Cyber Security Glossary

malware

• Second stage Malware: (more) malware is loaded after exploitation
• Obfuscated connection: connections to C2 servers that dont look like illegitimate connections
• Remote Access Trojan: RAT, software that allows remote access
• Reverse Shell: a way for an attacker to send shell commands to target
• Linux Shared Object: compiled linux code library that is referred to from an executable
• Command & Control (C2): server application that is used to communicate commands to infected hosts
• BusyBox: binary containing linux tools
• Performer: an entity or individual who carries out specific security-related actions or tasks. Here’s a brief explanation:
• Weaponisation: alternative term for exploit development
• Yara: rule format to detect strings in files
• JA3 fingerprint: tls connection properties hashed to detect similar connections
• Linux Process Map: the linux file of a pid that shows which memory is allocated to which component, library or binary
• IOC: Indicator of Compromise, allowing analyst to mitigate a threat
• TTP: Tactic/Techniques/Procedures related to discover malware
• WAF: A web application firewall (WAF) is a specific form of application firewall that filters, monitors, and blocks HTTP traffic to and from a web service.

standards

• SBOM: Software Bill Of Materials

organisation

• Red teams: ad-hoc team of ethical hackers employed to find ways to exploit IT environments and attempt to breach their defenses.
• Blue teams: team responsible for incident response or security in general.