Certified Ethical Hacker Vocabulary List Flashcards
Advanced Persistent Threat (APT)
Prolonged and targeted cyberattack in which an intruder gains access to a network and remains undetected.
Aircrack-ng
Suite of tools for auditing wireless networks.
Backdoor
Hidden method of bypassing normal authentication.
Anti-Forensics
Techniques used to thwart forensic analysis.
Arpwatch
Tool for monitoring Ethernet activity.
BloodHound
Tool for analyzing Active Directory relationships.
Black Hat
Hacker who violates computer security for personal gain or malicious reasons.
BeEF (Browser Exploitation Framework)
Tool for exploiting web browsers.
Cain and Abel
Password recovery tool for Microsoft operating systems.
Banner Grabbing
Technique to gain information about a computer system on a network.
Cobalt Strike
Adversary simulation software.
Blind SQL Injection
SQL injection attack where the attacker cannot see the output of the attack.
Botnet
Network of private computers infected with malicious software and controlled as a group.
Canary Tokens
Method for identifying unauthorized use by embedding triggers.
Credential Dumping
Process of obtaining account credentials.
Cyber Kill Chain
Framework developed by Lockheed Martin for understanding cyber attacks.
Cryptanalysis
Science of analyzing information systems to study the hidden aspects of the systems.
DNS Cache Poisoning
Attack that exploits vulnerabilities in the Domain Name System.
Deauthentication Attack
Disrupting the communication between a user and a wireless access point.
Data Exfiltration
Unauthorized transfer of data from a computer.
Darknet
Overlay network only accessible with specific software, configurations, or authorization.
Empire
Post-exploitation framework.
Dumpster Diving
Looking for information in garbage that can be used to attack a network.
Eavesdropping
Listening to communication between two parties without consent.
Exfiltration
Unauthorized transfer of data from a system.
Footprinting
Gathering information about a target system.
Exploit Kit
Software system designed to run on web servers, identifying software vulnerabilities on client machines.
Gatling Gun Attack
High-speed brute-force attack.
Gaining Access
Phase of a cyber attack where the attacker breaks into the system.
Ghost Phishing
Fake phishing attack used for training.
Hypervisor
Software, firmware, or hardware that creates and runs virtual machines.
Gray Hat
Hacker who sometimes violates laws or ethical standards but does not have the malicious intent typical of a black hat.
Hacktivism
Hacking to promote political ends.
Hydra
Password cracking tool.
Impacket
Collection of Python classes for working with network protocols.
Hping
Packet crafting tool for network security testing.
Identity Theft
Stealing someone’s identity to gain access to resources or benefits.
Jailbreaking
Removing restrictions on iOS devices.
John the Ripper
Password cracking tool.
Keylogging
Recording the keys struck on a keyboard.
Kismet
Wireless network detector and sniffer.
Nmap
Network scanning tool.
LFI (Local File Inclusion)
Vulnerability that allows an attacker to include files on a server.
Log Poisoning
Adding malicious data to log files.
LaZagne
Tool to retrieve passwords stored on a local computer.
Lateral Movement
Moving through a network after gaining initial access.
Malleable C2
Customizable command and control communication profiles.
Mantrap
Physical security device that controls access to a secure area.
Maltego
Tool for open-source intelligence and forensics.
MITM (Man-in-the-Middle)
Attack where the attacker secretly relays and possibly alters communication.
Nikto
Web server scanner.
Metasploit
Penetration testing framework.
Ncat
Feature-packed networking utility.
NoSQL Injection
Injection attack against NoSQL databases.
Null Session
Unauthorized connection to a Windows system.
NTDS.dit
Database that stores Active Directory data.
OWASP ZAP
Web application security scanner.
Rainbow Table
Precomputed table for reversing cryptographic hash functions.
Pescatore Attack
Wireless attack targeting printers.
OSINT (Open Source Intelligence)
Information gathered from publicly available sources.
Pass the Hash
Attack that uses the hashed value of a password.
Password Spraying
Attempting to gain access to a large number of accounts with a few commonly used passwords.
Ransomware
Malware that locks or encrypts files until a ransom is paid.
Privilege Escalation
Exploiting a bug or design flaw to gain higher access.
Piggybacking
Unauthorized person gaining access to a restricted area by following an authorized person.
Pharming
Redirecting website traffic to another, fraudulent website.
Pivoting
Using one compromised system to attack other systems.
Post-Exploitation
Activities performed after gaining access to a system.
PowerShell Empire
Post-exploitation framework using PowerShell.
Red Team
Group simulating an attack on an organization to test its defenses.
Red Team
Analyzing software to understand its components.
Sandboxing
Isolating applications to prevent them from affecting the rest of the system.
Shellcode
Set of instructions used as a payload in the exploitation of a vulnerability.
Rootkit
Malicious software designed to hide the existence of certain processes.
Shoulder Surfing
Observing someone’s screen or keyboard to gain information.
Skimming
Stealing credit card information using a skimmer device.
Scapy
Packet manipulation tool.
Silent Circle
Secure communication platform.
Side-Channel Attack
Attack based on information gained from the physical implementation of a system.
Shodan
Search engine for Internet-connected devices.
Smishing
Phishing conducted through SMS.
Social Engineering
Manipulating people into divulging confidential information.
Spoofing
Pretending to be something or someone else.
Spear Phishing
Targeted phishing attack.
SQL Injection
Injection attack where malicious SQL code is executed.
Steganography
Concealing messages within another file, message, or image.
Tails
Live operating system focused on privacy and anonymity.
Teardrop Attack
Attack causing fragmentation of packets.
Threat Intelligence
Information about threats to an organization’s security.
Tor
Anonymity network directing internet traffic through a free, worldwide, volunteer overlay network.
Trojan Horse
Malware disguised as legitimate software.
Tunneling
Encapsulating one protocol within another.
UAC (User Account Control)
Security feature in Windows to prevent unauthorized changes.
Vishing
Phishing conducted through voice calls.
Web Shell
Script that can be uploaded to a web server to enable remote administration.
Wardriving
Searching for Wi-Fi networks by moving around.
Watering Hole Attack
Attack targeting a specific group by infecting websites they frequently visit.
Whaling
Targeted phishing attack aimed at high-profile individuals.
Wireshark
Network protocol analyzer.
Zero-Day
Exploit for a vulnerability that is not yet known to the vendor.
