Speaking hacker

Forget tech translators. Here's the key to expert cyber slang

Brute-force cracking isn't what you do with pistachios. A rootkit isn't a set of dental tools, although there may be pain involved.

As the cybersecurity field evolves, it develops its own parlance, from exploits and fuzzing to wardriving and zombies. As a cyber defense authority, Raytheon Technologies speaks the lingo. In celebration of this year's National Collegiate Cyber Defense Competition championship, presented by Raytheon Technologies (and held virtually this year because of the COVID-19 pandemic), we provided this glossary:

@ — Symbol chosen by the late Ray Tomlinson, a Raytheon BBN Technologies engineer who first employed it for Internet email, to separate the names of users and their networks in addresses.

Air gap — To physically separate or isolate a secure network from other unsecured systems or networks.

Back door — A hidden entry to a computer, network or software that bypasses security measures.

Blackhat — A criminal hacker who breaches security for malicious reasons or personal gain.

Blue team — A group defending a computer system from mock attackers, usually as part of a controlled exercise. During the Raytheon Technologies National Collegiate Cyber Defense Competition, the blue teams are made up of students.

Bot — A program that automates an action. Bots infect computers and secretly perform activities under the control of a remote administrator.

Botnet — A collection of computers infected by bots.

Bot master or herder — Someone who controls a botnet.

Brute force — In cryptology, a trial-and-error method of cracking a password-protected system. An attacker uses automation to guess all possible passwords until the correct one is found. There are numerous ways to prevent brute force attacks, such as locking an account after three failed password attempts or two-factor authentication.

Cloaking — An attempt to present malicious or undesirable content and URLs to users and search engines by making them look like legitimate resources.

Cracking — Breaking into a secure system or a copyrighted software for illegal purposes. While hackers are often ethical experts, crackers are malicious.

Dark Web — Sites and content purposefully hidden and unreachable through standard web browsers. The Dark Web is often used for illegal purposes and can only be found using special browsers. Often confused with the “Darknet,” which is an “overlay” network that requires special software (like Tor) to surf the Internet anonymously for both legal and illicit purposes.

Deep Web — The part of the Internet that’s not indexed by search engines — from firewalled and encrypted sites to password-protected and paywalled pages.

DoS attack — A denial-of-service attack disrupts a website, server, or network resource – often by flooding it with more requests than it can handle. A distributed denial-of-service attack is a DoS attack using a multitude of machines.

End-point security — Security measures that protect a network from potential vulnerabilities posed by laptops and other mobile devices that access the network remotely.

Evil Maid attack — When a baddie with physical access to an unattended computer installs software, like a keylogger or rootkit, allowing them to remotely control or view data from the machine.

Exploit — A vulnerability or bug that hackers can use to their advantage on a computer or network, such as gaining access or control of a system, escalate privileges (like making themselves administrators) and wreak havoc on a network.

Fuzzing — Automated input of invalid, unexpected or random data to a computer program. “Shocking” a computer in this way can reveal vulnerabilities.

Honeypot — A trap set to detect intruders. A honeypot usually simulates a real network, but is actually isolated and monitored so it can give advance warning of an intrusion.

Insider threat — A threat posed by employees, contractors, business associates or other people who have inside access to a computer system.

Jailbreak — Circumventing the security of a device to remove the manufacturer’s restrictions on using software from “non-official” sources. Often done on mobile devices.

Logic bomb — Piece of malware that is triggered by a specific event such as a date or specific user logging into the system. Logic bombs are often destructive in nature.

Lulz — A variation of LOL (laughing out loud).

Malware — Software designed to hijack, damage, destroy or steal information from a device or system. Variations include spyware, adware, rootkits, viruses, keyloggers and more.

Man-in-the-middle — When an attacker inserts themselves between two parties in a conversation.  A MitM allows attackers to impersonate each side of the conversation and intercept anything passing between the two parties.

Patching —The process of updating software to add features or address vulnerabilities.

Payload — The cargo portion of an exploitation attack. This often contains malware or backdoors the attacker wants to install on the targeted system.   

Pentest — Short for penetration testing, or trying to hack into a system to identify weaknesses.

Phishing — Tricking someone into giving away personal information by imitating legitimate companies, organizations, or people online. The “ph” derives from phreaking, or “phone freaking” – hijacking telephone lines. Spearphishing focuses on a particular target.

Plaintext — Text that has not been encrypted and is easily readable. Also known as cleartext.

Pwned — Pronounced like owned with a “p” at the beginning, pwned means to defeat security measures. Derives from the word “own,” or dominate.

Ransomware — Malware that extorts money by blocking access to data or threatening to publish it until the ransom is paid.

RAT — A Remote Access Tool or Remote Access Trojan is a form of malware that allows an attacker to gain complete control of the targeted system.

Rootkit — Software that malicious hackers install on systems, giving them “root” or administrator privileges, allowing full access.

Red team — A group of cybersecurity professionals authorized to simulate an attack. A “blue team” of students will face a red team at the Raytheon Technologies National Collegiate Cyber Defense Competition.

Script kiddies — A derisive term for someone that uses hacking tools developed by others but has no understanding of how the tool really works and no ability to develop tools for themselves.

Shell — Code attackers plant on a system to give them access to the targeted system in the future.

Shodan — A search engine for Internet-connected devices such as webcams, baby monitors, printers, medical devices and so on.

Sniffer — A computer program that can intercept and log traffic that passes through a network.

Spoofing — An attack where a hacker masquerades as another person or system to gain access to a computer. E-mail address spoofing is often used to execute phishing attacks.

Sock puppet — A false identity used in online communities and social media to deceive others.

Social engineering — Manipulating people into sharing private information.

Two-factor authentication — A method of confirming a user’s identity two ways: something known like a password with a second factor, like a PIN or token..

Vuln — An abbreviation for vulnerability.

Wardriving — Searching for neighborhood Wi-Fi networks in a vehicle, using a laptop or smartphone.

Warez — Pirated software; often distributed on BitTorrent or Usenet.

Whitehat — An ethical hacker that uses their skills to find and report gaps in an organization’s security measures.

Worm — A self-propagating piece of malware that seeks out targets, exploits them, and replicates autonomously once released.

Zombie — An infected device that is used to perform malicious tasks under remote control. Botnets of zombie computers are often used to spread e-mail spam and launch denial-of-service (DoS) attacks.

Zero Day — A recently discovered or unpublished vulnerability with no update or patch available from the software vendor.


SANS Glossary of Security Terms