Refer to this page any time there’s a vulnerability related term you want to better understand.
- ASLR
- Address Space Layout Randomization. An exploit mitigation that randomizes the loading address of modules in memory to harden the system against exploits that depend on known memory addresses. In Linux, the address of the heap, stack and external libraries is randomized. In Windows the address of the code, heap, and stack is randomized. External libraries (DLLs) are randomized once when loaded, but their address is the same between separate processes.
- Authentication Bypass
- A vulnerability that permits unauthorized users to bypass authentication and reach a protected resource or interface that would otherwise require authentication. Occasionally used as part of an exploit chain.
- Brute-Force
- A methodology used to solve for an unknown value by exhausting all the possible options. Most commonly used as a password guessing technique, but can also be used to break ALSR by guessing the random loading address.
- Buffer Overflow
- A memory vulnerability where data is written past the bounds of a certain sized allocation (buffer), overwriting the following data in memory. When a buffer in the stack is overflown, it is called a stack overflow and when a buffer in the heap is overflown it is called a heap overflow.
- Bit
- The smallest unit of memory in a computer. Can be either 0 or 1.
- Byte
- Most commonly 8 bits allowing for numbers from 0 - 255, but ultimately the number of bits in a byte is architecture dependent
- Command Injection
- A type of vulnerability where an attacker can enter unsanitized commands into a shell or interface that executes these commands.
- CLI
- Command Line Interface. A textual interface used for input and output.
- CMS
- Content Management System. A framework for websites to manage their content. The most popular CMSs are Wordpress and Drupal.
- CSRF
- Cross-Site Request Forgery. A web vulnerability that permits the execution of a malicious request on behalf of an unsuspecting user. Commonly defended by websites by attaching a “CSRF Token” to every request to permit wanted requests only.
- CVE
- Common Vulnerabilities and Exposures. A CVE is a string in the form of CVE-YYYY-XXXX where YYYY is a year (2019 for example) and XXXX is an incremental number that is tagged to a specific vulnerability for tracking and reference purposes.
- DDOS
- Distributed DOS. When multiple entities perform a DOS on a common target, the DOS become a DDOS.
- DEP
- Data Execution Prevention. An exploit mitigation. DEP labels block of memory as either executable or not. This prevents an attacker from executing data they supplied which will probably be stored on a non-executable memory block. This mitigation is present by default on all Windows, Linux and Mac operating systems.
- DOS
- Denial Of Service. When regarding websites, DOS is usually achieved by exhausting server resources. However, DOS can also be achieved by memory corruption or vulnerabilities triggering infinite loops in the code.
- Directory Traversal
- A vulnerability that allows relative directory referencing where it would otherwise be permitted. This vulnerability is usually achieved by injecting “/../” into file paths. On Linux and Windows, the string “../” refers to the parent directory.
- DLL/EXE
- The shared library file extension and executable file extension respectivaly on windows. Both are in the PE (Portable Executable) format.
- ELF/SO
- ELF is the executable file format on linux. SO is the file exetension for ELFs that are share libraries.
- Exploit
- A program that triggers a vulnerability.
- Exploit Chain
- An exploit chain is a set of exploits used together in such a way that the exploit chain’s effect is greater than any individual exploit in the chain. An exploit chain for a web-server can for example consist of an RCE exploit, and an LPE exploit. Each exploit used alone won’t result in full takeover of a remote server. However, when used together, a full server takeover is possible: first the exploit chain will execute the RCE to run code on the remote server. Next, from the code now running on the remote server, the LPE exploit will be used to escape the web-server’s sandbox, thus fully taking over the server.
- Heap
- Where dynamically allocated objects are stored
- Hexadecimal
- Base 16. Commonly used when working with memory since its more compact than decimal (base 10, the “normal number base”) and is easy to converet to binary which is the real way data is saved on a computer.
- Information Disclosure
- A vulnerability that permits otherwise protected information to be disclosed
- Injection
- A vulnerability that permits unwanted data to enter a data stream. For example Directory Traversal is usually a vulnerability stemming from allowing “../” (the parent directory notation) to reach parsed file paths.
- KASLR
- ALSR for the Kernel to protect mitigate kernel exploits
- Kernel
- The privilleged part of an operating system in charge of handling the user mode and providing abstractions to user mode.
- LPE
- Local Privilege Escalation. See PE.
- Memory Disclosure
- A vulnerability that permits exposing internal memory of the program. For example by passing uninitialized data to the user. This can be used to discolose memory locations, bypassing ASLR.
- Memory Safe Language
- A language where there is by default no low level memory handeling, thus, preventing buffer overflows.
- System (User)
- The default privilleged user in windows
- OOB
- Out of Bounds. OOB *is usually used in the context of *OOB read or OOB Write. *An *OOB read *is usually a memory disclosure, and an *OOB Write is a buffer overflow.
- PE (Privilege Escalation)
- An exploit that increases the Privilege of the user. Usually from a normal user to an administrative user such as root or ntsystem.
- PE (Portable Executable)
- The windows format for executable binaries
- RCE
- Remote Code Execution. Also commonly called arbitrary code execution. This is considered the ultimate exploit since it allows you to run code on the exploited machine. After you run code, you are only limited by the privellages you have but can otherwise do anything.
- ROP Chain
- Return Oriented Programming. A method to exploit stack overflows where the code to be executed is jumped to with assembly return statements (“ret”).
- Root
- The default privilleged user in linux
- Shell
- A CLI to interact with the operating system.
- Spoofing
- A vulnerabilty that allows “lying” about something. For example IP spoofing “lies” about who said what in the network.
- Stack
- Memory that grows downward and holds stack variables and return addresses of its program
- Stack Canary
- An exploit mitigation that inserts a value before the return address, and checks it wasn’t changed to prevent stack overflows.
- SUID/GUID executable
- Stands for Set User ID or Set Group ID. In Linux, when files are SUID or GUID it means they have a special flag lit that sets their context to run with the file owners user id or group id respectably, thus giving the process the owner’s or group’s privileges. This is useful for programs that are meant to be started by anyone but require special permissions when running. For example the ping executable is set as SUID so it can do low level socket operations.
- SQLi (SQL Injection)
- A vulnerability that allows an attacker to control a database query, which could result in other user’s personal or secret information being read, malicious data added, and erasing critical information from the database.
- Underflow (Buffer Underflow)
- Very Similar to a buffer overflow except an underflow happens when data is written before the buffer starts instead of after it ends.
- Vulnerability
- A bug in a program (see this post)
- XSS
- Cross Site Scripting. An Injection Vulnerability that permits injection scripts into otherwise safe browser content.
- XXE
- XML eXternal Entity. A vulnerability that processes remote resources from an XML file. Can be used to scan inner networks from the perspective of the computer parsing the XML.
- 1337
- Leet speak* for “Leet”. 1 = L, 3 = E, 7= T
Let me know if I missed anything 👾