Index

Symbols

0.0.0.0/0 / 0.0.0.0, [1]

802.1X, [1]

A

AAA, [1] ACL, [1], [2], [3] Active reconnaissance, [1] Advantage / negligible function, [1] AEAD, [1] AI evidence triage, [1] AI/ML in security, [1] Air gap, [1] ALE, [1] Anomaly detection, [1]

Anti-forensics, [1] Anycast, [1] ARP, [1] Artefact, [1] ASLR, [1] Asset, [1], [2], [3] Asymmetric, [1] Attack surface, [1] Attack vector, [1] Attack-Defence CTF Attack-Defense CTF

B

Banner grabbing, [1] Base64, [1] BIA, [1] Black-box / gray-box / white-box

Black-box / grey-box / white-box Botnet, [1] Broken auth, [1] Buffer overflow, [1]

C

CCPA, [1] CFAA, [1] Chain of custody, [1] CIA triad, [1] CIDR / subnet mask, [1] Cipher, [1] Ciphertext indistinguishability, [1] CISO, [1] Computational security, [1] Confidential computing / TEE, [1]

Containment, [1] Control, [1] Controller, [1] Cryptanalysis, [1] CSIRT, [1] CSP, [1] CSRF, [1] CVD, [1] Cyberattack attribution detection, [1] Cybersecurity, [1]

D

Data at rest / in transit / in use, [1] Data minimisation Data minimization Data subject, [1] Daubert standard / Federal Rules of Evidence, [1] DCS, [1] DDH / CDH, [1] Deepfake, [1] default gateway, [1] Deleted file recovery, [1]

DEP/NX, [1] DHCP, [1] DMZ, [1] DNS, [1] Dolev-Yao model, [1] DoS / DDoS, [1] DPIA, [1] DPO, [1] Dropper / Loader, [1] Dumpster diving, [1] Dynamic analysis, [1]

E

EASM, [1] ECDH / ECDSA, [1] ECDLP, [1] Encapsulation, [1] Engineering Workstation, [1]

Enumeration, [1] Eradication, [1] EUF-CMA / SUF-CMA, [1] Explainable AI, [1] Exploit, [1], [2], [3] Exploit broker, [1]

F

Fair Information Practice Principles, [1] False negative, [1] False positive, [1] FAR / FRR / EER, [1] Feistel network / Merkle-Damgard, [1] Fingerprinting, [1]

Firewalking, [1] Firewall, [1] Flag, [1] Footprinting, [1] Forensic image, [1] Forward secrecy, [1]

G

GDB, [1] GDPR, [1]

Google dorking, [1] Governance, [1] Guideline, [1]

H

Hash function, [1] Hash verification, [1] HIDS, [1]

HIPAA, [1] HMI, [1] Host discovery / ping sweep, [1] HSTS, [1]

I

ICMP, [1] ICS, [1] IDOR, [1] IDS, [1] IEC 62443, [1] Impact, [1] Implicit deny, [1] IND-CPA^D, [1]

Information security, [1] Inherent risk, [1] IOC, [1], [2], [3] IoT, [1] IoT forensics, [1] IPAM / RIR / registrar, [1] IPS, [1] ISP, [1]

J

Jeopardy CTF, [1]

K

KDF, [1] Kerberos / IAM / OAuth / OIDC / FIDO2-WebAuthn, [1] Kerckhoffs's principle, [1] Key, [1]

Key escrow, [1] KMS / envelope encryption, [1] KPI, [1] KRI, [1]

L

LAN / WLAN / WAN, [1] Lateral movement, [1] Lawful basis, [1]

Likelihood, [1] LLM, [1] localhost / loopback, [1]

M

MAC, [1] Malware, [1] Memory forensics, [1] Meterpreter, [1]

MFT, [1] MTTD, [1] MTTR, [1] Multi-factor authentication, [1]

N

NAC, [1] NACL, [1] Network mapping, [1] Network vs host address, [1] NGFW, [1] NIC / MAC address, [1]

NIDS, [1] NIST PQC, [1] NIST SP 800-61, [1] Noise flooding, [1] Non-malleability, [1] NSE, [1]

O

OECD Privacy Guidelines, [1] On-path, [1] One-time pad, [1] Order of volatility, [1]

OSI, [1] OSINT, [1], [2], [3] OT, [1] OWASP, [1]

P

Pass-the-hash, [1] Pass-the-ticket, [1] Passive reconnaissance, [1] Payload, [1] PCAP, [1] PCI DSS, [1] Penetration test, [1] Perfect secrecy, [1] Persistence, [1] Personal data, [1] Pharming, [1] Phishing, [1] Physical vs virtual firewall, [1] Piggybacking, [1] PKI, [1] Plaintext / ciphertext, [1] Playbook, [1] PLC, [1] Policy, [1]

Port, [1] Port scanning, [1] Port state, [1] Post-quantum cryptography, [1] Precision, [1] Prepared statement, [1] Pretexting, [1] Principle of least privilege, [1] Privacy by design, [1] Privilege escalation, [1] Procedure, [1] Processor, [1] Promiscuous mode, [1] Protocol data unit, [1] Provable, [1] Proxy / Tor, [1] PTES, [1] Purdue Model, [1] Pwn / Binary exploitation, [1] pwntools, [1]

R

Random Oracle Model, [1] Ransomware, [1] RAT, [1] Recall, [1] Reconnaissance, [1] Recovery, [1] Red team, [1] Reference monitor, [1] Reversing, [1] RIR, [1]

Risk, [1], [2], [3] Risk appetite, [1] RMF, [1] Rootkit, [1] ROP, [1] ROT13 / Caesar cipher, [1] Route table, [1] RTO / RPO, [1] RTU, [1] Rules of engagement, [1]

S

Same-origin policy, [1] Sandbox, [1] SBOM, [1] SCADA, [1] Scope, [1] Security awareness, [1] Security culture, [1] Security event, [1] Security group, [1] Security incident, [1] Semantic security, [1] Session hijacking, [1] Shared responsibility model, [1] Shellcode, [1] Shor's algorithm, [1] SIEM, [1] Signature, [1] Simulation-based security / UC, [1]

Sinkhole, [1] Slack space, [1] Smishing, [1] Sniffer, [1] SOAR, [1] Social engineering, [1] Spear phishing, [1] SQL injection, [1] SSRF, [1] Stack canary, [1] Standard, [1] Stateful inspection, [1] Stateless vs stateful filtering, [1] Static analysis, [1] Steganography, [1] Stuxnet, [1] Supply chain attack, [1] Symmetric cryptography, [1] SYN, [1]

T

Tailgating, [1] Tamper-evident vs tamper-proof, [1] TCP/IP, [1] Threat, [1], [2], [3] Threat actor, [1]

Threat hunting, [1] Tone at the top, [1] Triage, [1] Trojan, [1] Trusted computing base, [1]

U

UEBA, [1]

Unlinkability / anonymity / non-repudiation, [1]

V

Version scanning, [1] Virus, [1] Vishing, [1] Volatility, [1]

VPC, [1] Vulnerability, [1], [2], [3] Vulnerability assessment, [1] Vulnerability scanning, [1]

W

WAF, [1] Whaling, [1] White / gray / black hat White / grey / black hat

WHOIS, [1] Worm, [1] Write blocker, [1] Write blocker / forensic image / hashing, [1]

X

XOR, [1]

XSS, [1]

Y

YARA, [1]

Z

Zero trust, [1]

Zero-day, [1] Zone transfer, [1]