In today's highly digitalized era, security testing has become an important tool for protecting information systems and data. However, many people may feel confused when faced with various specialized terms. Today, we provide you with a comprehensive explanation of key terms in security testing to help you gain a deeper understanding of the field.
What are some of the common terminology used in the security testing process? And what do these terms mean?
Security testing is a complex and technology-intensive field that involves knowledge from multiple disciplines, such as computer literacy, network security, cryptography, and system architecture. In order to work and collaborate as a team, security testers need to know and understand a range of specialized terminology and jargon.
Security testing is a complex and technology-intensive field that involves knowledge from multiple disciplines, such as computer literacy, network security, cryptography, and system architecture. In order to work and collaborate as a team, security testers need to know and understand a range of specialized terminology and jargon.
1. Black hat hacker/black hat
People who hack for illegal purposes usually do so for financial gain. They gain access to secure networks in order to destroy, redeem, modify or steal data, or to make the network unusable for authorized users.
2. White hat hackers/white hats
are hackers who use their hacking skills to perform legitimate security testing and analysis, testing the performance of networks and systems to determine how strong or weak they can withstand an intrusion.
3. Red Hat Hacker
In fact the most accepted term is called Red Hacker. Red Hat hackers to justice, morality, progress, powerful for the purpose of love of the motherland, adhere to justice, pioneering and enterprising for the spirit of the pillar, Red Hat usually use their own mastery of technology to maintain the security of the domestic network, and foreign attacks to fight back.
4. Red team/Blue team/Purple team
Red Team: usually refers to the attacking team in offensive and defensive maneuvers*.
Blue team: usually refers to the defensive team in offensive and defensive drills*.
Purple Team: the newly *born* side of an offensive or defensive maneuver*, usually referred to as the supervising or refereeing side.
5. Broiler
The so-called "broiler" is a very graphic metaphor for computers, cell phones, servers, or other smart devices such as cameras and routers that can be controlled by attackers to launch cyberattacks. For example, in the 2016 U.S. East Coast outage, hacker groups controlled a large number of Internet-connected cameras to launch cyberattacks, and these cameras can be called "broilers".
6. Catching Chicken
It's all about controlling other people's remotely networked devices, including personal computers, webcams, routers, industrial equipment, medical equipment, remote servers, and more. Hackers often use ports like 80, 8080, 135, 445, 1433, 1521, 3306, 3389 , 4899, 5900 and so on to catch chickens.
7. * Horse
It's those programs that masquerade as normal on the surface, but when those programs run, they gain access to the entire control of the system.
- web *: On the surface disguised as a normal web page or malicious code directly inserted into the normal web page files, when someone visits, the web page * horse will take advantage of the vulnerability of the other side of the system or browser automatically implanted in the configuration of the * horse server to the visitor's computer to automatically execute the affected customer's computer into a broiler or into the botnet.
- One sentence *: ?php @eval($_POST['x']) ? x is the password
- Big Horse: Used for empowerment as opposed to ponies.
- Webshell: Webshell is in the form of asp, php, jsp or cgi web page files exist in a command execution environment, can also be called a web page backdoor, you can upload and download files, view the database, the execution of arbitrary program commands, etc. Webshell contains a sentence of * horses.
8. Ransomware
Mainly in the form of e-mail, program * horse, web page horse to spread. The nature of the virus is bad, extremely harmful, once infected will bring immeasurable losses to the user. This virus uses a variety of encryption algorithms to encrypt files, the infected person generally can not be decrypted, you must get the decryption of the private key before it is possible to crack.
9. Back door
This is an image of the metaphor, the intruder in the use of certain methods to successfully control the target host, can be implanted in the other side of the system in a specific program, or to modify certain settings for access, view or control of this host. These changes on the surface is very difficult to be detected, as if the intruder secretly with a key to the owner's room, or in an inconspicuous place to repair a press to facilitate their own access at will.
10. Maintenance of authority
After obtaining server privileges, some backdoor techniques are usually used to maintain server privileges, and once the server is implanted with a backdoor, the attacker is in no man's land.
11. Phishing
Attackers use spoofed emails or fake Web sites, for example, to carry out online fraudulent activities. Fraudsters usually disguise themselves as credible brands such as online banks, online retailers and credit card companies to trick users into giving out their private information or email account passphrases. Victims of the scam often reveal their e-mail addresses, private information such as credit card numbers, bank accounts, identity card numbers and other content.
12. Harpoon attacks
Spear attack is the image of spearfishing introduced to the network attack, mainly refers to can make the deceptive e-mail look more credible phishing attacks, has a higher likelihood of success. Unlike phishing, spear attacks tend to be more targeted, and attackers tend to "spear the fish". To accomplish this, the attacker will attempt to gather as much information as possible on the target. Often, specific individuals within an organization have certain security vulnerabilities.
13. Whale fishing attacks
Whaling is another evolved form of spear phishing. It refers to phishing attacks that target senior executives and other high-level personnel within an organization. Attacks are tailored by personalizing the content of emails and tailoring them specifically to the target in question.
14. Puddle attack
As the name suggests, a "puddle (trap)" is set in the victim's path. The most common practice is that the hacker analyzes the attack target's online activity pattern, looks for weaknesses in the website that the attack target often visits, first "breaks down" the website and implants the attack code, and once the attack target visits the website, he will be "hit".
15. Social engineering
A kind of hacking technique that does not need to rely on any hacking software and pays more attention to the study of human weaknesses is emerging, which is the social engineering hacking technique. Generally speaking, it refers to the use of human sociological weaknesses to implement a set of network attack methodology, and its attack techniques are often unexpected. The world's number one hacker, Kevin Mitnick, has mentioned in The Art of Anti-Deception that it is the human factor that is the soft underbelly of security. Many enterprises and companies invest a lot of money in information security, which ultimately leads to data leakage, but often occurs in the people themselves.
16. Weak passwords
This refers to passwords that are not strong enough to be easily guessed, such as 123 or abc.
17. Violent Breach
Abbreviation: "blasting". A hacker performs a highly intensive, automated search for every possible password for an account on a system in order to compromise security and gain access to a computer.
18. 0day vulnerabilities
In the context of network attack and defense, 0day vulnerabilities refer to those vulnerabilities that have been discovered by attackers and started to be exploited, but are not yet known to the public, including affected software vendors, and this type of vulnerability has a complete informational advantage for the attacker, and since there is no corresponding patch or temporary solution for the vulnerability, the defender does not know how to defend against it, and the attacker can reach the maximum possible threat.
19. 1day vulnerability
This refers to vulnerabilities for which information about the vulnerability has been made public but a patch has not yet been released. This type of vulnerability is still highly dangerous, but often partial mitigations are officially announced, such as closing some ports or services.
20. Nday Vulnerability
refers to vulnerabilities for which official patches have been released. Usually, the protection of such vulnerabilities only need to update the patch can be, but due to a variety of reasons, resulting in the existence of a large number of device vulnerabilities often patch update is not timely, and vulnerability utilization has been made public on the Internet, and often this type of vulnerability is the most common vulnerability used by hackers. For example, in the eternal blue incident, Microsoft has released a patch in advance, but there are still a large number of users hit.
21、DDoS
Distributed denial-of-service attacks can make a lot of computers at the same time under attack, so that the target of the attack can not be used normally, distributed denial-of-service attacks have appeared many times, resulting in a lot of large-scale Web site can not be operated, which not only affects the normal use of the user, but also cause economic losses is also very huge.
22. CC attacks
CC (ChallengeCollapsar, Challenge Black Hole) attacks are a type of DDoS attack that uses a proxy server to send a large number of seemingly legitimate requests to a victim server.CC is named after its tool, and the attacker uses a proxy mechanism to launch a DDoS attack using one of the many widely available free proxy servers. Many free proxy servers support anonymity mode, which makes tracing very difficult.
23、POC
(A Proof of Concept is generally a sample that is used to prove and reproduce a vulnerability.
24、EXP
(Exploit ) Exploit, usually a demo program.
25、ShellCode
(withdrawable code) For an exploit, a ShellCode is a framework of binary code for a particular exploit, and with this framework you can include the Payload you need in this ShellCode to do things like
26、 payload
i.e. (payload) is the main function code included in the ShellCode you use in an exploit.
27. Digging a hole
The term "digging" refers primarily to vulnerability mining. It is the act of discovering security holes and weaknesses in a network system through active penetration testing of the system. Specifically, a hole digger simulates hacker attack techniques and conducts in-depth testing and analysis of the target system to discover potential security issues.
28. Honeypot
is a system that contains vulnerabilities that mimic one or more vulnerable hosts, giving hackers an easy target to attack. Since the honeypot has no other tasks to accomplish, all attempts to connect should be considered suspicious. Another use of honeypots is to delay an attacker's attack on its real target, allowing the attacker to waste time on the honeypot. Honeypot products include honeynets, honey systems, honey accounts, and more.
29. Sandbox
Sandboxing is a mechanism used to run programs securely. It is often used to execute programs that are not trusted. The impact of malicious code from untrusted programs on the system will be confined to the sandbox without affecting the rest of the system.
30. Sandbox escape
A phenomenon that recognizes sandboxed environments and uses techniques such as silencing and spoofing to bypass sandbox detection.
31. Shelling
Is the use of special algorithms, the EXE executable program or DLL dynamic connection library file code to change (such as compression, encryption), in order to achieve the reduction of file size or encrypted program code, or even to avoid the purpose of antivirus software check. Currently more commonly used shells are UPX, ASPack, PePack, PECompact, UPack, Immunity 007, * color coat and so on.
32. Software shelling
As the name suggests, is the use of the appropriate tools, the software "outside" to play a protective role in the "shell" program to remove, but also the original face of the file, so that then modify the contents of the file or analysis and detection will be much easier.
33. No Kill
It is to modify the program through shelling, encryption, modifying the feature code, adding flower instructions and other techniques to make it escape the antivirus software check.
34. Flower Directive
By adding extra assembly instructions that do not affect the function of the program, so that the antivirus software can not properly determine the structure of the virus file. To put it plainly, "antivirus software recognizes viruses in order from head to toe. If we reverse the head and foot of the virus, the antivirus software will not be able to find the virus".
35. Reverse
Commonly known as reverse engineering or reverse analysis, in simple terms, everything that extracts principles and design information from a product and applies it to re-engineering and improvement is reverse engineering. In network security, it is more about investigation and forensics, malware analysis and so on.
36. Take the station.
The act of hiring a hacker to attack a third party's commercial or personal website is known as "taking a website". Once the hacker receives a commission, he or she will invade the designated website for the client, so that the employer can obtain the back-end administrative privileges of the website, and then the hacker or the employer can directly carry out illegal behaviors such as "horse-hanging", stealing information, and tampering with the content.
37. Power of attorney
Through certain means to allow ordinary users to upgrade to become administrators, so that they have administrator's rights, which is called lifting rights. Mainly for the website invasion process, when invading a site, through various loopholes to enhance the WEBSHELL privileges in order to capture the server root privileges.
38. Infiltration
It is through the scanning detection of your network devices and systems have no security vulnerabilities, there may be invasive, like a drop of water through a piece of wood with a loophole, penetration is successful is the system is invaded.
39. Traverse
It refers to an attacker's expansion from a foothold in the internal network after an intrusion, searching for more systems to control.
40. Springboard
A springboard, in simple terms, is an attack launched using a broiler in order to hide one's address so that no one else can look up one's location. A machine with a secondary role.
41. Black pages
The successful hacking page left on the website after a successful hacking attack is used to show off the results of the attack.
42. Towing library
Drag database is originally a term used in the database field to refer to exporting data from a database. In the field of cyber-attacks, it is used to refer to the theft of database files by hackers after a website has been compromised.
43. Crashing the library
Bumping is a process by which a hacker collects information about users and passwords that have been leaked on the Internet, generates a corresponding dictionary table, and gets a series of users who can log in after trying to log in to other websites in bulk. Many users use the same account and password in different websites, so hackers can try to log in to website B by obtaining the user's account in website A, which can be understood as a crash attack.
44. Woolgathering
Refers to the use of various network financial products or red packet activities to promote the downline draw money, but also refers to the collection of various banks and other financial institutions and various types of merchants preferential information, in order to achieve the purpose of profit. This type of behavior is called woolgathering.
45. Blacklists
As the name suggests, a blacklist is a bad list, and any software, IP address, etc. that is on the blacklist is considered illegal.
46. Whitelisting
In contrast to blacklists, whitelists are lists of "good guys", where software, IPs, etc. that are on the whitelist are considered legitimate and can be run on the computer.
47. Intranet
Commonly known as a local area network (LAN), such as Internet cafes, campus networks, company intranets and so on belong to this category. Check the IP address, if it is within the following three ranges, it means we are in the intranet: 10.0.0.0-10.255.255.255, 172.16.0.0-172.31.255.255, 192.168.0.0 -192.168.255.255 192.168.0.0 -192.168.255.255
48. Extranet
Connects directly to the INTERNET and can be accessed by any computer on the network.
49、WAF
Web Application Firewall, i.e. Web Application Firewall, is a product that specializes in providing protection for web applications by enforcing a series of security policies for HTTP/HTTPS.
50、VPN
Virtual Private Networks (VPNs), where a private network is established on a public network for encrypted communication, and remote access is achieved through the encryption of packets and the translation of packet destination addresses.
51. Emergency response
It usually refers to the preparations that an organization makes to deal with the occurrence of various unforeseen events as well as the measures taken after the event.
52. Situational awareness
It is an environment-based, dynamic, holistic insight into security risks, a way to improve the discovery and identification of security threats, understanding and analysis, response and disposal capabilities from a global perspective based on security big data, ultimately for decision-making and action, and the landing of security capabilities.
53. Probes
Also called network security probes or security probes, they can be simply understood as cameras in the cyber world, deployed at key nodes in the network topology to collect and analyze traffic and logs, detect abnormal behavior, and provide early warning of possible incoming attacks.
54. Cyberspace mapping
Search engine technology is used to provide interactions that allow people to easily search for devices on cyberspace. As opposed to maps used in reality, various mapping methods are used to describe and label geographic locations, and active or passive detection methods are used to map the network nodes and network connectivity relationships of devices on the cyberspace, as well as to draw a picture of each device.
By explaining these specialized terms in detail, we can better understand the complexity and importance of security testing. These terms are not only the basics in the field of security testing, but also the key to securing your system.
Master the terminology of security testing and improve your security protection. Only by knowing more can we better protect our digital world.
