Passive Response

Passive Response: A method of dealing with potential threats by logging them and possibly issuing alerts but not taking direct action to interrupt or mitigate the threat. These responses are often employed when the cost or potential disruption of active response exceeds the perceived risk of the threat. The goal is to gather information about […]

Penetration testing – Reporting

Penetration testing – Reporting: The final phase of penetration testing. After the discovery and exploitation phases, all findings, including vulnerabilities, data breaches, and successful exploits, are compiled into a comprehensive report. This report provides an overview of the test’s findings and offers suggestions for improving the system’s security. It’s a crucial document for understanding the […]

Pass-the-hash

Pass-the-hash: A type of exploit where an attacker uses a hashed form of a user’s password instead of the actual password to authenticate against a network service. This kind of attack bypasses the need to decrypt or crack the password and takes advantage of the fact that many systems authenticate users by comparing the hash […]

Password Authentication Protocol (PAP)

Password Authentication Protocol (PAP): Password Authentication Protocol (PAP) is an authentication protocol that sends usernames and passwords as plaintext and is therefore considered insecure by modern standards. PAP is susceptible to eavesdropping and interception, as the credentials are not encrypted. It’s typically used in legacy or less secure environments where more secure authentication methods are […]

Password complexity

Password complexity: The level of difficulty in guessing or cracking a password based on its length, character types, and other factors. Used in password policies to increase security. Examples -requiring a minimum length of 8 characters, using a combination of letters, numbers, and special characters, and enforcing regular password changes.

Overt Channel

Overt Channel: An overt channel is a standard, open, and legitimate path for communication within a computer system or network. It is utilized to transfer data as intended by its design and is often monitored for security purposes. This term should not be confused with a covert channel, which is a pathway that is used […]