Tech Glossary

A symmetric encryption algorithm widely used for securing sensitive data; AES-256 is military-grade.

A Windows interface that allows applications and services to integrate with anti-malware products, enabling security software to scan scripts and memory content before execution.

A set of rules and protocols that allows different software applications to communicate with each other, enabling data exchange and functionality sharing between systems.

A sophisticated, long-term cyberattack campaign, typically by nation-state actors, that gains unauthorized access and remains undetected to steal data or conduct espionage.

A network protocol that maps IP addresses to MAC (hardware) addresses, enabling devices to communicate on local networks.

A credential issued by an authorization server that grants an application temporary access to specific resources on behalf of a user.

An attack where adversaries gain unauthorized access to a user's online account, typically through credential theft, social engineering, or token abuse.

A vulnerability that attackers are currently using in real-world attacks, requiring immediate patching regardless of severity score.

A Microsoft Defender for Cloud Apps feature that provides visibility into OAuth apps, detects anomalous behavior, and enables policy-based controls over third-party application access.

A security vulnerability that allows an attacker to circumvent the login verification process and gain unauthorized access to a system without providing valid credentials.

The most secure OAuth 2.0 flow where the client receives an authorization code that is exchanged for tokens via a back-channel server request.

A Microsoft service that automatically configures email client settings by querying DNS records to locate the Exchange server.

Microsoft's command-line interface for managing Azure resources and services, commonly used by developers and IT administrators for automation and deployment tasks.

An API security vulnerability where applications fail to verify that users have permission to access specific data objects, allowing attackers to access unauthorized records by manipulating identifiers.

A social engineering attack that uses a false promise or enticing offer to lure victims into a trap, such as leaving infected USB drives or offering free downloads.

Maximum data transfer rate of a network connection, measured in Mbps or Gbps.

Using physical characteristics like fingerprints or facial recognition to verify identity.

A policy allowing employees to use their personal devices to access corporate resources and applications.

An attack method that tries every possible password combination until finding the correct one.

A vulnerability where a program writes data beyond the boundaries of allocated memory, potentially overwriting adjacent memory and allowing attackers to execute malicious code.

A sophisticated scam targeting businesses that conduct wire transfers, where attackers compromise or impersonate executive email accounts to authorize fraudulent payments.

The U.S. federal agency responsible for cybersecurity and infrastructure protection, which maintains the Known Exploited Vulnerabilities catalog.

The Known Exploited Vulnerabilities catalog maintained by CISA, listing vulnerabilities actively exploited in attacks that federal agencies must patch by specific deadlines.

A standardized identifier for publicly known security vulnerabilities, maintained by MITRE Corporation.

A numerical score (0-10) indicating vulnerability severity, where higher scores represent more critical security risks.

A hybrid social engineering attack where phishing emails instruct victims to call a phone number, leading to vishing attacks that bypass email security controls.

A social engineering technique that tricks users into running commands or completing actions on their computers, typically disguised as fixing an error or completing a verification step.

A security vulnerability that allows attackers to execute arbitrary operating system commands on the host system through a vulnerable application.

A Microsoft Entra ID feature that evaluates signals about users, devices, and locations to make real-time access decisions.

The unauthorized extraction and theft of system configuration files, which can expose sensitive information including network architecture, security policies, and credentials.

A social engineering attack where victims are tricked into granting malicious applications OAuth permissions, giving attackers persistent access to their accounts.

A Microsoft security feature that enables near real-time token revocation and policy enforcement, reducing the window of exposure when user risk changes or sessions are terminated.

A security measure that restricts access to your credit report, preventing creditors from viewing it and effectively blocking the opening of new credit accounts in your name.

A mathematical scheme that uses public key cryptography to verify the authenticity and integrity of digital data, ensuring the content has not been altered and was created by the claimed sender.

Protocol that automatically assigns IP addresses to devices on a network.

A network segment that sits between an internal network and the internet, hosting public-facing services while protecting the internal network from direct exposure.

The internet's phonebook—translates domain names (google.com) to IP addresses.

When your DNS queries bypass the VPN tunnel, potentially exposing your browsing activity.

The unauthorized transfer or theft of data from a computer or network, typically performed by attackers after gaining access to a system.

A security strategy using multiple layers of protection so that if one layer fails, other layers continue to provide security.

The process of converting stored or transmitted data back into an object. Insecure deserialization can allow attackers to execute code by manipulating serialized data.

An OAuth 2.0 flow designed for devices with limited input capabilities, where users authenticate on a separate device by entering a code displayed on the target device.

The state of a device meeting organizational security requirements such as encryption, up-to-date OS, and PIN configuration.

An Exchange ActiveSync technology that maintains a persistent HTTPS connection for real-time email delivery.

Routing traffic through two VPN servers for an extra layer of encryption.

The process of converting data into a coded format that can only be read with the correct decryption key.

Encryption where only the sender and recipient can read the message—not even the service provider.

A Microsoft synchronization protocol that enables mobile devices to access email, calendar, contacts, and tasks from an Exchange server over HTTPS.

Microsoft's cloud-based email and calendaring service, part of Microsoft 365, that hosts mailboxes in Microsoft's data centers.

A PowerShell security feature that determines the conditions under which PowerShell loads configuration files and runs scripts, ranging from Restricted (no scripts) to Bypass (no restrictions).

Code or technique that takes advantage of a vulnerability to cause unintended behavior, such as gaining unauthorized access.

Security system that monitors and controls network traffic based on predetermined rules.

Permanent software programmed into a device's hardware that controls its basic functions.

Fortinet's cloud-based management and services platform that provides centralized management, logging, reporting, and single sign-on capabilities for Fortinet security products.

Restricting access to content based on the user's geographic location.

A unique numerical identifier assigned to every device connected to the internet.

A security system that monitors network traffic for malicious activity and can automatically block or prevent detected threats in real-time.

Services that continuously watch for signs that your personal information is being misused, including monitoring credit reports, dark web activity, and public records.

A Microsoft Entra ID Premium feature that uses machine learning to detect risky sign-ins and user behaviors, automatically enforcing remediation like MFA challenges or password resets.

A system that creates, maintains, and manages identity information for users while providing authentication services to relying party applications through protocols like SAML or OAuth.

An attack technique where adversaries register malicious OAuth applications that request excessive permissions, then trick users into authorizing them.

Network-connected devices beyond traditional computers—smart speakers, cameras, thermostats, etc.

CISA's catalog of vulnerabilities that are actively being exploited in the wild, requiring federal agencies to patch within specific timeframes.

A VPN feature that blocks all internet traffic if the VPN connection drops, preventing data leaks.

The delay between sending a request and receiving a response, measured in milliseconds (ping).

Techniques attackers use to move through a network after initial compromise, seeking additional systems to control and data to steal.

Older authentication protocols (POP, IMAP, SMTP AUTH, older Office clients) that don't support modern security features like MFA, making them prime targets for credential attacks.

An attack technique where adversaries use legitimate, pre-installed system tools (like PowerShell, WMI, or certutil) rather than custom malware, making detection more difficult.

A unique hardware identifier assigned to every network interface.

Techniques that circumvent multi-factor authentication protections, including token theft, real-time phishing proxies, MFA fatigue attacks, and OAuth abuse.

A new universal smart home standard backed by Apple, Google, and Amazon for cross-platform compatibility.

A network where devices connect to multiple nodes, extending coverage and providing redundancy.

Data about data—like email timestamps, file sizes, or location tags on photos.

Microsoft's subscription-based cloud productivity suite including Office applications, Exchange Online, SharePoint, and Teams.

Microsoft's cloud-based identity and access management service (formerly Azure Active Directory), providing authentication, SSO, and security features for Microsoft 365 and other applications.

Microsoft's cloud-based enterprise mobility management solution that provides MDM and MAM capabilities.

A WSL networking mode that mirrors the Windows host network configuration into the Linux environment, improving VPN compatibility and enabling IPv6 support.

A subset of MDM that focuses on controlling corporate data within specific applications rather than managing the entire device.

Software that enables IT administrators to secure, monitor, and manage mobile devices accessing corporate resources.

Authentication requiring two or more verification factors—something you know, have, or are.

Allows multiple devices on a local network to share a single public IP address.

A VPN provider's commitment to not record or store user activity, connection times, or IP addresses.

An open standard authorization protocol that allows applications to access user resources without exposing passwords, using tokens instead of credentials.

A mechanism in OAuth that limits an application's access to a user's account, defining specific permissions like read email, send messages, or access files.

Over-The-Air update—firmware or software updates delivered wirelessly without physical connection.

Software with publicly available source code that anyone can inspect, modify, and distribute.

An open-source VPN protocol widely considered secure and reliable, though slower than WireGuard.

An emergency security patch released outside the normal update schedule to address critical vulnerabilities that can't wait for the next Patch Tuesday.

A security extension to OAuth 2.0 that prevents authorization code interception attacks by using a cryptographic code verifier and challenge.

An attack technique where an attacker uses a captured password hash to authenticate without needing to crack or know the actual password.

Software that securely stores and auto-fills passwords, generating strong unique passwords for each account.

A software update that fixes security vulnerabilities, bugs, or adds improvements to an existing program.

A social engineering attack using fake emails or websites to steal login credentials or personal info.

Directing incoming traffic on specific ports to a particular device on your network.

A social engineering technique where attackers create a fabricated scenario (pretext) to manipulate victims into providing information or taking actions they normally would not.

An attack technique where an adversary gains elevated access rights beyond what was initially granted.

A Microsoft Entra ID feature enabling just-in-time privileged access, requiring approval and time limits for admin role activation to reduce standing privilege risks.

Software owned by a company with restricted access to source code.

Network feature that prioritizes certain traffic types (like video calls) over others.

A social engineering technique where attackers offer something (like IT support) in exchange for information or access, exploiting the human tendency to reciprocate.

A critical vulnerability class that allows an attacker to run arbitrary code on a target system from a remote location, typically over a network or the internet, without requiring physical access.

A long-lived credential used to obtain new access tokens without requiring the user to re-authenticate, enabling persistent application access.

An MDM capability that allows administrators to erase data from a lost or stolen mobile device remotely.

A device that directs data packets between your local network and the internet.

An XML-based open standard for exchanging authentication and authorization data between an identity provider and a service provider, enabling single sign-on (SSO) across different systems.

An XML document issued by an identity provider containing statements about a user's identity, attributes, and authentication status, used to grant access to service providers in SSO systems.

Cryptographic protocols that secure data transmitted between your browser and websites (the lock icon in HTTPS).

An authentication method that allows users to log in once with a single set of credentials and gain access to multiple related but independent software systems without re-authenticating.

A set of basic identity security settings in Microsoft Entra ID that enable MFA, block legacy authentication, and protect privileged accounts—recommended for organizations without premium licenses.

A physical hardware device used for authentication, providing stronger protection than SMS or app-based 2FA.

In federated authentication, an application or service that relies on an identity provider to authenticate users rather than managing credentials directly, accepting SAML assertions or other tokens as proof of identity.

An attack where an adversary takes over a legitimate user session by stealing or predicting session tokens, gaining unauthorized access to systems or data.

SMS phishing—a social engineering attack using text messages to trick recipients into clicking malicious links or providing personal information.

The psychological manipulation of people into performing actions or divulging confidential information, exploiting human trust rather than technical vulnerabilities.

A targeted phishing attack directed at specific individuals or organizations, using personalized information to appear more legitimate and increase success rates.

A VPN feature allowing some traffic through the VPN while other traffic uses your regular connection.

A cyberattack that targets an organization by compromising a third-party vendor, supplier, or partner that has access to the target's systems or data.

A temporary code generated by authenticator apps that changes every 30 seconds.

A physical social engineering technique where an unauthorized person follows an authorized individual into a restricted area, exploiting social courtesy.

The potential security threats that arise from an organization's relationships with external vendors, suppliers, and partners who have access to systems or data.

A low-power mesh networking protocol designed for IoT devices, used alongside Matter.

Actual amount of data successfully transferred over a connection, often lower than bandwidth.

Security measures that bind OAuth tokens to specific devices or sessions, preventing stolen tokens from being replayed on attacker-controlled systems.

A security method requiring two different forms of verification to access an account.

Allows devices to automatically configure port forwarding—convenient but a security risk.

A centralized logging system in Microsoft 365 that records user and admin activities across Exchange, SharePoint, Teams, and other services for security monitoring and compliance.

A logical network segment that separates devices even when physically connected to the same network.

A service that encrypts your internet connection and masks your IP address by routing traffic through secure servers.

Voice phishing—a social engineering attack conducted via phone calls where attackers impersonate trusted entities to extract sensitive information or payments.

A weakness in software, hardware, or processes that can be exploited by attackers to gain unauthorized access or cause harm.

A Windows feature that enables running Linux distributions natively on Windows without traditional virtual machines or dual-boot setups.

A highly targeted phishing attack aimed at senior executives or high-value targets, often involving significant research and sophisticated impersonation.

A modern, lightweight VPN protocol known for high speeds and strong security.

A vulnerability that can be exploited to spread automatically from system to system without user interaction, similar to how biological worms spread.

An attack technique against XML-based protocols like SAML where attackers move a signed portion of a document while inserting malicious unsigned content, exploiting differences between signature verification and document processing.

A wireless protocol for smart home devices, known for reliability and less interference than WiFi.

A security model that requires strict verification for every user and device trying to access resources, regardless of whether they're inside or outside the network perimeter.

A security vulnerability that is exploited or publicly disclosed before the software vendor can release a patch, giving developers 'zero days' to fix it.

A security model where the service provider has no ability to access your decrypted data.

A low-power wireless protocol commonly used for smart home device communication.