Exploit
An exploit is a piece of software, a chunk of data, or sequence of commands that takes
advantage of a bug, glitch, or vulnerability in order to cause unintended or unanticipated
behavior to occur on
computer software, hardware, or electronic devices. This often refers
to things like gaining control of a computer system or allowing privilege escalation or a
denial-of-service attack.
Buffer Overflow
Buffer overflow is an anomaly where a program, while writing data to a buffer, overruns
the buffer’s boundary and overwrites adjacent memory. This is a special case of violation
of memory safety. Buffer overflows can be triggered by inputs that are designed to execute
code, or alter the way the program operates. This may result in erratic program behavior,
including memory access errors, incorrect results, a crash, or a breach of system security.
Thus, they are the basis of many software vulnerabilities and can be maliciously exploited.
Cross-Site Scripting
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in
Web applications that enables attackers to inject client-side script into Web pages viewed
by other users. An XXS vulnerability may be used by attackers to bypass access controls
such as the same origin policy.
Cross-Site Request Forgery
Cross-site request forgery, also known as a one-click attack or session riding and
abbreviated as CSRF or XSRF, is a type of malicious exploit of a web site whereby
unauthorized commands are transmitted from a user that the web site trusts. Unlike XSS,
which exploits the
trust a user has for a particular site, CSRF exploits the trust that a site
has in a user’s browser.
Password Cracking
In cryptanalysis and computer security, password cracking is the process of recovering
passwords from data that has been stored in or transmitted by a computer system. A common
approach is to repeatedly try guesses for the password. Another common approach
is to say that you have “forgotten” the password and then changing it. The purpose of
password cracking might be to help a user recover a forgotten password, to gain unauthorized
access to a system, or as a preventive measure by system administrators to check
for easily crackable passwords.
Rootkit
A rootkit is a malicious software designed to hide the existence of certain processes or
programs from normal methods of detection and enables continued privileged access to
a computer. Rootkit installation may be either automated or when an attacker installs it
once they have obtained root or administrator access. Obtaining this access is a result of
direct attack on a system. Once installed it becomes possible to hide the intrusion as well
as to maintain privileged access. Like any software they can have a good purpose or a
malicious purpose. Rootkit detection is difficult because a rootkit may be able to subvert
the software that is intended to find it.
Trojan Horse
A Trojan horse is a stand-alone malicious program that does not attempt to infect other
computers in a completely automatic manner without help from outside forces like
other programs and human intervention. The term is derived from the Trojan Horse
story in Greek mythology. Others rely on drive-by downloads in order to reach target
Trojan may allow a hacker remote access to a target computer system. Once a Trojan
has been installed on a target computer system, a hacker may have access to the computer
remotely and perform various operations, limited by user privileges on the target computer
system and the design of the Trojan. Popular Trojan Horses include Netbus, Back
Orifice, Schoolbus, Executor, Silencer, and Striker.
Keylogging
Keylogging is the action of tracking (or logging) the keys struck on a keyboard, typically
in a covert manner so that the person using the keyboard is unaware that their actions are
being monitored. There are numerous keylogging methods, ranging from hardware- and
software-based approaches to electromagnetic and acoustic analysis.
Spoofing Attack
A spoofing attack is a situation in which one person or program successfully masquerades
as another by falsifying data and thereby gaining an illegitimate advantage.
ARP Spoofing
ARP spoofing is a computer hacking technique whereby an attacker sends fake ARP
messages onto a LAN. ARP spoofing may allow an attacker to intercept data frames on
a LAN, modify the traffic, or stop the traffic altogether.
IP Spoofing
IP spoofing refers to the creation of IP packets with a forged-source IP address, called
spoofing, with the purpose of concealing the identity of the sender or impersonating
another computing system.
E-mail Spoofing
E-mail spoofing is e-mail activity in which the sender address and other parts of the
e-mail header are altered to appear as though the e-mail originated from a different source.
Because core SMTP does not provide any authentication, it is easy to impersonate and
forge e-mails.
Web Site Spoofing
Web site spoofing is the act of creating a web site, as a hoax, with the intention of
misleading readers that the web site has been created by a different person or organization.
Normally, the spoof web site will adopt the design of the target web site and sometimes
has a similar URL. Another technique is to use a “cloaked” URL. By using domain
forwarding, or inserting control characters, the URL can appear to be genuine while
concealing the address of the actual web site.
Packet Sniffer
A packet sniffer is a computer program or a piece of computer hardware that can intercept
and log traffic passing over a digital network or part of a network. As data streams flow
across the network, the sniffer captures each packet and, if needed, decodes the packet’s
raw data, showing the values of various fields in the packet, and analyzes its content
according to the appropriate RFC or other specifications.
Session Hijacking
Session hijacking is the exploitation of a valid computer session to gain unauthorized
access to information or services in a computer system. In particular, it is used to refer to
the theft of a magic cookie used to authenticate a user to a remote server. It has particular
relevance to Web developers, as the HTTP cookies used to maintain a session on many
Web sites can be easily stolen by an attacker using an intermediary computer or with
access to the saved cookies on the victim’s computer.