Foundations
- CIA Triad — Confidentiality, Integrity, Availability. The three properties every security control aims to preserve.
- Threat — A potential cause of unwanted impact (e.g. a ransomware gang).
- Vulnerability — A weakness that a threat could exploit (e.g. an unpatched server).
- Risk — The combination of likelihood × impact, given the threats and vulnerabilities you have.
- Control — A safeguard that reduces risk (e.g. MFA, firewall, encryption).
Attacks & Adversary Behavior
- Phishing — Tricking a user into clicking, opening, or revealing something via deceptive email or message.
- Ransomware — Malware that encrypts data and demands payment for the decryption key.
- Lateral movement — Pivoting from one compromised system to others inside the network.
- Privilege escalation — Gaining higher access than originally granted (user → admin).
- C2 (command and control) — The infrastructure attackers use to send instructions to compromised hosts.
- IOC (indicator of compromise) — A forensic artifact (hash, IP, domain) suggesting a system is compromised.
- TTP — Tactics, Techniques, and Procedures — the patterns of behavior an adversary uses.
Vulnerabilities & Exploits
- CVE — Common Vulnerabilities and Exposures: a public registry of known software vulnerabilities, each with a unique ID like CVE-2026-12345.
- CVSS — A 0–10 score reflecting a vulnerability's severity.
- Zero-day — A vulnerability that's actively exploited before a patch is available.
- Exploit — Code or technique that takes advantage of a vulnerability.
- Patch — A fix issued by the vendor that closes the vulnerability.