The Glossary contains several hundred definitions of terms that you might come across in our articles and blogs, or on other information security sites. Unlike the in-depth articles in the Knowledge Base, every definition in the Glossary is succinct, while remaining highly informative.
(This section is currently under construction)
In the Knowledge Base, you will find various articles about common threats, a general classification of malware and unwanted messages, and a brief historical overview of the evolution of these and many other threats.
The Knowledge Base now has three main sections:
– The Detectable Objects section gives detailed information about malicious and potentially dangerous programs that we protect users against every single day all around the world, as well as advice on what to do in case of infection.
– In the Spam and Phishing section, you will learn about phishing and spam mailings, how their creators earn money from them, and how this type of threat has evolved since the 1990s to the present day.
– The articles in the Vulnerabilities and Hackers section is devoted to the topic of software vulnerabilities and how cybercriminals exploit them, as well as legislation and hackers in the broad sense of the word.
The dark web is World Wide Web content that exists on darknets and can only be accessed using special software (e.g. Tor). The dark web forms part of the deep web, i.e. the part of the web that is not… Read Full Article
A darknet is an overlay network (i.e. a network built on top of another network – in this case, the Internet) that isn’t discoverable by normal methods and can only be accessed using special software like Tor. Darknets are designed… Read Full Article
A set of methods and tools for detecting and preventing attempts to steal confidential data. DLP systems analyze outgoing traffic and block the transmission of sensitive information. Leak-prevention tools employ two main methods: Analysis based on formal attributes — special tags… Read Full Article
A set of special methods for extracting knowledge from large arrays of information. Unlike conventional search, data mining is focused primarily on solving a specific problem and evaluating the practical value of the data retrieved. Visualization of results is an… Read Full Article
A DDoS attack is a type of DoS (denial-of-service) attack, the purpose of which is to disable a victim’s system. Unlike other types of DoS, DDoS is carried out from multiple devices. Read Full Article
A service providing DDoS attacks for money. Usually offered by botnet owners using a special website in a darknet. Such resources maintain an automated system of orders allowing buyers to select the type and duration of the attack, and transfer… Read Full Article
A set of special characters generated when a program is compiled and containing information about the location of variables and functions in the resulting binary file, plus other service information. This data set can be used for step-by-step debugging of… Read Full Article
A computer program that takes as input an executable file, and attempts to create a high level, compilable source file that does the same thing. Decompilers usually do not perfectly reconstruct the original source code, and can vary widely in… Read Full Article
The deep web (also called the invisible or hidden web) is the part of the Internet that is not indexed by search engines and does not appear in search results. For example, the deep web includes private profiles on social… Read Full Article
An Application Control scenario meaning the prohibition of any application that was not specifically mentioned on administrator-prepared allowlists. It requires a allowlist of work-related apps to be compiled beforehand. While greatly reducing the potential attack surface (NOTHING that is not… Read Full Article
Denylist (sometimes referred as blocklist, formerly known as blacklist) is a list of sites, programs, or other elements that are not allowed to be started or visited. Denylists are used to enhance the security of computer systems. An example of… Read Full Article
A specification for data encryption, created by IBM in the early 1970s. DES (Data Encryption Standard) is a symmetric cipher: the very same key is used to encrypt and decrypt the data. It is also a block cipher: it converts… Read Full Article
Reconstruction of the original object from the sequence of bits obtained through serialization. Such methods are typically used for transfer of multidimensional data arrays in the form of a one-dimensional array – either text or binary file.
DevOps (development and operations) is a practice of continuous software development and support. The DevOps methodology is intended to bridge the gap between the interests of development, QA, and maintenance teams, increase the efficiency of software development, and fast-track the… Read Full Article
A series of techniques to protect against DHCP-based attacks. As part of DHCP snooping, trusted and untrusted ports are assigned on a switch. In the event that a DHCP packet arriving at an untrusted port does not match the legitimacy… Read Full Article
A brute-force attack based on selecting potential passwords from a preprepared list. The attacker creates a “dictionary” of the most likely sequences of characters and uses a malicious program to check them all in turn in the hope of finding… Read Full Article
The Diffie–Hellman protocol is a cryptographic protocol for securely generating a shared private key by exchanging data over an insecure channel. Read Full Article
A digital certificate, also known as a public key certificate is an electronic document used to prove ownership of a public key. The certificate includes information about the key, information about its owner’s identity, and the digital signature of an… Read Full Article
A method of public key authentication for secure data transmission over the HTTPS protocol. An SSL certificate establishes that the digital signature used for encryption matches a particular domain, individual, or organization. SSL certificates are issued by special certificate authorities,… Read Full Article
Digital currency (or digital money) uses an Internet-based medium of exchange instead of physical money, i.e. notes and coins. This could be used to buy and sell physical goods and services, or it could be a money substitute that is… Read Full Article
A digital fingerprint is a collection of data about a digital device or application that uniquely identifies it, or data that identifies a file. Read Full Article
A digital signature is a block of data derived from a cryptographic transformation of an electronic document that confirms the integrity of the document and the identity of the signer. Read Full Article
A DMA attack is an attack through Firewire, Thunderbolt, PCI, or other ports that allow direct access to the given device’s memory without the involvement of the operating system. Read Full Article
A utility for converting an executable program file into source code in a low-level assembly language. Disassembling restores the text of a program for the purpose of figuring out how it operates. Information security experts use disassemblers to study malware.
DLL hijacking is an attack that substitutes a legitimate DLL file with a malicious library. It can be delivered either by a special loader embedded in the system or through user files processed by a program using the library. The… Read Full Article
A method of injecting third-party code into a running process by loading a third-party dynamic library. To do so, cybercriminals create a new thread in one of the active applications and add their own DLL to it. This method is… Read Full Article
DLL sideloading is a type of Windows-based attack in which malicious code is loaded using a legitimate application and a malicious DLL accessed by that application. Read Full Article
A part of a local network that is accessible from the Internet and isolated from other resources. Although inside the organization’s overall computer system, it is a relatively insecure area and functions as a kind of buffer. This segment can… Read Full Article
A hierarchical naming system for websites and other services connected to the Internet. DNS is used to map the name of a specific host to its IP address. The system has a distributed structure: different domain levels are administered by… Read Full Article
DNS servers located throughout the Internet are responsible for the translation of domain names into IP addresses. When a user types in a URL, a nearby DNS server will map the domain to an IP address or pass it to… Read Full Article
A type of DDoS attack in which a cybercriminal uses DNS servers to increase the amount of data transmitted to the target device. The attacker sends a relatively small look-up request to a vulnerable DNS host, substituting the victim computer’s… Read Full Article
DNS Changers are malicious programs that modify a computer’s DNS configuration settings, so that instead of the computer pointing to a legitimate DNS server, it points to a server under the control of the cybercriminals. The victim may be re-directed… Read Full Article
An attack that involves the interception of DNS queries. Cybercriminals use malware to change the IP address of a resource linked to a specific domain name, and redirect victims to their own site instead of the one initially requested. Some… Read Full Article
DNS poisoning is the manipulation of IP addresses for entries stored in the cache of a smaller DNS server: the aim is to make the DNS server respond, not with the correct IP address, but with one that contains malicious… Read Full Article
A computer hacking attack, whereby data is introduced into a Domain Name System (DNS) resolver’s cache, causing the name server to return an incorrect IP address, diverting traffic to the attacker’s computer (or any other computer).
A technology for DNS data transmission and resolution using the secure HTTPS protocol. Unencrypted DNS lookups can be targeted by cybercriminals. DoH provides the necessary data encryption using HTTPS as a tunnel. One advantage of this method is that it… Read Full Article
A file extension for Microsoft Word. DOC files contain text, as well as document markup data: fonts, indentations, line spacing, and other service information. Because this format supports macros, such documents can contain malicious code that is executed when a… Read Full Article
A file format in Microsoft Word 2007 and later versions, which replaced DOC. DOCX files are archives containing XML-marked text and other document data that can be interpreted by a text editor. Since 2006, DOCX is an open format, like… Read Full Article
A technique used to mask the resource’s real address by manipulating the content delivery network (CDN) queries. With Domain Fronting, the target domain name will be made known only after an encrypted HTTPS connection is established between the client and… Read Full Article
A form of theft in which the rights for managing a domain name are acquired illicitly. Domain hijacking can be performed by hacking into a registrar’s computer system and making changes to its registry. Another attack vector is to use… Read Full Article
A structured text identifier for a separate Internet resource. The domain name of a specific object in the network contains the names of all levels to which it is subordinate. For example, the name test.site.ru means that the resource named… Read Full Article
The practice of registering a domain for a short time, and then deleting and re-reregistering it, again for a short time. The procedure is repeated until the scammer doesn’t need the domain anymore. By repeatedly registering and re-registering it, the… Read Full Article
Domain shadowing is a cybercriminal technique for avoiding detection of malicious pages by hacking a domain administrator’s account and creating multiple subdomains in the domain so as to bypass denylists. How domain shadowing works First, cybercriminals gain access to the… Read Full Article
The short-term registration of a domain to test its monetization potential. The technique generally targets domains recently released or with an address similar to that of a popular site. Most often the new owner places a web resource on it… Read Full Article
A DoS attack is designed to hinder or stop the normal functioning of a web site, server or other network resource. There are various ways for attackers to achieve this, but in general terms it involves manipulating the way incoming… Read Full Article
A VLAN architecture concept defined by the 802.1ad standard. It differs from the original 802.1Q protocol by the presence of two tags indicating that the packet belongs to both the “external” and “internal” virtual network. Double tagging allows the tag… Read Full Article
A type of VLAN hopping attack aimed at gaining unauthorized access to a VLAN. A data packet containing two VLAN tags is sent to a port accessible to the attackers, one tag belonging to a segment they can access, the… Read Full Article
One of the most common memory corruption errors caused by freeing the same memory location twice. Applications detect such a block of memory as two separate ones, and can assign it to two different data packets, producing a runtime error.… Read Full Article
A downgrade attack is a cyberattack in which the attacker forces a network channel to switch to an unprotected or less secure data transmission protocol. Read Full Article
This type of program downloads various content from online resources, without always explicitly notifying the user exactly what it is. Such programs are not malicious as such, but attackers use them to download malicious content to the victim’s computer.
Drive-by downloads are a common method of spreading malware. Cybercriminals look for insecure web sites and plant a malicious script into HTTP or PHP code on one of the pages. This script may install malware directly onto the computer of… Read Full Article
Droppers are programs that secretly install malicious programs, built into their code, on a computer. Typically, the programs dropped onto the victim’s computer are saved and launched without any notification (or a fake notification may be displayed). Droppers are used… Read Full Article
A copy or “snapshot” of data stored in memory at any given moment. A memory dump is often created when a program crashes in order to analyze the causes. A database dump is made to back up the information it… Read Full Article
A universal subroutine called by the main application, as and when required. Typically, DLLs implement standard, frequently used functions that are the same for several programs. Using DLLs saves drive space and simplifies the program code. DLLs that contain a… Read Full Article