If you're a novice in the field of hacking. You're in the right place. Here, you will get acquainted to the most fundamental hacking terms so that you can go ahead.
First of all, let's begin with the very "hack" term itself.
Hack in other context can also refer to a strategy or technique for managing one's time or activities more efficiently, but we're not gonna talk about it. We are discussing about the cyber-hacking.
So basically it is defined "Hacking is an attempt to exploit a computer system or a private network inside a computer. Simply put, it is the unauthorised access to or control over computer network security systems for some illicit purpose" as per Economic Times definitions.
In simpler terms it refers to exploiting(misusing) system vulnerabilities(weaknesses) and compromising security controls in order to get unauthorized(which you are not allowed to) and inappropriate access to the system resources.
Hackers are traditionally categorized in 3 parts i.e White Hat, Black Hat and Grey hat hackers. Where,
Black-hats are looked upon as the destruction causing agents and illegal type of hackers.
Grey-hats are the computer hacker or computer security expert who may sometimes violate laws or typical ethical standards but does not have the malicious intent typical of a black hat hacker. They make approx 98% of the total hacking community lie.
White-hats are the one’s who use their skill with the sole purpose of improving one system and make is immune to Black hat hackers.
Apart from these three types, many include script kiddies (a non-skilled person who gains access to computer systems using already made tools), hacktivist (a hacker who use hacking to send social, religious, and political etc. messages)and phreaker (a hacker who identifies and exploits weaknesses in telephones instead of computers) etc.
There are a variety of methods used. Emails full of malicious links are sent. Bogus webpages are pushed to the top of search results for you to find and click on. Social engineering is used to gather sensitive data from you or your team, which is then used to break into your systems.Passwords are guessed, or maybe the latest application exploit is used to get inside.
And what about Cybercrime? It is the use of computers and networks to perform illegal activities such as spreading computer viruses, online bullying, performing unauthorized electronic fund transfers etc. Most cybercrimes are committed through the internet. Some cybercrimes can also be carried out using phones via SMS and online chatting applications.
So, these were the basics. Let's go deeper.
(Source: Daily Dot's definitive glossary of hacking terminology)
Some other terms not officially listed
First of all, let's begin with the very "hack" term itself.
Hack in other context can also refer to a strategy or technique for managing one's time or activities more efficiently, but we're not gonna talk about it. We are discussing about the cyber-hacking.
So basically it is defined "Hacking is an attempt to exploit a computer system or a private network inside a computer. Simply put, it is the unauthorised access to or control over computer network security systems for some illicit purpose" as per Economic Times definitions.
In simpler terms it refers to exploiting(misusing) system vulnerabilities(weaknesses) and compromising security controls in order to get unauthorized(which you are not allowed to) and inappropriate access to the system resources.
Hackers are traditionally categorized in 3 parts i.e White Hat, Black Hat and Grey hat hackers. Where,
Black-hats are looked upon as the destruction causing agents and illegal type of hackers.
Grey-hats are the computer hacker or computer security expert who may sometimes violate laws or typical ethical standards but does not have the malicious intent typical of a black hat hacker. They make approx 98% of the total hacking community lie.
White-hats are the one’s who use their skill with the sole purpose of improving one system and make is immune to Black hat hackers.
Apart from these three types, many include script kiddies (a non-skilled person who gains access to computer systems using already made tools), hacktivist (a hacker who use hacking to send social, religious, and political etc. messages)and phreaker (a hacker who identifies and exploits weaknesses in telephones instead of computers) etc.
There are a variety of methods used. Emails full of malicious links are sent. Bogus webpages are pushed to the top of search results for you to find and click on. Social engineering is used to gather sensitive data from you or your team, which is then used to break into your systems.Passwords are guessed, or maybe the latest application exploit is used to get inside.
And what about Cybercrime? It is the use of computers and networks to perform illegal activities such as spreading computer viruses, online bullying, performing unauthorized electronic fund transfers etc. Most cybercrimes are committed through the internet. Some cybercrimes can also be carried out using phones via SMS and online chatting applications.
So, these were the basics. Let's go deeper.
- Adware: Adware can mean the software that automatically generates advertisements in a program that is otherwise free, such as an online video game.
- Back door: A back door, or trap door, is a hidden entry to a computing device or software that bypasses security measures, such as logins and password protections. Some have alleged that manufacturers have worked with government intelligence to build backdoors into their products. Malware is often designed to exploit back doors.
- Bot: A program that automates a usually simple action so that it can be done repeatedly at a much higher rate for a more sustained period than a human operator could do it.
- Botnet: A botnet is a group of computers controlled without their owners’ knowledge and used to send spam or make denial of service attacks. Malware is used to hijack the individual computers, also known as “zombies,” and send directions through them.
- Brute force attack: Also known as an exhaustive key search, a brute force attack is an automated search for every possible password to a system. It is an inefficient method of hacking compared to others like phishing. It’s used usually when there is no alternative.
- Clone phishing: Clone phishing is the modification of an existing, legitimate email with a false link to trick the recipient into providing personal information.
- Cracking: To break into a secure computer system, frequently to do damage or gain financially, though sometimes in political protest.
- Denial of service attack (DoS): DoS is used against a website or computer network to make it temporarily unresponsive. This is often achieved by sending so many content requests to the site that the server overloads.
- Distributed denial of service attack (DDoS): A DoS using a number of separate machines.
- Doxing: Discovering and publishing the identity of an otherwise anonymous Internet user by tracing their online publically available accounts, metadata, and documents like email accounts, as well as by hacking, stalking, and harassing.
- Keystroke logging: Keystroke logging is the tracking of which keys are pressed on a computer (and which touchscreen points are used).
- Logic bomb: A virus secreted into a system that triggers a malicious action when certain conditions are met.
- Malware: A software program designed to hijack, damage, or steal information from a device or system. Examples include spyware, adware, rootkits, viruses, keyloggers, and many more. The software can be delivered in a number of ways, from decoy websites and spam to USB drives.
- Master: The computer in a botnet that controls, but is not controlled by, all the other devices in the network.
- Payload: The cargo of a data transmission is called the payload. In black hat hacking, it refers to the part of the virus that accomplishes the action, such as destroying data, harvesting information, or hijacking the computer.
- Packet sniffer: Sniffers are programs designed to detect and capture certain types of data. Packet sniffers are designed to detect packets traveling online. Packets are packages of information traveling on the Internet that contain the destination address in addition to content. Packet can be used to capture login information and passwords for a device or computer network.
- Phishing: Tricking someone into giving you their personal information, including login information and passwords, credit card numbers, and so on by imitating legitimate companies, organizations, or people online. Phishing’s often done via fake emails or links to fraudulent websites.
- Remote access: Remote control is the process of getting a target computer to recognize your keystrokes as its own, like changing a TV with a remote control.
- Rootkit: A rootkit is a set of software programs used to gain administrator-level access to a system and set up malware, while simultaneously camouflaging the takeover.
- Social engineering: A custodian is to a janitor as a social engineer is to a con man. Social engineering is conning people into giving you confidential information, such as passwords to their accounts. Given the difficulty of breaking, 128-bit encryption with brute force, for example, social engineering is an integral element of cracking. Examples include phishing and spear-phishing.
- Spam: Unwanted and unsolicited email and other electronic messages that attempt to convince the receiver to either purchase a product or service, or use that prospect to defraud the recipient.
- Spear-phishing: A more focused type of phishing, targeting a smaller group of targets, from a department within a company or organization down to an individual.
- Spoofing: Email spoofing is altering the header of an email so that it appears to come from elsewhere. A black hat hacker, for instance, might alter his email header so it appears to come from your bank. IP spoofing is the computer version, in which a packet is sent to a computer with the IP altered to imitate a trusted host in the hope that the packet will be accepted and allow the sender access to the target machine.
- Spyware: Spyware is a type of malware that is programmed to hide on a target computer or server and send back information to the master server, including login and password information, bank account information, and credit card numbers.
- Trojan horse: A Trojan is a type of malware that masquerades as a desirable piece of software. Under this camouflage, it delivers its payload and usually installs a back door in the infected machine.
- Virus: Self-replicating malware that injects copies of itself in the infected machine. A virus can destroy a hard drive, steal information, log keystrokes, and many other malicious activities.
- Vulnerability: A weak spot hackers can exploit to gain access to a machine.
- Whaling: Spear-phishing that targets the upper management of for-profit companies, presumably in the hope that their higher net worth will result in either more profit, if the cracker is after financial gain, or that their higher profile will ensure the gray hat hacker more exposure for his or her cause.
- Worm: Self-replicating, standalone malware. As a standalone it does not report back to a master, and unlike a virus it does not need to attach itself to an existing program. It often does no more than damage or ruin the computers it is transmitted to. But it’s sometimes equipped with a payload, usually one that installs back doors on infected machine to make a botnet.
(Source: Daily Dot's definitive glossary of hacking terminology)
Some other terms not officially listed
- ZIP Bomb: A zip bomb, also known as a zip of death or decompression bomb, is a malicious archive file designed to crash or render useless the program or system reading it. It is often employed to disable antivirus software, in order to create an opening for more traditional viruses.
- Zone-H :"Zone" is an archive of defaced websites which was born in Estonia on march 2, 2002. Once a defaced website is submitted to Zone-H, it is mirrored on the Zone-H servers, it is then moderated by the Zone-H staff to check if the defacement was fake.
- Burp Suite: It is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.
- XSS Vulnerability: Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.
- SQL injection: SQL injection is a code injection technique, used to attack data-driven applications, in which nefarious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).
- Buffer overflow: A buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory locations.
- Reverse engineering: It is something when you build and replicate the behaviour of some system/application/whatever without knowing the source (ex. source code of an application, the technical details of an engine, etc.), but only knowing its features and its behaviours that are externally visible.
- Stagefright Android MMS vulnerability: A bug in Android viz. it's just an mms sent by a hacker by which he can access data of your phone.
- Metasploit: The Metasploit project is basically a security tool used to attack a system or a network. If you need to make a simulated attack on computer system looking for security weaknesses, Metasploit will show the vulnerabilities and aids in this so called Penetration Testing.
Tools used:
- Operating systems like Kali Linux, Tail OS etc provide enormous number of tools for hacking
- Browsers like Tor
- VPN services
- Change of proxy chains and many more
That's all the basics and you're good to go. Thanks for reading. Share it if you find it interesting.
Comments
Post a Comment