRipper to guess the hashes of a target computer’s users.
A software vulnerability may allow something like a man-in-the-middle attack to obtain passwords as quietly as possible to avoid detection.
A software update released by the author(s) to fix a bug or vulnerability in any system. (Interesting fact: this comes from the days of punchcards when you would literally patch up the holes you didn’t want read)
Sending fake emails that look like legitimate ones in an effort to steal credentials. Most often make use of fake websites that are carbon copies of the original to trick users into trusting the application.
A broad scan of an entire network range to see if/what systems are online.
Public Key Cryptography
This is an encryption mechanism that issues a user a pair of keys, a private and a public key. The sender can encrypt a message using their public key and the recipient can decrypt or decode the message with their private key.
Public Key Infrastructure (PKI)
PKI is a system designed to create, store and distribute digital certificates.
Personally Identifiable Information (PII)
Any information that identifies a user, full name, social security number, addresses, passport numbers, birthdates and more.
The bit of code that performs a specific function. Typically used in a malicious fashion.
Payment Card Industry-Data Security Standard (PCI-DSS)
A standard that is implemented in any organization that handles credit card data.
Malware that encrypts all the files on your system. It then asks for a ransom, usually in bitcoin, to get the key needed to decrypt your files.
These are pre-calculated password hashes that will aid you in cracking password hashes of the target much more easily.
Finding information about your target(s) using methods like a google search, visiting the company website or using other publicly available data to enhance your profile on the target.
This is rebuilding a piece of software based on the functions it steps through.
This is another form of access or ACL that can be configured to have certain roles such as help desk II or management roles versus developer roles.
Rootkit are hard to detect software that allows for malicious and unauthorized use. Typically, rootkits install themselves so they run everytime the machine is booted.
A fundamental part of recon, you’re going to want to know how the network or resource works, scanning with nmap or nikto/nessus/etc will take advantage of automated scanning for you.
Secure Shell (SSH)
Secure shell is the protocol that establishes an encrypted communication channel between client and server. SSH is instrumental is allowing you to remotely access a server for system administration tasks.
A session is the duration over which a communication channel is open between two or more machines.
Stealing someone’s session via MITM. You can steal the cookies or session tokens needed to move forward and then authenticate as the user.
The art (and apparently science?) of tricking people into helping you with something that’s not in their best interest.
Secure Hashing Algorithm (SHA)
SHA is a widely used family of encryption algorithms. SHA is a one-way algorithm, it should not be considered the same as an encryption algorithm you can decrypt.
Passively watching traffic float by using a MITM attack on the network, sniffing can be performed on wired or wireless networks.
Unwanted digitial communications, includes email, social media messages and more. Typically aims to drive you to a malicious, credential stealing website that looks like the real thing.
System administrators use the systems logging protocol to capture all activity on a server. Typically the logs are stored on a separate server to retain any logs in the event of an attack.
Secure Sockets Layer (SSL)
SSL allows for an encrypted tunnel between a client and server. When you login to Twitter, only the encrypted text is present and not the original password.
Snort is an open-source Intrusion Detection System for Windows and Linux. Works fantastic when paired with an active firewall.
A form of attack on SQL databases where the user input is not validated for dangerous or malicious SQL queries.
Trojans are a type of malware hidden inside software. Trojans tag along with legitimate software and aren’t disclosed to the user. Like the Trojan Horse of old, there is malicious software packed inside of things like pirated games or copies of Microsoft Office.
A handy tool that maps out the route that a packet takes between its source and its destination.
A private, encrypted channel between two or more machines.
Virtual Private Network (VPN)
A subnetwork wrapped within a network. VPNs are all the more common in the post-pandemic World of Work From Home.
A batch of code and instructions created to perform a specific action on targeted systems. A virus has to be triggered to activate, something like clicking on the program on a sketchy USB or opening an unexpected attachment in your email.
A point of attack that is caused by a bug or through intentional or unexpected network design.
Driving through areas of a city mapping out wifi networks. This could also be used maliciously by identifying WAPs without password protection.
The WHOIS database contains information about the owner of a website, it might mention specific nameservers or IP ranges or DNS records.
Open-source network traffic analyzer. Wireshark also allows one to filter out requests and responses for network troubleshooting.
Unlike Trojans and other Virus that need a trigger, worms are capable of replicating themselves and spreading to other network devices.
Wireless Access Point (WAP)
The Wireless Access Point or WAP, for short, is the device that allows wireless devices to connect to the Internet.
Wireless Application Firewall (WAF)
A next-gen firewall or a WAF, is a firewall for web applications that helps mitigate a number of attacks such as cross-site scripting, DoS and other OWASP Top 10 Vulnerabilities.
A newly found vulnerability in a system where there is no patch. Zero-days are dangerous to combat since there is no possible way to protect against one in the wild.
A compromised machine. These are often infected via worms, viruses or trojans and controlled by an attacker. A group of zombies would be a botnet.