Cyber Security Glossary
malware
- Second stage Malware: (more) malware is loaded after exploitation
- Obfuscated connection: connections to C2 servers that dont look like illegitimate connections
- Remote Access Trojan: RAT, software that allows remote access
- Reverse Shell: a way for an attacker to send shell commands to target
- Linux Shared Object: compiled linux code library that is referred to from an executable
- Command & Control (C2): server application that is used to communicate commands to infected hosts
- BusyBox: binary containing linux tools
- Performer: an entity or individual who carries out specific security-related actions or tasks. Here’s a brief explanation:
- Weaponisation: alternative term for exploit development
- Yara: rule format to detect strings in files
- JA3 fingerprint: tls connection properties hashed to detect similar connections
- Linux Process Map: the linux file of a pid that shows which memory is allocated to which component, library or binary
- IOC: Indicator of Compromise, allowing analyst to mitigate a threat
- TTP: Tactic/Techniques/Procedures related to discover malware
- WAF: A web application firewall (WAF) is a specific form of application firewall that filters, monitors, and blocks HTTP traffic to and from a web service.
standards
organisation
- Red teams: ad-hoc team of ethical hackers employed to find ways to exploit IT environments and attempt to breach their defenses.
- Blue teams: team responsible for incident response or security in general.