Professional Documents
Culture Documents
3. Distributed Denial of Service (DDoS): Similar to DoS, but the attack is launched
from multiple sources simultaneously to amplify the impact.
6. Cross-Site Scripting (XSS): Injecting malicious scripts into web pages to execute in
victims' browsers, often allowing the attacker to steal sensitive information or control the
user's session.
10. Ransomware: Malicious software that encrypts victims' files, demanding a ransom
payment in exchange for the decryption key.
11. Malware: General term for malicious software, including viruses, worms, trojans, and
spyware, designed to harm or exploit systems or steal information.
13. Buffer Overflow: Overloading a program's memory buffer to execute arbitrary code,
potentially allowing the attacker to gain control over the system.
15. Pharming: Redirecting victims to fake websites, often through DNS poisoning, to
deceive them into entering their credentials or financial information.
20. DNS Spoofing: Tampering with DNS responses to redirect users to malicious
websites or intercept their communications.
22. Wireless Sniffing: Capturing and analyzing network traffic over wireless networks to
obtain sensitive information, such as passwords or account credentials.
24. Watering Hole Attack: Infecting websites frequently visited by a target audience to
exploit their devices or gain access to their network.
25. Advanced Persistent Threat (APT): A prolonged and targeted attack by a skilled
adversary, often sponsored by a nation-state, aiming to gain unauthorized access or extract
sensitive information.
29. Smishing: Phishing attacks conducted through SMS or text messages, usually
tricking recipients into revealing sensitive information or downloading malware.
30. Vishing: Phishing attacks conducted over voice calls, often using social engineering
techniques to deceive victims into divulging sensitive information.
32. Trojan Horse: Malicious software disguised as legitimate software, often tricking
users into installing or executing it, allowing the attacker to gain unauthorized access or
control.
33. Keystroke Injection: Injecting keystrokes into a target system, typically using
specialized hardware or malicious firmware, to perform unauthorized actions.
34. Logic Bomb: Malicious34. Logic Bomb: Malicious code that remains dormant within
a system until triggered by specific conditions or events, often causing damage or
unauthorized actions.
35. Fileless Malware: Malware that operates in memory without leaving traces on the
file system, making it difficult to detect and eradicate.
38. Session Replay: Recording and replaying a user's interaction with a web
application, potentially exposing sensitive information or credentials.
40. Reverse Engineering: Analyzing and understanding the inner workings of software
or systems to identify vulnerabilities or extract sensitive information.
41. DNS Hijacking: Manipulating DNS settings or compromising DNS servers to redirect
users to malicious websites or intercept their communications.
44. Insider Data Theft: Unauthorized access to and theft of sensitive data by an
individual with legitimate access, such as an employee or contractor.
45. Supply Chain Attacks: Targeting vulnerabilities in the software supply chain to
compromise trusted applications or components, allowing for widespread exploitation.
46. DNSSEC Attack: Exploiting weaknesses in the DNS Security Extensions (DNSSEC)
protocol to bypass or undermine its security measures.
47. Side Channel Attacks: Exploiting information leaked through unintended channels,
such as power consumption or electromagnetic radiation, to extract sensitive data.