Glossary - Revision history

RagManX: Add GRC, need to fill explanation subsection for GRC.

2026-03-30T22:54:26Z

Add GRC, need to fill explanation subsection for GRC.

← Older revision		Revision as of 22:54, 30 March 2026
Line 19:		Line 19:
	;Fuzzing		;Fuzzing
	: The automated testing of security systems through submission of random, unexpected, or invalid data as inputs to a system designed to accept user data. For a more detailed explanation, please [https://patricegodefroid.github.io/public_psfiles/Fuzzing-101-CACM2020.pdf read this article (PDF)] from Patrice Godefroid		: The automated testing of security systems through submission of random, unexpected, or invalid data as inputs to a system designed to accept user data. For a more detailed explanation, please [https://patricegodefroid.github.io/public_psfiles/Fuzzing-101-CACM2020.pdf read this article (PDF)] from Patrice Godefroid
			;'''GRC (Governance, Risk, and Compliance)'''
	;HIBP (Have I Been Pwned?)		;HIBP (Have I Been Pwned?)
	: A [https://haveibeenpwned.com/ password security website] run by Troy Hunt, it's most well known for tracking security leaks like the RockYou password leak from 2012 (see below) as well as offering a web interface to test visitors' passwords to see if they have been leaked online at some point		: A [https://haveibeenpwned.com/ password security website] run by Troy Hunt, it's most well known for tracking security leaks like the RockYou password leak from 2012 (see below) as well as offering a web interface to test visitors' passwords to see if they have been leaked online at some point

76.192.120.56: Added link to "There is no cloud" counterpoint, plus sticker showing that meme.

2024-11-02T16:24:01Z

Added link to "There is no cloud" counterpoint, plus sticker showing that meme.

← Older revision		Revision as of 16:24, 2 November 2024
Line 4:		Line 4:
	: An attack on an application where more data is sent than the program is prepared to accept, resulting in unexpected application behavior. The concept was possibly first explained in great detail in [http://www.phrack.org/issues/49/16.html Phrack issue 49] way back in 1996 by well-known hacker Aleph1 in his article "[https://inst.eecs.berkeley.edu/~cs161/fa08/papers/stack_smashing.pdf Smashing the Stack for Fun and Profit]"		: An attack on an application where more data is sent than the program is prepared to accept, resulting in unexpected application behavior. The concept was possibly first explained in great detail in [http://www.phrack.org/issues/49/16.html Phrack issue 49] way back in 1996 by well-known hacker Aleph1 in his article "[https://inst.eecs.berkeley.edu/~cs161/fa08/papers/stack_smashing.pdf Smashing the Stack for Fun and Profit]"
	;[https://www.cloudflare.com/learning/cloud/what-is-the-cloud/ Cloud]		;[https://www.cloudflare.com/learning/cloud/what-is-the-cloud/ Cloud]
	: A software platform where another organization supports/manages the software and data storage online that in the past would have been maintained in-house. Sometimes derisively stated as "just someone else's computer"		: A software platform where another organization supports/manages the software and data storage online that in the past would have been maintained in-house. Sometimes derisively stated as "just someone else's computer" (although ZDNet points out why [https://www.zdnet.com/article/stop-saying-the-cloud-is-just-someone-elses-computer-because-its-not/ this is actually incorrect])
			: [[File:There-is-no-cloud-sticker.jpg\|alt=There is no cloud. It's someone else's computer.\|none\|thumb\|179x179px]]
			:
	;Cross-Site Scripting (XSS)		;Cross-Site Scripting (XSS)
	: A web-based attack in which unsanitized inputs to the server results in unexpected behavior by the web client. For a greater discussion of Cross-Site Scripting, [https://cybr.com/courses/cross-site-scripting-xss-the-2021-guide/ see Cybr.com's XSS 2021 Guide]		: A web-based attack in which unsanitized inputs to the server results in unexpected behavior by the web client. For a greater discussion of Cross-Site Scripting, [https://cybr.com/courses/cross-site-scripting-xss-the-2021-guide/ see Cybr.com's XSS 2021 Guide]

RagManX: Add SIEM definition and Wikipedia link.

2023-05-02T20:03:44Z

Add SIEM definition and Wikipedia link.

← Older revision		Revision as of 20:03, 2 May 2023
Line 37:		Line 37:
	;[https://www.oracle.com/applications/what-is-saas/ SaaS (Software as a Service)]		;[https://www.oracle.com/applications/what-is-saas/ SaaS (Software as a Service)]
	: A cloud-based software delivery model in which the cloud provider develops and maintains cloud application software, provides automatic software updates, and makes software available to its customers via the internet on a pay-as-you-go basis		: A cloud-based software delivery model in which the cloud provider develops and maintains cloud application software, provides automatic software updates, and makes software available to its customers via the internet on a pay-as-you-go basis
			;[https://en.wikipedia.org/wiki/Security_information_and_event_management SIEM (Security Information and Event Management)]
			: Real-time analysis of security alerts generated by applications and network hardware
	;[https://www.ibm.com/topics/security-operations-center SOC (Security Operations Center)]		;[https://www.ibm.com/topics/security-operations-center SOC (Security Operations Center)]
	: An in-house or outsourced team of IT security professionals that monitors an organization’s entire IT infrastructure, 24/7, to detect cybersecurity events in real time and address them as quickly and effectively as possible.		: An in-house or outsourced team of IT security professionals that monitors an organization’s entire IT infrastructure, 24/7, to detect cybersecurity events in real time and address them as quickly and effectively as possible.

RagManX: Add OSInt and helpful links for more information.

2023-05-02T20:00:42Z

Add OSInt and helpful links for more information.

← Older revision		Revision as of 20:00, 2 May 2023
Line 22:		Line 22:
	: The response to attacks or malware by the security team		: The response to attacks or malware by the security team
	;OSInt (Open-Source Intelligence)		;OSInt (Open-Source Intelligence)
	: The use of freely available resources to gather information about a target		: The use of freely available resources to gather information about a target. Highly recommended considering [https://cylect.io/ Cylect.io] as a jumping-off point for your OSInt research. Alternatively, view [https://osintframework.com/ the OSInt Framework] for link after link of guidance to further research tools
	;MDR (Managed Detection and Response)		;MDR (Managed Detection and Response)
	: A managed security service where your assets are monitored 24/7 (and you are notified if needed) by SOC staff		: A managed security service where your assets are monitored 24/7 (and you are notified if needed) by SOC staff
Line 36:		Line 36:
	: A company which once developed MySpace widgets and other social networks, they are responsible for [https://techcrunch.com/2009/12/14/rockyou-hack-security-myspace-facebook-passwords/ one of the largest password leaks ever released] onto the Internet		: A company which once developed MySpace widgets and other social networks, they are responsible for [https://techcrunch.com/2009/12/14/rockyou-hack-security-myspace-facebook-passwords/ one of the largest password leaks ever released] onto the Internet
	;[https://www.oracle.com/applications/what-is-saas/ SaaS (Software as a Service)]		;[https://www.oracle.com/applications/what-is-saas/ SaaS (Software as a Service)]
	: A cloud-based software delivery model in which the cloud provider develops and maintains cloud application software, provides automatic software updates, and makes software available to its customers via the internet on a pay-as-you-go basis..		: A cloud-based software delivery model in which the cloud provider develops and maintains cloud application software, provides automatic software updates, and makes software available to its customers via the internet on a pay-as-you-go basis
	;[https://www.ibm.com/topics/security-operations-center SOC (Security Operations Center)]		;[https://www.ibm.com/topics/security-operations-center SOC (Security Operations Center)]
	: An in-house or outsourced team of IT security professionals that monitors an organization’s entire IT infrastructure, 24/7, to detect cybersecurity events in real time and address them as quickly and effectively as possible.		: An in-house or outsourced team of IT security professionals that monitors an organization’s entire IT infrastructure, 24/7, to detect cybersecurity events in real time and address them as quickly and effectively as possible.

RagManX: Deleted double definition for Packet Capture.

2022-10-19T01:13:14Z

Deleted double definition for Packet Capture.

← Older revision		Revision as of 01:13, 19 October 2022
Line 26:		Line 26:
	: A managed security service where your assets are monitored 24/7 (and you are notified if needed) by SOC staff		: A managed security service where your assets are monitored 24/7 (and you are notified if needed) by SOC staff
	;Packet Capture		;Packet Capture
	~~: A means of gathering network or USB traffic for analysis through and network sniffer~~
	: The gathering of network traffic for analysis by a [[network protocol analyzer]]		: The gathering of network traffic for analysis by a [[network protocol analyzer]]
	;Penetration Testing (PenTesting)		;Penetration Testing (PenTesting)

RagManX at 14:25, 14 October 2022

2022-10-14T14:25:29Z

← Older revision		Revision as of 14:25, 14 October 2022
Line 1:		Line 1:
	* Blue Team - Security team members who emphasize defensive security practices such as digital forensics and incident response		;Blue Team
	*Buffer Overflow - An attack on an application where more data is sent than the program is prepared to accept, resulting in unexpected application behavior. The concept was possibly first explained in great detail in [http://www.phrack.org/issues/49/16.html Phrack issue 49] way back in 1996 by well-known hacker Aleph1 in his article "[https://inst.eecs.berkeley.edu/~cs161/fa08/papers/stack_smashing.pdf Smashing the Stack for Fun and Profit]"		: Security team members who emphasize defensive security practices such as digital forensics and incident response
	*[https://www.cloudflare.com/learning/cloud/what-is-the-cloud/ Cloud] - A software platform where another organization supports/manages the software and data storage online that in the past would have been maintained in-house. ~~Derisively known~~ as "just someone else's computer"		;Buffer Overflow
	* Cross-Site Scripting (XSS) - A web-based attack in which unsanitized inputs to the server results in unexpected behavior by the web client. For a greater discussion of Cross-Site Scripting, [https://cybr.com/courses/cross-site-scripting-xss-the-2021-guide/ see Cybr.com's XSS 2021 Guide]		: An attack on an application where more data is sent than the program is prepared to accept, resulting in unexpected application behavior. The concept was possibly first explained in great detail in [http://www.phrack.org/issues/49/16.html Phrack issue 49] way back in 1996 by well-known hacker Aleph1 in his article "[https://inst.eecs.berkeley.edu/~cs161/fa08/papers/stack_smashing.pdf Smashing the Stack for Fun and Profit]"
	*Database -		;[https://www.cloudflare.com/learning/cloud/what-is-the-cloud/ Cloud]
	*DFIR (Digital Forensics and Incident Response) -		: A software platform where another organization supports/manages the software and data storage online that in the past would have been maintained in-house. Sometimes derisively stated as "just someone else's computer"
	* Digital Forensics - The method of examining digital media for evidence of malfeasance		;Cross-Site Scripting (XSS)
	* EDR (Endpoint Detection Response) -		: A web-based attack in which unsanitized inputs to the server results in unexpected behavior by the web client. For a greater discussion of Cross-Site Scripting, [https://cybr.com/courses/cross-site-scripting-xss-the-2021-guide/ see Cybr.com's XSS 2021 Guide]
	*Fuzzing - The automated testing of security systems through submission of random, unexpected, or invalid data as inputs to a system designed to accept user data. For a more detailed explanation, please [https://patricegodefroid.github.io/public_psfiles/Fuzzing-101-CACM2020.pdf read this article (PDF)] from Patrice Godefroid		;Database
	*HIBP (Have I Been Pwned?) - A [https://haveibeenpwned.com/ password security website] run by Troy Hunt, it's most well known for tracking security leaks like the RockYou password leak from 2012 (see below) as well as offering a web interface to test visitors' passwords to see if they have been leaked online at some point		: A means of storing data in a format which allows easier retrieval and analysis
	* Incident Response - The response to attacks or malware by the security team		;DFIR (Digital Forensics and Incident Response)
	* OSInt (Open-Source Intelligence) - The use of freely available resources to gather information about a target		: The combined effect of examining digital media for evidence of unintended alteration and the response to the findings of that analysis
	* MDR (Managed Detection and Response) - A managed security service where your assets are monitored 24/7 (and you are notified if needed) by SOC staff		;Digital Forensics
	*Packet Capture - The gathering of network traffic for analysis by a [[network protocol analyzer]]		: The method of examining digital media for evidence of malfeasance
	*Penetration Testing (PenTesting) - The red team practice of simulating actions of an external attacker but in a more controlled manner. This concept is written up well in the Cisco product & service explanation, [https://www.cisco.com/c/en/us/products/security/what-is-pen-testing.html covering methods and types of pentesting]		;EDR (Endpoint Detection Response)
	* Purple Team -		: The practice of detecting and responding to threats on your network or system
	* Red Team - Security team members who emphasize offensive security practices such as penetration testing		;Fuzzing
	*RockYou - A company which once developed MySpace widgets and other social networks, they are responsible for [https://techcrunch.com/2009/12/14/rockyou-hack-security-myspace-facebook-passwords/ one of the largest password leaks ever released] onto the Internet		: The automated testing of security systems through submission of random, unexpected, or invalid data as inputs to a system designed to accept user data. For a more detailed explanation, please [https://patricegodefroid.github.io/public_psfiles/Fuzzing-101-CACM2020.pdf read this article (PDF)] from Patrice Godefroid
	*[https://www.oracle.com/applications/what-is-saas/ SaaS (Software as a Service)] - A cloud-based software delivery model in which the cloud provider develops and maintains cloud application software, provides automatic software updates, and makes software available to its customers via the internet on a pay-as-you-go basis..		;HIBP (Have I Been Pwned?)
	*[https://www.ibm.com/topics/security-operations-center SOC (Security Operations Center)] - An in-house or outsourced team of IT security professionals that monitors an organization’s entire IT infrastructure, 24/7, to detect cybersecurity events in real time and address them as quickly and effectively as possible.		: A [https://haveibeenpwned.com/ password security website] run by Troy Hunt, it's most well known for tracking security leaks like the RockYou password leak from 2012 (see below) as well as offering a web interface to test visitors' passwords to see if they have been leaked online at some point
	*Structured Query Language (SQL) - The most commonly used means of interacting with a database, SQL is the language used to access, process, or update information in a relational database		;Incident Response
	*SQL Injection - A web attack which uses unsanitized user input to push SQL statements through a web server in order to corrupt a database or extract information from a database. A [https://www.w3schools.com/sql/sql_injection.asp brief write-up of how this can be done] is available from w3schools, and [https://cybr.com/courses/injection-attacks-the-free-guide/ a free course on SQLi] as well as other injection methods is available from Cybr		: The response to attacks or malware by the security team
	*[https://www.microsoft.com/en-us/security/business/security-101/what-is-xdr XDR (Extended Detection and Response)] - An SaaS tool that combines prevention, detection, investigation, and response, providing visibility, analytics, correlated incident alerts, and automated responses to improve data security and combat threats. See also the [https://www.paloaltonetworks.com/cyberpedia/what-is-xdr Palo Alto Networks definition of XDR].		;OSInt (Open-Source Intelligence)
			: The use of freely available resources to gather information about a target
			;MDR (Managed Detection and Response)
			: A managed security service where your assets are monitored 24/7 (and you are notified if needed) by SOC staff
			;Packet Capture
			: A means of gathering network or USB traffic for analysis through and network sniffer
			: The gathering of network traffic for analysis by a [[network protocol analyzer]]
			;Penetration Testing (PenTesting)
			: The red team practice of simulating actions of an external attacker but in a more controlled manner. This concept is written up well in the Cisco product & service explanation, [https://www.cisco.com/c/en/us/products/security/what-is-pen-testing.html covering methods and types of pentesting]
			;Purple Team
			: A security team with members focusing on both Red Team and Blue Team practices
			;Red Team
			: Security team members who emphasize offensive security practices such as penetration testing
			;RockYou
			: A company which once developed MySpace widgets and other social networks, they are responsible for [https://techcrunch.com/2009/12/14/rockyou-hack-security-myspace-facebook-passwords/ one of the largest password leaks ever released] onto the Internet
			;[https://www.oracle.com/applications/what-is-saas/ SaaS (Software as a Service)]
			: A cloud-based software delivery model in which the cloud provider develops and maintains cloud application software, provides automatic software updates, and makes software available to its customers via the internet on a pay-as-you-go basis..
			;[https://www.ibm.com/topics/security-operations-center SOC (Security Operations Center)]
			: An in-house or outsourced team of IT security professionals that monitors an organization’s entire IT infrastructure, 24/7, to detect cybersecurity events in real time and address them as quickly and effectively as possible.
			;Structured Query Language (SQL)
			: The most commonly used means of interacting with a database, SQL is the language used to access, process, or update information in a relational database
			;SQL Injection (SQLi)
			: A web attack which uses unsanitized user input to push SQL statements through a web server in order to corrupt a database or extract information from a database. A [https://www.w3schools.com/sql/sql_injection.asp brief write-up of how this can be done] is available from w3schools, and [https://cybr.com/courses/injection-attacks-the-free-guide/ a free course on SQLi] as well as other injection methods is available from Cybr
			;[https://www.microsoft.com/en-us/security/business/security-101/what-is-xdr XDR (Extended Detection and Response)]
			: An SaaS tool that combines prevention, detection, investigation, and response, providing visibility, analytics, correlated incident alerts, and automated responses to improve data security and combat threats. See also the [https://www.paloaltonetworks.com/cyberpedia/what-is-xdr Palo Alto Networks definition of XDR].

RagManX: Added several new definitions, adjusted some verbiage, and put in new links to external resources.

2022-10-14T12:58:29Z

Added several new definitions, adjusted some verbiage, and put in new links to external resources.

← Older revision		Revision as of 12:58, 14 October 2022
Line 1:		Line 1:
	* Blue Team - Security team members who emphasize defensive security practices such as digital forensics and incident response		* Blue Team - Security team members who emphasize defensive security practices such as digital forensics and incident response
	*Buffer Overflow - An attack on an application where more data is sent than the program is prepared to accept, resulting in unexpected application behavior. The concept was possibly first explained in great detail in [http://www.phrack.org/issues/49/16.html Phrack issue 49] way back in 1996 by well-known hacker Aleph1 in his article "[https://inst.eecs.berkeley.edu/~cs161/fa08/papers/stack_smashing.pdf Smashing the Stack for Fun and Profit]"		*Buffer Overflow - An attack on an application where more data is sent than the program is prepared to accept, resulting in unexpected application behavior. The concept was possibly first explained in great detail in [http://www.phrack.org/issues/49/16.html Phrack issue 49] way back in 1996 by well-known hacker Aleph1 in his article "[https://inst.eecs.berkeley.edu/~cs161/fa08/papers/stack_smashing.pdf Smashing the Stack for Fun and Profit]"
	* [https://www.~~cisa~~.~~gov~~/ ~~CISA (CyberSecurity and Infrastructure Security Agency)~~] - A ~~US government~~ organization ~~dedicated to helping individuals~~ and ~~organizations secure their computing infrastructure~~.		*[https://www.cloudflare.com/learning/cloud/what-is-the-cloud/ Cloud] - A software platform where another organization supports/manages the software and data storage online that in the past would have been maintained in-house. Derisively known as "just someone else's computer"
	* Cross-Site Scripting (XSS) - A web-based attack in which unsanitized inputs to the server results in unexpected behavior by the web client. For a greater discussion of Cross-Site Scripting, [https://cybr.com/courses/cross-site-scripting-xss-the-2021-guide/ see Cybr.com's XSS 2021 Guide]		* Cross-Site Scripting (XSS) - A web-based attack in which unsanitized inputs to the server results in unexpected behavior by the web client. For a greater discussion of Cross-Site Scripting, [https://cybr.com/courses/cross-site-scripting-xss-the-2021-guide/ see Cybr.com's XSS 2021 Guide]
	*Database -		*Database -
			*DFIR (Digital Forensics and Incident Response) -
	* Digital Forensics - The method of examining digital media for evidence of malfeasance		* Digital Forensics - The method of examining digital media for evidence of malfeasance
	*Fuzzing - The automated testing of security systems through submission of random, unexpected, or invalid data as inputs to a system designed to accept user data. For a more detailed explanation, please [https://patricegodefroid.github.io/public_psfiles/Fuzzing-101-CACM2020.pdf read this article] from Patrice Godefroid		* EDR (Endpoint Detection Response) -
	*~~[https://haveibeenpwned.com/~~ HIBP (Have I Been Pwned?)] - A password security website run by Troy Hunt, it's most well known for tracking security leaks like the RockYou password leak from 2012 (see below) as well as offering a web interface to test visitors' passwords to see if they have been leaked online at some point		*Fuzzing - The automated testing of security systems through submission of random, unexpected, or invalid data as inputs to a system designed to accept user data. For a more detailed explanation, please [https://patricegodefroid.github.io/public_psfiles/Fuzzing-101-CACM2020.pdf read this article (PDF)] from Patrice Godefroid
			*HIBP (Have I Been Pwned?) - A [https://haveibeenpwned.com/ password security website] run by Troy Hunt, it's most well known for tracking security leaks like the RockYou password leak from 2012 (see below) as well as offering a web interface to test visitors' passwords to see if they have been leaked online at some point
	* Incident Response - The response to attacks or malware by the security team		* Incident Response - The response to attacks or malware by the security team
	* OSInt (Open-Source Intelligence) - The use of freely available resources to gather information about a target		* OSInt (Open-Source Intelligence) - The use of freely available resources to gather information about a target
			* MDR (Managed Detection and Response) - A managed security service where your assets are monitored 24/7 (and you are notified if needed) by SOC staff
	*Packet Capture - The gathering of network traffic for analysis by a [[network protocol analyzer]]		*Packet Capture - The gathering of network traffic for analysis by a [[network protocol analyzer]]
	*Penetration Testing (PenTesting) - The red team practice of simulating actions of an external attacker but in a more controlled manner. This concept is written up well in the Cisco product & service explanation, [https://www.cisco.com/c/en/us/products/security/what-is-pen-testing.html covering methods and types of pentesting]		*Penetration Testing (PenTesting) - The red team practice of simulating actions of an external attacker but in a more controlled manner. This concept is written up well in the Cisco product & service explanation, [https://www.cisco.com/c/en/us/products/security/what-is-pen-testing.html covering methods and types of pentesting]
Line 14:		Line 17:
	* Red Team - Security team members who emphasize offensive security practices such as penetration testing		* Red Team - Security team members who emphasize offensive security practices such as penetration testing
	*RockYou - A company which once developed MySpace widgets and other social networks, they are responsible for [https://techcrunch.com/2009/12/14/rockyou-hack-security-myspace-facebook-passwords/ one of the largest password leaks ever released] onto the Internet		*RockYou - A company which once developed MySpace widgets and other social networks, they are responsible for [https://techcrunch.com/2009/12/14/rockyou-hack-security-myspace-facebook-passwords/ one of the largest password leaks ever released] onto the Internet
			*[https://www.oracle.com/applications/what-is-saas/ SaaS (Software as a Service)] - A cloud-based software delivery model in which the cloud provider develops and maintains cloud application software, provides automatic software updates, and makes software available to its customers via the internet on a pay-as-you-go basis..
			*[https://www.ibm.com/topics/security-operations-center SOC (Security Operations Center)] - An in-house or outsourced team of IT security professionals that monitors an organization’s entire IT infrastructure, 24/7, to detect cybersecurity events in real time and address them as quickly and effectively as possible.
	*Structured Query Language (SQL) - The most commonly used means of interacting with a database, SQL is the language used to access, process, or update information in a relational database		*Structured Query Language (SQL) - The most commonly used means of interacting with a database, SQL is the language used to access, process, or update information in a relational database
	*SQL Injection - A web attack which uses unsanitized user input to push SQL statements through a web server in order to corrupt a database or extract information from a database. A [https://www.w3schools.com/sql/sql_injection.asp brief write-up of how this can be done] is available from w3schools		*SQL Injection - A web attack which uses unsanitized user input to push SQL statements through a web server in order to corrupt a database or extract information from a database. A [https://www.w3schools.com/sql/sql_injection.asp brief write-up of how this can be done] is available from w3schools, and [https://cybr.com/courses/injection-attacks-the-free-guide/ a free course on SQLi] as well as other injection methods is available from Cybr
			*[https://www.microsoft.com/en-us/security/business/security-101/what-is-xdr XDR (Extended Detection and Response)] - An SaaS tool that combines prevention, detection, investigation, and response, providing visibility, analytics, correlated incident alerts, and automated responses to improve data security and combat threats. See also the [https://www.paloaltonetworks.com/cyberpedia/what-is-xdr Palo Alto Networks definition of XDR].

RagManX: Added CISA and altered HIBP description to move website link.

2022-10-14T12:30:33Z

Added CISA and altered HIBP description to move website link.

RagManX: Added brief promiscuous mode definition.

2022-10-14T03:52:57Z

Added brief promiscuous mode definition.

← Older revision		Revision as of 03:52, 14 October 2022
Line 10:		Line 10:
	*Packet Capture - The gathering of network traffic for analysis by a [[network protocol analyzer]]		*Packet Capture - The gathering of network traffic for analysis by a [[network protocol analyzer]]
	*Penetration Testing (PenTesting) - The red team practice of simulating actions of an external attacker but in a more controlled manner. This concept is written up well in the Cisco product & service explanation, [https://www.cisco.com/c/en/us/products/security/what-is-pen-testing.html covering methods and types of pentesting]		*Penetration Testing (PenTesting) - The red team practice of simulating actions of an external attacker but in a more controlled manner. This concept is written up well in the Cisco product & service explanation, [https://www.cisco.com/c/en/us/products/security/what-is-pen-testing.html covering methods and types of pentesting]
			*Promiscuous Mode - A networking configuration in which all traffic seen by a network device is available to the host system, rather than just traffic destined for the host system
	* Purple Team -		* Purple Team -
	* Red Team - Security team members who emphasize offensive security practices such as penetration testing		* Red Team - Security team members who emphasize offensive security practices such as penetration testing

RagManX: Fix SQL definition, which I totally messed up even though I know better.

2021-11-12T02:49:00Z

Fix SQL definition, which I totally messed up even though I know better.

← Older revision		Revision as of 02:49, 12 November 2021
Line 13:		Line 13:
	* Red Team - Security team members who emphasize offensive security practices such as penetration testing		* Red Team - Security team members who emphasize offensive security practices such as penetration testing
	*RockYou - A company which once developed MySpace widgets and other social networks, they are responsible for [https://techcrunch.com/2009/12/14/rockyou-hack-security-myspace-facebook-passwords/ one of the largest password leaks ever released] onto the Internet		*RockYou - A company which once developed MySpace widgets and other social networks, they are responsible for [https://techcrunch.com/2009/12/14/rockyou-hack-security-myspace-facebook-passwords/ one of the largest password leaks ever released] onto the Internet
	*~~Sequential~~ Query Language (SQL) - The most commonly used means of interacting with a database, SQL is the language used to access, process, or update information in a database		*Structured Query Language (SQL) - The most commonly used means of interacting with a database, SQL is the language used to access, process, or update information in a relational database
	*SQL Injection - A web attack which uses unsanitized user input to push SQL statements through a web server in order to corrupt a database or extract information from a database. A [https://www.w3schools.com/sql/sql_injection.asp brief write-up of how this can be done] is available from w3schools		*SQL Injection - A web attack which uses unsanitized user input to push SQL statements through a web server in order to corrupt a database or extract information from a database. A [https://www.w3schools.com/sql/sql_injection.asp brief write-up of how this can be done] is available from w3schools

← Older revision		Revision as of 12:30, 14 October 2022
Line 1:		Line 1:
	* Blue Team - Security team members who emphasize defensive security practices such as digital forensics and incident response		* Blue Team - Security team members who emphasize defensive security practices such as digital forensics and incident response
	*Buffer Overflow - An attack on an application where more data is sent than the program is prepared to accept, resulting in unexpected application behavior. The concept was possibly first explained in great detail in [http://www.phrack.org/issues/49/16.html Phrack issue 49] way back in 1996 by well-known hacker Aleph1 in his article "[https://inst.eecs.berkeley.edu/~cs161/fa08/papers/stack_smashing.pdf Smashing the Stack for Fun and Profit]"		*Buffer Overflow - An attack on an application where more data is sent than the program is prepared to accept, resulting in unexpected application behavior. The concept was possibly first explained in great detail in [http://www.phrack.org/issues/49/16.html Phrack issue 49] way back in 1996 by well-known hacker Aleph1 in his article "[https://inst.eecs.berkeley.edu/~cs161/fa08/papers/stack_smashing.pdf Smashing the Stack for Fun and Profit]"
			* [https://www.cisa.gov/ CISA (CyberSecurity and Infrastructure Security Agency)] - A US government organization dedicated to helping individuals and organizations secure their computing infrastructure.
	* Cross-Site Scripting (XSS) - A web-based attack in which unsanitized inputs to the server results in unexpected behavior by the web client. For a greater discussion of Cross-Site Scripting, [https://cybr.com/courses/cross-site-scripting-xss-the-2021-guide/ see Cybr.com's XSS 2021 Guide]		* Cross-Site Scripting (XSS) - A web-based attack in which unsanitized inputs to the server results in unexpected behavior by the web client. For a greater discussion of Cross-Site Scripting, [https://cybr.com/courses/cross-site-scripting-xss-the-2021-guide/ see Cybr.com's XSS 2021 Guide]
	*Database -		*Database -
	* Digital Forensics - The method of examining digital media for evidence of malfeasance		* Digital Forensics - The method of examining digital media for evidence of malfeasance
	*Fuzzing - The automated testing of security systems through submission of random, unexpected, or invalid data as inputs to a system designed to accept user data. For a more detailed explanation, please [https://patricegodefroid.github.io/public_psfiles/Fuzzing-101-CACM2020.pdf read this article] from Patrice Godefroid		*Fuzzing - The automated testing of security systems through submission of random, unexpected, or invalid data as inputs to a system designed to accept user data. For a more detailed explanation, please [https://patricegodefroid.github.io/public_psfiles/Fuzzing-101-CACM2020.pdf read this article] from Patrice Godefroid
	*HIBP (Have I Been Pwned?) - A ~~[https://haveibeenpwned.com/~~ password security website] run by Troy Hunt, it's most well known for tracking security leaks like the RockYou password leak from 2012 (see below) as well as offering a web interface to test visitors' passwords to see if they have been leaked online at some point		*[https://haveibeenpwned.com/ HIBP (Have I Been Pwned?)] - A password security website run by Troy Hunt, it's most well known for tracking security leaks like the RockYou password leak from 2012 (see below) as well as offering a web interface to test visitors' passwords to see if they have been leaked online at some point
	* Incident Response - The response to attacks or malware by the security team		* Incident Response - The response to attacks or malware by the security team
	* OSInt (Open-Source Intelligence) - The use of freely available resources to gather information about a target		* OSInt (Open-Source Intelligence) - The use of freely available resources to gather information about a target
	*Packet Capture - The gathering of network traffic for analysis by a [[network protocol analyzer]]		*Packet Capture - The gathering of network traffic for analysis by a [[network protocol analyzer]]
	*Penetration Testing (PenTesting) - The red team practice of simulating actions of an external attacker but in a more controlled manner. This concept is written up well in the Cisco product & service explanation, [https://www.cisco.com/c/en/us/products/security/what-is-pen-testing.html covering methods and types of pentesting]		*Penetration Testing (PenTesting) - The red team practice of simulating actions of an external attacker but in a more controlled manner. This concept is written up well in the Cisco product & service explanation, [https://www.cisco.com/c/en/us/products/security/what-is-pen-testing.html covering methods and types of pentesting]
	*Promiscuous Mode - A networking configuration in which all traffic seen by a network device is available to the host system, rather than just traffic destined for the host system
	* Purple Team -		* Purple Team -
	* Red Team - Security team members who emphasize offensive security practices such as penetration testing		* Red Team - Security team members who emphasize offensive security practices such as penetration testing