A
APT (Advanced Persistent Threat)
A prolonged and targeted cyberattack in which an intruder gains access to a network and remains undetected for an extended period. APT groups are typically nation-state actors or well-funded criminal organizations targeting high-value data.
Attack Surface
The total sum of all possible entry points where an unauthorized user could attempt to enter or extract data from a system. Reducing the attack surface is a core security principle — every open port, API endpoint, or user input is a potential vector.
Active Directory (AD)
Microsoft's directory service for Windows domain networks. In pentesting, AD is a primary target because compromising it often grants access to the entire organization. Common attacks include Kerberoasting, AS-REP roasting, DCSync, and Pass-the-Hash.
B
Brute Force Attack
A trial-and-error method of guessing credentials by systematically checking all possible combinations. Tools like Hydra, Medusa, and Burp Suite Intruder automate brute force attacks against login forms, SSH, FTP, and other services.
Buffer Overflow
A vulnerability where a program writes more data to a buffer than it can hold, overwriting adjacent memory. Exploiting buffer overflows can lead to arbitrary code execution. This is foundational to binary exploitation and a key OSCP topic.
Blue Team
The defensive security team responsible for detecting, preventing, and responding to cyber threats. Blue teams operate SOCs (Security Operations Centers), manage SIEM platforms, write detection rules, and conduct incident response.
C
C2 (Command and Control)
The infrastructure used by attackers to communicate with compromised systems. C2 frameworks like Cobalt Strike, Sliver, Havoc, and Metasploit allow operators to send commands, exfiltrate data, and maintain persistent access to target networks.
CSRF (Cross-Site Request Forgery)
A web vulnerability that tricks authenticated users into performing unintended actions on a website they are logged into. Attackers craft malicious requests that leverage the victim's authenticated session cookies.
CVE (Common Vulnerabilities and Exposures)
A standardized identification system for publicly known cybersecurity vulnerabilities. Each CVE ID (e.g., CVE-2024-1234) uniquely identifies a vulnerability, enabling security teams to track, prioritize, and patch known issues.
Credential Stuffing
An automated attack using stolen username/password pairs from data breaches to gain unauthorized access to user accounts on other services. Effective because many users reuse passwords across multiple platforms.
D
DNS Enumeration
The process of discovering DNS records (A, AAAA, MX, TXT, NS, CNAME) associated with a target domain. Tools like dig, nslookup, dnsrecon, and subfinder help identify subdomains, mail servers, and infrastructure details during reconnaissance.
DoS / DDoS (Denial of Service)
An attack that floods a target system with traffic or requests to make it unavailable. DDoS (Distributed DoS) uses multiple sources. Understanding DoS is important in pentesting to assess service resilience — though executing unauthorized DoS attacks is illegal.
DLL Hijacking
A technique where an attacker places a malicious DLL in a location where a legitimate application will load it instead of the intended library. Common in Windows privilege escalation when applications use insecure DLL search paths.
E
Enumeration
The active process of extracting information from a target system — usernames, shares, services, configurations. Enumeration follows reconnaissance and is critical for identifying attack vectors. Tools include enum4linux, smbclient, LDAP queries, and SNMP walks.
Exploit
A piece of code or technique that takes advantage of a vulnerability to cause unintended behavior in a system, such as gaining unauthorized access, executing arbitrary code, or escalating privileges.
Exfiltration
The unauthorized transfer of data from a target system. During pentests, exfiltration demonstrates the impact of a compromise. Attackers use techniques like DNS tunneling, HTTPS channels, steganography, or cloud storage to extract data covertly.
F
Firewall
A network security system that monitors and controls incoming/outgoing network traffic based on defined security rules. Pentesters must understand firewall rules to identify allowed ports, bypass filtering, and test segmentation effectiveness.
Fuzzing
An automated testing technique that provides random, unexpected, or malformed data as input to a program to discover bugs, crashes, and security vulnerabilities. Tools include ffuf, wfuzz, AFL, and Burp Suite Intruder.
Footprinting
The first phase of pentesting where information about the target is gathered from public sources. Includes WHOIS lookups, DNS records, social media profiles, employee names, technologies used, and IP ranges — all without directly interacting with the target.
H
Hash / Hashing
A one-way cryptographic function that converts data into a fixed-length string (hash). In pentesting, password hashes (NTLM, NTLMv2, bcrypt, SHA-256) are extracted from systems and cracked using tools like Hashcat or John the Ripper.
Honeypot
A decoy system designed to attract attackers and detect unauthorized access attempts. Honeypots appear to be legitimate targets but are monitored to study attack patterns, gather threat intelligence, and alert defenders to intrusions.
I
IDS / IPS (Intrusion Detection / Prevention System)
IDS monitors network traffic for suspicious activity and alerts administrators. IPS goes further by actively blocking malicious traffic. Pentesters must understand evasion techniques (fragmentation, encoding, timing attacks) to bypass these controls.
Injection
A class of vulnerabilities where untrusted data is sent to an interpreter as part of a command or query. Includes SQL injection, OS command injection, LDAP injection, and template injection. Consistently ranked #1 in OWASP Top 10 for years.
IDOR (Insecure Direct Object Reference)
A vulnerability where an application exposes internal object references (like database IDs) in URLs or parameters without proper authorization checks. An attacker can modify these references to access other users' data (e.g., changing /api/user/123 to /api/user/124).
K
Kerberos
The authentication protocol used by Active Directory. Key pentesting attacks include Kerberoasting (requesting TGS tickets for service accounts and cracking them offline), AS-REP Roasting, Golden Ticket, and Silver Ticket attacks.
Keylogger
Software or hardware that records keystrokes on a target system. Used in post-exploitation to capture passwords, sensitive data, and user behavior. Can be deployed via malware, physical access, or as part of a C2 framework module.
L
Lateral Movement
The technique of moving through a network after initial compromise, gaining access to additional systems using stolen credentials, tokens, or exploits. Critical in Active Directory environments where one compromised host can lead to domain-wide access.
LDAP (Lightweight Directory Access Protocol)
A protocol used to access and manage directory information services. In pentesting, LDAP enumeration of Active Directory reveals users, groups, computer objects, GPOs, and organizational structure — often providing a map of the entire network.
LFI / RFI (Local/Remote File Inclusion)
Web vulnerabilities allowing an attacker to include files from the server (LFI) or from a remote source (RFI). LFI can be used to read sensitive files like /etc/passwd or achieve remote code execution via log poisoning.
M
MITM (Man-in-the-Middle)
An attack where an adversary secretly intercepts and relays communications between two parties. Common in network pentesting using ARP spoofing (arpspoof, Bettercap) to capture credentials, session tokens, and sensitive data in transit.
Malware
Malicious software designed to damage, disrupt, or gain unauthorized access to computer systems. Categories include viruses, worms, trojans, ransomware, spyware, and rootkits. Pentesters create controlled payloads to simulate real-world malware behavior.
Metasploit
The world's most widely used penetration testing framework. Provides exploit modules, payload generators (msfvenom), auxiliary scanners, and post-exploitation tools. Essential for both ethical hackers and OSCP candidates.
N
Nmap
The most essential network scanning tool in pentesting. Used for host discovery, port scanning, service version detection, OS fingerprinting, and vulnerability scanning using NSE scripts. Every pentest starts with nmap.
Network Pivoting
The technique of using a compromised host to attack other systems on internal networks that are not directly accessible from the attacker's position. Tools include SSH tunneling, Chisel, Ligolo, and Metasploit's autoroute module.
O
OSINT (Open Source Intelligence)
Intelligence gathered from publicly available sources such as social media, company websites, GitHub repositories, DNS records, Shodan, and public databases. OSINT is the foundation of the reconnaissance phase in any pentest engagement.
OWASP Top 10
The Open Web Application Security Project's list of the 10 most critical web application security risks. Includes injection, broken authentication, XSS, security misconfiguration, SSRF, and more. The industry standard for web application security testing.
P
Payload
The code delivered by an exploit to perform a specific action on the target system — such as spawning a reverse shell, creating a user, or executing arbitrary commands. Generated using tools like msfvenom, and delivered via exploits, phishing, or file uploads.
Penetration Testing (Pentesting)
An authorized simulated cyberattack performed to evaluate the security of a system, network, or application. Follows methodologies like PTES, OSSTMM, or OWASP Testing Guide. Phases include reconnaissance, scanning, exploitation, post-exploitation, and reporting.
Phishing
A social engineering attack that uses fraudulent emails, messages, or websites to trick victims into revealing credentials, downloading malware, or performing actions. Spear phishing targets specific individuals, while whaling targets executives.
Privilege Escalation
The act of exploiting a vulnerability to gain elevated access to resources not intended for the current user. Vertical escalation: user → root/admin. Horizontal escalation: user A → user B. Key OSCP skill with tools like LinPEAS, WinPEAS, and manual enumeration.
Post-Exploitation
Actions taken after successfully exploiting a target: maintaining access, escalating privileges, collecting sensitive data, pivoting to other systems, and covering tracks. Frameworks like Cobalt Strike and Metasploit provide extensive post-exploitation modules.
Pass-the-Hash (PtH)
A technique that allows authentication using a captured password hash without knowing the plaintext password. Particularly effective in Windows/AD environments using NTLM authentication. Tools include Impacket's psexec, wmiexec, and Mimikatz.
Password Spraying
An attack that tries a single common password against many accounts simultaneously, avoiding account lockout policies. More stealthy than brute force and highly effective against organizations with weak password policies.
R
Ransomware
Malware that encrypts victim files and demands payment for the decryption key. Modern ransomware groups also exfiltrate data before encryption (double extortion). Understanding ransomware TTPs helps pentesters simulate realistic threat scenarios.
Reconnaissance (Recon)
The first phase of pentesting — gathering information about the target. Passive recon uses public sources (OSINT). Active recon directly interacts with the target (port scanning, banner grabbing). The quality of recon directly determines the success of the engagement.
Red Team
An offensive security team that simulates real-world adversaries to test an organization's detection and response capabilities. Unlike standard pentesting, red team engagements are goal-oriented, covert, and may include physical access and social engineering.
Reverse Shell
A connection where the target machine initiates a shell session back to the attacker's listening machine. Used to bypass firewalls that block inbound connections. Common implementations use Bash, Python, PowerShell, or Netcat.
RCE (Remote Code Execution)
A vulnerability that allows an attacker to execute arbitrary code on a remote system. RCE is considered the most critical class of vulnerabilities because it gives full control over the target. Often caused by injection flaws, deserialization bugs, or buffer overflows.
S
SIEM (Security Information and Event Management)
A platform that aggregates and analyzes log data from across an organization's infrastructure to detect threats. Examples include Splunk, ELK Stack, and Microsoft Sentinel. Pentesters test whether attacks are detected by the SIEM.
SQL Injection (SQLi)
A web vulnerability where malicious SQL code is inserted into application queries, allowing attackers to read, modify, or delete database contents. Types include Union-based, Blind (Boolean/Time-based), and Error-based SQLi. Tools: sqlmap, Burp Suite.
SSRF (Server-Side Request Forgery)
A vulnerability where an attacker can make the server perform HTTP requests to arbitrary destinations — including internal services, cloud metadata endpoints (169.254.169.254), and other systems behind the firewall.
Social Engineering
Manipulating people into divulging confidential information or performing actions that compromise security. Techniques include phishing, pretexting, baiting, tailgating, and vishing. Often the most effective attack vector because it targets humans, not systems.
SUID / SGID
Special Linux file permissions that allow a program to run with the privileges of its owner (SUID) or group (SGID). Misconfigured SUID binaries are a classic privilege escalation vector — tools like GTFOBins catalog exploitable binaries.
T
Trojan
Malware disguised as legitimate software. Unlike viruses, trojans do not self-replicate — they rely on users to install them. Remote Access Trojans (RATs) provide attackers with persistent backdoor access to compromised systems.
Threat Modeling
A structured approach to identifying, categorizing, and prioritizing potential threats to a system. Frameworks include STRIDE (Microsoft), PASTA, and Attack Trees. Guides security efforts by focusing on the most likely and impactful threats.
TTP (Tactics, Techniques, and Procedures)
The MITRE ATT&CK framework categorizes adversary behavior into TTPs. Tactics describe the "why" (initial access, persistence), techniques describe the "how" (phishing, DLL hijacking), and procedures are specific implementations. Essential knowledge for both red and blue teams.
V
VPN (Virtual Private Network)
A technology creating an encrypted tunnel between two points over the internet. In pentesting, VPNs provide secure access to target networks (e.g., HackTheBox, OSCP labs). Pentesters also test VPN misconfigurations and vulnerabilities in IKE/IPsec implementations.
Vulnerability
A weakness in a system, application, or process that can be exploited by a threat actor. Vulnerabilities are classified by severity using CVSS scores (0-10). Vulnerability management involves scanning, prioritizing, patching, and validating fixes.
Vulnerability Assessment
A systematic process of identifying, quantifying, and ranking vulnerabilities in a system. Unlike pentesting, vulnerability assessments typically stop at identification without active exploitation. Tools include Nessus, OpenVAS, and Qualys.
W
WAF (Web Application Firewall)
A security layer that filters and monitors HTTP traffic to and from a web application. WAFs protect against common attacks (SQLi, XSS) but can be bypassed using encoding tricks, case variations, and payload obfuscation techniques.
Web Shell
A malicious script uploaded to a web server that provides remote access through a web browser. Common web shells are written in PHP, ASP, or JSP. Used by attackers to maintain persistence and execute operating system commands on the compromised server.
X
XSS (Cross-Site Scripting)
A web security vulnerability allowing attackers to inject malicious client-side scripts into web pages viewed by other users. Types include Reflected XSS, Stored XSS, and DOM-based XSS. Impact ranges from cookie theft to full account takeover.
XXE (XML External Entity)
A vulnerability in XML parsers that allows an attacker to interfere with the processing of XML data. Can be used to read local files, perform SSRF attacks, or cause denial of service. Mitigated by disabling external entity processing in XML parsers.
Z
Zero-Day
A previously unknown software vulnerability that has no available patch at the time of discovery. Zero-days are extremely valuable — used by APT groups, sold on the black market, or reported through bug bounty programs. The name refers to the vendor having "zero days" to fix it.
Zone Transfer (AXFR)
A DNS mechanism for replicating DNS records between nameservers. Misconfigured DNS servers that allow unauthorized zone transfers reveal the complete DNS zone — all hostnames, IPs, and records — a goldmine during reconnaissance.
Master Pentesting with an Interactive Mindmap
Explore 1000+ commands across 32 categories — organized visually in an interactive mindmap. The fastest way to build your pentesting methodology.
Start Free Trial — 7 Days Free →