A

ACORN

Australian Cybercrime Online Reporting Network. An Australian government initiative where members of the public can report cybercrime

AES

Advanced Encryption Standard, also known as Rijndael. An encryption specification from NIST which uses a symmetric key algorithm

APT

Advanced Persistent Threat. A skilled and motivated attacker with a specific target

Argon2

A key derivation function with variants:

  1. Argon2d, designed to resist GPU cracking attacks

  2. Argon2i, uses data-independent memory access to resist side-channel attacks

ASB

AUSCERT Security Bulletin

ASLR

Address Space Layout Randomisation. A feature that makes exploiting buffer overflow attacks more difficult by randomising where program code, variables, and linked libraries are located in memory

authentication

Validation that an identity belongs to that person, for example, with a password or ID card

authorisation

The process of asserting an identity is allowed to perform an action on a resource

AV

Antivirus software. A program designed to detect and remove malicious software

B

backdoor

A purpose-built, secret way to bypass normal access methods

bastion

A hardened host with minimal surface area, usually for remote access to a network where a VPN is not possible

bitcoin

A type of cryptocurrency often requested in scams and ransoms

BitLocker

Full disk encryption software provided with Windows. Not to be confused with CryptoLocker

bcrypt

A key derivation function commonly used for full disk encryption master keys or password storage

blacklist

A list of entities that are denied access

buffer overflow

A type of attack where the amount of data written to memory is larger than the buffer provided, so data is written to adjacent memory causing unexpected program behaviour

bug bounty

An incentive provided for researchers to find and report security flaws in an organisation’s software or web applications

BYOD

Bring your own device. A company policy where employees can use their own hardware to access internal data and services, instead of company-controlled devices

C

CA

Certificate Authority. A third party that issues digital certificates which indicate that the entity on the certificate owns their public/private key pair and the related domain name or business entity

cache poisoning

A type of attack where false data is introduced into cache. The cache can be for a database, http, or any other service that implements caching

CAPTCHA

A challenge designed to prove the user is human, and not a machine. See also reCAPTCHA

checksum

A bit or series of integers derived from a piece of data or file, used to verify the data hasn’t changed. For example, to make sure a packet hasn’t corrupted during transmission, or to check if two files are likely to be identical

CIO / CISO

Chief Information (Security) Officer

cipher

An algorithm for encrypting or decrypting data. An encrypted message is often called ciphertext and unencrypted is called plaintext

CISSP

Certified Information Systems Security Professional. An industry certification

clickjacking

An attack where an invisible layer is placed on top of a legitimate button or link, so when the victim attempts to click it, they click on the attacker’s link instead

CMS

Content Management System. Wordpress and Drupal are examples of popular content management systems

CORS

cross-origin resource sharing. A specification to safely allow downloading web resources from a different domain

cross-site scripting

See XSS

cryptocurrency

Any decentralised digital currency that uses cryptographic distributed proof of work systems to verify transactions

cryptography

Method of protecting information so that it can be transferred confidentially to the intended recipients

CSRF

Cross site request forgery. An attack targeting a user who is already authenticated to a web application, to send requests on their behalf without their knowledge

CTF

Capture the flag. A type of security competition where participants solve various challenges to find a 'flag'

CVE

Common Vulnerabilities and Exposures. A public list of security vulnerabilities in software or products, each with a unique identifying number. See https://cve.mitre.org/

CVSS

Common Vulnerability Scoring System. An open standard to give a numerical score to a vulnerability to quantify its severity

CWE

Common Weakness Enumeration. A list of software weaknesses that can lead to a vulnerability. This list isn’t product-specific. See https://cwe.mitre.org/index.html

D

daemon

System processes that run in the background, as opposed to interactive user sessions

darknet

Allocated IP space used for overlay networks such as Tor, or specially encrypted traffic. Often used interchangably with darkweb

darkweb

Content on the internet that requires specific software or configuration to access, for example, the Tor dark web

DDoS

Distributed Denial of Service. A type of DoS attack where the service is overwhelmed by traffic from multiple sources, making this attack more difficult to block

deep web

Parts of the internet unable to be indexed by search engines

defense in depth

The concept of having multiple layers of security mechanisms so that if one fails, the system is not compromised

DES/3DES

Data Encryption Standard. Superseded by AES. NIST has withdrawn DES as a standard

DGA

Domain Generation Algorithm. Provides malware with new domains to get around domain blocking

DKIM

DomainKeys Identified Mail. Allows the sender to cryptographically indicate the originating domain is authentic

DMA attack

Direct memory access. A type of attack which bypasses the CPU and OS-level protections by using DMA, which allows an IO device to write directly to memory

DMARC

Domain-based Message Authentication, Reporting and Conformance. A policy intended to combat email header spoofing, where the sender can publish whether DKIM or SPF are used, and what the recipent should do with a message if verification fails

DNS

Domain Name System. A naming system for resources on a network, to convert domain names to IP addresses and IP addresses back to domain names. It can also locate resources dynamically and provide load balancing

DNS cache poisoning

Also called DNS spoofing. A type of attack where a false record is introduced into the DNS resolver’s cache, allowing an attacker to replace legitimate IP addresses with ones pointing to malicious content

DNSSEC

A system desined to sign DNS records with a CA-like system. Not widely used in practice due to insecure cryptographic standards, performance issues, and complexity of use

DoS

Denial of Service. An attack which prevents legitimate users access to a resource

E

EFA

Electronic Frontiers Australia. A non-profit Australian organisation for online rights

EFF

Electronic Frontier Foundation. A non-profit digital rights group based in America

EICAR

European Institute for Computer Antivirus Research. The EICAR test file was created by EICAR to test anti-virus software

ELF

Executable and Linkable Format. A standard format for executable binary files on UNIX and UNIX-like systems

email header

An email header contains routing information, timestamps, subject, and other information. For more detail, see RFC2822

encryption

The process of converting an input so that it is unreadable, except by the intended recipient, who is able to decipher the message with a key

endpoint

A client device such as a laptop, tablet, or phone at the edge of the network

ESB

External Security Bulletin

F

FIPS

Federal Information Processing Standard. A set of standards developed by the United States federal government, some which relate to encryption and the security of data processing systems

FOIA

FOI Act, or Freedom of Information Act. A law which allows members of the public to request a copy of government-controlled documents. In Australia, this is regulated by the OAIC

FQDN

Fully qualified domain name. The complete name including all relative domain name components, for example, misp.auscert.org.au.

fuzzing

The process of injecting randomised inputs in an automated way, to attempt to take unintended branch paths in software that may lead to vulnerabilities

G

GPG

Gnu Privacy Guard. An implementation of the OpenPGP standard to encrypt and sign data. See also PGP

H

hacktivist

A portmanteau of hacker and activist. Used to describe someone who gains unauthorised access to computers for political or social reasons

hang

Verb used to indicate a computer is not responsive

harden

To configure in a more secure way, usually following best practices

hash

A one way function that takes data of any size, then returns a fixed-size hash value, often shortened to hash. From the output, it is not possible to derive the input. Examples are MD5 or SHA1

Heartbleed

A bug in OpenSSL, a widely used library which implements the Transport Layer Security protocol. Heartbleed allowed remote attackers to read process memory, potentially resulting in system compromise

honeypot

A decoy system designed to distract, trap, or gather information about attackers

HOTP

HMAC-based One Time Password. An algorithm that calculates a password from a shared secret key and an event counter. See also TOTP

HSTS

HTTP Strict Transport Security. A trust on first use system were a domain can indicate to a client that they must only connect via HTTPS from that point onward, helping mitigate MitM attacks

I

IAM

Identity and Access Management

IDS

Intrusion Detection System. Monitors a network for anomalous traffic that could indicate unauthorised access

IoC

Indicator of Compromise. An artifact (file name, hash, IP address etc.) that suggests unauthorised access or infection has occurred

IPsec

Internet Protocol security. A set of protocols to authenticate and encrypt packets sent over IPv6. IPv4 support was added later

ISAC

Information Sharing and Analysis Centre. A central organisation to facilitate gathering and sharing information about threats

ISO 27001

An international standard security framework. See ISO/IEC 27001:2013

J

.

K

Kerberos

An authentication protocol where the client recieves a timestamped and encrypted ticket from the domain controller which contains authorisation data. This ticket is then presented to a server when establishing a connection. It is used to validate users and services through a trusted third party, without ever sending a password over the network

kill chain

A model taken from the military to describe the stages of an attack

Kubernetes

Platform as a service software for schedules, monitors, load balances, and automates containerised deployments

L

LDAP

Lightweight Directory Access Protocol. A protocol for accessing and updating information directories over TCP/IP. A core component of Active Directory

LFI

Local file inclusion vulnerability

LMS

Learning management system. Software to facilitate the delivery of educational courses. Examples include Blackboard Learn, Moodle, and Instructure Canvas

LTS

Long term support. A stable version of software which is supported for a longer period than normal

M

Mach-O

Executable file format for systems based upon the Mach kernel, such as iOS, MacOS, and watchOS. See also ELF and PE

malicious actor

A party attempting to gain unauthoriased access or negatively impact a computer system

malspam

Spam email used as a delivery method for malware, either as an attachment, or through a link contained in the email

malware

A portmanteau of 'malicious software'. Any kind of software with malicious intent.

man-in-the-middle

A type of attack where the attacker intercepts communication and relays it between the intended recipients. From there, the attacker is able to read or potentially alter what is being sent

Meltdown

A CPU hardware vulnerability which could potentially result in unauthorised processes to read from memory by exploiting a race condition. See also Spectre

MIME

Multipurpose internet mail extensions. A standard email format which adds functionality such as attachments and non-ASCII characters

MISP

An open source threat intelligence sharing plafom that AUSCERT uses to distribute IoC information

MSIN

Member Security Incident Notifications

N

NAC

Network access control. A policy where only trusted endpoint devices are allowed to access network resources

nameserver

Server that resolves domain name queries. See also DNS

NBN

National broadband network. A project to roll out a wired and radio network across Australia to sell wholesale to Internet Service Providers

NFS

Network file system. A protocol which allows a client computer to access files over a network

NIST

National Institute of Standards and Technology. A US government organisation which develops standards and maintains the National Vulnerability Database.

NOC

Network operations centre. A central location from which a network is managed and monitored

NTLM

A deprecated network authentication protocol for Windows computers, and a password hash format used in Active Directory

O

OAIC

Office of the Australian Information Comissioner. An Australian government agency responsible for privacy, freedom of information, and government information policy

OAuth2.0

An authorisation framework used together with OIDC to provide a single sign on system which allows third party identity providers

OCSP

Online Certificate Status Protocol. A protocol to discover the revocation status of X.509 certificates. (Not to be confused with OSCP)

OIDC

Open ID Connect. An authenication standard paired with OAuth

OPSEC

Operational security. A military term to describe the limiting of information that seems inocious to reveal, but can be used by malicious actors to compromise security

OSCP

Offensive Security Certified Professional. A penetration testing certification from Offensive Security

OSINT

Open Source Intelligence. Collecting information from publically available sources. Unrelated to open source software

OTP

One time password. A password that is only valid for one login session

OWASP

Open Web Application Security Project. A non-profit organisation promoting the improvement of software security

P

PAC

Privilege Account Certificate. Part of a client’s Kerberos ticket which conveys authorisation data such as group membership and password credentials

PBKDF2

A type of key derivation function with a higher CPU work factor than hash functions, increasing the time that a brute force attack will take to succeed. Supersceded by bcrypt, then scrypt, and argon2

PE

Portable Executable. The Windows native executable format, also used as the executable format for EFI applications. See also ELF and Mach-O

PCI DSS

Payment Card Industry Data Security Standard. A standard that all organisations must follow when storing or processing credit card data

penetration testing

A type of authorised testing which emulates a real attack, to assess the security of a system

PGP

Pretty Good Privacy. Encryption software that implements the OpenPGP standard. See also GPG

phishing

An attack which attempts to trick users into giving credentials to a fraudulent site

PII

Personally identifiable information. According to the Australian Privacy Act (1988), personal information is "information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified individual, or an individual who is reasonably identifiable." https://www.oaic.gov.au/privacy-law/privacy-act/

PoC
  1. Point of Contact - a person to receive communications, especially in time-sentitive situations

  2. Proof of Concept - a working exploit that proves that a vulnerability is exploitable

POODLE

Padding Oracle on Downgraded Legacy Encryption. A type of man in the middle attack on SSLv3.0

principle of least privilege

A security principle that every user and process should run with the least amount of privileges required to do their job

privilege escalation

Gaining more access rights on a user account than what was granted

procmon

Windows process monitor. Background software that monitors registry and process activity

Q

.

R

rainbow table

A large table of pre-computed hashes with their corresponding inputs, stored in a compressed format for fast lookup and compact storage

ransomware

Malicious software which encrypts your files and holds the decryption key for a ransom. See [Ransomware]

RAT

Remote access trojan. A type of malware where the attacker can then contact the trojan over the network to obtain keystrokes, credentials, logs, or take control of the infected system

RCE

Remote code execution. Where an attacker is able to run arbitrary code on the compromised system over a network connection

reCAPTCHA

Proprietary CAPTCHA from Google

S

salami slicing attack

Stealing money or data in very small quantities, so that the activity is less likely to be detected than exfiltrating the total amount at once

salt

A cryptography term describing random data that is added to a value before hashing to prevent dictionary and lookup table attacks

same-origin policy

A policy where a document is disallowed access to the DOM of another document unless the protocol, host, and port are the same

SAML

Security Assertion Markup Language. An xml-formatted standard for authentication and authorisation services that allows supplementary data to be sent to the remote service without needing access to other identity systems

SANS

SysAdmin Audit Network Security Institute. A provider of security training and certifications

SCCM

System center configuration manager. Software from Microsoft for managing configuration and inventory for fleets of computers and mobile devices

scrypt

A password based key derivation function that requires a lot of memory to solve, making brute force attacks costly

secure boot

A UEFI feature that ensures that a device only boots using software cryptographically verified by the OEM

side channel attack

Any type of attack that takes advantage of implementation details, and not a cryptography weakness. For example, monitoring cache accesses, timing how long computations take to perform, analysing the power usage, or sounds made during computation

SIEM

Security Information and Event Management. An appliance or software tool for real time monitoring, alerting, logging, and analysing events on a network

sinkhole

A DNS sinkhole is a DNS server configured to prevent certain URLs from resolving correctly

SMB

Server Message Block, also known as CIFS (Common internet file system), a protocol for sharing files, printers, and other network resources

SOCKS

A protocol which forwards traffic between client and server through a proxy serverwithouth modifying the packets

spear-phishing

A phishing attempt that is specifically targeted to an individual or company

Spectre

A vulnerability that affects CPUs which perform speculative execution on branch preditction. An attacker could potentially use a side channel attack to take advantage of speculative execution to discover confidential data. See also Meltdown

SPF

Sender Policy Framework. A protocol to declare in DNS which IP addresses send mail for their domain. This allows for email validation and helps prevent spoofing

spoof

To deceptively imitate a legitimate service

SQLi

SQL injection. A type of attack where it is possible to send an SQL query to read, update, or delete information from a database in an unintended way

SSO

Single Sign On. An access control process which allows an user to authenticate to multiple applications through only one authentication service

steganography

Concealing data within another file

STIX

Structured Threat Information Expression. A standard format for sharing threat information

Stuxnet

A famous worm targeting SCADA systems, which caused centrifuges to fail in an Iranian uranium enrichment plant in 2010

T

TAXII

Trusted Automated Exchange of Intelligence Information. A protocol for sharing threat information

threat modeling

The process of identifying potential threats, prioritising and planning mitigations

Tor

Software to access an overlay network which is used for private communication. Tor’s onion services enable publishing websites that aren’t indexed by search engines

TOTP

Time-based One Time Password. The same algorithm as HOTP, but replacing the event counter with a time value

U

U2F

Universal second factor. An open authenication standard that allows enrollemnt of a public key from a token, such as a USB or NFC device, for user authenication

use after free

A type of software bug where memory is re-used after being freed to the allocator. This can lead to software crashes or code execution

V

vulnerability

A specific weakness in a piece of software or system configuration, which an attacker can exploit

W

whaling

A type of phishing that targets executives and management

web proxy

A intermediary server used to access the internet

whitelist

An explicit list of entities that are allowed access. The opposite of a blacklist

whois

A query protocol that provides information about registered domain names. See RFC3912

whole disk encryption

Also "full disk encryption". Software-based disk encryption encrypts everything on the disk except for partition table and sometimes the bootloader, depending on implementation. Hardware disk encryption is able to encrypt the entire disk, including the partition table

WIDS

Wireless intrusion detection system. An IDS for WLANs

X

XSS

Cross site scripting. A common attack to inject malicious scripts into a trusted website

XXE

XML external entity. A type of attack against an application that parses XML. An incorrectly configured parser will expand external links to include in the returned document

Y

.

Z

zero day

A newly discovered vulnerability. Can also be written "0 day"