Skip to content

Keywords.md

Latest commit

 

History

History
19 lines (10 loc) · 2.51 KB

Keywords.md

File metadata and controls

19 lines (10 loc) · 2.51 KB

  1. Vulnerability - A vulnerability is a weakness in an IT system that can be exploited by an attacker to deliver a successful attack. They can occur through flaws, features or user error, and attackers will look to exploit any of them, often combining one or more, to achieve their end goal.

  2. Exploit - An exploit is a segment of code or a program that maliciously takes advantage of vulnerabilities or security flaws in software or hardware to infiltrate and initiate a denial-of-service (DoS) attack or install malware, such as spyware, ransomware, Trojan horses, worms, or viruses.

  3. Payload - The Payload is the malicious code that cyberattackers use to harm computers and networks. It’s like a virus or a Trojan horse. It can be delivered to your computer through email attachments, malicious websites, or USB drives.

  4. Zero Day - A zero-day exploit is a cyberattack vector that takes advantage of an unknown or unaddressed security flaw in computer software, hardware or firmware. "Zero day" refers to the fact that the software or device vendor has zero days to fix the flaw because malicious actors can already use it to access vulnerable systems.

  5. Information Gathering - Gathering as much information as we can about the target or system or infra and organizing it in a structure manner so it can be utilized later to perform Bug Bounty, Vulnerability Assessment and Penetration Testing.

    1. Active Information Gathering - Active Devices, IP's and Mac's , OS Details, Firewall, Firewall Bypass, Find open services.
    2. Passive Information Gathering - DNS Info, Tech Info, Cache Info, Google Dorks, Employee Emails, Sub Domain, Metadata, DMZ (Demilitarized zone)

  6. Reconnaissance - Also known as the preparatory phase, is where the hacker gathers information about a target before launching an attack and is completed in phases prior to exploiting system vulnerabilities. One of the first phases of

  7. Digital Footprinting - The Process of collecting and analyzing information about a target's online presence to identify potential vulnerabilities. (Or) The Traces they left online on the internet and that can be used to trace a person or a web applications.

  8. Website Enumeration - Web enumeration involves various techniques, each designed to uncover specific types of information about the target server. Common techniques include port scanning, directory enumeration, and reverse DNS lookups. Port scanning, for instance, is used to identify open ports and services on a target web server.