Home of English Grammar

Grammar Guide
  • Home
  • Exercises
  • Matches
  • Rules
  • Tools
    • Grammar Checker
    • Very Replacer
    • Word Counter
  • Top Social Media Posts
  • Various Posts
  • Vocabulary
  • Writing Guides
  • Contact

100 Words Every Penetration Tester Should Know

July 18, 2026

100 Words Every Penetration Tester Should Know

No. Item Definition
1. alert notification of suspicious activity
2. artifact trace left by activity
3. attack surface all reachable points of attack
4. authentication verifying claimed identity
5. authorization granting permitted actions
6. backdoor hidden access method bypassing controls
7. banner grabbing reading service banners for details
8. beacon periodic callback to controller
9. binary compiled executable program file
10. bind shell shell waiting for inbound connection
11. botnet network of controlled infected devices
12. buffer overflow writing beyond allocated memory
13. C2 command and control infrastructure
14. callback connection initiated back to operator
15. command injection injecting operating system commands
16. cookie browser-stored session data
17. crack recover plaintext from a hash
18. credential username and secret for access
19. CSRF forged request from authenticated user
20. CVE public identifier for vulnerability
21. debugger tool for inspecting program execution
22. decompiler tool converting binaries to code
23. directory traversal accessing files outside web root
24. DNS system translating names to addresses
25. domain human-readable internet name
26. EDR endpoint detection and response tool
27. encryption scrambling data with a key
28. enumeration extracting detailed target information
29. evasion bypassing defensive detection
30. exfiltration unauthorized data removal
31. exploit code or technique abusing a flaw
32. finding documented issue discovered during test
33. fingerprinting identifying software or systems
34. firewall filters network traffic by rules
35. forensics investigation of digital evidence
36. FTP file transfer protocol
37. fuzzing sending malformed inputs to find bugs
38. hardening reducing attack opportunities
39. hash fixed-length digest of data
40. host network-connected computer or device
41. HTTP web transfer protocol
42. HTTPS encrypted web transfer protocol
43. IDS detects suspicious activity
44. impact harm caused by exploitation
45. IOC indicator of compromise
46. IP address numeric network location identifier
47. IPS blocks detected malicious activity
48. keylogger tool recording keystrokes
49. kill chain stages of an attack
50. lateral movement moving across compromised systems
51. listener service waiting for incoming shells
52. log record of system events
53. malware software designed to cause harm
54. memory dump captured contents of system memory
55. MFA multiple factors for login verification
56. misconfiguration unsafe or incorrect system setup
57. MITRE ATT&CK framework of adversary behaviors
58. NAT address translation between networks
59. obfuscation making code harder to analyze
60. opsec protecting operational secrecy
61. OSINT publicly available intelligence gathering
62. password spray few passwords across many accounts
63. patch update correcting a flaw
64. payload code delivered after exploitation
65. persistence maintaining access over time
66. phishing deceptive message to steal access
67. pivot route attacks through compromised host
68. port network endpoint for communication
69. post-exploitation actions after initial compromise
70. privilege escalation gaining higher access rights
71. proof of concept demonstration that exploit works
72. race condition timing flaw causing unsafe behavior
73. RCE remote code execution vulnerability
74. reconnaissance information gathering before an attack
75. remediation steps to fix an issue
76. reverse shell shell connecting back to attacker
77. RFI remote file inclusion flaw
78. risk likelihood and impact combined
79. rules of engagement agreed limits and procedures
80. scan probe systems for information
81. scope authorized boundaries of testing
82. service networked program listening for requests
83. session active connection to compromised host
84. severity how serious an issue is
85. shell command-line access on a system
86. social engineering manipulating people for access
87. spoofing forging identity or source
88. TLS protocol securing network communications
89. token data granting authenticated access
90. trojan malware disguised as legitimate software
91. TTP tactics, techniques, and procedures
92. tunnel encapsulated communication channel
93. use-after-free using memory after release
94. vulnerability a weakness attackers can abuse
95. WAF filters web application traffic
96. web shell server-side script for control
97. wordlist list of candidate passwords
98. XSS injected script running in browser
99. XXE XML external entity vulnerability
100. zero-day unknown unpatched vulnerability
  • Share
  • Post
  • Post
  • Reddit
  • Email
  • WhatsApp
NEW: Try Matches, our daily vocabulary challenge. Pick a topic and level and match words with definitions to boost your vocabulary.
2,485,429 
761,532 
Improve Your Grammar
  • Download 2026 Grammar Guide (PDF)
  • Free Weekly Exercises & Vocabulary
  • Join over 3 Million English Learners
We respect your privacy. Unsubscribe anytime.

Grammar Checker

GrammarCheck.net - Try online
Hint → Bookmark GrammarCheck for future use.

Latest Posts

  • 100 Best Synonyms for “Fundamentally” July 18, 2026
  • 100 Words Every Penetration Tester Should Know July 18, 2026
  • 100 Collocations for Apologies and Forgiveness July 18, 2026
  • Present Continuous Negative Sentences Exercise July 17, 2026
  • 100 Best Synonyms for “Ideology” July 17, 2026
  • 100 Best Synonyms for “Fulfill” July 17, 2026
  • 100 Words to Describe a Dishonest Person July 17, 2026

Copyright © 2026 · EnglishGrammar.org
Disclaimer · Pro · Privacy Policy · Refund Policy · Sitemap · Terms

Improve Your Grammar
  • Download 2026 Grammar Guide (PDF)
  • Free Weekly Exercises & Vocabulary
  • Join over 3 Million English Learners
We respect your privacy. Unsubscribe anytime.