| No. | Item | Definition |
|---|---|---|
| 1. | alert | warning of suspicious activity |
| 2. | antivirus | software detecting malicious files |
| 3. | APT | skilled long-term attack group |
| 4. | attack surface | all exposed points for attack |
| 5. | attack vector | path used to gain access |
| 6. | authentication | verifying a user’s identity |
| 7. | authorization | granting permitted access rights |
| 8. | backdoor | hidden method of bypassing access |
| 9. | beaconing | periodic contact with control server |
| 10. | biometrics | body traits used for identification |
| 11. | botnet | network of compromised devices |
| 12. | breach | unauthorized access to protected data |
| 13. | brute force | guessing credentials repeatedly |
| 14. | buffer overflow | overwriting memory beyond limits |
| 15. | C2 | attacker control communication channel |
| 16. | certificate | digital document proving identity |
| 17. | cipher | method for encrypting data |
| 18. | command injection | executing unauthorized system commands |
| 19. | containment | limiting spread of an incident |
| 20. | credential | information used to prove identity |
| 21. | CSRF | forcing unwanted actions on websites |
| 22. | DDoS | distributed attack overwhelming a service |
| 23. | decryption | turning encrypted data readable |
| 24. | default password | preset password left unchanged |
| 25. | DNS | system translating domain names |
| 26. | dropper | malware that installs other malware |
| 27. | EDR | endpoint detection and response tool |
| 28. | encryption | process of encoding data securely |
| 29. | endpoint | user device on a network |
| 30. | enumeration | extracting detailed system information |
| 31. | eradication | removing threat from environment |
| 32. | evasion | avoiding detection by defenses |
| 33. | exfiltration | unauthorized removal of data |
| 34. | exploit | code or technique abusing a weakness |
| 35. | firewall | system that filters network traffic |
| 36. | firmware | low-level software on hardware |
| 37. | forensics | investigation of digital evidence |
| 38. | hardening | reducing system attack surface |
| 39. | hash | fixed-length output from data |
| 40. | honeypot | decoy system for attackers |
| 41. | HTTPS | secure version of HTTP |
| 42. | IDS | system detecting suspicious activity |
| 43. | incident | security event needing response |
| 44. | insider threat | risk from trusted internal person |
| 45. | integrity | data remaining accurate and unaltered |
| 46. | IOC | sign of possible compromise |
| 47. | IP address | numeric network device identifier |
| 48. | IPS | system blocking detected threats |
| 49. | keylogger | tool recording keystrokes secretly |
| 50. | kill chain | stages of an attack |
| 51. | lateral movement | spreading through a compromised network |
| 52. | least privilege | minimum access needed for work |
| 53. | log | record of system events |
| 54. | malware | software designed to cause harm |
| 55. | MFA | login requiring multiple proofs |
| 56. | misconfiguration | unsafe or incorrect system settings |
| 57. | mitigation | action reducing risk or impact |
| 58. | MITM | intercepting communication between parties |
| 59. | nonce | number used once |
| 60. | obfuscation | making code harder to understand |
| 61. | password | secret string used for access |
| 62. | patch | software update fixing flaws |
| 63. | phishing | fraudulent attempt to steal information |
| 64. | port | numbered communication endpoint |
| 65. | private key | secret key for decryption |
| 66. | protocol | set of communication rules |
| 67. | proxy | intermediary server handling requests |
| 68. | public key | shared key for encryption |
| 69. | quarantine | isolating suspicious files or systems |
| 70. | race condition | timing flaw causing unsafe behavior |
| 71. | ransomware | malware that demands payment |
| 72. | reconnaissance | gathering information before attack |
| 73. | recovery | restoring normal operations safely |
| 74. | remediation | fixing causes of a problem |
| 75. | rootkit | malware hiding deep system access |
| 76. | router | device directing network traffic |
| 77. | sandbox | isolated environment for testing |
| 78. | server | computer providing network services |
| 79. | smishing | phishing through text messages |
| 80. | sniffing | capturing network traffic data |
| 81. | social engineering | manipulating people to gain access |
| 82. | spear phishing | targeted phishing against specific victims |
| 83. | spoofing | forging identity or source |
| 84. | spyware | malware that secretly monitors users |
| 85. | tailgating | following someone into restricted area |
| 86. | telemetry | security data collected from systems |
| 87. | threat actor | person or group behind attacks |
| 88. | threat intel | information about threats and actors |
| 89. | TLS | protocol securing internet connections |
| 90. | token | digital item proving access |
| 91. | triage | prioritizing incidents by urgency |
| 92. | trojan | malware disguised as legitimate software |
| 93. | virus | malware that infects files |
| 94. | vishing | phishing through voice calls |
| 95. | VPN | encrypted private network connection |
| 96. | vulnerability | weakness that attackers can exploit |
| 97. | worm | self-spreading malicious program |
| 98. | XDR | extended detection across systems |
| 99. | XSS | injecting scripts into web pages |
| 100. | zero-day | previously unknown software flaw |

