Certified Ethical Hacker Vocabulary List

Question 1

Advanced Persistent Threat (APT)

Answer 1

Prolonged and targeted cyberattack in which an intruder gains access to a network and remains undetected.

Question 2

Aircrack-ng

Answer 2

Suite of tools for auditing wireless networks.

Question 3

Backdoor

Answer 3

Hidden method of bypassing normal authentication.

Question 3

Anti-Forensics

Answer 3

Techniques used to thwart forensic analysis.

Question 4

Arpwatch

Answer 4

Tool for monitoring Ethernet activity.

Question 4

BloodHound

Answer 4

Tool for analyzing Active Directory relationships.

Question 5

Black Hat

Answer 5

Hacker who violates computer security for personal gain or malicious reasons.

Question 6

BeEF (Browser Exploitation Framework)

Answer 6

Tool for exploiting web browsers.

Question 6

Cain and Abel

Answer 6

Password recovery tool for Microsoft operating systems.

Question 7

Banner Grabbing

Answer 7

Technique to gain information about a computer system on a network.

Question 8

Cobalt Strike

Answer 8

Adversary simulation software.

Question 9

Blind SQL Injection

Answer 9

SQL injection attack where the attacker cannot see the output of the attack.

Question 9

Botnet

Answer 9

Network of private computers infected with malicious software and controlled as a group.

Question 10

Canary Tokens

Answer 10

Method for identifying unauthorized use by embedding triggers.

Question 11

Credential Dumping

Answer 11

Process of obtaining account credentials.

Question 11

Cyber Kill Chain

Answer 11

Framework developed by Lockheed Martin for understanding cyber attacks.

Question 12

Cryptanalysis

Answer 12

Science of analyzing information systems to study the hidden aspects of the systems.

Question 13

DNS Cache Poisoning

Answer 13

Attack that exploits vulnerabilities in the Domain Name System.

Question 14

Deauthentication Attack

Answer 14

Disrupting the communication between a user and a wireless access point.

Question 14

Data Exfiltration

Answer 14

Unauthorized transfer of data from a computer.

Question 15

Darknet

Answer 15

Overlay network only accessible with specific software, configurations, or authorization.

Question 16

Empire

Answer 16

Post-exploitation framework.

Question 16

Dumpster Diving

Answer 16

Looking for information in garbage that can be used to attack a network.

Question 17

Eavesdropping

Answer 17

Listening to communication between two parties without consent.

Question 18

Exfiltration

Answer 18

Unauthorized transfer of data from a system.

Question 19

Footprinting

Answer 19

Gathering information about a target system.

Question 19

Exploit Kit

Answer 19

Software system designed to run on web servers, identifying software vulnerabilities on client machines.

Question 19

Gatling Gun Attack

Answer 19

High-speed brute-force attack.

Question 20

Gaining Access

Answer 20

Phase of a cyber attack where the attacker breaks into the system.

Question 21

Ghost Phishing

Answer 21

Fake phishing attack used for training.

Question 21

Hypervisor

Answer 21

Software, firmware, or hardware that creates and runs virtual machines.

Question 22

Gray Hat

Answer 22

Hacker who sometimes violates laws or ethical standards but does not have the malicious intent typical of a black hat.

Question 23

Hacktivism

Answer 23

Hacking to promote political ends.

Question 24

Hydra

Answer 24

Password cracking tool.

Question 24

Impacket

Answer 24

Collection of Python classes for working with network protocols.

Question 24

Hping

Answer 24

Packet crafting tool for network security testing.

Question 25

Identity Theft

Answer 25

Stealing someone’s identity to gain access to resources or benefits.

Question 26

Jailbreaking

Answer 26

Removing restrictions on iOS devices.

Question 27

John the Ripper

Answer 27

Password cracking tool.

Question 28

Keylogging

Answer 28

Recording the keys struck on a keyboard.

Question 29

Kismet

Answer 29

Wireless network detector and sniffer.

Question 30

Nmap

Answer 30

Network scanning tool.

Question 30

LFI (Local File Inclusion)

Answer 30

Vulnerability that allows an attacker to include files on a server.

Question 30

Log Poisoning

Answer 30

Adding malicious data to log files.

Question 31

LaZagne

Answer 31

Tool to retrieve passwords stored on a local computer.

Question 31

Lateral Movement

Answer 31

Moving through a network after gaining initial access.

Question 32

Malleable C2

Answer 32

Customizable command and control communication profiles.

Question 33

Mantrap

Answer 33

Physical security device that controls access to a secure area.

Question 33

Maltego

Answer 33

Tool for open-source intelligence and forensics.

Question 34

MITM (Man-in-the-Middle)

Answer 34

Attack where the attacker secretly relays and possibly alters communication.

Question 34

Nikto

Answer 34

Web server scanner.

Question 35

Metasploit

Answer 35

Penetration testing framework.

Question 36

Ncat

Answer 36

Feature-packed networking utility.

Question 37

NoSQL Injection

Answer 37

Injection attack against NoSQL databases.

Question 37

Null Session

Answer 37

Unauthorized connection to a Windows system.

Question 38

NTDS.dit

Answer 38

Database that stores Active Directory data.

Question 39

OWASP ZAP

Answer 39

Web application security scanner.

Question 39

Rainbow Table

Answer 39

Precomputed table for reversing cryptographic hash functions.

Question 39

Pescatore Attack

Answer 39

Wireless attack targeting printers.

Question 40

OSINT (Open Source Intelligence)

Answer 40

Information gathered from publicly available sources.

Question 41

Pass the Hash

Answer 41

Attack that uses the hashed value of a password.

Question 42

Password Spraying

Answer 42

Attempting to gain access to a large number of accounts with a few commonly used passwords.

Question 42

Ransomware

Answer 42

Malware that locks or encrypts files until a ransom is paid.

Question 43

Privilege Escalation

Answer 43

Exploiting a bug or design flaw to gain higher access.

Question 43

Piggybacking

Answer 43

Unauthorized person gaining access to a restricted area by following an authorized person.

Question 43

Pharming

Answer 43

Redirecting website traffic to another, fraudulent website.

Question 44

Pivoting

Answer 44

Using one compromised system to attack other systems.

Question 45

Post-Exploitation

Answer 45

Activities performed after gaining access to a system.

Question 46

PowerShell Empire

Answer 46

Post-exploitation framework using PowerShell.

Question 47

Red Team

Answer 47

Group simulating an attack on an organization to test its defenses.

Question 47

Red Team

Answer 47

Analyzing software to understand its components.

Question 48

Sandboxing

Answer 48

Isolating applications to prevent them from affecting the rest of the system.

Question 49

Shellcode

Answer 49

Set of instructions used as a payload in the exploitation of a vulnerability.

Question 49

Rootkit

Answer 49

Malicious software designed to hide the existence of certain processes.

Question 50

Shoulder Surfing

Answer 50

Observing someone’s screen or keyboard to gain information.

Question 50

Skimming

Answer 50

Stealing credit card information using a skimmer device.

Question 50

Scapy

Answer 50

Packet manipulation tool.

Question 50

Silent Circle

Answer 50

Secure communication platform.

Question 51

Side-Channel Attack

Answer 51

Attack based on information gained from the physical implementation of a system.

Question 51

Shodan

Answer 51

Search engine for Internet-connected devices.

Question 51

Smishing

Answer 51

Phishing conducted through SMS.

Question 52

Social Engineering

Answer 52

Manipulating people into divulging confidential information.

Question 53

Spoofing

Answer 53

Pretending to be something or someone else.

Question 53

Spear Phishing

Answer 53

Targeted phishing attack.

Question 54

SQL Injection

Answer 54

Injection attack where malicious SQL code is executed.

Question 55

Steganography

Answer 55

Concealing messages within another file, message, or image.

Question 55

Tails

Answer 55

Live operating system focused on privacy and anonymity.

Question 56

Teardrop Attack

Answer 56

Attack causing fragmentation of packets.

Question 56

Threat Intelligence

Answer 56

Information about threats to an organization’s security.

Question 57

Tor

Answer 57

Anonymity network directing internet traffic through a free, worldwide, volunteer overlay network.

Question 58

Trojan Horse

Answer 58

Malware disguised as legitimate software.

Question 59

Tunneling

Answer 59

Encapsulating one protocol within another.

Question 59

UAC (User Account Control)

Answer 59

Security feature in Windows to prevent unauthorized changes.

Question 60

Vishing

Answer 60

Phishing conducted through voice calls.

Question 60

Web Shell

Answer 60

Script that can be uploaded to a web server to enable remote administration.

Question 61

Wardriving

Answer 61

Searching for Wi-Fi networks by moving around.

Question 62

Watering Hole Attack

Answer 62

Attack targeting a specific group by infecting websites they frequently visit.

Question 63

Whaling

Answer 63

Targeted phishing attack aimed at high-profile individuals.

Question 64

Wireshark

Answer 64

Network protocol analyzer.

Question 65

Zero-Day

Answer 65

Exploit for a vulnerability that is not yet known to the vendor.