Phishing
Fake message to steal credentials
1/37
| Term | Definition |
|---|---|
Phishing | Fake message to steal credentials |
Spear phishing | Targeted phishin |
Whaling | Phishing targeting executives |
Vishing | Voice phishing |
Smishing | SMS phishing |
CSRF | Cross-Site Request Forgery - Forcing a user to perform actions |
XSS | Cross-Site Scripting -Injecting scripts into web pages |
SQL Injection | Injecting SQL commands |
DoS | Denial-of-Service - Overwhelming system resources |
DDoS | Distributed DoS attack |
Virus | Infects files & spreads |
Worm | Self-replicating malware |
Trojan | Malware disguised as a legitimate software |
Ransomware | is a type of malicious software that encrypts or locks a victim’s data, system, or device, demanding a ransom for its release. |
RootKit | a malicious software that grants unauthorized access to a computer or its software and hides its existence or other software. |
Spyware | software that enables a user to obtain covert information about another's computer activities by transmitting data covertly from their hard drive. |
Adware | is software designed to display advertisements on a user’s device, often generating revenue for its developers, sometimes without the user’s consent. |
BotNet | is a logical collection of Internet-connected devices, such as computers, smartphones or Internet of things (IoT) devices whose security have been breached and control ceded to a third party |
Port 21 | FTP |
SSH/SFTP | Port 22 |
Port 23 | Telnet |
SMTP | Port 25 |
DNS | Port 53 |
HTTP | Port 80 |
POP3 | Port 110 |
IMAP | Port 143 |
LDAP | Port 389 |
HTTPS | Port 443 |
Port 636 | LDAPS |
Port 1812 | RAIDIUS |
Port 49 | TACACS+ |
Symmetric Encryption | Same key locks and unlocks the data.
A type of encryption where the same key is used for both encrypting and decrypting data. It is fast and efficient but requires secure key distribution.
Example: AES (Advanced Encryption Standard) or DES (Data Encryption Standard). |
Asymmetric encryption | Public key locks it, private key unlocks it.
A type of encryption that uses two different keys: a public key to encrypt data and a private key to decrypt it. It solves the key distribution problem of symmetric encryption but is slower and computationally heavier. |
Hashing | One way scramble, can not be undone
A process that converts data of any size into a fixed-length string of characters (hash) using a hash function. Hashing is one-way, meaning it cannot be reversed to reveal the original data. Commonly used for data integrity verification and password storage. |
Salt | Extra spice for passwords 🌶️ — makes hashes unique.
Random data added to a password before hashing to prevent precomputed attacks (like rainbow tables) and make each hash unique, even for identical passwords. |
Digital Signature | Like a signed note that proves it’s really from you
A cryptographic technique that verifies the authenticity and integrity of a message or document using a sender’s private key. The recipient can validate it with the sender’s public key. |
Certificate | Digital ID card for a public key
A digital document issued by a Certificate Authority (CA) that binds a public key to an entity (person, organization, server). It allows others to trust the authenticity of that public key. |