📘 Glossary of Penetration Testing Terms

A reference guide to common terms, techniques, and concepts used in ethical hacking and penetration testing.

A

  • Access Control
    Mechanism that restricts access to systems or data based on policies, roles, or rules.

  • Active Directory (AD)
    Microsoft's directory service for Windows domain networks. Common target in internal network tests.

  • Adversary Simulation
    Testing method that mimics real-world attackers to assess detection and response capabilities.

  • Attack Vector
    The path or method used by an attacker to exploit a vulnerability.

B

  • Black Box Testing
    Testing without prior knowledge of the internal workings or architecture of the target.

  • Blue Team
    Defensive cybersecurity team responsible for monitoring and defending infrastructure.

  • Brute Force Attack
    A method to crack passwords or keys by systematically trying all possible combinations.

C

  • Command Injection
    A vulnerability where an attacker can execute arbitrary commands on a host operating system.

  • Credential Dumping
    Technique used to extract account credentials (e.g., hashes) from systems like Windows.

  • Cross-Site Scripting (XSS)
    Injection of malicious scripts into otherwise trusted websites viewed by other users.

  • CVSS (Common Vulnerability Scoring System)
    Industry standard for rating the severity of security vulnerabilities.

D

  • Defense in Depth
    Security strategy involving multiple layers of protection across systems.

  • Directory Traversal
    Vulnerability allowing access to files and directories outside the web root folder.

  • DNS Spoofing
    Attack that redirects queries to malicious IPs by falsifying DNS data.

E

  • Enumeration
    The process of gathering information about usernames, shares, services, etc., from a system or network.

  • Exploit
    A piece of software, data, or commands that takes advantage of a vulnerability to cause unintended behavior.

F

  • Firewall
    A network security device that monitors and filters incoming/outgoing traffic based on rules.

  • Footprinting
    Passive information gathering about a target prior to active scanning or exploitation.

G

  • Gray Box Testing
    Testing where the tester has partial knowledge of the target (e.g., credentials or architecture).

H

  • Hash Cracking
    Attempting to reverse cryptographic hashes to obtain the original input (usually passwords).

  • Honeypot
    A decoy system designed to lure attackers and detect or study their methods.

I

  • IDS/IPS (Intrusion Detection/Prevention Systems)
    Tools that detect or prevent suspicious activity or policy violations.

  • Information Disclosure
    Exposure of sensitive information (e.g., debug logs, error messages) that may aid attackers.

J

  • JWT (JSON Web Token)
    A common token format used for session authentication, often tested for manipulation or forgery.

L

  • Lateral Movement
    Technique used by attackers to move deeper into a network after initial compromise.

  • Local File Inclusion (LFI)
    A vulnerability that allows attackers to include files from the server's filesystem.

M

  • Man-in-the-Middle (MITM)
    Attack where the attacker secretly intercepts or alters communications between two parties.

  • Metasploit
    A widely-used exploitation framework for developing and executing exploits.

N

  • Nmap
    Popular network scanner used to discover hosts, services, and vulnerabilities.

O

  • OSINT (Open Source Intelligence)
    Gathering publicly available information for reconnaissance (e.g., via social media, public data).

P

  • Payload
    The part of an exploit that performs a specific action, such as opening a shell or reverse connection.

  • Phishing
    Social engineering attack that tricks users into revealing sensitive info or executing malicious actions.

  • Pivoting
    Using a compromised system to gain access to additional systems or networks.

R

  • Red Team
    Offensive security team simulating real-world attackers to test defenses.

  • Reverse Shell
    A shell session initiated from the target back to the attacker's system.

  • RCE (Remote Code Execution)
    A critical vulnerability allowing an attacker to execute arbitrary code remotely.

S

  • Session Hijacking
    Exploiting a valid session token to impersonate a legitimate user.

  • SQL Injection (SQLi)
    Injection attack targeting database queries via unsanitized input.

T

  • TTPs (Tactics, Techniques, and Procedures)
    A model describing the behavior and methods of threat actors.

  • Trojan
    Malicious software disguised as legitimate to trick users into executing it.

U

  • User Enumeration
    Identifying valid usernames through error messages, timing differences, or other side channels.

V

  • Vulnerability
    A weakness in a system that can be exploited to compromise confidentiality, integrity, or availability.

  • Vulnerability Assessment
    The process of identifying, quantifying, and prioritizing vulnerabilities in systems.

W

  • WAF (Web Application Firewall)
    A security solution that filters, monitors, and blocks HTTP traffic to and from a web application.

  • Whitelisting
    A security approach that allows only explicitly approved applications or traffic.

X

  • XML External Entity (XXE)
    An attack against XML parsers where external entities are exploited to access internal files or services.

Z

  • Zero-Day
    A vulnerability unknown to the vendor and public, with no official fix available.

This glossary is maintained as part of the Haxoris Wiki, serving as a learning reference for cybersecurity professionals and ethical hackers.