CYBER FUNDAMENTALS

AI Security
Uses artificial intelligence to detect threats in real time by analysing patterns, correlating events, and identifying anomalies. Enhances security efficiency, reduces alert fatigue, and accelerates investigation and response across networks, endpoints, and cloud environments.

Advanced Persistent Threat (APT)
A long-term, targeted attack by skilled adversaries using stealthy methods to maintain access and exfiltrate sensitive information over extended periods. Detection requires continuous monitoring, behavioural analysis, and proactive threat hunting.

Account Takeover
Occurs when attackers gain control of user accounts through credential theft, phishing, or exploitation. Mitigation includes multi-factor authentication, behavioural monitoring, and rapid detection to prevent fraud, data loss, or further compromise.

Attack Surface
The collection of all points where an organisation’s systems, applications, identities, and cloud workloads are exposed to potential attacks. Minimising it involves continuous assessment, secure configurations, and monitoring of new or vulnerable entry points.

Attack Techniques
Methods employed by adversaries to compromise systems, including phishing, lateral movement, privilege escalation, and malware deployment. Understanding techniques helps organisations detect, disrupt, and prevent attacks proactively.

Backdoor
Hidden access mechanisms installed by attackers to maintain control over compromised systems. Detection focuses on unusual network connections, unauthorised processes, or anomalous user behaviour.

Botnet
A network of compromised devices controlled remotely to conduct coordinated attacks like DDoS, spam campaigns, or malware distribution. Prevention relies on endpoint hygiene, traffic monitoring, and network segmentation.

Cloud Detection and Response (CDR)
A cloud-focused security approach that monitors workloads, APIs, and identities for threats. Enables rapid detection, investigation, and mitigation across hybrid and multi-cloud environments.

Cloud Security
Protects cloud assets from misconfigurations, unauthorised access, and attacks. Involves identity management, continuous monitoring, and enforcement of secure policies for workloads and data.

Cobalt Strike
A legitimate penetration-testing tool often abused by attackers for post-exploitation, lateral movement, and command-and-control. Detection requires monitoring for unusual tool behaviours or execution patterns.

Command and Control (C2)
Techniques used by attackers to communicate with compromised hosts and issue instructions. Detection focuses on anomalous network traffic, unusual endpoints, and encryption evasion tactics.

Common Vulnerabilities and Exposures (CVE)
A standardised system cataloguing publicly known software vulnerabilities. Organisations use CVEs to prioritise patching and reduce exposure to exploits.

Compliance
Adherence to legal, regulatory, and industry cybersecurity standards. Ensures structured controls, documentation, and reporting to reduce risk and demonstrate governance.

Cross-Site Request Forgery (CSRF)
A web attack where users unknowingly perform actions on a site while authenticated. Mitigation includes token-based validation and strict session handling.

Cyberattack
Any deliberate attempt to disrupt, steal, or damage systems or data. Includes malware, ransomware, phishing, or sophisticated state-sponsored operations.

Cybersecurity Metrics
Quantitative measures to evaluate security effectiveness, incident response, and risk management. Helps justify investments and identify improvement areas.

Cybersecurity Solutions
Technologies and processes designed to protect networks, endpoints, cloud, and identities from cyber threats. Includes EDR, NDR, SIEM, and XDR tools.

Data Breach
Incident exposing sensitive information due to attacks, misconfigurations, or human error. Requires detection, containment, reporting, and remediation to limit impact.

Endpoint Detection and Response (EDR)
Tools that monitor endpoints for threats, providing detection, investigation, and containment capabilities to prevent further compromise.

Exfiltration
The unauthorised transfer of sensitive data from systems. Detection involves monitoring abnormal data flows, access patterns, and user behaviour.

Exploit
A technique or code that takes advantage of vulnerabilities to gain unauthorised access, elevate privileges, or execute malicious actions.

Extended Detection and Response (XDR)
An integrated security approach correlating alerts across endpoints, networks, identities, and cloud, improving detection and response efficiency and context.

Healthcare Cybersecurity
Protects patient data, medical devices, and critical infrastructure. Focuses on regulatory compliance, third-party risk, and targeted threat mitigation.

Hybrid Cloud Security
Secures workloads across on-premises and cloud environments, maintaining unified visibility, consistent policies, and protection against misconfigurations or attacks.

Identity Threat Detection and Response (ITDR)
Monitors identity systems for compromise, misuse, or anomalies. Prevents attackers from exploiting accounts to access sensitive resources.

Intrusion Detection/Prevention Systems (IDS/IDPS)
Monitors networks or systems for malicious activity. IDS alerts administrators; IDPS can also block or contain threats automatically.

Incident Response
Structured approach to detect, analyse, and recover from security incidents. Includes preparation, containment, eradication, and post-incident review.

Indicator of Compromise (IOC)
Digital evidence of potential breaches, such as malicious IPs, file hashes, or unusual processes. Used to identify and mitigate threats.

Insider Threat
Risks posed by employees or contractors who misuse access intentionally or accidentally. Detection relies on behavioural monitoring and least-privilege policies.

Kerberoasting
An attack on Kerberos service tickets to extract service account credentials. Monitoring unusual ticket requests and enforcing strong passwords mitigates risk.

Kill Chain
Framework describing the stages of an attack, from reconnaissance to action on objectives. Enables defenders to disrupt attacks at each stage.

Lateral Movement
Techniques used by attackers to traverse networks to reach high-value targets. Detection focuses on abnormal access patterns and privilege escalation.

Living Off the Land (LOTL)
Adversaries use legitimate system tools for malicious purposes to evade detection. Monitoring unusual tool usage helps detect such activity.

Malware
Software designed to damage, steal, or disrupt systems. Includes viruses, ransomware, trojans, and spyware. Detection requires multi-layered analysis and threat intelligence.

Managed IT Security Services
Outsourced security operations providing monitoring, threat detection, and incident response to supplement in-house capabilities.

Managed Detection and Response (MDR)
24/7 security monitoring combined with expert response and automation, offering advanced detection and containment of threats.

Metadata
Contextual data describing system activity or files, used for behavioural analysis and anomaly detection.

Metasploit
A penetration-testing framework demonstrating exploit techniques. Security teams use it to simulate attacks and improve defences.

Mobile Phishing (Mishing)
Phishing attacks via SMS or messaging apps to steal credentials or deliver malware. Mitigation includes user training and anti-phishing tools.

MITRE ATT&CK
A globally recognised framework mapping adversary tactics and techniques, aiding threat detection, analysis, and response planning.

MITRE D3FEND
Framework linking defensive techniques to ATT&CK adversary models, supporting structured mitigation strategies.

Network Detection and Response (NDR)
Continuous network monitoring to detect, analyse, and respond to threats using traffic patterns, anomalies, and contextual intelligence.

Network Security
Protecting network infrastructure from unauthorised access, attacks, and data leaks using firewalls, segmentation, monitoring, and intrusion prevention.

Network Traffic Analysis
Examining traffic flows to detect anomalies, suspicious patterns, or hidden threats, aiding proactive threat response.

Operations Security (OPSEC)
Practices that protect sensitive operational information from being exploited by adversaries, reducing attack surface exposure.

Phishing
Deceptive attempts to acquire sensitive information via email, web, or messaging. Prevention includes training, MFA, and email filtering.

Privilege Escalation
Techniques used by attackers to gain higher-level access than authorised. Detection involves monitoring access requests and abnormal privilege use.

Ransomware
Malware encrypting or exfiltrating data for extortion. Defence includes backups, patching, monitoring, and rapid incident response.

Reconnaissance
The initial phase where attackers gather information about targets. Monitoring unusual scanning or probing activity helps early detection.

SEO Poisoning
Manipulation of search results to deliver malicious content or lure users. Prevention includes threat intelligence and safe browsing policies.

Security Information and Event Management (SIEM)
Centralises log collection, correlation, and analysis to detect threats, support compliance, and enable investigations.

SOC as a Service
Outsourced security operations providing 24/7 monitoring, threat detection, and response for organisations without full in-house teams.

Social Engineering
Exploiting human behaviour to bypass technical controls. Awareness training, verification procedures, and monitoring reduce risk.

Spoofing Attack
Impersonating identities, devices, or data to deceive systems or users. Detection includes anomaly monitoring and authentication enforcement.

SQL Injection
Web attack manipulating database queries to gain unauthorised access or exfiltrate data. Defended by input validation and secure coding practices.

Supply Chain Attack
Targeting third-party vendors or software dependencies to compromise organisations indirectly. Mitigation includes supplier security assessments and continuous monitoring.

Threat Actor
Individuals or groups conducting malicious cyber activity. Understanding their motives and techniques aids detection and prevention.

Threat Detection
Identifying, prioritising, and responding to malicious activity across systems, networks, and users. Combines tools, analytics, and intelligence.

Threat Hunting
Proactive search for hidden threats using analytics, telemetry, and hypothesis-driven investigation to uncover sophisticated attacks.

User and Entity Behaviour Analytics (UEBA)
Monitors behavioural patterns of users and devices to detect anomalies that may indicate compromise or insider threats.

Vulnerability Management
Ongoing process of discovering, prioritising, and remediating security weaknesses to reduce the risk of exploitation.

Zero Day
An unpatched vulnerability exploited by attackers before a fix is available. Rapid detection and mitigation are essential to reduce exposure.

Zero Trust
Security model assuming no implicit trust; every access request is verified, monitored, and limited to minimise risk.

Reduce the success rate of your next social engineering attack