Tech Glossary

A symmetric encryption algorithm widely used for securing sensitive data; AES-256 is military-grade.

A Windows interface that allows applications and services to integrate with anti-malware products, enabling security software to scan scripts and memory content before execution.

A set of rules allowing different software applications to communicate with each other.

A sophisticated, long-term cyberattack campaign, typically by nation-state actors, that gains unauthorized access and remains undetected to steal data or conduct espionage.

A credential issued by an authorization server that grants an application temporary access to specific resources on behalf of a user.

An attack where adversaries gain unauthorized access to a user's online account, typically through credential theft, social engineering, or token abuse.

A vulnerability that attackers are currently using in real-world attacks, requiring immediate patching regardless of severity score.

A Microsoft Defender for Cloud Apps feature that provides visibility into OAuth apps, detects anomalous behavior, and enables policy-based controls over third-party application access.

A vulnerability that allows attackers to gain access to a system or application without providing valid credentials, circumventing login security controls.

The most secure OAuth 2.0 flow where the client receives an authorization code that is exchanged for tokens via a back-channel server request.

Microsoft's command-line interface for managing Azure resources and services, commonly used by developers and IT administrators for automation and deployment tasks.

A social engineering attack that uses a false promise or enticing offer to lure victims into a trap, such as leaving infected USB drives or offering free downloads.

Maximum data transfer rate of a network connection, measured in Mbps or Gbps.

Using physical characteristics like fingerprints or facial recognition to verify identity.

An attack method that tries every possible password combination until finding the correct one.

A vulnerability where a program writes data beyond the boundaries of allocated memory, potentially overwriting adjacent memory and allowing attackers to execute malicious code.

A sophisticated scam targeting businesses that conduct wire transfers, where attackers compromise or impersonate executive email accounts to authorize fraudulent payments.

The U.S. federal agency responsible for cybersecurity and infrastructure protection, which maintains the Known Exploited Vulnerabilities catalog.

The Known Exploited Vulnerabilities catalog maintained by CISA, listing vulnerabilities actively exploited in attacks that federal agencies must patch by specific deadlines.

A standardized identifier for publicly known security vulnerabilities, maintained by MITRE Corporation.

A numerical score (0-10) indicating vulnerability severity, where higher scores represent more critical security risks.

A hybrid social engineering attack where phishing emails instruct victims to call a phone number, leading to vishing attacks that bypass email security controls.

A social engineering technique that tricks users into running commands or completing actions on their computers, typically disguised as fixing an error or completing a verification step.

A security vulnerability that allows attackers to execute arbitrary operating system commands on the host system through a vulnerable application.

A Microsoft Entra ID feature that enforces access policies based on conditions like user location, device compliance, risk level, and application sensitivity.

A social engineering attack where victims are tricked into granting malicious applications OAuth permissions, giving attackers persistent access to their accounts.

A Microsoft security feature that enables near real-time token revocation and policy enforcement, reducing the window of exposure when user risk changes or sessions are terminated.

Protocol that automatically assigns IP addresses to devices on a network.

A network segment that sits between an internal network and the internet, hosting public-facing services while protecting the internal network from direct exposure.

The internet's phonebook—translates domain names (google.com) to IP addresses.

When your DNS queries bypass the VPN tunnel, potentially exposing your browsing activity.

A security strategy using multiple layers of protection so that if one layer fails, other layers continue to provide security.

The process of converting stored or transmitted data back into an object. Insecure deserialization can allow attackers to execute code by manipulating serialized data.

An OAuth 2.0 flow designed for devices with limited input capabilities, where users authenticate on a separate device by entering a code displayed on the target device.

Routing traffic through two VPN servers for an extra layer of encryption.

The process of converting data into a coded format that can only be read with the correct decryption key.

Encryption where only the sender and recipient can read the message—not even the service provider.

A PowerShell security feature that determines the conditions under which PowerShell loads configuration files and runs scripts, ranging from Restricted (no scripts) to Bypass (no restrictions).

Code or technique that takes advantage of a vulnerability to cause unintended behavior, such as gaining unauthorized access.

Security system that monitors and controls network traffic based on predetermined rules.

Permanent software programmed into a device's hardware that controls its basic functions.

Restricting access to content based on the user's geographic location.

A unique numerical identifier assigned to every device connected to the internet.

A security system that monitors network traffic for malicious activity and can automatically block or prevent detected threats in real-time.

A Microsoft Entra ID Premium feature that uses machine learning to detect risky sign-ins and user behaviors, automatically enforcing remediation like MFA challenges or password resets.

An attack technique where adversaries register malicious OAuth applications that request excessive permissions, then trick users into authorizing them.

Network-connected devices beyond traditional computers—smart speakers, cameras, thermostats, etc.

CISA's catalog of vulnerabilities that are actively being exploited in the wild, requiring federal agencies to patch within specific timeframes.

A VPN feature that blocks all internet traffic if the VPN connection drops, preventing data leaks.

The delay between sending a request and receiving a response, measured in milliseconds (ping).

Techniques attackers use to move through a network after initial compromise, seeking additional systems to control and data to steal.

Older authentication protocols (POP, IMAP, SMTP AUTH, older Office clients) that don't support modern security features like MFA, making them prime targets for credential attacks.

An attack technique where adversaries use legitimate, pre-installed system tools (like PowerShell, WMI, or certutil) rather than custom malware, making detection more difficult.

A unique hardware identifier assigned to every network interface.

Techniques that circumvent multi-factor authentication protections, including token theft, real-time phishing proxies, MFA fatigue attacks, and OAuth abuse.

A new universal smart home standard backed by Apple, Google, and Amazon for cross-platform compatibility.

A network where devices connect to multiple nodes, extending coverage and providing redundancy.

Data about data—like email timestamps, file sizes, or location tags on photos.

Microsoft's cloud-based identity and access management service (formerly Azure Active Directory), providing authentication, SSO, and security features for Microsoft 365 and other applications.

Authentication requiring two or more verification factors—something you know, have, or are.

Allows multiple devices on a local network to share a single public IP address.

A VPN provider's commitment to not record or store user activity, connection times, or IP addresses.

An open standard authorization protocol that allows applications to access user resources without exposing passwords, using tokens instead of credentials.

A mechanism in OAuth that limits an application's access to a user's account, defining specific permissions like read email, send messages, or access files.

Over-The-Air update—firmware or software updates delivered wirelessly without physical connection.

Software with publicly available source code that anyone can inspect, modify, and distribute.

An open-source VPN protocol widely considered secure and reliable, though slower than WireGuard.

An emergency security patch released outside the normal update schedule to address critical vulnerabilities that can't wait for the next Patch Tuesday.

A security extension to OAuth 2.0 that prevents authorization code interception attacks by using a cryptographic code verifier and challenge.

An attack technique where an attacker uses a captured password hash to authenticate without needing to crack or know the actual password.

Software that securely stores and auto-fills passwords, generating strong unique passwords for each account.

A software update that fixes security vulnerabilities, bugs, or adds improvements to an existing program.

A social engineering attack using fake emails or websites to steal login credentials or personal info.

Directing incoming traffic on specific ports to a particular device on your network.

A social engineering technique where attackers create a fabricated scenario (pretext) to manipulate victims into providing information or taking actions they normally would not.

An attack technique where an adversary gains elevated access rights beyond what was initially granted.

A Microsoft Entra ID feature enabling just-in-time privileged access, requiring approval and time limits for admin role activation to reduce standing privilege risks.

Software owned by a company with restricted access to source code.

Network feature that prioritizes certain traffic types (like video calls) over others.

A social engineering technique where attackers offer something (like IT support) in exchange for information or access, exploiting the human tendency to reciprocate.

A critical vulnerability class that allows an attacker to run arbitrary code on a target system from a remote location, typically over a network or the internet, without requiring physical access.

A long-lived credential used to obtain new access tokens without requiring the user to re-authenticate, enabling persistent application access.

A device that directs data packets between your local network and the internet.

An XML-based standard for exchanging authentication and authorization data between identity providers and service providers, commonly used for single sign-on (SSO).

Cryptographic protocols that secure data transmitted between your browser and websites (the lock icon in HTTPS).

An authentication method allowing users to access multiple applications with one set of login credentials, reducing password fatigue while requiring strong security controls.

A set of basic identity security settings in Microsoft Entra ID that enable MFA, block legacy authentication, and protect privileged accounts—recommended for organizations without premium licenses.

A physical hardware device used for authentication, providing stronger protection than SMS or app-based 2FA.

An attack where an adversary takes over a legitimate user session by stealing or predicting session tokens, gaining unauthorized access to systems or data.

SMS phishing—a social engineering attack using text messages to trick recipients into clicking malicious links or providing personal information.

The psychological manipulation of people into performing actions or divulging confidential information, exploiting human trust rather than technical vulnerabilities.

A targeted phishing attack directed at specific individuals or organizations, using personalized information to appear more legitimate and increase success rates.

A VPN feature allowing some traffic through the VPN while other traffic uses your regular connection.

A temporary code generated by authenticator apps that changes every 30 seconds.

A physical social engineering technique where an unauthorized person follows an authorized individual into a restricted area, exploiting social courtesy.

A low-power mesh networking protocol designed for IoT devices, used alongside Matter.

Actual amount of data successfully transferred over a connection, often lower than bandwidth.

Security measures that bind OAuth tokens to specific devices or sessions, preventing stolen tokens from being replayed on attacker-controlled systems.

A security method requiring two different forms of verification to access an account.

Allows devices to automatically configure port forwarding—convenient but a security risk.

A centralized logging system in Microsoft 365 that records user and admin activities across Exchange, SharePoint, Teams, and other services for security monitoring and compliance.

A logical network segment that separates devices even when physically connected to the same network.

A service that encrypts your internet connection and masks your IP address by routing traffic through secure servers.

Voice phishing—a social engineering attack conducted via phone calls where attackers impersonate trusted entities to extract sensitive information or payments.

A weakness in software, hardware, or processes that can be exploited by attackers to gain unauthorized access or cause harm.

A highly targeted phishing attack aimed at senior executives or high-value targets, often involving significant research and sophisticated impersonation.

A modern, lightweight VPN protocol known for high speeds and strong security.

A vulnerability that can be exploited to spread automatically from system to system without user interaction, similar to how biological worms spread.

A wireless protocol for smart home devices, known for reliability and less interference than WiFi.

A security model that requires strict verification for every user and device trying to access resources, regardless of whether they're inside or outside the network perimeter.

A security vulnerability that is exploited or publicly disclosed before the software vendor can release a patch, giving developers 'zero days' to fix it.

A software vulnerability unknown to the vendor, giving them "zero days" to fix it before exploitation.

A security model where the service provider has no ability to access your decrypted data.

A low-power wireless protocol commonly used for smart home device communication.