Glossary

Australian Cybercrime Online Reporting Network. An Australian government initiative where members of the public can report cybercrime

Advanced Encryption Standard, also known as Rijndael. An encryption specification from NIST which uses a symmetric key algorithm

Advanced Persistent Threat. A skilled and motivated attacker with a specific target

A key derivation function with variants:

AUSCERT Security Bulletin

Address Space Layout Randomisation. A feature that makes exploiting buffer overflow attacks more difficult by randomising where program code, variables, and linked libraries are located in memory

Validation that an identity belongs to that person, for example, with a password or ID card

The process of asserting an identity is allowed to perform an action on a resource

Antivirus software. A program designed to detect and remove malicious software

A purpose-built, secret way to bypass normal access methods

A hardened host with minimal surface area, usually for remote access to a network where a VPN is not possible

A type of cryptocurrency often requested in scams and ransoms

Full disk encryption software provided with Windows. Not to be confused with CryptoLocker

A key derivation function commonly used for full disk encryption master keys or password storage

A list of entities that are denied access

A type of attack where the amount of data written to memory is larger than the buffer provided, so data is written to adjacent memory causing unexpected program behaviour

An incentive provided for researchers to find and report security flaws in an organisation’s software or web applications

Bring your own device. A company policy where employees can use their own hardware to access internal data and services, instead of company-controlled devices

Certificate Authority. A third party that issues digital certificates which indicate that the entity on the certificate owns their public/private key pair and the related domain name or business entity

A type of attack where false data is introduced into cache. The cache can be for a database, http, or any other service that implements caching

A challenge designed to prove the user is human, and not a machine. See also reCAPTCHA

A bit or series of integers derived from a piece of data or file, used to verify the data hasn’t changed. For example, to make sure a packet hasn’t corrupted during transmission, or to check if two files are likely to be identical

Chief Information (Security) Officer

An algorithm for encrypting or decrypting data. An encrypted message is often called ciphertext and unencrypted is called plaintext

Certified Information Systems Security Professional. An industry certification

An attack where an invisible layer is placed on top of a legitimate button or link, so when the victim attempts to click it, they click on the attacker’s link instead

Content Management System. Wordpress and Drupal are examples of popular content management systems

cross-origin resource sharing. A specification to safely allow downloading web resources from a different domain

See XSS

Any decentralised digital currency that uses cryptographic distributed proof of work systems to verify transactions

Method of protecting information so that it can be transferred confidentially to the intended recipients

Cross site request forgery. An attack targeting a user who is already authenticated to a web application, to send requests on their behalf without their knowledge

Capture the flag. A type of security competition where participants solve various challenges to find a 'flag'

Common Vulnerabilities and Exposures. A public list of security vulnerabilities in software or products, each with a unique identifying number. See https://cve.mitre.org/

Common Vulnerability Scoring System. An open standard to give a numerical score to a vulnerability to quantify its severity

Common Weakness Enumeration. A list of software weaknesses that can lead to a vulnerability. This list isn’t product-specific. See https://cwe.mitre.org/index.html

System processes that run in the background, as opposed to interactive user sessions

Allocated IP space used for overlay networks such as Tor, or specially encrypted traffic. Often used interchangably with darkweb

Content on the internet that requires specific software or configuration to access, for example, the Tor dark web

Distributed Denial of Service. A type of DoS attack where the service is overwhelmed by traffic from multiple sources, making this attack more difficult to block

Parts of the internet unable to be indexed by search engines

The concept of having multiple layers of security mechanisms so that if one fails, the system is not compromised

Data Encryption Standard. Superseded by AES. NIST has withdrawn DES as a standard

Domain Generation Algorithm. Provides malware with new domains to get around domain blocking

DomainKeys Identified Mail. Allows the sender to cryptographically indicate the originating domain is authentic

Direct memory access. A type of attack which bypasses the CPU and OS-level protections by using DMA, which allows an IO device to write directly to memory

Domain-based Message Authentication, Reporting and Conformance. A policy intended to combat email header spoofing, where the sender can publish whether DKIM or SPF are used, and what the recipent should do with a message if verification fails

Domain Name System. A naming system for resources on a network, to convert domain names to IP addresses and IP addresses back to domain names. It can also locate resources dynamically and provide load balancing

Also called DNS spoofing. A type of attack where a false record is introduced into the DNS resolver’s cache, allowing an attacker to replace legitimate IP addresses with ones pointing to malicious content

A system desined to sign DNS records with a CA-like system. Not widely used in practice due to insecure cryptographic standards, performance issues, and complexity of use

Denial of Service. An attack which prevents legitimate users access to a resource

Electronic Frontiers Australia. A non-profit Australian organisation for online rights

Electronic Frontier Foundation. A non-profit digital rights group based in America

European Institute for Computer Antivirus Research. The EICAR test file was created by EICAR to test anti-virus software

Executable and Linkable Format. A standard format for executable binary files on UNIX and UNIX-like systems

An email header contains routing information, timestamps, subject, and other information. For more detail, see RFC2822

The process of converting an input so that it is unreadable, except by the intended recipient, who is able to decipher the message with a key

A client device such as a laptop, tablet, or phone at the edge of the network

External Security Bulletin

Federal Information Processing Standard. A set of standards developed by the United States federal government, some which relate to encryption and the security of data processing systems

FOI Act, or Freedom of Information Act. A law which allows members of the public to request a copy of government-controlled documents. In Australia, this is regulated by the OAIC

Fully qualified domain name. The complete name including all relative domain name components, for example, misp.auscert.org.au.

The process of injecting randomised inputs in an automated way, to attempt to take unintended branch paths in software that may lead to vulnerabilities

Gnu Privacy Guard. An implementation of the OpenPGP standard to encrypt and sign data. See also PGP

A portmanteau of hacker and activist. Used to describe someone who gains unauthorised access to computers for political or social reasons

Verb used to indicate a computer is not responsive

To configure in a more secure way, usually following best practices

A one way function that takes data of any size, then returns a fixed-size hash value, often shortened to hash. From the output, it is not possible to derive the input. Examples are MD5 or SHA1

A bug in OpenSSL, a widely used library which implements the Transport Layer Security protocol. Heartbleed allowed remote attackers to read process memory, potentially resulting in system compromise

A decoy system designed to distract, trap, or gather information about attackers

HMAC-based One Time Password. An algorithm that calculates a password from a shared secret key and an event counter. See also TOTP

HTTP Strict Transport Security. A trust on first use system were a domain can indicate to a client that they must only connect via HTTPS from that point onward, helping mitigate MitM attacks

Identity and Access Management

Intrusion Detection System. Monitors a network for anomalous traffic that could indicate unauthorised access

Indicator of Compromise. An artifact (file name, hash, IP address etc.) that suggests unauthorised access or infection has occurred

Internet Protocol security. A set of protocols to authenticate and encrypt packets sent over IPv6. IPv4 support was added later

Information Sharing and Analysis Centre. A central organisation to facilitate gathering and sharing information about threats

An international standard security framework. See ISO/IEC 27001:2013

An authentication protocol where the client recieves a timestamped and encrypted ticket from the domain controller which contains authorisation data. This ticket is then presented to a server when establishing a connection. It is used to validate users and services through a trusted third party, without ever sending a password over the network

A model taken from the military to describe the stages of an attack

Platform as a service software for schedules, monitors, load balances, and automates containerised deployments

Lightweight Directory Access Protocol. A protocol for accessing and updating information directories over TCP/IP. A core component of Active Directory

Local file inclusion vulnerability

Learning management system. Software to facilitate the delivery of educational courses. Examples include Blackboard Learn, Moodle, and Instructure Canvas

Long term support. A stable version of software which is supported for a longer period than normal

Executable file format for systems based upon the Mach kernel, such as iOS, MacOS, and watchOS. See also ELF and PE

A party attempting to gain unauthoriased access or negatively impact a computer system

Spam email used as a delivery method for malware, either as an attachment, or through a link contained in the email

A portmanteau of 'malicious software'. Any kind of software with malicious intent.

A type of attack where the attacker intercepts communication and relays it between the intended recipients. From there, the attacker is able to read or potentially alter what is being sent

A CPU hardware vulnerability which could potentially result in unauthorised processes to read from memory by exploiting a race condition. See also Spectre

Multipurpose internet mail extensions. A standard email format which adds functionality such as attachments and non-ASCII characters

An open source threat intelligence sharing plafom that AUSCERT uses to distribute IoC information

Member Security Incident Notifications

Network access control. A policy where only trusted endpoint devices are allowed to access network resources

Server that resolves domain name queries. See also DNS

National broadband network. A project to roll out a wired and radio network across Australia to sell wholesale to Internet Service Providers

Network file system. A protocol which allows a client computer to access files over a network

National Institute of Standards and Technology. A US government organisation which develops standards and maintains the National Vulnerability Database.

Network operations centre. A central location from which a network is managed and monitored

A deprecated network authentication protocol for Windows computers, and a password hash format used in Active Directory

Office of the Australian Information Comissioner. An Australian government agency responsible for privacy, freedom of information, and government information policy

An authorisation framework used together with OIDC to provide a single sign on system which allows third party identity providers

Online Certificate Status Protocol. A protocol to discover the revocation status of X.509 certificates. (Not to be confused with OSCP)

Open ID Connect. An authenication standard paired with OAuth

Operational security. A military term to describe the limiting of information that seems inocious to reveal, but can be used by malicious actors to compromise security

Offensive Security Certified Professional. A penetration testing certification from Offensive Security

Open Source Intelligence. Collecting information from publically available sources. Unrelated to open source software

One time password. A password that is only valid for one login session

Open Web Application Security Project. A non-profit organisation promoting the improvement of software security

Privilege Account Certificate. Part of a client’s Kerberos ticket which conveys authorisation data such as group membership and password credentials

A type of key derivation function with a higher CPU work factor than hash functions, increasing the time that a brute force attack will take to succeed. Supersceded by bcrypt, then scrypt, and argon2

Portable Executable. The Windows native executable format, also used as the executable format for EFI applications. See also ELF and Mach-O

Payment Card Industry Data Security Standard. A standard that all organisations must follow when storing or processing credit card data

A type of authorised testing which emulates a real attack, to assess the security of a system

Pretty Good Privacy. Encryption software that implements the OpenPGP standard. See also GPG

An attack which attempts to trick users into giving credentials to a fraudulent site

Personally identifiable information. According to the Australian Privacy Act (1988), personal information is "information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified individual, or an individual who is reasonably identifiable." https://www.oaic.gov.au/privacy-law/privacy-act/

Padding Oracle on Downgraded Legacy Encryption. A type of man in the middle attack on SSLv3.0

A security principle that every user and process should run with the least amount of privileges required to do their job

Gaining more access rights on a user account than what was granted

Windows process monitor. Background software that monitors registry and process activity

A large table of pre-computed hashes with their corresponding inputs, stored in a compressed format for fast lookup and compact storage

Malicious software which encrypts your files and holds the decryption key for a ransom. See [Ransomware]

Remote access trojan. A type of malware where the attacker can then contact the trojan over the network to obtain keystrokes, credentials, logs, or take control of the infected system

Remote code execution. Where an attacker is able to run arbitrary code on the compromised system over a network connection

Proprietary CAPTCHA from Google

Stealing money or data in very small quantities, so that the activity is less likely to be detected than exfiltrating the total amount at once

A cryptography term describing random data that is added to a value before hashing to prevent dictionary and lookup table attacks

A policy where a document is disallowed access to the DOM of another document unless the protocol, host, and port are the same

Security Assertion Markup Language. An xml-formatted standard for authentication and authorisation services that allows supplementary data to be sent to the remote service without needing access to other identity systems

SysAdmin Audit Network Security Institute. A provider of security training and certifications

System center configuration manager. Software from Microsoft for managing configuration and inventory for fleets of computers and mobile devices

A password based key derivation function that requires a lot of memory to solve, making brute force attacks costly

A UEFI feature that ensures that a device only boots using software cryptographically verified by the OEM

Any type of attack that takes advantage of implementation details, and not a cryptography weakness. For example, monitoring cache accesses, timing how long computations take to perform, analysing the power usage, or sounds made during computation

Security Information and Event Management. An appliance or software tool for real time monitoring, alerting, logging, and analysing events on a network

A DNS sinkhole is a DNS server configured to prevent certain URLs from resolving correctly

Server Message Block, also known as CIFS (Common internet file system), a protocol for sharing files, printers, and other network resources

A protocol which forwards traffic between client and server through a proxy serverwithouth modifying the packets

A phishing attempt that is specifically targeted to an individual or company

A vulnerability that affects CPUs which perform speculative execution on branch preditction. An attacker could potentially use a side channel attack to take advantage of speculative execution to discover confidential data. See also Meltdown

Sender Policy Framework. A protocol to declare in DNS which IP addresses send mail for their domain. This allows for email validation and helps prevent spoofing

To deceptively imitate a legitimate service

SQL injection. A type of attack where it is possible to send an SQL query to read, update, or delete information from a database in an unintended way

Single Sign On. An access control process which allows an user to authenticate to multiple applications through only one authentication service

Concealing data within another file

Structured Threat Information Expression. A standard format for sharing threat information

A famous worm targeting SCADA systems, which caused centrifuges to fail in an Iranian uranium enrichment plant in 2010

Trusted Automated Exchange of Intelligence Information. A protocol for sharing threat information

The process of identifying potential threats, prioritising and planning mitigations

Software to access an overlay network which is used for private communication. Tor’s onion services enable publishing websites that aren’t indexed by search engines

Time-based One Time Password. The same algorithm as HOTP, but replacing the event counter with a time value

Universal second factor. An open authenication standard that allows enrollemnt of a public key from a token, such as a USB or NFC device, for user authenication

A type of software bug where memory is re-used after being freed to the allocator. This can lead to software crashes or code execution

A specific weakness in a piece of software or system configuration, which an attacker can exploit

A type of phishing that targets executives and management

A intermediary server used to access the internet

An explicit list of entities that are allowed access. The opposite of a blacklist

A query protocol that provides information about registered domain names. See RFC3912

Also "full disk encryption". Software-based disk encryption encrypts everything on the disk except for partition table and sometimes the bootloader, depending on implementation. Hardware disk encryption is able to encrypt the entire disk, including the partition table

Wireless intrusion detection system. An IDS for WLANs

Cross site scripting. A common attack to inject malicious scripts into a trusted website

XML external entity. A type of attack against an application that parses XML. An incorrectly configured parser will expand external links to include in the returned document

A newly discovered vulnerability. Can also be written "0 day"