Glossary

Address Resolution Protocol (ARP)

A network protocol used to determine the hardware (MAC) address of a device associated with a specified IP address. It is used when a device wants to communicate with another device on the local network. The sending device uses ARP to translate an IP address into a MAC address, enabling it to communicate directly with the device. ARP requests can be seen by all devices on a network.

bind shell

A piece of software that provides a remote attacker with command-line access to a target system by opening a port on the target system to which the attacker’s system can connect. Similar to a reverse shell.

Capture the Flag (CTF)

A game in which hackers attempt to penetrate a specially-designed target system or network. CTFs are a good way to legally practice hacking skills and gain recognition in the hacker community.

enumeration

The process of collecting useful information about a target, such as open ports, software version numbers, etc.

exploit

  1. A piece of software that takes advantage of a vulnerability to compromise a computer system or network.

  2. The act of using such software against a target.

Google Dork / * Dork

A syntactical search recipe enabling users to discover specific information online, such as vulnerable systems or private data.

Google-Fu

The ability to effectively employ search engines to obtain useful information.

hack

  1. To write (software) or modify (software or hardware) in a clever or skillful way.

  2. To gain unauthorized access to computer files, systems, and/or networks.

  3. A clever or skillfully-crafted piece of software or hardware, or a clever or skillful technique.

hacker

  1. An expert or enthusiast of any kind.

  2. One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations.

  3. A person who uses technology to gain unauthorized access to computer files, systems, and/or networks.

hacking

  1. Writing software.

  2. Gaining unauthorized access to data, systems, or networks.

  3. Finding clever or creative solutions to problems.

  4. Splitting something with an axe.

  5. Doing whatever hackers do.

hacktivism

Using hacking techniques and skills to gain unauthorized access to computer files, systems, and/or networks, in order to further social or political ends.

malware

Software designed to disrupt, damage, or gain unauthorized access to computer systems.

Open-Source Intelligence (OSINT)

Data collected from publicly available sources to be used in an intelligence context.

payload

A piece of software included in an exploit, designed to perform a specific task on the target system, such as creating a bind shell or reverse shell.

penetration test / pentest

The use of adversarial tactics to simulate an attack against systems, networks, individuals or groups, with the intent of revealing and mitigating vulnerabilities.

penetration tester / pentester

Someone who conducts penetration tests.

port

A communication endpoint through which software can communicate between different systems on a network.

Remote-Access Trojan (RAT)

A malware program used by intruders to remotely control target systems.

Remote Code Execution (RCE) Vulnerability

A flaw in a piece of software which allows attackers to run arbitrary commands or code on a target machine across a network connection.

report

In the context of a penetration test, a written document containing vulnerabilities, exploits, mitigation and advice, created by the penetration tester for the client.

reverse shell

A piece of software that provides a remote attacker with command-line access to a target system by connecting to a port on the attacker’s system which was opened for this purpose. Similar to a bind shell.

scope

The systems, locations, techniques and tools which can be used in a specific penetration test.

script kiddie / skid

An unskilled individual who uses other people’s tools and exploits without attempting to understand how or why they work.

shell script

A text file that contains a sequence of commands for a Unix-based operating system.

vulnerability

A weakness in a system, network, or other entity, which makes the entity open to abuse or attack.