The language used by hackers and cybersecurity professionals continues to expand

everyday, incorporating a mix of technical jargon, acronyms, and slang. This article aims
to explain the top 100 hacking terms and slang, providing you with the essential lexicon
to navigate the current cybersecurity landscape.

1. PHISHING

Phishing is a cyberattack that uses disguised email as a weapon. The goal is to trick the
email recipient into believing that the message is something they want or need — for
example, a request from their bank or a note from someone in their company — and to
click a link or download an attachment.

2. MALWARE

Malware, short for malicious software, encompasses any software intentionally

designed to cause damage to a computer, server, client, or computer network. By
disrupting operations, stealing information, or gaining access to private computer
systems, malware acts as the primary tool for cybercrime.

3. RANSOMWARE

Ransomware is a subset of malware where the data on a victim's computer is locked,

typically by encryption, and payment is demanded before the ransomed data is
decrypted and access returned to the victim. The motives for ransomware attacks are
nearly always monetary, and unlike other types of attacks, the victim is usually notified
and given instructions on how to recover from the attack.

LEARN MORE ABOUT RANSOMWARE

4. BOTNET

A botnet is a network of private computers infected with malicious software and

controlled as a group without the owners' knowledge. Botnets can be used to perform
Distributed Denial of Service (DDoS) attacks, steal data, send spam, and allows the
attacker to access the device and its connection.

5. DDOS (DISTRIBUTED DENIAL OF SERVICE)

A Distributed Denial of Service (DDoS) attack is an attempt to crash a website or online

service by overwhelming it with a flood of internet traffic. This is achieved by utilizing
multiple compromised computer systems as sources of traffic. DDoS attacks exploit the
specific capacity limits that apply to any network resources.

LEARN MORE ABOUT DDOS ATTACKS

6. EXPLOIT

An exploit is a piece of software, a set of data, or a sequence of commands that takes

advantage of a bug or vulnerability in order to cause unintended or unanticipated
behavior to occur on computer software or hardware. It often includes gaining control
over a computer system or allowing an attacker to introduce malware.

7. ZERO-DAY

A zero-day vulnerability is one that is unknown to the software vendor or to antivirus

vendors before it becomes active and exploitable. This means the attackers have a "zero
day" head start, hence the name, making it particularly dangerous.

8. BRUTE FORCE ATTACK

A brute force attack involves trying every possible combination of letters, numbers, and
special characters until the correct password is found. This method relies on the
computational power at the attacker’s disposal and is often used against web
applications to crack passwords and gain access to user accounts.
9. VPN (VIRTUAL PRIVATE NETWORK)

A Virtual Private Network (VPN) extends a private network across a public network,
allowing users to send and receive data across shared or public networks as if their
computing devices were directly connected to the private network. This provides the
benefits of security, functionality, and management policies of the private network.

10. TROJAN HORSE

A Trojan horse, or Trojan, is any malware which misleads users of its true intent. The
term is derived from the Ancient Greek story of the deceptive Trojan Horse that led to
the fall of the city of Troy. Trojans are generally spread by some form of social
engineering, for example, where a user is duped into executing an email attachment
disguised to appear not suspicious.

11. ROOTKIT

Rootkits are a type of malware designed to gain unauthorized access to a computer or

area of its software and hide the existence of certain processes or programs from
normal methods of detection. Rootkits allow viruses and malware to "hide in plain sight"
by disguising as necessary files that your antivirus software will overlook.

12. SOCIAL ENGINEERING

Social engineering is the art of manipulating people so they give up confidential

information. The types of information these criminals are seeking can vary, but when
individuals are targeted the criminals are usually trying to trick you into giving them
your passwords or bank information, or access your computer to secretly install
malicious software.

LEARN MORE ABOUT SOCIAL ENGINEERING

13. WHITELISTING

Whitelisting is a cybersecurity strategy under which a user can only take actions on their
computer that an administrator has explicitly allowed in advance. It is the opposite of
more common security strategies that block access to unauthorized or unknown
applications. This can protect against malware by only allowing pre-approved
applications to run.

14. BLACK HAT

A black hat hacker is an individual with extensive computer knowledge whose purpose is
to breach or bypass internet security. The black hat hacker is known for hacking into
computer networks with malicious intent, stealing data, corrupting the system, or
shutting it down entirely.

15. WHITE HAT

A white hat hacker, also known as an ethical hacker, is a cybersecurity expert who
practices hacking to identify security vulnerabilities that a malicious hacker could
potentially exploit. White hats aim to improve security by exposing weaknesses before
malicious hackers can detect and exploit them.

LEARN MORE ABOUT THE DIFFERENCES BETWEEN WHITE HAT AND BLACK HAT
HACKING

16. GREY HAT

A grey hat hacker lies between a black hat and a white hat hacker. They may exploit
security weaknesses without the owner’s permission or knowledge, but their intentions
are to report the vulnerabilities to the owner, sometimes requesting a small fee to fix
the issue.
17. ENCRYPTION

Encryption is the process of encoding information in such a way that only authorized
parties can access it. By converting the original representation of the information,
known as plaintext, into an alternative form known as ciphertext, encryption prevents
unauthorized individuals from accessing the data.

18. FIREWALL

A firewall is a network security device that monitors incoming and outgoing network
traffic and decides whether to allow or block specific traffic based on a defined set of
security rules. Firewalls have been a first line of defense in network security for over 25
years, establishing a barrier between secured and controlled internal networks that can
be trusted and untrusted outside networks.

19. KEYLOGGER

A keylogger is a type of surveillance technology used to monitor and record each

keystroke typed on a specific computer's keyboard. Keylogger software is potentially
malicious, allowing hackers to capture sensitive information like passwords and credit
card numbers.

20. SPOOFING

Spoofing is a fraudulent or malicious practice in which communication is sent from an

unknown source disguised as a source known to the receiver. Spoofing can apply to
emails, phone calls, and websites, or can be more technical, such as a computer
spoofing an IP address, Address Resolution Protocol (ARP), or Domain Name System
(DNS) server.

21. BACKDOOR

A backdoor in a computer system or cryptosystem is a method of bypassing normal

authentication, securing unauthorized remote access to a computer, while attempting
to remain undetected. The backdoor access can be installed by the system designer, or
it can be the result of a flaw, and it allows for remote command and control by
unauthorized users.

22. MAN-IN-THE-MIDDLE (MITM) ATTACK

In a Man-in-the-Middle (MitM) attack, the attacker secretly intercepts and possibly

alters the communication between two parties who believe they are directly
communicating with each other. This attack can be used to steal personal information,
login credentials, or credit card numbers and to eavesdrop on messages.

23. PATCH

A patch is a set of changes to a computer program or its supporting data designed to

update, fix, or improve it. This includes fixing security vulnerabilities and other critical
bugs, with patches usually being issued by the software vendor. Regular patching is
often cited as a critical component of comprehensive cybersecurity practices.

24. PENETRATION TESTING (PEN TESTING)

Penetration testing, often called "pen testing," is a simulated cyber attack against your
computer system to check for exploitable vulnerabilities. In the context of web
application security, penetration testing is used to augment a web application firewall
(WAF).

LEARN MORE ABOUT PENETRATION TESTING

25. SKIMMING

Skimming is the theft of credit card information used in an otherwise legitimate

transaction. It is typically an "inside job" by a dishonest employee of a legitimate
merchant and usually involves the employee swiping the card on a small device known
as a skimmer to record the information to use in fraudulent transactions later.

26. SMISHING

Smishing is a deceptive tactic that uses text messaging to lure victims into providing
personal information, such as passwords or credit card details. It combines the terms
"SMS" (short message services) and "phishing" and often directs the recipient to a
fraudulent website or asks them to install malware.

27. SPEAR PHISHING

Spear phishing is an advanced form of phishing that targets specific individuals,

organizations, or businesses. Unlike broad phishing attacks, spear phishing attackers
gather and use personal information about their target to better disguise their attack
and increase their chances of success.

28. SPYWARE

Spyware is a type of malware that is installed on a computer without the knowledge of

the owner in order to collect the user's personal information. Spyware can monitor
internet activity, access emails, and steal personal information, including credit card
details.

29. SQL INJECTION

SQL injection is a code injection technique used to attack data-driven applications.

Malicious SQL statements are inserted into an entry field for execution (e.g., to dump
the database contents to the attacker). SQL injection is one of the oldest, most
prevalent, and most dangerous web application vulnerabilities.

30. VISHING

Vishing, or voice phishing, involves the use of telephone communication to scam the
user into surrendering private information that will be used for identity theft. The
scammer usually pretends to be from a legitimate organization and uses social
engineering to steal sensitive information.

31. WARDRIVING

Wardriving involves searching for Wi-Fi wireless networks by a person in a moving

vehicle, using a laptop or smartphone to detect and map networks, often exploiting
insecure Wi-Fi signals to gain unauthorized access.

32. WORM

A computer worm is a type of malware that spreads copies of itself from computer to
computer. A worm can replicate itself without any human interaction, and it does not
need to attach itself to a software program in order to cause damage.

33. XSS (CROSS-SITE SCRIPTING)

Cross-Site Scripting (XSS) is a vulnerability in web applications that allows attackers to

inject malicious scripts into content from otherwise trusted websites. XSS attacks enable
attackers to bypass access controls and impersonate users, potentially leading to
unauthorized access to sensitive information.

34. ZOMBIE COMPUTER

A zombie computer is a machine compromised by a hacker, a virus, or a trojan horse
and can be used to perform malicious tasks under remote direction. Botnets, networks
of zombie computers, are often used to send spam emails or launch DDoS attacks.

35. DOXXING

Doxxing is the internet-based practice of researching and publicly broadcasting private

or identifying information about an individual or organization. The methods employed
to acquire this information include searching publicly available databases and social
media websites, hacking, and social engineering.

36. HONEYPOT

A honeypot is a computer system that is set up to act as a decoy to lure cybercriminals

and to detect, deflect, or study attempts at unauthorized use of information systems.
Honeypots are designed to mimic systems that an intruder would like to break into but
limit the access to the system and the data within.

37. LOGIC BOMB

A logic bomb is a piece of code intentionally inserted into a software system that will set
off a malicious function when specified conditions are met. Unlike viruses, logic bombs
do not replicate themselves but can be just as destructive.

38. PHARMING

Pharming is a cyberattack intended to redirect a website's traffic to another, bogus site.

Pharming can be conducted either by changing the hosts file on a victim’s computer or
by exploitation of a vulnerability in DNS server software.

39. ROOT ACCESS

Root access refers to having the highest level of control over a computer or network. It
allows for the modification of system functionalities and settings, installation of
software, and access to all files on the system. Root access provides complete
administrative control over a wide variety of system functions and files.

40. SESSION HIJACKING

Session hijacking, also known as cookie hijacking, is the exploitation of a valid computer
session—sometimes also called a session key—to gain unauthorized access to
information or services in a computer system. This type of attack involves an attacker
stealing a session cookie and using it to impersonate the legitimate user.

41. CREDENTIAL STUFFING

Credential stuffing is an automated attack where attackers use stolen account

credentials to gain unauthorized access to user accounts through massive automated
login requests. This attack exploits the common practice of using the same password
across multiple services, thereby increasing the risk of successful account breaches
across different platforms

42. CRYPTOCURRENCY MINING MALWARE

Cryptocurrency mining malware covertly utilizes the processing power of the infected
computer to mine cryptocurrency, typically without the user's consent. This type of
malware can significantly degrade system performance, increase electricity costs, and
often serves as a gateway for other malicious activities.

43. DIGITAL FOOTPRINT

A digital footprint comprises the traces of information that individuals leave online
through activities like visiting websites, posting on social media, or subscribing to online
services. This footprint can reveal a lot about an individual's preferences, behavior, and
identity, making it valuable for both legitimate and malicious actors.

44. DUMPSTER DIVING

Dumpster diving in the context of information security involves searching through

physical trash to find documents, storage media, or other items that contain sensitive
information. This discarded information can be exploited for identity theft, corporate
espionage, or other malicious purposes.

45. EAVESDROPPING ATTACK

In an eavesdropping attack, an attacker intercepts and listens to private digital

communications without consent. This attack can compromise the confidentiality of
personal messages, financial transactions, and other sensitive information, leading to
privacy violations and data breaches.

46. ENDPOINT DETECTION AND RESPONSE (EDR)

Endpoint Detection and Response (EDR) solutions provide real-time monitoring and
automated response to advanced threats targeting endpoint devices. EDR tools actively
seek out and isolate threats, offering detailed threat analysis and insights to prevent
future attacks.

47. EVIL TWIN

An evil twin attack involves setting up a fraudulent Wi-Fi access point that mimics the
appearance of a legitimate one to deceive users into connecting. Once connected,
attackers can monitor traffic, capture login credentials, and access sensitive information
transmitted by unsuspecting users

48. FUZZING

Fuzzing is a dynamic code analysis technique used to identify vulnerabilities in software

applications. By automatically feeding unexpected or random data inputs into the
program, fuzzing aims to trigger errors, crashes, or memory leaks that could be
exploited by attackers.

49. GHOSTWARE

Ghostware refers to malware that eludes detection by hiding its presence after
executing a malicious activity. This allows the malware to operate or transfer data
without being detected by security software, making it particularly challenging to trace
and eliminate.

RECOMMENDED BY LINKEDIN

ARTICLE ROUNDUP FROM YOUR NEIGHBORHOOD CISO

COHESITY 1 YEAR AGO

THE HUMAN ELEMENT: YOUR MOST UNDERVALUED CYBERSECURITY…

JOSHUA CRUMBAUGH 1 YEAR AGO

THE THREAT OF CLOP RANSOMWARE: A DARK AND LOOMING…

CYBLE INC. 1 YEAR AGO

50. HASHING

Hashing is a cryptographic process that transforms any form of data into a unique fixed-
size string of characters, which serves as a fingerprint for that data. Unlike encryption,
hashing is a one-way process, making it impossible to reverse the hash back to its
original data, thus ensuring data integrity.
51. INSIDER THREAT

An insider threat arises from individuals within the organization, such as employees,
contractors, or business partners, who misuse their access to harm the organization's
information or systems. Insider threats can manifest through data theft, sabotage, or
misuse of access privileges

52. JAILBREAKING

Jailbreaking refers to the process of removing software restrictions imposed by the

operating system on devices like smartphones and tablets. This allows users to install
unauthorized apps, extensions, and themes, but can also expose the device to security
vulnerabilities.

53. KALI LINUX

Kali Linux is a Linux distribution designed for digital forensics and penetration testing. It
comes preloaded with a comprehensive suite of tools for security auditing, network
analysis, and vulnerability assessment, making it a valuable resource for security
professionals.

54. LATERAL MOVEMENT

Lateral movement refers to the techniques used by attackers to navigate through a

network, moving from one system to another, to gain access to valuable assets or data.
This stage of a cyber attack is critical for expanding the attacker's foothold within the
target environment.

55. MACRO VIRUS

A macro virus is a type of malware that embeds malicious code within macros of
document files, such as Word or Excel documents. When the infected document is
opened, the macro virus executes, potentially leading to data corruption, file
encryption, or other system disruptions.

56. NETWORK SNIFFING

Network sniffing involves capturing data packets as they travel across a network.
Attackers use sniffing to intercept and analyze traffic for sensitive information, such as
passwords and financial data, often without detection.

57. OBFUSCATION

Obfuscation involves deliberately making source code, machine code, or algorithmic

logic difficult to understand. This technique can be used by programmers to protect
intellectual property or by attackers to conceal malware's true purpose from analysis
tools and security professionals.

58. PIGGYBACKING

Piggybacking on a wireless network refers to the unauthorized access of someone else's

Wi-Fi network. This practice not only steals network resources but also poses a
significant security risk, as it could be used for illegal activities or to gain unauthorized
access to networked devices.

59. QUARANTINE

Quarantining involves isolating a suspected malicious file, software, or device to prevent

it from causing harm or spreading within a computer or network. This containment
strategy allows for safe analysis and decision-making regarding the disposition of the
potential threat.

60. RAT (REMOTE ACCESS TROJAN)

A Remote Access Trojan (RAT) is a type of malware that allows hackers to control a
device remotely without the user's knowledge. RATs can be used for a variety of
malicious purposes, including spying, stealing data, or distributing other malware.

61. SANDBOXING

Sandboxing is a security technique in which a separate, secure environment is created

to run and analyze untrusted programs or code, preventing them from accessing or
harming the host device or network.

62. SOCIAL MEDIA ENGINEERING

Social Media Engineering form of cyber manipulation that involves tricking individuals
on social media platforms into divulging confidential information or performing actions
that would compromise their security. This technique leverages the inherent trust and
openness found within social networks.

63. TAILGATING

An unauthorized person following an authorized person into a secured area, often by

closely following them through a door meant to restrict access. Tailgating is a physical
security breach that can lead to cyber breaches if intruders gain access to secure
locations.

64. THREAT INTELLIGENCE

Information used by an organization to understand the threats that have, will, or are
currently targeting the organization. This data is used to prepare, prevent, and identify
cyber threats looking to take advantage of valuable resources.

65. TWO-FACTOR AUTHENTICATION (2FA)

A security process in which users provide two different authentication factors to verify
themselves. This method is a more secure way of authenticating because it adds a
second layer of verification beyond just a password.

66. VULNERABILITY ASSESSMENT

The process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in
a system. It provides the organization with the necessary knowledge, awareness, and
risk background to understand the threats to its environment and react appropriately.

67. WHALING

A specific form of phishing aimed at senior executives and other high-profile targets
within businesses. The attack may involve social engineering techniques to trick the
victim into performing a detrimental action, such as transferring funds or revealing
sensitive information.

68. ZERO TRUST ARCHITECTURE

A security concept centered on the belief that organizations should not automatically
trust anything inside or outside its perimeters and instead must verify anything and
everything trying to connect to its systems before granting access.

69. CLICKJACKING

A technique where the attacker tricks a user into clicking on something different from
what the user perceives, potentially revealing confidential information or allowing
others to take control of their computer

70. DRIVE-BY DOWNLOAD

Refers to the unintentional download of malicious code to your computer or mobile
device that exploits vulnerabilities in web browsers, operating systems, or apps. It often
does not require any user interaction to execute.

71. EGRESS FILTERING

The process of monitoring and potentially restricting the flow of information outbound
from one network to another. This can help prevent sensitive data from leaving the
network and block unauthorized access.

72. FIRMWARE

Low-level software that is embedded into the hardware of electronic devices. Firmware
provides the necessary instructions for how the device communicates with other
computer hardware.

73. GRAYWARE

Software that, while not explicitly malicious, can worsen the performance and security
of computers, introduce vulnerabilities, and cause significant annoyances to the user.

74. HEURISTIC ANALYSIS

A technique used by antivirus software to detect previously unknown computer viruses,

as well as new variants of viruses already in the "wild," by examining code for suspicious
properties.

75. IOC (INDICATOR OF COMPROMISE)

A piece of forensic data, such as system log entries or files, that identifies potentially
malicious activity on a system or network. IOCs help security professionals detect data
breaches, malware infections, or other threat activities.

76. JITTERBUGGING

A method used by cybercriminals to insert jitter, or unpredictable time delays, into

network communications. This can disrupt the timing of encryption algorithms and
make communications more susceptible to interception and decryption.

77. KERBEROASTING

A type of cyberattack against the Kerberos authentication protocol to crack the

passwords of service accounts in Windows domains. It exploits the way that Kerberos
handles service principal names (SPNs) to retrieve hashed credentials vulnerable to
offline brute-force attacks.

78. LOGIC GATE

In the context of digital circuits, a logic gate is a basic building block of a digital system
that is used to perform a boolean function; in cybersecurity, it can refer metaphorically
to decision points in security protocols or malware.

79. MITIGATION

The process of reducing the severity, seriousness, or painfulness of something. In

cybersecurity, it refers to the measures taken to reduce the adverse effects of threats
and vulnerabilities on information and information systems.

80. NONCE

A number or bit string used only once, in security engineering, during an authentication
process or cryptographic communication. Nonces prevent old communications from
being reused in replay attacks.

81. PATCH MANAGEMENT

A strategy for managing patches or updates for software applications and technologies.
Patch management helps ensure that the software's security and functionality are up-
to-date, mitigating potential vulnerabilities.

82. RED TEAM

In cybersecurity, a Red Team is a group that plays the role of an adversary, using hacking
techniques to test the effectiveness of a system's security. This practice helps identify
weaknesses before actual attackers can exploit them.

LEARN MORE ABOUT RED TEAMING

83. BLUE TEAM

A group responsible for defending an organization's use of information systems by

maintaining its security posture against a group of mock attackers (Red Team). The Blue
Team aims to detect and respond to the attacks effectively.

84. PURPLE TEAM

Purple Teaming is a collaborative effort in which the offensive Red Team and defensive
Blue Team work closely together to share insights, feedback, and learning outcomes to
enhance overall security.

85. RISK ASSESSMENT

The process of identifying, analyzing, and evaluating risk. It helps organizations

understand the cybersecurity risks to organizational operations (including mission,
functions, image, and reputation), organizational assets, and individuals.

86. SECURITY OPERATIONS CENTER (SOC)

A centralized unit that deals with security issues on an organizational and technical
level. A SOC within a building or facility is a central location from where staff supervises
the site, using data processing technology.

87. THREAT HUNTING

Threat Hunting is a proactive search through networks to detect and isolate advanced
threats that evade existing security solutions. This is a sophisticated, information-driven
process that searches for indicators of compromise.

LEARN MORE ABOUT THREAT HUNTING

88. VPN KILL SWITCH

A security feature that automatically disconnects a user from the internet until the VPN
connection is restored. This prevents the user's IP address and personal data from being
exposed due to the sudden drop of the VPN connection.

89. WAF (WEB APPLICATION FIREWALL)

A security barrier specifically designed to monitor, filter, and block data packets as they
travel to and from a website or web application. It applies a set of rules to an HTTP
conversation, covering common attacks such as cross-site scripting (XSS) and SQL
injection.

90. X.509 CERTIFICATE

A standard defining the format of public key certificates. X.509 certificates are used in
many Internet protocols, including TLS/SSL, which is the basis for HTTPS, the secure
protocol for browsing the web.

91. YARA RULES

In cybersecurity, YARA is a tool used for identifying and classifying malware samples.
YARA rules allow researchers to create descriptions of malware families based on
textual or binary patterns.

92. ZERO-DAY EXPLOIT

An attack that targets a previously unknown vulnerability, for which there is no available
fix or patch at the time of discovery. The attacker exploits the flaw before developers
have an opportunity to address it.

93. ATTRIBUTION

The process of identifying and assigning responsibility to the perpetrator of a cyber

attack. Accurate attribution is often challenging due to the ability of attackers to disguise
their identity and location.

94. BEACONING

The process by which malware communicates back to the attacker to indicate that it has
successfully infiltrated the target system. Beaconing can also be used to receive
commands or exfiltrate data.

95. CHAIN OF CUSTODY

In digital forensics, the chronological documentation or paper trail, showing the seizure,
custody, control, transfer, analysis, and disposition of evidence, physical or electronic.

96. DATA EXFILTRATION

The unauthorized transfer of data from a computer or other device. This can be
conducted manually by an individual or automatically through malicious programming
on the internet or a network.

97. ENCRYPTION KEY

A string of characters used to encrypt or decrypt data. Keys are used in conjunction with
encryption algorithms to securely encode data, ensuring that only those with the correct
key can access the original information.

98. Forensic Analysis

The process of examining and analyzing digital information for use as evidence in court.
Cyber forensic analysis involves recovering and investigating material found in digital
devices, often in relation to computer crime.

99. GEOFENCING

A location-based service in which an app or other software uses GPS, RFID, Wi-Fi, or
cellular data to trigger a pre-programmed action when a mobile device or RFID tag
enters or exits a virtual boundary set up around a geographical location, known as a
geofence.

100. HACKER ETHICS

A set of values that guide the behavior of hackers, which includes access to computers—
and anything that might teach you something about the way the world works—should
be unlimited and total. It emphasizes freedom of information, improvement to the
quality of life, and opposition to monopoly by leveraging technology.