Essential InfoSec Terminologies

The existence of weakness/flaw in a system, process, software, etc.
When exploited, it leads to undesirable and unexpected event compromising the security of information.

Part of a malware/exploit code that performs intended malicious actions.
Includes creation of backdoor/remote access/deletion or modification of files, data theft/hijacking.
Includes logic bombs/infected program.

Gaining access to a computer/network and then using the same information to gain access to multiple networks & computers that contain desirable information.

Software application/program that can be controlled remotely to execute pre-defined tasks.
These are used in Dos or DDoS attacks.
A Botnet is a network of compromised machines.

Hacking is a field of computer security.
Exploiting system vulnerabilities.
It includes compromising security controls.
Unauthorized/inappropriate access.
Modifying system/application features to achieve goals outside it’s creator’s original purpose.
Steal, pilfer, and redistribute intellectual property.
Leads to loss of business, money, reputation, etc.

A person who breaks into a network/system without authorization to destroy/steal sensitive data.
Performs malicious attacks.
Sometimes, it’s a hobby to test their skills.
Note: Gaining authorized access is a crime, irrespective of intention.

Black Hats – illegal/malicious/criminal.
White Hats – Pentesters/Work on the defensive side.
Gray Hats – Works both offensively and defensively.
Cyber Terrorists – Motivated by religious/political beliefs.
State-Sponsored – Employed by the government to penetrate and gain top-secret information and damage systems of other governments.
Suicide Hackers – Does not care if they get caught.
Hacktivists – When a hacker breaks in to a corporate or government system as an act of protest (political/social agenda).