Acronyms for the Certified Ethical Hacker Exam (312-50)



APT Advanced Persistent Threat; an attack that is focused on stealing informationfrom the victim without the user being aware of it.
3DES Triple Data Encryption Standard; standard which does DES three times with three different keys.
ACK Acknowledgement; confirms the receipt of transmission and identifies the next expect sequence number.
ACL Access Control List; a list of permissions attached to an object. An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects.
ADS Alternate Data Stream; any kind of data attached to a file but not in the file on an NTFS system
AES Advanced Encryption Standard;  a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology.
AH Authentication Header; useful in providing connectionless integrity and data origin authenticaiton for IP datagrams and anti-replay protection for the data payload and some portions of IP header of each packet.
AI Artificial Intelligence; defend network against various attacks that an antivirus scan cannot detect.
ARIN American Registry for Internet Numbers; provides services related to the technical coordination and management of Internet number resources.
ARP Address Resolution Protocol; resolves IP addresses to the MAC address of the interface to send data.
BER Basic Encoding Rules; transmits information between the dlient and the server.
BSS Basic Service Set; a service set is a group of wireless network devices that are operating with the same networking parameters.
BSSID Basic Service Set Identifier; the MAC address of an Access point or based station that has set up a BSS.
BYOD Bring Your Own Device; a policy allowing an employee to bring their personal devices such as laptops, smartphones, and tablets at workplace an duse them for accessing organization’s resources as per their access privileges.
C2 Command and Control; the impact an attacker possesses over a compromised system or network.
CA Certificate Authority; Issues and verifies digital certificates
CAM Content Addressable Memory; a dynamic table of fixed size. It stores information such as MAC addresses available on physical ports along with VLAN parameters associated with them.
CASB Cloud Access Security Broker; implemented to monitor cloud traffic for detection of anomalies with the generated instances.
CCMP Counter Mode Cipher Block Chaining Message Authentication Code Procol; encryption protocol used in SPA2 for stronger encryption and authentication.
CCTT Covert Channel Tunneling Tool; creates arbitrary data transfer channels in the data streams authorized by a network access control system
CHAP Challenge-Handshake Authentication Protocol; an authentication mechanism used by PPP server in order to authenticate or validate the identity of remote clients or network hosts.
CHM CEH Hacking Method; the methodology followed for hacking a system. There are three steps: Gaining Access, Maintaining Access and Clearing Logs.
CIDR Classless Inter-Domain Routing; a method of allocating IP address and IP routing as opposed the previous addressing architecture of classful addressing.
CIO  Chief Information Officer; person responsible for eecuting the policies and plans required for supporting the information technology and computer system of an organization.
CR Carriage Return; a control character or mechanism used to reset a device’s position to the beginning of a line of text.
CRIME Compression Ration Info-Leak Made Easy; a client-side attack which expoits the vulnerabilities present in data compression feature of protocols.
CSP Cloud Service Provider
CSPP Connection String Parameter Polllution; server uses connection strings to connect applicatios to database engines.
CSRF Cross-Site Request Forgery; know as a one-click or session riding. Exploits the victim’s active session with a trusted site to operform malicious activities such as purchase an item, modify, or retrieve account information.
CVE Common Vulnerabilities and Exposures; a publicly avilable and free to use list or dictionary of standardized identifiers for common software vulnerabilities and exposures.
CVSS Common Vulnerability Scoring System; a published standard tha tprovides an open framework for communicating the characteristics and impacts of IT vulnerabilities.
DAC Discretionary Access Control; permits user, who is granted access to information, to decide how to protect the information and the level of sharing desired.
DDoS Distributed Denial of Service
DDOS Distributed Denial of Service; a large-scale, coordinated attack on the availability of services o a victim’s system or network resources, launched indiretly through many compromised computers on the Internet
DES Data Encryption Standard; a standard for data encryption that uses a secret key for oth encryption and decryption.
DHCP Dynamic Host Configuration Protocol; maintains TCP/IP configuration information in a database such as valid TCP/IP configuration parameters, valild IP addresses, and duration of th elease offered by the server.
DKOM Direct Kernel Object Manupulation; a type of rootkit are able to locte and manipulate the “system” process in ker nel memory structure and patch it.
DLP Data Loss Prevention; identification and monitoring of sensitive data to ensure that end users do not send sensitive information outside the corporate network.
DMCA Digital Millennium Copyright Act; United States of America’s copyright law. Defines legal prohibitions against circumvention fo technological protection measures employed by copyright owners to protect their works.
DMZ Demilitarized Zone; a controlled, Internet-facing zone that typically contains Internet-facint components of network servers and email gateways through which employees of an organization directly communicate.
DNA Distributed Network Attack; a technique used for recovering password-protected files that utilizes the unused processing power of machines across the network to decrypt passwords.
DNS Domain Name System; a hierarchical decentralized naming system for computers, services, or other resources connected to the Internet or a private network.
DNSSEC Domain Name Security Extension; a set of extensions to DNS which provide to DNS clients (resolvers) origin authentication of DNS data, authenticated denial of existence, and data integrity.
DoS Denial of Service
DOS Denial of Service; an attack on a computer or Network tha treduces, restricts or prevents accessibility of system resources to its legitimate users
DR Data Recovery; the process for th erecovery of data that may have been accidentally/intentionally deleted or corrupted.
DRDoS Distributed Reflection Denial os Service; involves the use of multiple intermediary and secodary machines that contribute to the actual DoS Attack against the target machine or application. Exploits the TCP three-way handshake.
DSA Directory System Agent; a client start an LDAP session by conecting to a Directory System Agent.
DSA Digital Signature Algorithm; FIPS for digital signature.
DSSS Direct Sequence Spread Spectrum; a frequency modulation technique where a device spreads a signal of low bandwidth over a broad frequency range to enable sharing of a single channel smong multiple users.
DUHK Don’t Use Hard-Coded Keys; a cryptographic vulnerability that allows attackers to otain encryption key used to secure VPNs and web sessions.
EAP Extensible Authentication Protocol; supports multiple authentication methods, such as token cards, Kerberos, certificates, etc.
EISA Enterprise Information Security Architecture; a set of requirements, processes, principles and models tha tdetermine the current and/or future structure and behavior of an organization’s security processes
ELB Elastic Load Balancing;
ESP Encapsulation Security Payload; in addition to services provided by  the AH,this protocol offers confidentiality but does not provide integrity and anti-replay service.
FHSS Frequency Hopping Spread Spectrum; the user alters the audio file’s frequency spectrum so that it hops rapidly between frequencies.
FIN Finish; when the flag is set to “1” to announce that it will not send more transmissions to the remote system and terminates the connection.
FISMA Federal Informaiton Security Management Act; provides a comprehensive framework for ensuring the effectiveness of information security controls over the information resources that support federal operations and assets.
GAK Government Access to Keys; statutory obligation of individuals and organizations to disclose their cryptographic key to government agencies.
GPS Global Positioning System; a space-based satellite navigation system that provides location, time and existence of physical intities on earth.
GSM Global System for Mobile Communications; Universal system used for mobile transportation fr wireless network worldwide.
HIDS Host Intrusion Detection System; mechanism that includes auditing for events tha toccur on a specific host.
HIPAA Health Insurance Portability and Accountability Act; provides federal protections for individually identifiable health information held my covered entities and their business associates and gives patients an array of rights regarding that information.
HMAC Hash based Message Authentiation Code; uses a cryptographic key along with a cryptographic hash function.
HPKP HTTP Public Key Pinning; a TOFU technique used in an HTTP header that allows a web client to associate a specific public key certificate with a particular server to inimize the risk of man-in-the -middle attack with fradulent certificates.
HSTS HTTP Strict Transport Security; a  web security policy that proetects HTTPS website against MITM attacks.
IA Information Assurance; assurance that th eintegrity, availability, confidentiality and authenticity of information and information systems is protected during usage, processing, storage and transmission of information
IaaS Infrastructure-as-a-Service; enables subscribers to use on demand fundamental IT resources such as computing power, virtualizaation, data storage, network, etc.
IAM Identity and Access Management; a framework for business practices that consists of users, procedures and software products to manage user digital identities and access to resources of an organization.
ICT Information and Communications Technology; technologies that provide access to information through telecommunications including Internet, wireless networks, cell phones and othe communication mediums
IDS Intrusion Detection System; a security software or hardware device which inspects all inbound and outbound network traffic for suspicious patterns that may indicate a breach.
IIoT Industrial Internet of Things; capturing new growth through 3 approaches: increasing production boosts revenues, using intelligen technology tha tis entirely changing the way goods are made and creation of new hybrid business models.
IKE Internet Key Exchange; Ipsec rpotocol tha tproduces security keys of Ipsec and other protocols.
IM Incident Manager; focuses on the incident and analyzes the manner in which to handle it from a management and technical point of view.
IoT Internet of Things; devices connected to the Internet having little or not security making them vulnerable to various types of attacks.
IPID Fragment identificaiton number; an OS increases the IPID for each packet sent. Probing an IPID gives an attacker the nmber of packets sent since the last probe.
Ipsec Provides data security by securing IP communication s by authenticating an dencrypting each IP packet of a communication session.
IRDP ICMP Router Discovery Protocol; a routing protocol that allows a host to discover the IP address of active router on its subnet by listening to router advertisemennt and solicitation messages on its network.
ISAKMP Internet Security Association Key Management Protocol; part of IKE, to establish, negotiate, modify and delete Security Associations.
ISM Information Security Management; organization-wide programs that enable the business to operate in a state of reduced risk.
ISM Industrial, Scientific and Medical; refers to the portion of the radio spectrum reserved internationally for these industries.
ISO/IEC Specified the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization.
ISP Internet Service Provider
ISSAF Information Systems Security Assessment Framework; open source project aimed to provide in-depth information about how to conduct a penetration test.
ISSO Information System Security Officer; responsible for an organization’s information security programs.
KRACK Key Reinstallation Attack; attack that exploits the flaws present in the implementation for a 4-way handshake process in WPA2 authentication.
LDAP Lightweight Directory Access Protocol; an Internet protocol for accessing distributed directory services
LEAP Lightweight Extensible Accessible Protocol; proprietary version of EAP developed by Cisco
LF Line Feed; or newline  a control character or sequence of control characters in a character encoding specification that is used to signify the end of a line of text and the start of a new one.
LFM Log File Monitoring; monitors log files created by network services
LLMNR Link Local Multicast Name Resolution; an element of the Windows operating Systems used to perform name resolution for hosts present on the same link. This passively listens on the network on UDP port 5355.
LSB Lower Sideband; users can insert a secret binary message in the least significant bit of each sampling point of the audio signal.
MAC Mandatory Access Control; does not perit the end user to decide who can access the information. Does not permit the user to pass privileges to other users.
MAC Media Access Control; the hardware address of the interface.
MDA Message Digest Algorithm
MDM Mobile Device Management; provides platforms for over-the-air or wired distribution of applications, data and configuration settings for all types of mobile devices, including mobile phoes, smatphones, taliet computers, etc.
MIB Managemment Information Base; virtual database containing a formal description of all the network objects that SNMP manages.
MiTC Man-in-the-Cloud; an advanced version of MiTM. An attacker uses an exploit that intercepts and manipulates the communication between two parties. They are carried out by abusing cloud files synnchronization services.
MiTM Man in the Middle;
ML Machine Learning; is unsupervised self-learning system that is used to define what the normal network looks like along with its devices
MoCA Multimedia oer Coax Alliance; a type of network protocol that provides a high definition video of home and content related to it over the existing coaxial cable.
NAT Network Address Translation; separates IP addresses into two sets and enable the LAN to use these addresses for internal and external trafic respectively.
NBT-NS Link Local Multicast Name Resolution; an element of the Windows operating Systems used to perform name resolution for hosts present on the same link. This broadcasts and respond to the request pretending to be a target host on UDP port 137.
NDA Non-Disclosure Agreement; a confidentiality agreement states that the informatio provided by the target organization is confidential and proprietary.
NetBIOS Network Basic Input Output System; Windows uses NetBIOS fo file and printer sharing.
NIDS Network Intrusion Detection System; Device placed on the network in a promiscuous mode, listening for patterns indicative of an intrusion
NTLM NT LAN Manager; a default autheticaito scheme that performs authentication usin a challenge/response strategy
NTP Network Time Protocol; designed to synchronize clock of etworked computers.
NVD  National Vulnerability Database; US government reository of standards based vulnerability management data represented.
OFDM Orthogonal Frequency Division Multiplexing; a method of digital signal modulation in which a single data stream is split across several separate narrowband channels at different frequencies to reduce interference and crosstalk.
OISSG Open Information Systems Securiity Group; organization which supports ISSAF.
OSSIM Open Source Security Information Management; is an open source security information and event management system, integrating a selection of tools designed to aid network administrators in computer security, intrusion detection and prevention.
OSSTMM Open-Source Security Testing Methodology Manual; standard set of penetration tests to achieve security metrics. Considered to be a de facto standard for the highest level of testing and it ensures high consistency and remarkable accuracy
OTP One-Time Passwords;
OWASP Open Web Application Security Project; open-source application security project that assist the organizations to purchase, develop and maintain software tools, software applications and knowledge-based documentation for Web application security
OWASP Online Web Application Security Project; an online community, produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security.
PaaS Platform as a Service; offers the platform for the development of applications and services.
PCI/DSS Proprietary informationn security standard for organizations that handle cardholder information for the major debit, credit, prepaid, e-purse, ATM and POS cards.
PE Portable Executables; a file format for executables, object code, DLLs, FON Font files, and others used in 32-bit and 64-bit versions of Windows operating systems. The PE format is a data structure that encapsulates the information necessary for the Windows OS loader to manage the wrapped executable code.
PEAP Protected Extensible Authentication Protocol; a protocol tha tencapsulates the EAP within an encryption and authenticated Transport Layer Security (TLS) tunnel.
PGP Pretty Good Privacy; a protocol used to encrypt and decrypt data that provides authentication and cryptographic privacy.
PIN Personal Identificaiton Numbers;
PKI Public Key Infrastructure; a security architecture developed to increase the confidentiality of information exchanged over the insecure Internet.
PLC Power-Line Communication; protocol where electrical sires are used to transmit power and data from one end point to another end point.
PSH Push; when the flag is set to “1”, indicates that the sender has raised the push operation to the receiver.
PSK Pre-Shared Key;
RA Registration Authority; Acts as the verfier for the certificate authority.
RADIUS Remote Authentication Dial-In User Service; a centralized authentication an authorization managemet system.
RAT Remote  Access Trojans;  provide attackers with full control over th victim’s system, enabling them to remotely access files private conversaitons, accounting data, etc.
RBAC Role-Based Access Control; simplifies the assignment of privileges. Ensures that individuals have all the privileges necessary to perform their duties
RIPEMD RACE Integrity Primitives Evaluation Message Digest; 160-bit hash algorithm.
ROE Rules of Engagement; formal permission to conduct a penetration test. There are provided rights and estrictions to the test team for performing the test.
ROSI Return on Security Investment; reduction of an organization’s expenditure on IT security by identifying and remediating vulnerability or weaknesses
RPC Remote Procedure Call; technology used for creatin distributed client/server programs.
RSA Rivest Shamir Adleman; internet encryption and authentication system; defacto encryption standard.
RST Reset; when there is an error in the current connection, the flag is set to “1” and it aborts the connection in response to the error.
SaaS Software-as-a-Service; offers application software to subscribers on demand over the Internet.
SAM Security Accounts Manager; a database to manage user accounts and password in the hased format instead of plain text.
SEM Security Event Management; deals with real-time monitoring, correlation of eents, notifications and console views.
SET Social Engineering Toolkit; open-source Python-drive tool aimed at penetration testing via social engineering.
SHA Secure Hashing Algorithm; generates a cryptographically secure one-way hash.
SIEM Security and Incident and event Management; Systems used to manage andstore huge collection of log data from different sources like networks, applications, devices, secuiry and user activity in real time.
SIM Security Information Management; supports permanent storage, analysis and reporting of log data.
SLA Service Level Agreement; a commitment between a service provider and a client. Particular aspects of the service – quality, availability, responsibilities – are agreed between the service provider and the service user.
SMS Short Message Service; a text messaging service component of most telephone, internet, and mobile-device systems.
SMTP Simple Mail Transfer Protocol; uses Mail Exchange servers to direct the mail via DNS and runs on port 25.
SNMP Simple Network Management Protocol; An Internet-standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior.
SOAP Simple Object Access Protocol; a lightweight and simple XML-based protocol designed to exchange structured and type information on the web.
SOX Sarbanes Oxley Act; designed to protect investors and the public by increasing the accuracy and reliability of ccorporate disclosures
SPAN Switched Port Analyzer; a Cisco switch also known as “port mirroring.” Monitors netowkr traffon on one or more ports on the switch.
SSDP Simple Service Discovery Protocol; network protocol that communicates with machines when querying them with routable multicast addresses. Controls communication for the UPnP feature.
SSID Service Set Identifier; a code that identifies the network to which packets on a wireless network belong.
SSL Secure Sockets Layer; an application layer protocol for the anaging the security of a message transmission on the Internet.
SSRF Server Side Request Forgery; a type of exploit where an attacker abuses the functionality of a server causing it to access or manipulate information in the realm of that server that would otherwise not be directly accessible to the attacker.
SYN Synchronize; notifies the transmission of  new sequence number.
TKIP Temporal Key Internet Protocol; is an encryption protocol included as part of the IEEE 802.11i standard for wireless LANs.
TLS Transport Layer Security; a protocol to establish a secure connection between a client and a server and ensure privacy and integrity of information during transmission.
TOFU Trust on First Use; a security model used by client software which needs to establish a trust relationship with an unknown or not-yet-trusted endpoint.
UBA User Behavior Analytics; process of tracking user behavior to detect malicious attacks, potential threats and financial frauds
UML User-Mode Linux; an open source which is used to create virtual machines and is efficient in deploying honeypots.
UPnP Universal Plug and Play; set of networking protocols that permits networked devices, such as personal computers, printers, Internet gateways, Wi-Fi access points and mobile devices to seamlessly discover each other’s presence on the network and establish functional network services for data sharing, communications, and entertainment.
URG Urgent; instructs the system to process the data contained in packets as soon as possible.
VA Validation Authority; Stores certificates with their public keys.
VLAN Virtual Local Area Network;
VPN Virtual Private Network; a network tha tprovides secure access to the private network through the Internet. Used for connectin wide area networks.
WAF Web Application Firewall;  filters, monitors, and blocks HTTP traffic to and from a web application. This is differentiated from a regular firewall in that a WAF is able to filter the content of specific web applications while regular firewalls serve as a safety gate between servers.
WEP Wired Equivalent Privacy; an encryption algorithm fo IEEE 802.11 wireless networks. It is old and original wireless security statndard.
WPA Wi-Fi Protected Access; advanced wireless encryption protocol using TKIP and MIC to provide stronger encryption and authentication.
WPA2 WI-Fi Protected Access version 2; a type of encryption used to secure the vast majority of Wi-Fi networks. A WPA2 network provides unique encryption keys for each wireless client that connects to it.
XMAS Christmas Scan; a probe with the FIN, URG and PUSH TCP flags set.
XSS Cross-Site Scripting; an attacker injects HTML tags or scripts into a target website.
XXE XML External Entity; an attack where an application is able to parse XML input from an unreliable source because of the misconfigured XML parser.