User:D1551D3N7
Contents
Intro
Hey, Im D1551D3N7. I'm doing all my new articles on this page as I can't create pages and I will not accept an editor position until I trust myself with it . I'll do my best to be comprehensive :)
My Personal To-Do List
- Finish Glossary and Abbreiviations.
- Be active enough to trust myself to be an editor
- Create wanted pages to the best of my abilities and add more content to existing pages.
Keyloggers
A keylogger is a program that records a persons keystrokes and send the logs of those keystrokes back to the the hacker by either email of FTP. Good keyloggers also detail what program the keystrokes were typed into. Note to self: Use stuff from my keylogger tutorial: http://hacksociety.net/Thread-Keyloggers-The-Complete-Tutorial
Google Dorks
Google dorks are search terms created to look for vulnerable websites using Google. They usually use the "inurl:" "intitle:" and "intext:" search operators. They are commonly used for web applications that exploits have been found in already and to find sites with the vulnerable version of that software.
- Inurl searches for sites with the text after the colon (:) in their url. eg inurl:index.php?page= will get result websites like http://www.example.com/index.php?page=76
- Intitle searches for sites with the text after the colon in their page title. eg intitle:FuBar_V2.0 will bring up websites with FuBar_V2.0 as the page title.
- Intext searches for site containing the text after the colon within the text. eg intext:Email_Administration_Panel_V3.0 will get results with that in the page.
Cybercrime
Cybercrime is a crime which involves the use of the computers, mobile phones, or any form of electronic device over the internet. Computer Forensics are used to collect incrimination data for use in court or by law enforcement, enforcing cyberlaw
Glossary
A glossary is a list of terms and definitions. This is a list of terms and definitions for words used within this wiki.
Term | Definition |
---|---|
AJAX | AJAX is a way to request information from web servers without the need of having to refresh the webpage. |
API | An API is a component for a specific piece of software which enables other software to communicate with it. |
ARP | ARP is used to resolve a network layer address to a link layer address, typically resolving a MAC address to an IP address. |
ASCII | ASCII codes represent text and is used by computers or other devices that use text. |
ASLR | A runtime security measure that randomizes the memory addresses that programs load data and code into. |
ASP | ASP is a server-side interpreted language used mostly in web applications. |
Administration | In the context of information technology, administration typically refers to system administration or network administration. |
Application | An application is a software program in any form. |
Assembly | Assembly is a low-level computer language. |
Availability | Availability is the assurance that data will be accessible by those authorized to receive it when the data is needed. |
BGP | BGP is the underlying dynamic routing protocol of the entire Internet. |
Bash | Bash is the linux command line utility similar to MS-DOS. |
Binary | Binary is machine-readable code consisting of 0s and 1s |
Biometric | In the scope of security, biometrics may be used to authenticate users based on unique physical traits, such as fingerprints or retina scans. |
Bitwise Math | Bitwise math is the foundation of all binary math and most mathematic operations performed in assembly. |
Boolean enumeration | Boolean enumeration is used to discover data when you can only ask the an information system yes or no questions about a value. |
Bootloader | A bootloader is the code that runs prior to the loading of the operating system. |
Botnet | A botnet is a collection of computers under the control of an entity. |
Brute force | A brute force attack is a highly primitive method used to obtain authentication credentials by repeatedly guessing based on set parameters such as estimated length and characters used. |
Buffer | A Data Buffer is a space in computer memory, where data is stored to prevent the program or resource that requires either hardware or software, to run out of data during a transfer. |
Buffer overflow | Buffer overflow, or Buffer Overrun is a software error triggered when a program does not adequately control the amount of data that is copied over the buffer, if this amount exceeds the preassigned capacity, remaining bytes are stored in adjacent memory areas by overwriting its original content. |
Byte | A byte represents (most often) 8 (can be 10, 12, 15... depending on the architecture) bits of data. |
C | C is a high-level programming language which allows you to construct programs writing in a syntactical form. |
C++/CPP | C++ is a compiled low-level programming language. It is an enhancement of the language C. |
CFM | ColdFusion Markup Language is an interpreted language utilizing a Java backend. |
CGI | CGI is a way for HTTP servers to serve interpreted languages and compiled languages using a binary file. |
Clients | A client is generally a program which connects to a server, then requests, receives and processes data from that server, giving feedback to a user. |
CSA | CSA is an Operating-System level application that functions as a HIPS for Microsoft Windows. |
CSRF | CSRF is a common web vulnerability. |
CSS | CSS is used to format everything from text, images, and links to tables, headers, and layout data rendered by a web browser and is referred to by the HTML code that the browser receives. |
Cellular Security | Cellular Security is the area of security involved with mobile communication networks. |
Command Injection | A Command Injection vulnerability is an escape string or format string vulnerability that occurs when unsanitized user input is passed to a system shell (system(), exec() etc.) |
Compiler | A compiler is a piece of software that converts programming language (i.e. C) into machine-readable code. |
Computer Forensics | Computer forensics is a process used to find infringing evidence of cyber crime occuring. |
Cookies | Cookies are used to pass information transparently between the client and server, emulating a "state". |
Database | Usually refers to a SQL or MS-Access database. |
Ddos attack | A DOS attack is an attack that denies a service to a user. |
Debugging | Debugging is the process of interacting with an application's code at runtime to determine changes in variables, reverse engineer functions, or solve other bugs with the application. |
DNS | DNS resolves hostnames to IP addresses and vice versa. |
E-mail Spoofing | Email spoofing is when you send an email "spoofed" to be someone elses address. |
Ethical hacker | An ethical hacker, also known as a "white hat", works by finding vulnerabilities for businesses and organisations and patches their systems to prevent exploitation of the vulnerabilities. |
Exploitation | Exploitation is taking advantage of a vulnerability in a foreign system to gain access or absolute control over the foreign host(s) or network(s). |
FTP | A simple plaintext protocol used for transferring files from server to client and vice-versa. |
Facebook is the biggest social network on the internet. | |
File Inclusion | File inclusion refers to the process of manipulating unsanitised inputs that make use of PHP's include() function into including files that were not intended to be included. |
Filter bypass | Filter evasion is the process of crafting payloads or strings that bypass or evade improper, partial, or incomplete sanitizing methods put in place for security purposes on different types of user inputs. |
Firewall | A firewall implements traffic filtering by blocking traffic for designated hosts or networks at the network layer, before the data is interpreted by the protocol handler. |
Fuzzing | Fuzzing is the process of penetration testing an application for security-related bugs. |
Gateway | A gateway acts as an entrance to another network. |
HIDS | A Host-based Intrusion Detection System focuses on performing several intrusion detection mechanisms in a single host or computer, ensuring the integrity of it by searching for malicious or anomalous activity. |
HIPS | HIPS operate at the host layer and is used to prevent and monitor attacks against the local machine. |
HTML | HTML is the basic building blocks of webpages. |
HTTP | HTTP is an Plaintext application level Protocols. It is used for distributing, collaborative, hyper media information. |
HTTPS | HTTPS operates in a similar way to HTTP, however, it provides transport layer encryption with TLS. |
HTTP referrer | The HTTP referrer is part of the HTTP header. |
Hackers | The term hacker originally meant software programmer. Now, it means a "computer security" specialist. |
Hacking | Hacking is the art of taking advantage over the way that computer systems communicate with one another and handle errors within their components. |
Hardware | Hardware refers to a physical device, component or appliance. |
Host | A host is a single machine on one or more networks that may have one or more IP addresses |
IP Address | An IP (Internet Protocol) address is 32 bit, or four byte, address assigned to a specific machine that enables it to utilize the TCP/IP transport layer. |
Information Security | Information Security is the practice of protecting the confidentiality, integrity and availability of information assets through the application of risk management. |
Input | Inputs are anything read by the application. |
Integrity | Integrity is the concept of trust in the accuracy and completeness of data. |
Interpreted languages | Interpreted languages are programming languages that are interpreted at runtime, rather than compiled to machine code and then simply executed. |
Iptables | The iptables command is a piece of software that filters packets at the kernel stack layer. |
JQuery | jQuery is a JavaScript library that simplifies HTML document traversing, event handling, animating, and AJAX interactions. |
JavaScript | JavaScript is one of many interpreted languages that is interpreted by a web browser. |
Keypair | In public-key cryptography, a keypair is a pair of a public and a private key. The public key is used to encrypt messages which then can only be decrypted using the private key. |
Keypool | A keypool or keyserver is a server which hosts PGP public keys. |
LAN | A LAN is a network of machines that are relatively near each other in terms of physical location - often, but not always in the same building. |
LD Preload | LD_PRELOAD, in simple terms, is a way to "preload" a shared library. It's an option you pass to ld either using a config file or environment variable. |
LUA | Lua is a portable interpreted language. It is mainly used in games, however it is also used by NMAP's Scripting Engine. |
Linux | Linux is an Operating System developed by Linus Torvalds. It is compatible with any bootloader. |
Lisp | Lisp is one of the oldest group of programming languages, characterized by its strength, dynamism, and parenthesized syntax. |
MAC | A MAC address is a unique identifier in hexadecimal that is assigned to network devices. |
MITM attack | A MITM attack is a method to forcibly route the traffic between two hosts so that it can be sniffed between them. |
MS-DOS | MS-DOS is Microsoft's older Operating Systems. |
Abbreviations
An abbreviation is when a long set of words is shortened into a few letters. This is a list of abbrieviations and their long format as used in this wiki.
Abbreviation | In Full |
---|---|
AJAX | Asynchronous JavaScript And XML |
API | Application Programmable Interface |
ARP | Address Resolution Protocol |
ASCII | American Standard Code for Information Interchange |
ASLR | Address Space Layout Randomization |
AS | Automonous System |
ASN | Autonomous System Number |
ASP | Active Server Pages |
AST | Abstract Syntax Tree |
BGP | Border Gateway Protocol |
Bash | Bourne-Again SHell |
CC | C Compiler |
CEH | Certified Ethical Hacker |
CFM | Cold Fusion Markup |
CGI | Common Gateway Interface |
CIDR | Classless Inter-Domain Routing |
CISA | Certified Information Systems Auditor |
CISO | Certified Information Security Officer |
CISSP | Certified Information Systems Security Professional |
CPP | C Plus Plus |
CPU | Central Processing Unit |
CSA | Cisco Security Agent |
CSRF | Cross-Site Referral Forgery |
CSS | Cascading Style Sheet |
DEP | Data Execution Prevention. |
DIG | Domain Information Groper |
DNS | Domain Name System |
FTP | File Transfer protocol |
GCIA | GIAC Certified Intrusion Analyst |
GCIH | GIAC Certified Incident Handler |
GIAC | Global Information Assurance Certification |
GSEC | GIAC Security Essentials Certification |
HIDS | Host-based Intrusion Detection System |
HIPS | Host Intrusion Prevention System |
HTML | Hyper-Text Markup Language |
HTTP | Hyper-Text Transfer Protocol |
HTTPS | Hypertext Transfer Protocol Secure |
IDS | Intrusion Detection Systems |
IP | Internet Protocol |
IPS | Intrusion Prevention System |
IR | Intermediate Representation |
IRC | Internet Relay Chat |
ISACA | Information Systems Audit and Control Association |
(ISCA)2 | International Information Systems Security Certification Consortium |
LAN | Local Area Network |
LFD | Local File Disclosure |
LFI | Local File Inclusion |
Lisp | Locator/Identifier Separation Protocol |
MAC | Media Access Control |
MITM attack | Man In The Middle attack |
MS-DOS | MicroSoft Disk Operating System |
PGP | Pretty Good Privacy |
RPC | Remote Procedure Call |
SMTP | Simple Mail Transfer Protocol |
TCP | Transmission Control Protocol |
TLS | Transport Layer Security |
VOIP | Voice Over Internet Protocol |