Computer Virus Antivirus
Trojan Horse Worm
Ransomware Malware
Virus Trojan

 

A software program designed to detect, prevent, and remove computer viruses and other malicious software. A type of malicious software that can replicate itself and spread to other computers.
A self-replicating program that spreads across computer networks and can cause harm by consuming system resources or deleting files. A type of malware that disguises itself as a legitimate program but performs malicious activities in the background.
Malicious software designed to harm or exploit computers or networks. A type of malware that encrypts files on a victim's computer and demands a ransom in exchange for the decryption key.
A type of malware disguised as legitimate software, which allows unauthorized access to a computer or network. A type of malware that self-replicates and infects other files or systems.

 

Spyware Adware
Rootkit Keylogger
Phishing Spoofing
Two-Factor Authentication Phishing Website

 

Malware that displays unwanted advertisements or redirects browsers to advertising websites. Malware that secretly gathers information about a person or organization without their consent.
Malware that records keystrokes on a computer without the user's knowledge, often used to steal login credentials or sensitive information. Malware that enables unauthorized access to a computer, while hiding its presence from the user and antivirus software.
Tricking users into believing that their communication is coming from a trusted source when it isn't. A technique used by cybercriminals to trick individuals into revealing sensitive information by posing as a trustworthy entity.
A fraudulent site created to mimic a legitimate platform. A layer of security that requires users to provide two forms of verification before accessing an account.

 

Ddos Attack Zombie Computers
Amplification Attack Packet Flooding
Brute Force Attacks Dictionary Attack
SQL Injection Input Sanitation

 

Computers that have been infected by malware and can be remotely controlled without the knowledge of their owners, often used in DDoS attacks. A type of cyber attack that floods a computer network with excessive traffic in order to disrupt normal operations.
A technique used in DDoS attacks where a large number of packets are sent to a target, overwhelming its capacity to process them. A type of DDoS attack that uses amplification techniques to magnify the volume of traffic sent to a target, making the attack more effective.
Where an attacker uses a list of words, phrases, or commonly used passwords to attempt unauthorized access to a system. Where an attacker systematically tries all possible combinations of passwords in order to gain unauthorized access to a system.
The process of filtering and validating user input before using it in an application. A code injection technique that attackers use to exploit vulnerabilities in a web application's database layer.

 

Insider Threats Privileged Access
Social Engineering Pretexting
Baiting Tailgating
Impersonation Spear Phishing

 

Elevated permissions and rights granted to select users within an organization, increasing the risk of insider threats. Security risks posed by individuals within an organization, such as employees or former employees.
A form of social engineering where attackers create a fictitious scenario to obtain information from individuals. The act of manipulating people into performing actions or divulging confidential information.
A method of social engineering where an unauthorized person follows an authorized individual to gain access to a restricted area. A social engineering technique that involves offering something enticing to trick individuals into revealing information or taking action.
A targeted form of phishing where attackers tailor fraudulent emails to specific individuals or organizations. A social engineering tactic where attackers pretend to be someone else to deceive individuals and gain access to confidential information.

 

Physical System Attacks Eavesdropping
Tampering Physical Tapping
Botnet Command And Control Server
Infected Devices Bot Herders

 

A form of attack where an unauthorized party intercepts and monitors communication on a network. Attacks that exploit vulnerabilities in a physical system, such as tampering with hardware or interrupting power supply.
An attack where an attacker physically taps into a network cable to intercept data passing through. An attack where an attacker alters data or devices in a network to disrupt operations or gain unauthorized access.
A central server that sends instructions to the devices in a botnet and receives data back from them. A network of infected computers, or bots, that are controlled remotely and used to carry out DDoS attacks or other malicious activities.
Individuals or groups who control and manage botnets of infected devices. Devices that have been compromised by malware and are part of a botnet.

 

Symmetric Encryption Key
Cipher Block Cipher
Stream Cipher Encryption
Decryption AES

 

A piece of information used in conjunction with an algorithm to encrypt and decrypt data. A cryptographic technique that uses the same key to encrypt and decrypt data.
A type of symmetric encryption algorithm that operates on fixed-length blocks of data. A set of rules or steps used in encryption and decryption processes.
The process of converting plaintext into ciphertext using an encryption algorithm. A type of symmetric encryption algorithm that encrypts data one bit at a time.
Advanced Encryption Standard, a widely used symmetric encryption algorithm. The process of converting ciphertext back into plaintext using a decryption algorithm.

 

Asymmetric Encryption Key Pair
RSA Algorithm Digital Signature
Key Exchange Secure Communication
Digital Signatures Authentication

 

A set of two complementary cryptographic keys: a public key and a private key. A cryptographic system that uses a pair of keys for encryption: a public key for encrypting data and a private key for decrypting data.
A cryptographic technique used to verify the authenticity of digital messages or documents. A popular asymmetric encryption algorithm used for secure communication and data protection.
Communication that is protected from eavesdropping, tampering, or unauthorized access using encryption techniques. The process of securely sharing cryptographic keys between parties to enable secure communication.
Verifying the identity of the sender or recipient in asymmetric encryption. A way to ensure the authenticity of a message sent using asymmetric encryption.

 

Confidentiality Non-Repudiation
Certificate Authority Digital Certificate
Public Key Private Key
Root Certificate Revocation

 

Preventing the sender from denying sending a message in asymmetric encryption. Ensuring that information remains confidential in asymmetric encryption.
An electronic document issued by a Certificate Authority that binds a public key to an individual or entity. An entity responsible for issuing digital certificates that validate the ownership of a public key.
A cryptographic key that is kept secret and used for decryption or creating digital signatures. A cryptographic key that can be freely distributed and is used for encryption or digital signatures.
The process of invalidating a digital certificate before its expiration date due to compromise or other reasons. A self-signed certificate issued by a Certificate Authority that establishes trust in the entire certificate chain.