Get started

Bring yourself up to speed with our introductory content.

Hacker Tools and Techniques Underground Sites and Hacking Groups

  • keylogger (keystroke logger or system monitor)

    A keylogger, sometimes called a keystroke logger or system monitor, is a type of surveillance technology used to monitor and record each keystroke typed on a specific computer's keyboard. Continue Reading

  • cybercrime

    Cybercrime is any criminal activity that involves a computer, networked device or a network. Continue Reading

  • Do you have the right set of penetration tester skills?

    Pen testing is more than just the fun of breaking into systems. Learn about the critical penetration tester skills potential candidates must master to become proficient in their career path. Continue Reading

  • 6 different types of hackers, from black hat to red hat

    Black, white and grey hats are familiar to security pros, but as the spectrum evolves to include green, blue and red, things get muddled. Brush up on types of hackers, new and old. Continue Reading

  • cyberwarfare

    Cyberwarfare is computer- or network-based conflict involving politically motivated attacks by a nation-state on another nation-state. Continue Reading

  • cyberterrorism

    According to the U.S. Federal Bureau of Investigation, cyberterrorism is any 'premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against non-combatant targets by ...Continue Reading

  • van Eck phreaking

    Van Eck phreaking is a form of electronic eavesdropping that reverse engineers the electromagnetic fields (EM fields) produced by a computing device.Continue Reading

  • brute force attack

    Brute force (also known as brute force cracking) is a trial and error method used by application programs to decode encrypted data such as passwords or Data Encryption Standard (DES) keys, through exhaustive effort (using brute force) rather than ...Continue Reading

  • hacktivism

    Hacktivism is the act of hacking, or breaking into a computer system, for a politically or socially motivated purpose.Continue Reading

  • social engineering

    Social engineering is an attack vector that relies heavily on human interaction and often involves manipulating people into breaking normal security procedures and best practices in order to gain access to systems, networks or physical locations, or...Continue Reading

  • cyberextortion

    Cyberextortion is a crime involving an attack or threat of an attack coupled with a demand for money or some other response in return for stopping or remediating the attack.Continue Reading

  • Network intrusion detection systems ID threats

    Learn how to stop threats before they turn into real danger. Expert Adam Gordon provides a deep dive into tools and technologies that should be in every infosec pro's back pocket.Continue Reading

  • Containing ransomware outbreaks now a top infosec priority

    Prepping for and dealing with an outbreak of ransomware is the IT version of the flu shot. Learn how company systems and data from these potentially deadline infections.Continue Reading

  • hacker

    A hacker is an individual who uses computer, networking or other skills to overcome a technical problem.Continue Reading

  • Cryptography attacks: The ABCs of ciphertext exploits

    Encryption is used to protect data from peeping eyes, making cryptographic systems an attractive target for attackers. Here are 18 types of cryptography attacks to watch out for.Continue Reading

  • black hat

    Black hat refers to a hacker who breaks into a computer system or network with malicious intent. A black hat hacker may exploit security vulnerabilities for monetary gain; to steal or destroy private data; or to alter, disrupt or shut down websites ...Continue Reading

  • Get smart about threat intel tools and services

    Threat intelligence tools are a phenomenal addition to your security posture; they just can't be your security posture. Learn where they fit into your securityContinue Reading

  • Risk & Repeat: US accuses Russia of state-sponsored cyberattacks

    In this Risk & Repeat podcast, SearchSecurity editors discuss cyber attribution following the U.S. government's claim that Russia is behind recent state-sponsored cyberattacks.Continue Reading

  • Risk & Repeat: Equation Group hack raises questions for NSA

    In this Risk & Repeat podcast, SearchSecurity editors discuss the mystery behind the recent Equation Group hack and the motives and identity of the Shadow Brokers.Continue Reading

  • timing attack

    A timing attack looks at how long it takes a system to do something and allows the attacker, through statistical analysis, to learn enough about the system to find the decryption key needed to gain access to it.Continue Reading

  • watering hole attack

    A watering hole attack targets a specific group of users by infecting websites group members like to visit. The name watering hole attack is inspired by predators in the natural world who lurk near watering holes, looking for opportunities to attack...Continue Reading

  • card-not-present fraud (card-not-present transaction)

    Card-not-present (CNP) fraud is the unauthorized use of a payment card to conduct a card-not-present transaction when the cardholder cannot or does not physically present the card at the time of the transaction.Continue Reading

  • evil twin

    An evil twin, in security, is a rogue wireless access point that masquerades as a legitimate hot spot.Continue Reading

  • pass the hash attack

    A pass the hash attack is an NT LAN Manager (NTLM)-based technique in which an attacker steals a hashed user credential and, without cracking it, reuses it to trick a Windows-based authentication system into creating a new authenticated session on ...Continue Reading

  • Rescator

    Rescator is the name of an underground online forum which allegedly sold credit card data stolen from customers who shopped at the United States discount retail chain, Target. Continue Reading

  • domain fluxing

    Domain fluxing is a technique used by botnet operators for their command-and-control infrastructures to avoid detection by security technologies and researchers attempting to shut their botnets down.Continue Reading

  • cold boot attack

    A cold boot attack is a process for obtaining unauthorized access to encryption keys stored in the dynamic random access memory (DRAM) chips of a computer system.Continue Reading

  • attack vector

    An attack vector is a path or means by which a hacker (or cracker) can gain access to a computer or network server in order to deliver a payload or malicious outcome.Continue Reading

  • differential power analysis (DPA)

    A differential power analysis (DPA) attack is an exploit based on analysing the correlation between the electricity usage of a chip in a smart card and the encryption key it contains.Continue Reading

  • voluntary botnet

    A voluntary botnet is a distributed network of computers whose processing power is harnessed to carry out a political or socially-motivated denial of service (DoS) attack.Continue Reading

  • TDL-4 (TDSS or Alureon)

    TDL-4 is sophisticated malware that facilitates the creation and maintenance of a botnet.  The program is the fourth generation of the TDL malware, which was itself based on an earlier malicious program known as TDSS or Alureon.Continue Reading

  • privilege escalation attack

    A privilege escalation attack is a type of network intrusion that takes advantage of programming errors or design flaws to grant the attacker elevated access to the network and its associated data and applications.Continue Reading

  • domain rotation

    Domain rotation is a technique use by malware distributors to drive traffic from multiple domains to a single IP address that is controlled by the distributor. The goal of domain rotation is to make it harder for a network administrator to blacklist...Continue Reading

  • Pwn2Own

    Pwn2Own is an annual hacking competition sponsored by security vendor TippingPoint and held at the CanSecWest security conference.Continue Reading

  • alternate data stream (ADS)

    An alternate data stream (ADS) is a feature of Windows New Technology File System (NTFS) that contains metadata for locating a specific file by author or title.Continue Reading

  • Tempest

    Tempest was the name of a classified (secret) U.S. government project to study (probably for the purpose of both exploiting and guarding against) the susceptibility of some computer and telecommunications devices to emit electromagnetic radiation (...Continue Reading

  • micro-botnet (mini-botnet or baby botnet)

    A micro-botnet, also called a mini-botnet or baby botnet, is a small network of Internet-connected computers that have been hijacked to attack specific companies or individuals within a company.Continue Reading

  • Hacker attack techniques and tactics: Understanding hacking strategies

    This guide provides you with a plethora of tips, expert advice and Web resources that offer more in-depth information about hacker techniques and various tactics you can employ to protect your network.Continue Reading

  • DNS rebinding attack

    DNS rebinding is an exploit in which the attacker uses JavaScript in a malicious Web page to gain control of the victim's router. The attack works on widely-used routers such as D-Link and Linksys and could, in fact, target any device that uses a...Continue Reading

  • smurfing

    A smurf attack is an exploitation of the Internet Protocol (IP) broadcast addressing to create a denial of service.Continue Reading

  • phreak

    A phreak is someone who breaks into the telephone network illegally, typically to make free long-distance phone calls or to tap phone lines.Continue Reading

  • packet monkey

    On the Internet, a packet monkey is someone (see cracker, hacker, and script kiddy) who intentionally inundates a Web site or network with data packets, resulting in a denial-of-service situation for users of the attacked site or network.Continue Reading

  • gray hat (or grey hat)

    Gray hat describes a cracker (or, if you prefer, hacker) who exploits a security weakness in a computer system or product in order to bring the weakness to the attention of the owners.Continue Reading

  • Echelon

    Echelon is an officially unacknowledged U.S.-led global spy network that operates an automated system for the interception and relay of electronic communications.Continue Reading

  • cyberstalking

    Cyberstalking is a crime in which the attacker harasses a victim using electronic communication, such as e-mail or instant messaging (IM), or messages posted to a Web site or a discussion group.Continue Reading

  • footprinting

    In the study of DNA, footprinting is the method used to identify the nucleic acid sequence that binds with proteins.Continue Reading

  • cracker

    A cracker is someone who breaks into someone else's computer system, often on a network; bypasses passwords or licenses in computer programs; or in other ways intentionally breaches computer security.Continue Reading

  • directory traversal

    Directory traversal is a form of HTTP exploit in which a hacker uses the software on a Web server to access data in a directory other than the server's root directory... (Continued)Continue Reading

  • click fraud (pay-per-click fraud)

    Click fraud (sometimes called pay-per-click fraud) is the practice of artificially inflating traffic statistics for online advertisements.Continue Reading

  • drive-by pharming

    Drive-by pharming is a vulnerability exploitation method in which the attacker takes advantage of an inadequately unprotected broadband router to gain access to user data... (Continued)Continue Reading

  • SearchSecurity.com's Guide to Thwarting Hacker Techniques

    This guide provides you with a plethora of tips, expert advice and Web resources that offer more in-depth information about hacker techniques and various tactics you can employ to protect your network.Continue Reading

  • dictionary attack

    A dictionary attack is a method of breaking into a password-protected computer or server by systematically entering every word in a dictionary as a password. A dictionary attack can also be used in an attempt to find the key necessary to decrypt an ...Continue Reading

  • directory harvest attack (DHA)

    A directory harvest attack (DHA) is an attempt to determine the valid e-mail addresses associated with an e-mail server so that they can be added to a spam database.Continue Reading

  • dumpster diving

    Dumpster diving is looking for treasure in someone else's trash.Continue Reading

  • cocooning

    Cocooning is the act of insulating or hiding oneself from the normal social environment, which may be perceived as distracting, unfriendly, dangerous, or otherwise unwelcome, at least for the present.Continue Reading

  • bypass

    Bypass, in general, means either to go around something by an external route rather than going through it, or the means of accomplishing that feat.Continue Reading

  • globbing

    Globbing is the process of expanding a non-specific file name containing a wildcard character into a set of specific file names that exist in storage on a computer, server, or network. A wildcard is a symbol that can stand for one or more characters...Continue Reading

  • Frank Abagnale preaches the dangers of hacking

    A penitent Frank Abagnale Jr. shuns white-collar crime and fraud, and helps others understand how to guard against the dangers of hacking.Continue Reading

  • Opinion: It's time to teach the consequences of hacking

    Hacking is becoming a national concern at the hands of high school students. Learn why it's time to teach kids about the dangers -- and consequences -- of hacking.Continue Reading

  • Automate security with GUI shell and command line scripts

    JP Vossen explains how Windows command line scripts and the GUI shell can be used to improve security.Continue Reading

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close