A comprehensive, categorized, and fully detailed glossary of hacking, cybersecurity, and digital threat terminology — perfect for security professionals, ethical hackers, students, and researchers.
This repository contains a meticulously organized list of 100+ cybersecurity and hacker-related terms, sorted into logical categories. Each entry includes a clear, in-depth definition designed to provide a practical and conceptual understanding of the topic.
Whether you're a beginner learning the ropes, a cybersecurity enthusiast, or a seasoned pentester, this resource aims to boost your vocabulary and deepen your understanding of key concepts in information security and hacking culture.
This repository includes a structured and detailed glossary of cybersecurity and hacking terms, divided into clear and practical categories for easier reference and learning
⚠️ This project is intended for educational and ethical purposes only. Use responsibly.
This project is constantly being updated. Some content may be out of date. (Last revision: April 9, 2025)
- 🧠 Hacker Profiles – From white hats to black hats and red/blue teams.
- 🧨 Cyber Attacks – All major types of digital attacks explained.
- 🛠️ Hacking Tools & Techniques – Tools used in exploitation, post-exploitation, and analysis.
- 🧬 Core Concepts – Foundational knowledge for any cybersecurity professional.
- 🛡️ Defensive Measures – Defensive strategies, systems, and processes.
- 🧪 Malware Types – Definitions of worms, trojans, ransomware, and more.
- 🌐 Digital Environments – Understanding deep web, darknet, Tor, etc.
- 📦 Miscellaneous Terms – Other critical concepts like bug bounties, pharming, etc.
- ✅ 100% original content with rich, expanded definitions.
- ✅ Clean and professional formatting.
- ✅ Designed for both educational and professional use.
- ✅ Easy to integrate into training material, slides, wikis, and documentation.
You are free to:
- 📖 Read and learn from it
- 🧑🏫 Integrate into teaching or training content
- 🧑💻 Use it as a reference for documentation
- 🧪 Extend it with your contributions!
- 🧠 Hacker Profiles / Actor Types
- 🧨 Types of Cyber Attacks
- 💻 Tools, Techniques & Hacking Methods
- 🧬 Core Cybersecurity Concepts
- 🚔 Defensive Technologies & Response
- 🧪 Malware Types & Malicious Software
- 🌐 Digital Environments & Networks
- 📦 Miscellaneous Relevant Terms
TOC made with: nGitHubTOC
Understand the different types of hackers and security teams — from ethical white hats and malicious black hats to insider threats, red teams, and more.
| Term | Definition |
|---|---|
| Hacker | An individual skilled in computer systems, networks, or programming who seeks to understand and manipulate digital systems. The term may refer to both ethical and malicious actors depending on context. |
| Cracker | A person who breaks into systems or software by bypassing protections, usually for malicious purposes such as stealing data or causing harm. |
| Phreaker | A type of hacker who specializes in manipulating telephone systems, often to make free calls or exploit telecom infrastructure. |
| White Hat | Also known as an ethical hacker. These professionals use their skills to identify and fix security vulnerabilities, often employed by companies to improve defenses. |
| Black Hat | A malicious hacker who breaches systems illegally to steal, damage, or disrupt. Their intent is usually criminal or financially motivated. |
| Grey Hat | A hacker operating between ethical and unethical lines. They may breach systems without permission but do not intend harm, often revealing vulnerabilities without exploiting them. |
| Blue Hat | An external individual invited to test systems for bugs or vulnerabilities, typically before product release, without being part of the internal team. |
| Script Kiddie | A novice hacker who relies on existing tools and scripts created by more experienced individuals without understanding the underlying mechanics. |
| Red Team | A simulated offensive group that mimics real-world attacker behavior to test organizational defenses and response. |
| Blue Team | A defensive security team responsible for detecting, responding to, and mitigating security incidents and attacks. |
| Insider Threat | A person within an organization (e.g., employee or contractor) who has authorized access and misuses it to harm the organization, intentionally or unintentionally. |
Explore common and advanced cyber attack techniques, including phishing, DDoS, brute force, SQL injection, reverse shells, and supply chain attacks.
| Term | Definition |
|---|---|
| Denial of Service (DoS) | An attack intended to make a system or service unavailable by overwhelming it with traffic or requests. |
| Distributed Denial of Service (DDoS) | A coordinated DoS attack launched from multiple sources, often using a botnet, to flood and crash systems or networks. |
| Brute Force Attack | A method of cracking passwords or encryption by trying every possible combination until the correct one is found. |
| Phishing | A deceptive technique used to trick individuals into revealing personal information (such as passwords or credit card numbers) by pretending to be a trustworthy entity. |
| Spear Phishing | A targeted form of phishing aimed at a specific individual or organization, often using personalized information to appear more legitimate. |
| Man-in-the-Middle (MitM) | An attack where the hacker intercepts and possibly alters the communication between two parties without their knowledge. |
| SQL Injection | A code injection technique where attackers insert malicious SQL statements into input fields to manipulate a database. |
| Cross-site Scripting (XSS) | An attack where malicious scripts are injected into otherwise benign websites, targeting other users of the site. |
| Watering Hole Attack | A strategy where attackers compromise websites frequently visited by a targeted group to infect them with malware. |
| Clickjacking | A technique where users are tricked into clicking on something different than what they perceive, potentially executing harmful actions. |
| Drive-by Download | An unintentional download of malicious software by visiting a compromised or malicious website. |
| Smurf Attack | A type of DDoS that exploits IP and ICMP to flood a target with spoofed traffic, causing network disruption. |
| Race Condition | A software vulnerability where timing flaws allow attackers to manipulate processes running in parallel. |
| Session Hijacking | Taking over a legitimate user session, often by stealing session cookies, to gain unauthorized access. |
| Credential Stuffing | An automated attack where stolen username/password pairs are used to attempt login on multiple services. |
| Cold Boot Attack | A physical attack where data is retrieved from memory (RAM) after a system is restarted, taking advantage of residual data. |
| Air Gap Attack | Techniques used to breach systems physically isolated from the internet (air-gapped), often through unconventional methods like electromagnetic emissions. |
| Supply Chain Attack | Compromising software or hardware during development or distribution to gain access to the end user. |
| Cloud Jacking | Unauthorized access or control over cloud-based infrastructure or services, often for data theft or resource exploitation. |
| Cyber Espionage | The act of spying via cyber means to obtain sensitive or classified information, typically state-sponsored or corporate. |
| Code Injection | The act of inserting malicious code into an application to change its behavior or extract data. |
| Reverse Shell | A technique where a compromised system initiates a connection to the attacker, providing control over the machine. |
Get familiar with widely used tools and methodologies like exploit kits, rootkits, honeypots, keyloggers, sniffers, and logic bombs.
| Term | Definition |
|---|---|
| Exploit | A piece of software or code that takes advantage of a vulnerability to perform unauthorized actions. |
| Zero-Day | A vulnerability unknown to the vendor and not yet patched; highly valuable and dangerous. |
| Botnet | A network of compromised devices (bots) controlled remotely to perform tasks like DDoS, spam, or mining. |
| Keylogger | A program that records keystrokes to capture sensitive information such as passwords. |
| Sniffer | A tool used to intercept and analyze network traffic, often used in network diagnostics or malicious eavesdropping. |
| Honeypot | A decoy system or server set up to lure and study attackers, often used for research or diversion. |
| Firewalking | A method of mapping firewall rules by sending packets with varying TTL values to determine open ports. |
| Logic Bomb | Malicious code triggered by a specific condition, such as a date or user action. |
| Exploit Kit | A collection of tools designed to identify and exploit vulnerabilities in systems or applications. |
| Firmware Rooting | The act of modifying device firmware to gain administrative control, often used in mobile device exploitation. |
| Aircrack-ng | A suite of tools for auditing Wi-Fi security, capable of cracking WEP and WPA keys. |
| MITM Proxy | A tool that intercepts and allows inspection and manipulation of network traffic between client and server. |
| Post Exploitation | Actions taken after a successful compromise, including privilege escalation, persistence, and data exfiltration. |
Grasp essential concepts such as encryption, decryption, hashing, vulnerabilities, zero-days, and digital forensics.
| Term | Definition |
|---|---|
| Vulnerability | A weakness in software, hardware, or procedures that can be exploited to compromise security. |
| Backdoor | A hidden access point in software or hardware that allows bypassing normal authentication. |
| Rootkit | A collection of tools that enables persistent, undetectable access to a system by masking its presence. |
| Payload | The part of malware that performs the actual malicious action, such as data theft or system corruption. |
| Heuristics | A detection method used by security tools to identify suspicious behavior based on patterns, not signatures. |
| Encryption | The process of converting data into a code to prevent unauthorized access. |
| Decryption | The process of converting encrypted data back into its original readable form. |
| Hash Function | A one-way algorithm that converts data into a fixed-length value, often used for data integrity checks. |
| Digital Forensics | The investigation and analysis of digital devices to gather evidence for legal or security purposes. |
| Threat Intelligence | The collection and analysis of information about potential or current attacks to support defensive strategies. |
| Threat Hunting | A proactive approach to detecting hidden threats within a network before they can cause damage. |
| Cyber Kill Chain | A model outlining the stages of a cyberattack, from reconnaissance to data exfiltration. |
| Cyber Deception | The use of traps, fake data, and misleading systems to confuse and study attackers. |
| Security Through Obscurity | A controversial approach that relies on hiding system details as a security measure. |
Learn about protective mechanisms including firewalls, VPNs, intrusion detection/prevention systems (IDS/IPS), patches, 2FA, and incident response strategies.
| Term | Definition |
|---|---|
| Firewall | A security system that monitors and controls incoming and outgoing network traffic based on predefined rules. |
| VPN (Virtual Private Network) | A service that encrypts internet traffic and hides the user's IP address to provide privacy and security. |
| IDS (Intrusion Detection System) | A monitoring system that detects suspicious activity or known threats on a network. |
| IPS (Intrusion Prevention System) | A system that actively blocks detected threats based on predefined rules and behaviors. |
| Whitelist / Blacklist | Access control lists that either allow (whitelist) or deny (blacklist) specific IPs, domains, or applications. |
| 2FA (Two-Factor Authentication) | A security process requiring two forms of verification (e.g., password + SMS code) to access a system. |
| Patch | A software update designed to fix bugs, close vulnerabilities, or improve performance. |
| Incident Response | A structured approach to identifying, managing, and recovering from security incidents. |
Identify and differentiate between types of malicious software such as worms, trojans, ransomware, spyware, adware, and rogue security tools.
| Term | Definition |
|---|---|
| Worm | A type of malware that can self-replicate without the need to infect specific program files. Worms typically spread through networks. |
| Trojan Horse | Malicious software disguised as a legitimate program, tricking users into executing it. |
| Ransomware | Malware that encrypts a victim’s files and demands payment for the decryption key. |
| Spyware | Software that gathers information from a system without the user's knowledge or consent. |
| Adware | Software that automatically delivers advertisements, often bundled with free applications. |
| Rogue Security Software | Fake antivirus programs that scare users into purchasing unnecessary or harmful software. |
Dive into the structure of the deep web, dark web, Tor network, and darknet — critical layers of the internet often misunderstood.
| Term | Definition |
|---|---|
| Deep Web | The portion of the web not indexed by search engines, including databases, internal networks, and academic repositories. |
| Dark Web | A subset of the deep web accessible only via specialized software like Tor, often associated with illegal activities. |
| Darknet | Encrypted networks built on the internet, such as Tor or I2P, are used to maintain anonymity and resist surveillance. |
| Tor (The Onion Router) | A privacy-focused network that anonymizes traffic by routing it through multiple encrypted relays. |
Additional must-know concepts like bug bounty programs, dumpster diving, shoulder surfing, pharming, and rainbow tables.
| Term | Definition |
|---|---|
| Bug Bounty | Program in which companies pay ethical hackers to find and report security vulnerabilities in their systems before they are maliciously exploited. |
| Dumpster Diving | The act of retrieving discarded documents or hardware to uncover confidential information. |
| Shoulder Surfing | Observing someone’s screen or keyboard to gain unauthorized information. |
| Pharming | Redirecting users from legitimate websites to fraudulent ones to steal credentials. |
| Rainbow Table | A precomputed table used to reverse cryptographic hash functions, typically to crack passwords. |
If this resource was helpful to you, consider giving the repo a ⭐ and sharing it with others in the security community!
This repository is under the MIT license.