What are the most commonly used ethical hacking terminologies in 2021?
As a professional ethical hacker you have to know how to define different ethical hacking terms that you encounter on a daily basis.
Knowing the appropriate ethical hacking terminology is key to writing a proper ethical hacking report. If you follow the correct pentesting methodology, then you know how important writing a clear pentest report is.
In this article we are going to define the most commonly used ethical hacking terminologies. Use these terminology during your presentation and everyone nods like yo know what yo talkin about.
Before we get into the list of the hacking terminologies, let’s begin by looking at the 3 common types of hackers.
1. White hat
White hat hackers is used to refer to hackers who hack a network or system in order to find security vulnerabilities so that they can fix them. White hack hacking is completely legal and is a very fast growing profession in IT today.
2. Black hat
Black hat hackers hack to get unauthorized access to a system on network in order to destroy or steal sensitive user data. Black hat hacking is illegal and will almost always lead to a lawsuit if you are caught.
3. Grey hat
Grey hat hackers are hackers who hack a network or system just for fun without any malicious intentions. It’s somewhere in between white and black hat hacking. I don’t know if this is legal, but I do it anyway.
Some grey hat hackers do it with the intention of later informing the company about their findings in exchange for a reward… This can get you in trouble. I know a guy who go his *ss locked up after informing a business about the vulnerabilities he found and the management wasn’t happy that he outsmarted all of them!
Right. After knowing the different terminology used to refer to the types of hackers, let’s get into the list of most commonly used ethical hacking terminology in 2021.
Adware is a piece of software that is designed to force display of pre-selected ads on a system.
An attack is an ethical hacking terminology used to refer to any action performed on a system with the intention of obtaining unauthorized access to data or sensitive information.
6. Back door
Back door is another often used ethical hacking terminology which refers to a hidden entry point into a software or application that bypassess the standard security measures like login and authentication.
A bot refers to a computer program that is designed to automate certain tasks that are repeated, but faster and for a sustained long period of time than a human would.
For example, you could create a bot to crawl the web, find all websites running a particular WordPress version with a known vulnerability and attack them. In fact, this kind of non targeted attack is a very common method used by hackers as I have outlined in this article on website hacking techniques.
A botnet is a collection of computers that are controlled remotely or through a malware without the knowledge of the user.
It is common for an attacker to infect various computers with malware and then launch a Distributed Denial of Service attack (DDoS) on a remote server through them. Through these computers, the attacker floods the server with an avalanche of requests than it can handle, and the owners don’t even know their computers are sending these requests.
9. Brute force attack
Brute force attack refers to the use of automated software to forcefully try to gain unauthorized access to a network, system or website by trying multiple username and password combinations until a match is found. It’s commonly used to crack wifi passwords as well as online user accounts.
10. Buffer overflow
Buffer overflow occurs when more data is written to a block of memory than the buffer is configured to hold.
An attacker exploits buffer overflow by trying to upload an extremely large file to the server. Once there is a buffer overflow, they then attempt to write malicious scripts that are executable to other permanent memory areas of the system.
Cloaking is where a hacker presents you with content or a hyperlink that is different from what you actually see. It is a common linkjacking practice among video streaming sites who trick you to click on say a video play button, but then load an ad in a new tab.
12. Clone phishing
Clone phishing is an ethical hacking terminology used in email phishing scams, where an attacker modifies an existing legit email with false links, to try to trick you to give some sensitive confidential information.
A Cracker, also known as a black hat hacker, is anyone who performs any actions that are aimed at obtaining unauthorized access to a software or network.
DoS, which refers to a denial of service attack, is where a malicious hacker floods a server with web page requests than it can handle in a short interval of time. It is done with the intention to overwhelm the server, crash it and make it temporarily unavailable to other users.
DDoS, which means distributed denial of service, is an ethical hacking terminology used to refer to a DoS attack that is achieved through a botnet. Which means that multiple compromised systems are used to attack a single server, so that it receives overwhelming requests from various locations simultaneously.
Encryption is the process of encoding a message to obfuscate it and make it unreadable by anyone but the authorized parties. Encrypting messages flowing through a network ensures that hackers cannot read them even if they grab the packets using these network pentesting tools.
An exploit is a piece of software or series of commands that are executed to take advantage of an security flaw, bug or vulnerability on a network or software. It can also be used to refer to the actual act of trying to compromise the security of a system by taking advantage of its vulnerabilities.
18. Exploit kit
An exploit kit is a collection of tools or software that run on web servers, scouting for vulnerabilities on the target machines and exploiting these vulnerabilities by executing malicious commands.
A firewall is a filter that enables safe communication between users and systems within a network by keeping away any outside unwanted intrusion. It can be implement to protect a web server from a DoS attack by filtering and discarding the malformed requests before they actually reach the server.
HTTPS, which stands for HyperText Transfer Protocol, with the “S” added to it is a basic framework that controls how data is transmitted across the web.
The trailing “S” means that all the transmitted data is first encrypted to add an additional layer of security for secure online browsing. SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are protocols used by HTTPS to provide additional identity proof to your website.
A hacker can see data transmitted through plain HTTP, so don’t enter your credit card information on websites that don’t have HTTPS implemented.
21. Keystroke logging
Keystroke logging is an ethical hacking terminology used to refer to the process of using a malware to record all keyboard strokes that a user presses on a computer.
It is one of the most common password hacking techniques used by hackers to obtain plaintext passwords of even complex passwords. Some free or cracked software you download from some random website online might come with a keystroke logger.
A local attack is where the exploit or malware is delivered directly to the vulnerable target computer or network by having previous access to it and escalating certain privileges. It is common for such kinds of attacks to be launched by a disgruntled employee who wants to take revenge on the company.
Malware is another common ethical hacking terminology used to refer to a family of intrusive programs or malicious software like viruses, worms, ransomware, spyware, adware, scareware etc. It is a darling to an attacker.
24. Master program
A master program is the original program used to remotely transmit commands to infected botnets, also called zombie drones, to launch say a DoS attack on another server.
Payload is an ethical hacking terminology used to refer to the part of the virus or malware that performs the malicious actions like destroying system data or hijacking the computer system.
Phishing is the type of email fraud where an attacker sends fake legitimate-looking emails, with a view to deceive the recipient into divulging certain sensitive personal information.
A phreaker is a hacker that illegally breaks into a telephone network in order to wiretap voice calls or phone lines or make long distance calls for free.
Ransomware is a common ethical hacking terminology that refers to a type of malware that completely locks you out of your system, then displays a ransom message asking you to send some money in order to regain access.
Often the payment is requested in Bitcoin, so that they can’t be tacked, and these kinds of ransomware attacks commonly target individuals, banks, hospitals and online businesses.
A remote access tool or remote access trojan is a type of software that once installed on a computer, enables you complete remote access and control of that computer.
While it can be used for legit reasons, like when you want to remotely access your home computer, it’s often used by hackers to gain unauthorized access to a user’s computer and execute malicious commands.
A remote attack is where an attack is carried out by sending an exploit over a network to exploit security vulnerabilities in another machine without obtaining previous access to the vulnerable machine.
Rootkit is a type of malware that stealthily runs on a system, hiding certain programs or processes existing in a computer from being detected by normal detection methods, while giving continuous privileged access to the computer.
32. Shrink wrap code
Shrink wrap code is where an off-the-shelf software comes with certain features, that the user is not aware of, that can be used by an attacker to exploit the system
33. Social engineering
Social engineering is where you perform psychological tricks on a user or employee in order to trick them to divulge sensitive information like usernames or passwords.
An employee receives a random call from someone claiming to be from the new tech support team. He claims to need their password to perform some updates on their end. The unsuspecting employee happily hands over this information which is then used to gain unauthorized access to the company network or website.
Very nice! Why try to crack the password when you can simply call a company staff and let them hand it over to you with a smile?
Spam is a common ethical hacking terminology used to refer to any unwanted or unsolicited email from the internet.
They are often used to spread malware or steal sensitive data through phishing emails. Often, spammers would collect email addresses from the internet using web scraping tools and randomly send emails promoting products or advertisements.
Email spoofing is where an attacker modifies the headers of an email to make it look like it was sent from a legit source that you trust, like your bank.
IP spoofing is where an illegitimate data packet is sent over a network by modifying its sender IP to look like it’s from a trust host. All these are done with the intent of obtaining sensitive information or unauthorized access to certain user privileges or data.
Spyware is a type of malware used to gather confidential and sensitive information about a person or organization and then sending over this information to a third party without your knowledge or consent.
37. SQL Injection
SQL injection is a very common type of website hacking where an attacker inserts malicious SQL statements through forms to be executed by the application.
It is so common that a proper penetration test should not omit SQL injection vulnerability tests. In fact, I put together a web application penetration testing checklist to ensure you cover this vulnerability whenever you’re performing ethical hacking on a web app.
38. Target of evaluation
Target of evaluation is one of the most common ethical hacking terminologies used to refer to any system, network, application or software that is the subject of a security analysis or attack.
A threat is any type of danger than can take advantage of a bug, security flaw or vulnerability to compromise the security of a network or application.
40. Trojan Horse
A trojan horse is a malicious program that is designed to look exactly like a legit program you already know, in order to confuse you into installing it.
Once installed a trojan horse can destroy your system files, alter information, steal your passwords and any other sensitive information.
A virus is a hacking terminology used to refer to malware that replicates itself and on your system and is capable of destroying your system or corrupting your data.
A vulnerability is a security flaw, loophole or bug that enables an attacker to comprise the security of a network or software.
A word is a type of virus that sits on your active system memory and duplicates itself but does not alter system files or data.
45. Zero day threat
Zero day threat is a terminology used to refer to a threat that is undocumented, hence hidden from antivirus scanners installed on a system.
Ethical hacking is one of the fastest growing professions in the IT sector, so the best time to get started is now.
In fact, in just a few months, you could become a professional ethical hacker by taking these top rated ethical hacking courses online. It also means the competition for these jobs is getting stiffer as more people get in. So for you to have success you need to stand out from the crowd.
It all begins by using the correct ethical hacking terminology during your interviews and testing reports. If you start by talking about “threats” to the “target” network that could be “exploited” by “remote attackers” trying to “crack” the wifi password… I will definitely begin to think you are a “white hat” hacker who could protect me from “phishing emails”.
I hope this list of the ethical hacking terminologies helped you get up to speed with these hacking terms.
Are there other ethical hacking terminologies that I missed out of this list? Please mention your favorite terms in the comments below.