Not in alphabetical order. Updated regularly. Search with CTRL+F
- SOC – Security Operations Center
- SIEM – Security Information and Event Management software
- SOAR – Security Orchestration, Automation and Response
- UEBA – User Entity Behaviour Analytics
- KPI – Key Performance Indicators
- APT – Advanced Persistent Threat
- DOS – Denial Of Service
- DDOS – Distributed Denial Of Service
- RaaS – Ransomware as a Service
- IOT – Internet Of Things
- GDPR – General Data Protection Regulation
- OVF – Open Virtualization Format
- SecOps – Security Operations
- TacOps – Tactical Operations
- OpSec – Operational Security
- WMI – Windows Manegement Instrumentation
- NIDS – Network Intrusion Detection System
- BYOD – Bring Your Own Device
- FTP – File Transfer Protocol
- SSH – Secure Shell Protocol
- DNS – Domain Name System
- TLD – Top Level Domain
- SNMP – Simple Network Management Protocol
- DHCP – Dynamic Host Configuration Protocol
- AES – Advanced Encryption Standard
- VPN – Virtual Private Network
- DaaS – Desktop as a Service
- CLI – Command Line Interface
- API – Application Programming Interface
- OLE – Object Linking and Embedding
- MBR – Master Boot Record
- ICMP – Internet Control Message Protocol
- TCP – Transmission Control Protocol
- UDP – User Datagram Protocol
- ISP – Internet Service Provider
- NIC – Network Interface Controller
- MAC – Media Access Control
- ARP – Adress Resolution Protocol
- NAT – Network Address Translation
- NTP – Network Time Protocol
- TLL – Time To Live
- FCS – Frame Check Sequence
- CAM – Content-Addressable Memory
- IP – Internet Protocol
- OS – Operating System
- IDS – Intrusion Detection Systems
- IPS – Intrusion Prevention Systems
- HIPS – Host-based Intrusion Prevention Systems
- HIDS – Host-based Intrusion Detection Systems
- ISP – Internet Service Providers
- ACL – Access Control List
- PLC – Programmable Logic Controller
- BSS – Basic Service Set
- PDU – Protocol Data Units
- DAD – Duplicate Address Detection
- RTS – Ready To Send
- CTS – Clear To Send
- AP – Access Point
- WAP – Wireless Access Point
- SSID – Service Set IDentifier
- WLAN – Wireless Local Area Network
- VLAN – Virtual Local Area Network
- LAN – Local Area Network
- WAN – Wide Area Network
- OSPF – Open Shortest Path First
- RIP – Routing Information Protocol
- LPM – Longest Prefix Match
- IOC – Indicators Of Compromise
- IOA – Indicators Of Attack
- STP – Spanning Tree Protocol
- DMZ – Demilitarized Zone
- ZFW – Zone-based policy Firewall
- CISA – US Cybersecurity Infrastructure and Security Agency
- AIS – Automated Indicator Sharing
- NCSA – National Cyber Security Alliance
- ENISA – European Union Agency for Cybersecurity
- IETF – Enternet Engineering Task Force
- SQL – Structured Query Language
- AIS – Automated Indicator Sharing
- CVE – Common Vulnerabilities and Exposures
- CTI – Cyber Threat Intelligence
- STIX – Structured Threat Information Expression
- TAXII – Thrusted Automated Exchange of Indicator Information
- FIRST – Forum of Incident Responce and Security Teams
- MISP – Malware Information Sharing Platform
- CIS – Centre for Internet Security
- TIP – Threat Intelligence Plattforms
- NIST – National Institute of Standards and Technology
- HMAC – Hash Message Authentication Code
- KDE – Key Derivation Function
- CVSS – Common Vulnerability Scoring System
- NVD – National Vulnerability Database
- PKI – Public Key Infrastructure
- CA – Certificate Authority
- ISMS – Information Security Management System
- AAA – Authentication, Authorization and Accounting
- RADIUS – Remote Authentication Dial-In User Service
- TACACS – Terminal Access Controller Access-Control System
- PII – Personally Identifiable Information
- PHI – Protected (Personal) Health Information
- PSI – Personal Security Information
- Amateurs – Also known as scrips-kiddies. Little or no skills. Uses pre-made programs or scripts to create chaos or show off skills.
- Hacktivists – Driven by political, religious or ideological purposes. Usually destroys, corrupts or steals data, but not for financial gain.
- Criminals – Driven by financial gain. ”It’s just business”.
- Nation states – Or criminal organisations paid by nation states. State-sponsored cyberespionage or cyberwarfare.
- Vulnerability brokers – Refers to grey hat hackers who attempt to discover exploits and report them to vendors or companies, sometimes for prizes or rewards.
- Black hats – Criminal hackers. Extremely unethical. For financial gain. Usually don’t distinguish between victims, this is why hospitals and other sensitive functions are somtimes their target.
- Gray hats – Usually hack organisations in a criminal and unethical way buy later reveal their findings publicly or directly to the company so that security can be improved. Are sometimes rewarded financially for their findings.
- White hats – Ethical hacker. Often working for security companies.
Red Team – Offensive.
Blue Team – Defensive. Most common.
- Botnet – A network of infected computers controlled as a group
- C&C – Command and Control server. Often used to describe the node or controlling computer in botnets.
Types of malwares and exploits
Malware – Collective name for different types of viruses, worms and trojans.
Worm – Designed to be replicated and to spread across networks.
Virus – Designed to inject itself into regular programs or processes.
Trojan horse – A malware embedded in a normal file or program.
Spyware – Usually a trojan. Can be a keylogger. Spies on users browsing history and or/credit card information.
Adware – Virus that displays illicit/unwanted advertisements.
Keylogger – Logs keystrokes. Can be a spyware virus, USB stick or a hijacked bluetooth keyboard.
Ransomware – Encrypts the computer and forces the user to pay a ransom to unlock. Often in Bitcoin or other cryptocyrency.
Root kit – A virus, trojan, keylogger e.g that is hidden ”deep” inside the computer without detection with comprehensive admin privileges. Hard to find. Usually mask itself as a legitimate program or as a part of the OS.
SQL injection – Threat actors can exploit vulnerabilities in databases using string query to gain access to passwords, social security numbers, phone numbers and so on.
Zero Day Exploit – Vulnerabilities not yet detected and/or patched for. A virus can use the exploit to gain access to the machine.
Man in the middle attack – (MiTM) A MiTM attack occurs when threat actors have positioned themselves between a source and destination. They can now actively monitor, capture, and control the communication transparently.
A routine to keep the computer updated, remove trash and downloaded files, changing/updating passwords, unsubscribing to unwanted newsletters, deleting unused accounts, using multi-factor authentication, shutting down the computer when it’s not used and so on. Should be used both personally and at companies.
Ensures that data is hidden per default and only accessible to authorized users. This is enforced via encryption when stored, transferred or processed.
Ensures accuracy and completeness of stored data when stored, transferred or processed. Integrity makes sure that data has not been modified or omitted. Is enforced through hashes.
Ensures that data is available when required. Availability is enforced through redundancy and load balancing with multiple servers and several connections, e.g multiple incoming fiber-connections.
SOC – Security Operations Centre
Roles in the SOC:
- Tier 1 – Monitor incidents, open tickets, basic threat mitigation
- Tier 2 – Deep investigation
- Tier 3 – In-depth knowledge, threat hunting, preventive measures
- SOC manager – SOC admin overseeing operations.
- Dwell Time –
- Mean Time to Detect (MTTD) –
- Mean Time to Respond (MTTR) –
- Mean Time to Contain (MTTC) –
- Time to Control –
PDU = Protocol Data Units
- Data = PDU at application layer
- Segment = PDU at transport layer
- TCP = Segments
- UDP = Datagram
- Packet = PDU at network layer
- Frame = PDU at data link layer
- Bits = PDU at physical layer