.svg){kind=icon}
FileGrant
Securely store, share, and manage your files with an advanced, easy-to-use, and highly customizable platform
- A-C
- D-F
- G-M
- N-R
- S-X
Account hijacking
Compromise of an account, for example through phishing.
Account takeover
Illegal takeover of an account in order to impersonate the victim, for example to perform financial transactions.
ACDC (Advanced Cyber Defence Center)
European project aimed at providing solutions and building knowledge to help organizations across Europe fight botnets.
Agentic AI
A class of systems built around operational autonomy, advanced contextual reasoning, and multi-level decision-making.
AISP(Account Information Service Provider)
Providers that give customers information services on online payment accounts, such as balances and transaction history.
Agentive AI
AI capable of making decisions and acting autonomously to pursue a specific goal.
Analytics-as-a-Service
On-demand data analytics services that can also be used for security purposes.
APA (Attack Path Analysis)
Technique used to identify and assess the potential paths an attacker could use to breach a system or network.
APT (Advanced Persistent Threat)
Complex attacks targeting specific organizations, characterized by reconnaissance, sophisticated tools, and long-term persistence.
Arbitrary File Read
A vulnerability that allows an attacker to access files through remote web requests.
Assume breach
A security mindset that assumes a compromise will eventually occur, so teams prepare to detect, investigate, and contain it quickly.
Pivot-back attacks
An attack in which a public-cloud resource is compromised to gather information that is later used against the on-premises environment.
BITS Jobs
Technique that lets cybercriminals schedule and run malicious background downloads without attracting attention.
Blockchain
Technology that records transactions on an immutable distributed ledger maintained across multiple nodes.
Booter/Stresser
Paid tools used to launch DDoS attacks.
CAL (Cybersecurity Assurance Level)
A dynamic indicator of the effort required to assure the security of an element based on risks affecting all of its assets.
Computer interception tool
Software deployed on portable electronic devices to intercept communications or in-person conversations.
Carding
Trading stolen credit card, debit card, or bank-account information for financial fraud.
CDR (Cloud Detection and Response)
A security approach that gives SecOps teams the capabilities needed to monitor, detect, and stop cloud-specific attacks.
CEO fraud
A phishing scam targeting senior executives such as CEOs, presidents, or CFOs.
CFC (Cyber Fusion Center)
A holistic, multidisciplinary approach to security management that breaks down traditional silos across teams and functions.
CLOSINT (Closed Source Intelligence)
The collection of information from closed, non-publicly accessible sources.
Cloud weaponization
An attack in which compromised cloud virtual machines are used as a launching point to attack and control many other machines.
CNAPP (Cloud-Native Application Protection Platform)
A category of solutions that combines multiple security capabilities into one platform to protect cloud applications.
CNOs (Computer Network Operations)
A form of information warfare focused on attacking, disrupting, or defending computer networks and systems.
CNP (Card-Not-Present)
A payment made without the physical presence of the payment card, such as an online purchase.
CoA (Courses of Action)
A plan describing operational strategies and actions; in cyber intelligence it refers to actions taken by attackers or defenders.
Constituency
Within a CERT, the group or population that the service supports.
Context-based access
An access approach that adapts decisions based on the dynamic risk level of the specific transaction.
C&C (Command and Control)
Hosts used to send commands to infected machines and manage botnets.
Counterintelligence
The identification, assessment, neutralization, and exploitation of intelligence activities conducted by adversarial entities.
Course of action matrix
A method for identifying, prioritizing, and mapping response actions in the event of possible intrusions.
Credential stuffing
An attack that uses previously stolen username/password pairs to attempt account access.
Cryptojacking
The illegal use of a victim’s computing resources to mine cryptocurrency.
Cryptolocker
Malware that encrypts files on an infected device in order to demand a ransom.
CTW (Check-the-Web)
A platform created to support monitoring and investigations related to terrorism on the internet.
CVSS v3
A vulnerability scoring system that produces both numeric and qualitative severity ratings.
CTI (Cyber Threat Intelligence)
The discipline of collecting and analyzing heterogeneous data to understand threats and support effective defensive action.
Cyber espionage
Espionage conducted through illicit cyber techniques.
Cyber Kill Chain
A model defined by Lockheed Martin to support threat detection and response decision-making.
Cybersquatting
The practice of registering or using third-party domain names, especially valuable brands, for profit.
Cyber resilience
An organization’s ability to withstand an attack and restore normal operations afterward.
Cyber-reasoning systems
Systems built to automatically identify vulnerabilities in complex networks using cognitive algorithms.
Cyber weapon
Malware or hardware designed or used to cause harm in cyberspace.
CYBINT (Cyber Intelligence)
The intelligence discipline applied to the cyber domain, including strategic and contextual analysis.
Data diode
A security device that allows one-way data flow only.
Data leakage
Unauthorized transfer or exposure of confidential information.
DDoS (Distributed Denial of Service)
Distributed denial-of-service attacks carried out through a botnet or network of devices.
DDoS-for-hire
A rented or on-demand DDoS attack service.
Debunking
The set of activities used to verify whether content is false or misleading.
Defense in depth
A strategy that uses multiple layered controls so other defenses remain active if one layer fails.
Deepfake
Deep-learning techniques capable of generating fake photos or videos.
Deep web
The portion of the web not indexed by standard search engines.
DES (Data Encryption Standard)
A symmetric-key data-encryption algorithm.
DGA (Domain Generation Algorithms)
Algorithms used by some malware families to generate large numbers of domain names.
Diamond Model
A structured framework for the technical analysis of possible intrusions.
Digital twin
A virtual and dynamic representation of a physical system updated in real time through sensors.
Digital scarcity
In blockchain, the ability to make digital information such as files or payments non-duplicable.
DMARC
An email-authentication standard that helps prevent spoofing and phishing.
DNS cache poisoning
An attack in which false IP-to-domain mappings are inserted into a DNS cache.
DNS open resolver
A vulnerable system abused to amplify DDoS attacks.
DNSSEC
A set of specifications that improves the integrity and security of DNS information.
DoS (Denial of Service)
Attacks intended to make services unavailable.
Double extortion
Ransomware attacks that encrypt files and also threaten to publish stolen data.
Downloader
Software whose role is to fetch additional malicious components after the initial infection.
Drive-by exploit kit
An attack in which simply visiting a malicious page can trigger malware installation by exploiting vulnerabilities.
DRDoS (Distributed Reflection Denial of Service)
An attack that uses IP spoofing and vulnerable reflectors to amplify traffic toward the victim.
Dropper
Code whose purpose is to install malware on the victim's computer.
Eavesdropping
In VoIP, an attack similar to man-in-the-middle used to spy on, record, and steal information.
eBPF (Extended Berkeley Packet Filter)
Linux kernel technology that enables real-time network monitoring and filtering with low overhead.
EDR (Endpoint Detection and Response)
Tools designed to continuously monitor suspicious events on endpoints and support ongoing threat response.
Enterprise architecture
An enterprise-wide information model that connects data across organizational functions to support visibility and future planning.
ERTMS (European Rail Traffic Management System)
European railway signaling and speed-control system designed to improve interoperability and safety.
Evasion
In AI systems, an attack that manipulates input data to confuse a trained model's classification.
Exploit
Code or techniques used to take advantage of a system vulnerability.
Exploit kit
Applications that let even non-expert attackers automatically exploit vulnerabilities.
Facing applications
Public-facing applications such as websites.
Fast flux
A technique that hides malicious DNS infrastructure behind a constantly changing network of compromised machines.
Fix
Code created to correct software errors or vulnerabilities.
Ghost broking
A fraud scheme in which a fake insurance policy is sold to a victim.
GRE (Generic Routing Encapsulation)
A tunneling protocol that encapsulates network-layer protocols inside point-to-point virtual links.
Hate speech
Expressions that spread, incite, promote, or justify hatred or intolerance.
Harvest now, decrypt later
A strategy of collecting encrypted data today for decryption later when stronger computing becomes available.
Hit-and-run / pulse wave
Short-lived but frequent attacks occurring over a limited time window.
HMI (Human-Machine Interface)
A key industrial-systems component that lets operators interact with control and monitoring environments.
Honeypot
An isolated decoy asset used to attract attacks and collect intelligence about them.
HTTP POST DoS attack
An attack that abuses slow, persistent HTTP POST requests to exhaust web-server resources.
HUMINT (Human Intelligence)
The intelligence discipline based on human sources.
Kill switch
A device or mechanism used to forcefully stop an activity.
IACS (Industrial Automation and Control Systems)
Industrial automation and control systems including hardware, software, processes, and people.
IBAN swapping
Replacement of bank-account payment details or e-wallet coordinates to divert funds.
ICMP (Internet Control Message Protocol)
A protocol used by network devices to exchange control information and messages.
ICS (Industrial Control System)
Industrial control systems.
IDS (Intrusion Detection System)
A device or tool that identifies patterns associated with possible attacks.
IGA (Identity Governance & Administration)
A tool used to govern identities and manage provisioning, reprovisioning, and deprovisioning of access.
IMEI
A unique code identifying a mobile device.
IMSI
An international unique identifier combining subscriber, country, and telecom operator information.
IoB (Internet of Bodies)
The application of IoT to biological systems, using devices that collect biometric, physiological, and behavioral data.
Incident handling
The process of managing an information-security incident.
Information warfare
The use of information collection, processing, management, and dissemination to gain an advantage.
Infostealer
Malware designed to steal information such as credentials from an infected device.
Instant phishing
A phishing technique in which data entered by the victim on a clone site is used almost in real time against the legitimate site.
Interception and modification
In VoIP, interception of legitimate communications and their alteration to degrade or disrupt service.
Intrusion software
Spyware or intrusion software that may be used for legitimate security testing or unlawful surveillance.
IoA (Indicators of Attack)
Information useful for identifying a potential attack even before direct attacker-to-target interaction occurs.
IoC (Indicators of Compromise)
Artifacts or data points that can be used to identify potentially compromised systems.
IP fragmentation
A DDoS technique that abuses IP packet fragmentation.
IPMI (Intelligent Platform Management Interface)
A low-level interface used for out-of-band hardware management of servers.
IPS (Intrusion Prevention System)
A device or tool able to identify and actively prevent attacks.
ISA/IEC 62443
An ISO-aligned standard defining security requirements for industrial automation and control systems.
ITDR (Identity Threat Detection and Response)
Strategies, processes, and technologies used to detect, analyze, and respond to attacks targeting digital identities.
Jamming
Intentional interference with an electromagnetic signal in order to disrupt or prevent its proper reception.
LOTL (Living Off the Land)
An attack technique that abuses native tools already present in the operating system.
LOTS (Living Off Trusted Sites)
A technique in which attackers abuse trusted or already-present tools and services to conduct malicious activity with lower detection risk.
MaaS (Malware as a Service)
A service model in which one group develops malware while others distribute it to customers.
Malvertising
The use of online advertising as a vehicle for delivering malware.
Man-in-the-browser
A technique that intercepts information sent by the victim, such as login credentials, inside the browser session.
Meaconing
Interference with navigation signals, such as GPS, to alter location information.
Memcached
Software often used on web servers to cache data and reduce database or backend traffic.
MFA fatigue
An attack in which the user is bombarded with MFA prompts until one is eventually approved.
MFU (Malicious File Upload)
A web-server attack based on remotely uploading malware or oversized files.
Mining
The creation of new cryptocurrency through the computational power of blockchain participants.
MitC (Man in the Cloud)
An attack in which malware replaces a user's cloud synchronization token with the attacker's token.
Money mules
People used to convert illegal proceeds into cash, often through money laundering.
NTP (Network Time Protocol)
A protocol used to synchronize clocks across network-connected devices.
OF2CEN
A platform designed to collect and share reports of suspicious online financial transactions in real time.
Oracles
External data sources that feed a blockchain smart contract and can trigger or influence its execution.
OSINT (Open Source Intelligence)
The practice of gathering intelligence from publicly available sources.
OT (Operational Technology)
Hardware and software used to monitor and manage physical assets in industrial and similar environments.
Payload
The harmful functional component of malware.
Hard-coded password
A password embedded directly in software code.
Pharming
A technique that redirects a victim to a fake but look-alike site in order to steal credentials.
PHI (Protected Health Information)
Personal information related to a person's physical or mental health and associated care or payment data.
Phishing
A technique that tricks a victim through fake communications into visiting a clone site to steal credentials.
Phone hacking
Hacking activity targeting phone systems.
Ping flood
An attack based on continuously sending ping requests to the victim system.
Ping of Death
An attack that sends malformed ping packets intended to crash the target's networking stack.
PIR (Priority Intelligence Requirements)
Information requirements that guide priorities in intelligence planning.
Plausible deniability
The ability to deny knowledge of harmful actions when no proof exists to show otherwise.
Poisoning
In AI, an attack that contaminates training data so the model behaves incorrectly.
Port sweeping
Scanning multiple systems for a specific open port.
Pretexting
A social-engineering technique in which an attacker uses a fabricated story to gain a victim's trust.
Prompt injection
Apparently legitimate inputs that contain malicious instructions capable of altering system behavior.
PSYOPs (Psychological Operations)
Psychological operations intended to influence the opinions and behavior of foreign groups, organizations, or individuals.
Pulse wave (aka hit-and-run)
Short, frequent attacks over a limited time frame.
QKD (Quantum Key Distribution)
Technology that uses quantum mechanics to create secure communication channels for exchanging keys.
QTSP (Qualified Trust Service Provider)
A trust-service provider formally qualified by the supervisory authority to deliver qualified trust services.
Quishing / QRishing
An attack that uses malicious QR codes to send victims to fraudulent sites or trigger malware downloads.
RDP (Remote Desktop Protocol)
A protocol used for remote communication and access between computers.
EU Machinery Regulation (EU 2023/1230)
A regulation replacing the previous directive and introducing cybersecurity requirements for machinery.
Resilience
The ability of an organization to absorb shocks and adapt to a continuously changing environment.
Resource ransom
A cloud attack that attempts to lock access to resources by compromising the victim's public-cloud account.
Responsible AI
A set of practices that ensures AI systems behave ethically and remain controllable, explainable, and accountable.
Retrieving data
The search and collection phase in OSINT, focused on gathering data about a selected target.
Rootkit
Malware that enables covert control of a device while hiding itself and other malicious software.
SASE (Secure Access Service Edge)
A security approach built around a Zero Trust model for tightly controlled access.
SAST (Static Application Security Testing)
Static code analysis used to identify vulnerabilities in applications.
SBOM (Software Bill of Materials)
A nested inventory of software products, components, and suppliers present within the organization.
Scrubbing center
A center where network traffic is analyzed and cleaned of malicious components.
Self-sovereign identity
A digital-identity model in which users retain full control over their own data.
Service abuse
VoIP attack techniques that misuse the victim's telephony infrastructure to generate traffic to premium-rate numbers.
Shadow AI
Unsanctioned use of AI tools and models by users outside proper governance and controls.
Side-channel attacks
Attacks that exploit indirect information leakage, including attempts to colocate virtual machines on the same physical host.
SIEM (Security Information and Event Management)
A system for collecting and normalizing logs and correlating security events.
SIGINT (Signals Intelligence)
The intelligence discipline based on collecting and analyzing signal and electromagnetic-emission information.
Sinkhole
A technique that redirects network traffic to a specific server for analysis or containment.
SMB (Server Message Block)
A protocol for sharing files and printers across local networks.
Smoking gun
A term used to indicate near-conclusive evidence that a crime was committed.
SOAR (Security Orchestration, Automation and Response)
An approach that orchestrates security technologies and automates data collection, analysis, and response.
SOC (Security Operations Center)
A center responsible for running security functions and monitoring events that may represent threats.
Social threats
A VoIP form of identity theft aimed at impersonating a user to carry out harmful actions.
SOCMINT (Social Media Intelligence)
The branch of OSINT focused on collecting information from social networks.
SOP (Standard Operating Procedure)
Standard procedures describing the steps to follow during OSINT investigations and repeatable operations.
Spear phishing
A phishing attack carefully targeted at specific individuals or groups.
Spoofing
The falsification of information, such as the sender address of an IP packet.
Spyware
Malware that collects information about a victim's behavior and sends it to the attacker.
SQL injection
An attack technique based on malicious SQL queries sent to a database.
SL-A (Security Level Achieved)
The security level actually achieved.
SL-T (Security Level Target)
The required target security level.
SSDLC (Secure Software Development Life Cycle)
A program that embeds security from the earliest design stages and follows the full software life cycle.
SSDP (Simple Service Discovery Protocol)
A protocol that automatically discovers and advertises devices on a network.
SSH (Secure Shell)
An encrypted protocol that allows remote interaction with network devices or servers.
SSPM (Security Posture Management)
Solutions for SaaS environments that continuously monitor security settings, user permissions, and external connections.
Steganography
A technique for hiding information inside another medium such as an image, video, or audio file.
STIX (Structured Threat Information eXpression)
A structured language for describing and automatically sharing cyber threat intelligence across organizations.
Tampering
An intentional but unauthorized act that modifies a system, system components, intended behavior, or data.
TARA (Threat Analysis and Risk Assessment)
A methodology used to detail possible threats to a product and assign risk levels.
TAXII (Trusted Automated eXchange of Indicator Information)
A protocol used to exchange STIX-described cyber threat intelligence over HTTPS.
TCP SYN flood
An attack in which spoofed SYN packets prevent proper completion of the TCP three-way handshake and exhaust server resources.
TDM (Time-Division Multiplexing)
A technique that lets multiple devices share a communication channel in predefined time slots.
Attack-amplification techniques
Techniques that abuse IP spoofing and vulnerable hosts to greatly amplify attack traffic.
Attack-reflection techniques
Techniques that abuse exposed hosts as reflectors to redirect and magnify attack traffic toward the victim.
TLP (Traffic Light Protocol)
A protocol used to share sensitive information according to clearly defined dissemination levels.
TLS (Transport Layer Security)
A protocol used for secure communications over TCP/IP networks, succeeding SSL.
Tradecraft
The combination of methods, capabilities, and resources an attacker uses to carry out operations.
TSP (Trust Service Provider)
A natural or legal person providing one or more trust services.
UBA (User Behavior Analytics)
Technology that learns normal user behavior and later flags anomalous activity.
UDP flood
A mass flood of UDP packets sent to a target host to exhaust its resources.
UPnP (Universal Plug and Play)
A network protocol that enables devices to automatically connect to and share services on a network.
VNC (Virtual Network Computing)
A remote desktop-sharing tool.
Vetting
The process of identifying participants in a blockchain environment.
VHUMINT (Virtual Human Intelligence)
The extension of Human Intelligence methods into virtual environments.
Vishing
The voice-based variant of phishing.
Volume Boot Record
The small disk area at the start of a partition containing code used to load and start the operating system.
Watering hole
A targeted attack in which a website regularly visited by the target is compromised.
Weaponization
The modification of files or documents to turn them into effective delivery mechanisms for malicious code.
Web injects
A technique that makes the user's browser display content different from what is actually on the visited site.
WEF Quantum Readiness Toolkit
A toolkit that provides five principles to help organizations prepare for a secure quantum economy.
Whaling
A specialized form of spear phishing in which the attacker impersonates a senior executive to deceive an internal employee.
Wiper
A class of malware whose sole purpose is to destroy or erase the target system.
XDR (Extended Detection and Response)
Tools that unify security-solution components into a single platform for detection and incident response.