It’s an introductory post to some important terms used in ethical hacking which you need to know and get familiar with to learn ethical hacking.
This information will be useful in the scanning phase and it will help to draw network maps and identify potential vulnerabilities.
If you want to learn Ethical Hacking at an advanced level to get from a complete beginner to an expert ethical hacker, you can try the most affordable option Advanced Ethical Hacking and Penetration Testing Course.
Ethical Hacking Terminology
These are some basic terms you will come across while learning ethical hacking.
Backdoors are programs used by hackers as entry points to any system or software without having to log in and authenticate. After hacking a system, hackers plant backdoors in the victim’s system, so that they don’t have to authenticate or hack the system again to gain access to the system and data. Backdoor is used to maintain access to the compromised system once its hacked.
A bot is simply an automated program to perform tasks automatically at a fast speed and sustain them for a long time so that the program runs repeatedly. Hackers use bots to automate their tasks or scripts like DOS, to attack web servers or services, to perform phishing attacks, etc.
However, a botnet is a group of hacked or compromised systems that a hacker can control to perform tasks or initiate attacks like DDOS.
It’s a password hacking method that tries every combination of characters over and over again until it finds the real password and authenticates it into the system.
To simply put, it’s kind of an error that occurs when you allocate more memory to a memory block or buffer than it can hold.
Let’s explain in more simple terms, so the buffer is a place where the computer temporarily stores data. Now, this buffer has a specific capacity of how much data can be stored in it. When you store data in buffer more than its capacity. It will cause a buffer overflow.
Clone Phishing Attack
In this clone phishing attack, a hacker clones a real and genuine email that you might have received from a genuine sender and then send this legitimate-looking email to you by a spoofed email address with malware or malicious link in it to get your personal or confidential data.
DOS and DDOS
I have already explained about DOS and DDOS attacks in an article. Have a look at it.
Exploit is simply a piece of code, data, or program which is used or executed to take advantage of any weakness or vulnerability in the target’s system and then gain unauthorized access to the system.
The term exploit kit is used to refer to two different things, one is a toolkit or all-in-one tool which is a collection of exploits.
Another thing it refers to is the process of compromising a server system to find a vulnerability, hack the system and gain access to all of its clients when they try to connect with this compromised server while browsing the internet. Hackers mostly use this technique to distribute malware and RATs to a large audience.
A firewall is security system software that simply puts a security barrier between you and the outside network. It filters all incoming and outgoing traffic. It helps to protect you from unwanted or illegitimate traffic or intruders and allows only secure communication.
Keystroke Logging and Keylogger
Keystroke logging is the process of secretly recording all keys pressed on the victim’s computer to get login ids and passwords. Hackers do this using keylogger programs.
You might have heard of this, cloaking is the process in which a hacker will present you a link or content which looks legitimate to you but when you click on it, it will load different things like ads, malware, viruses, or any other malicious content.
A virus is a piece of code or program that is designed to perform malicious tasks when executed in a victim’s system like corrupting the system, destroying important data, or other malicious activities. A virus is capable of replicating itself.
Weakness in a system or software program which hackers take advantage of to hack your system and gain unauthorized access to the system.
Zombie System or Zombie Drone
A zombie system refers to a compromised system that hackers use to perform malicious tasks like phishing, sending spam emails, distributing malware, etc.
A malicious code or virus installed in a system that executes itself or sometimes other malicious programs or tasks when a certain condition is met which is programmed in it.
Encryption and Decryption
Encryption is the process of encoding a plain text message or content to ciphered text or simply unreadable to protect its confidentiality from unauthorized parties. Encoding data simply makes it unreadable to unauthorized users.
And decryption is the process of converting the ciphered text back to its original and readable form.
Payload is a main piece or portion of code or malicious program intended for malicious tasks like hijacking system, keylogging, etc.
Phishing is a social engineering attack in which a hacker sends a legitimate-looking email to a victim to gain their trust and acquire confidential details. Sometimes, hackers also send tempered legitimate-looking login pages like Facebook login page, Gmail login page intended for the victim to enter their username and password, and then when they click login, these details will be sent to the hacker.
Social engineering is simply the art of exploiting human behavior and trust to divulge the victim into performing malicious tasks and giving out confidential details.
Ransomware is a widely famous type of malware virus that completely encrypts your data and then gives you a message asking for money to get data back decrypted.
The master program is a type of program which hackers use to send commands remotely to the compromised system (botnet or zombie system) to perform malicious tasks and carry out their hacks like DOS or DDOS, phishing, etc.
Rootkits are malicious programs used by hackers to hide the existence of any running program or process from detection and maintain privileged access.
Spyware is a type of malicious program which collects personal details or confidential data about the target without their knowledge and sends it back to the hacker.
Trojan Horse or Trojan
Trojans are malicious programs designed by hackers that look like legitimate programs but are often used to steal personal information, delete data, or spy on a target, etc.
The threat is a potential danger that can be exploited with the help of any existing vulnerability or bug to compromise the system and gain access to it.
A worm is a piece of code or program which self-replicates itself in the system but does not do any harm to files. It resides in memory to keep replicating itself. It mostly intends to spread to other computers.
Shrink Wrap Code
It’s a process of exploiting a vulnerability in an unpatched program or poorly configured software programs.
It’s a process hackers use to mask themselves (by changing IP address, mac address, etc.) and intend to identify as someone else usually to gain illegitimate access or advantage.
It’s a type of attack in which a hacker, inject malicious SQL query in vulnerable database-driven apps to get information and dump database contents.
Cross-Site Scripting or XSS
It’s a vulnerability found in web apps that allows a hacker to inject client-side scrips into webpages visited by other users.
As we progress through the process of learning ethical hacking, we will learn more about all these terms. So please subscribe to our email newsletter, follow us on social media or enable notification to get the latest tutorials and updates about ethical hacking.