Terms

To work on something, especially to program a computer. (See: hacker.)

A gathering of individuals from various backgrounds and different stages in their careers (hobbyist to professionals) to solve problems of common interest.

An unauthorized user who attempts to or gains access to an information system.

Perform processing operations on data, such as receive and transmit, collect and disseminate, create and delete, store and retrieve, read and write, and compare. (See: access.)

A type of access control other than (a) the rule based protections of mandatory access control and (b) the identity based protections of discretionary access control; usually involves administrative security.

A 16 bit field that specifies a control and release marking in the security option (option type 130) of IP's datagram header format. The valid field values are alphanumeric digraphs assigned by the U.S. Government, as specified in RFC 791.

Protocol dialogue between two systems for identifying and authenticating themselves to each other, or for synchronizing their operations with each other.

The TLS Handshake Protocol consists of three parts (i.e., subprotocols) that enable peer entities to agree upon security parameters for the record layer, authenticate themselves to each other, instantiate negotiated security parameters, and report error conditions to each other. [R4346]

Adversaries may leverage credentials that are hardcoded in software or firmware to gain an unauthorized interactive user session to an asset. Examples credentials that may be hardcoded in an asset include:

To protect a system by configuring it to operate in a way that eliminates or mitigates known vulnerabilities. Example: [RSCG]. (See: default account.)

The material physical components of an information system. (See: firmware, software.)

See: secondary definitions under "corruption", "exposure", and "incapacitation".

Synonym for "hash result" or "hash function".

A hash function maps input data to a fixed size output (digest) and is commonly used for integrity checks.

A process of applying a mathematical algorithm against a set of data to produce a numeric value (a 'hash value') that represents the data.

The output of a hash function. (See: hash code, hash value. Compare: hash value.)

A numeric value resulting from applying a mathematical algorithm against a set of data such as a file.

A natural or man made source or cause of harm or difficulty.

See: Deprecated Usage under "Handling Restrictions field".

Adversaries may attempt to hide artifacts associated with their behaviors to evade detection. Mobile operating systems have features and developer APIs to hide various artifacts, such as an application’s launcher icon. These APIs have legitimate usages, such as hiding an icon to avoid application drawer clutter when an application does not have a usable interface. Adversaries may abuse these features and APIs to hide artifacts from the user to evade detection.

A methodology, language, and integrated set of software tools developed at SRI International for specifying, coding, and verifying software to produce correct and reliable programs. [Cheh]

A PKI architecture based on a certification hierarchy. (Compare: mesh PKI, trust file PKI.)

The process of generating configuration data and issuing public key certificates to build and operate a certification hierarchy. (See: certificate management.)

Synonym for "certification hierarchy".

"An oxymoron," said Lt. Gen. William H. Campbell, former U.S. Army chief information officer, speaking at an Armed Forces Communications and Electronics Association conference.

A form of active wiretapping in which the attacker seizes control of a previously established communication association. (See: man in the middle attack, pagejacking, piggyback attack.)

Adversaries may execute their own malicious payloads by hijacking the way operating systems run applications. Hijacking execution flow can be for the purposes of persistence since this hijacked execution may reoccur over time.

a network set up with intentional vulnerabilities hosted on a decoy server to attract hackers

a computer security mechanism set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information

A system (e.g., a web server) or system resource (e.g., a file on a server) that is designed to be attractive to potential crackers and intruders, like honey is attractive to bears. (See: entrapment.)

a computer security mechanism set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information

is data that looks attractive to cyber criminals but is actually false or of no value

Adversaries may hook into application programming interface (API) functions used by processes to redirect calls for execution and privilege escalation means. Windows processes often leverage these API functions to perform tasks that require reusable system resources. Windows API functions are typically stored in dynamic link libraries (DLLs) as exported functions. (Citation: Enterprise ATT&CK)

A computer that is attached to a communication subnetwork or internetwork and can use services provided by the network to exchange data with other attached systems. (See: end system. Compare: server.)

When used in the first part of a URL (the part that precedes the colon and specifies an access scheme or protocol), this term specifies the use of HTTP enhanced by a security mechanism, which is usually SSL. (Compare: S HTTP.)

See: secondary definitions under "corruption", "exposure", and "incapacitation".

An application of cryptography that combines two or more encryption algorithms, particularly a combination of symmetric and asymmetric encryption. Examples: digital envelope, MSP, PEM, PGP. (Compare: superencryption.)

In hypertext or hypermedia, an information object (such as a word, a phrase, or an image, which usually is highlighted by color or underscoring) that points (i.e., indicates how to connect) to related information that is located elsewhere and can be retrieved by activating the link (e.g., by selecting the object with a mouse pointer and then clicking).

A generalization of hypertext; any media that contain hyperlinks that point to material in the same or another data object.

A computer document, or part of a document, that contains hyperlinks to other documents; i.e., text that contains active pointers to other text. Usually written in HTML and accessed using a web browser. (See: hypermedia.)

A platform independent system of syntax and semantics (RFC 1866) for adding characters to data files (particularly text files) to represent the data's structure and to point to related data, thus creating hypertext for use in the World Wide Web and other applications. (Compare: XML.)

A TCP based, Application Layer, client server, Internet protocol (RFC 2616) that is used to carry data requests and responses in the World Wide Web. (See: hypertext.)