There is a lot of terminology in cybersecurity and ethical hacking that just swooshes right over people’s heads, especially if they have no clue about this field. Even if you try to follow ethical hacking news or read about the industry or watch something that is closely related to the world of hacking and cyber threats, you will come across some jargon that you will not understand. If you are new to ethical hacking training, you will be a stranger to many words like Kali, zero day, hashing, CVE etc. In this post, you can find some of these words explained in a manner that is easy to understand from a layman’s perspective.
1. Kali Linux
Kali Linux is a debian-based version of the Linux operating system that is designed for ethical hacking and cyber forensics. Hackers use Kali Linux for its tools that are designed for security assessment.
Think of Root as the core or foundation of something. Just like controlling the root of a plant can allow someone to control what goes on inside the plant, the same way, getting root access allows someone to control almost anything inside a system. All hackers try to get root privileges that are at the highest level of admin access.
Remote code execution is when a hacker runs malicious code on someone’s computer from a remote location.
4. 0 day
Zero day vulnerability is a loophole that is not yet discovered by the owners of the software or hardware. It can lead to zero day attacks since no patch is available for the users who are using the vulnerable product.
A patch can be compared to a band-aid that fixes a security problem. Also known as bug fixes, security patches are rolled out by manufacturers via system updates and software updates that must be installed as soon as possible.
Think of payload as a bomb or a weapon that causes harm. Entering a secured area is one thing but using your weapon or dropping your bomb is what the hackers are living for. Payload is the malicious code that installs malware, spyware, ransomware, or trojan etc. in a target system.
7. Social engineering
Social engineering is the art of manipulating and deceiving people so that they can divulge their sensitive information. It is a very well known method of obtaining access to a secured system. Phishing mails and impersonation calls that ask for your credentials are a part of social engineering. Eavesdropping, dumpster diving, fake apps are other ways of social engineering that can help attackers gain the credentials they need to access their targets.
8. Penetration testing
Penetration testing refers to assessing the vulnerabilities’ intensity in your system by trying to exploit them and seeing how critical they are. CEH online (Certified Ethical Hacker), LPT (Licensed Penetration Tester) and CPENT (Certified Penetration Testing Professional) are the kinds of experts who conduct penetration testing. It is legal and highly effective in securing your organisation.
OSINT or Open Source Intelligence is the process of gathering information about a target before attacking it. Hackers conduct OSINT using social media and other resources to find out relevant information that could aid them into infiltrating into the organisation.
Cybersecurity terminology can be pretty scary but if you get to the root of it (no pun intended), you will grow to use it without any hesitation. Just remember to use sources that explain it in a way that suits your knowledge level. Make sure that if you find this useful, then you share it with someone else who is also new to ethical hacking or cybersecurity like you.