An Ethical Hackers Guide: Part 4 - Basic Terminology, & Definitions

Hello Steemstemers, Utopians, Future Hackers and Crackers :]

Wikimedia Commons

Today I thought I would take the chance to discuss some of the more basic terminology, in regards to the activities we will be conducting in the future. Some of these words you have probably heard before, but my hopes are that there will be some that you haven't. If any of my definitions are not clear to you, please feel free to ask me anything :)

---

Adware

Adware is a type of seriously annoying type of 'malicious software', that spends its time displaying Ads on your computer, and when possible redirecting you to advertising websites where your data is collected for even further monetization.

Attack

An 'Attack', is a broad term for most any methods used to gain entry to a system where you do not belong. It is called this, among many reasons, to remind us that this is exactly what we are doing when we hack someones device. We are invading their privacy, personal space, etc.

Back door

A 'Back Door', is fairly evident to anyone who's ever snuck into the movies before :P When you want to gain access to almost any location, be it a computer, a smartphone, a coffee shop, it would be a good idea to have a back entrance, where you can enter without being noticed by any management or security systems.

Bot

A 'Bot', standing for robot, would be a tool used to automate tasks of various means. I have designed many such bots myself, from simply spamming people on Xbox, to earning small amounts of Crypto on old laptops to weak to mine. A bot for a PC, would emulate keystrokes as well as mouse clicks, though there are bots for many devices.

Botnet

'Botnets', are a most excellent weapon in terms of the hacking world. Lets be honest, they definitely aren't a good thing. However, there are many times, when even the best of hackers need the power of more than one computer, and that's exactly what a botnet is. A distributed network of computer slaves, all controlled by one master. These botnets can have millions of computers in them sometimes, and can cause some serious damage as well as do some awesome good.

Brute Force Attack

The term, 'Brute Force Attack', is a method of cracking an encryption key, (Password). This method, involves much less finesse than others, and simply tries every single possible combination of characters, numbers, etc until it finds the password, or the user gives up. The latter happens more than often, as brute force attacks are quite time consuming.

Buffer Overflow

A buffer overflow, is a type of attack, that involves overthrowing the buffer so as to overwrite and execute code in memory locations that should not have been run. This occurs, when a program attempts to write more data to the buffer, than the buffer can possibly handle, thus writing outside the buffer. This type of attack can often achieve code execution, however it can also achieve file corruption or system crash.

Distributed/Denial of Service Attack (DDoS-DoS)

DDoS, and DoS atacks, known as either Denial of Service, or Distributed Denial of Service, is a type of attack that one would use to overload a target device or network. This is achieved by sending massive torrents of data to the target device, in attempts to confuse and or break the system.

Exploit Kit

An Exploit Kit is typically, a highly sophisticated piece of malware, designed to be run on a web server. Its goal is to find an exploit that will gain us access to as many devices that connect to our server, as it possibly can. As mentioned above, these are expertly coded bits of malware, which often sell, or even rent for over $10,000 US.

Exploit

An exploit is a piece of code. However it is slightly more than that, it is code which has specifically designed to take advantage of a vulnerability in some sort of process or protocol.

Fork-Bomb

A fork bomb is a fairly antiquated trick, which can still often be run in the wild, it involves spawning a fork of essentially nothing, and then forking that in multiple directions, and so on and so on. The end result of this, is that all of the systems memory is used up, and the computer crashes.

Keystroke logging

Keystroke Logging, is the logging of keystrokes lol. Often times, to spy on a user, an attacker will install malware known as a key-logger, which will take note of all keys pressed on keyboard, and often with highly advanced features such as password grabbing, credit card sniffing, etc.

Logic bomb

A virus secreted into a system that triggers a malicious action when certain conditions are met. The most common version is the time bomb.

Malware

Malware is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, scareware, and other malicious programs.

Master/Slave/Zombie Relationship

In malware terminology, a Master, is the computer/device/server, responsible for issuing commands to Slaves, or Zombies. Slaves, often referred to as Zombie Slaves, probably so as not to offend.

Phishing

Phishing, or Fishing :P is most often used in regards to email, but in general, involves sending out mass messages, often including links leading to malware, or simply asking questions, in order to gain enough information about you or a network related to you, so as to gain access.

Rootkit

Rootkits are not always considered 'Malware', though often are. Rootkits only purpose, is to hide the existence of target processes or programs. Often from the Antivirus, and the User.

Social engineering

Social Engineering, is also known as the art of hacking human beings. More likely referred to as a trick in general, something as simple as tricking the admin into telling you your username, would be considered Social Engineering.

Spoofing

Spoofing, is in its essence, the practice of pretending to be someone else. A phone number can be spoofed, as well as an email or a username. This will come in handy many times during Social Engineering.

Spyware

Spyware is a type of malware that is designed to, well basically spy on you.. lol, they gather information, and sell it to the highest bidder on the dark web. Information could include Browser history, Calendar dates, GPS Location and more.

SQL Injection

SQL is a language used for Database Management. SQL Injection, is a process where bits of SQL code are injected into a web server, in attempts to retrieve information from the database. These Databases often contain user info like passwords, emails, and often much more.

Trojan

The word Trojan, comes from the story of Troy, where they used a gift horse to disguise an attack. Often times, hackers will disguise malware, as regular pieces of software, thus being names a Trojan.

Vulnerability

Where as an exploit is the code, applied to the system to gain access, A Vulnerability, is the code that allows the exploit its way through the systems walls. Vulnerabilities are your pirate booty as a hacker :)

Worms

Worms are fairly lethal types of viruses, as they are often rather intelligent, and are able to replicate themselves at alarming rates. These types of malware, can be considered a global threat if they were to get out of hand.

Cross-site Scripting

While mainly used for stealing a users cookies, and therefore web session, Cross Site Scripting, (XSS) can be used for a wide variety of attacks on a web server, from defacement to spreading malware. This type of attack is often done through something known as code injection.

---

Alright guys, Those are a good amount of some basic terms, and I will probably keep these going as we come across new or unfamiliar ones in the future :) It's been great doing this, and I am excited to start on my next article, where we will be taking an in depth look at the tools on Kali Linux. Hope you have all enjoyed this little debrief.

Happy Hunting,
Cerulean