The defender's dictionary
Essential cybersecurity terms every SOC analyst should know, explained plainly.
18 terms
APT
ThreatsAdvanced Persistent Threat — a stealthy threat actor, often state-sponsored, that gains unauthorized access and remains undetected for an extended period.
Blue Team
OperationsThe defensive security team responsible for protecting an organization, detecting attacks, and responding to incidents.
C2
ThreatsCommand and Control — infrastructure attackers use to communicate with and control compromised systems.
DFIR
OperationsDigital Forensics and Incident Response — the discipline of investigating and responding to security incidents using forensic evidence.
IDOR
Web SecurityInsecure Direct Object Reference — an access-control flaw where user-supplied input directly references objects without authorization checks.
IDS
ToolsIntrusion Detection System — a device or software that monitors network or system activity for malicious behavior and policy violations.
IOC
Threat IntelIndicator of Compromise — forensic artifacts such as file hashes, IP addresses, or domains that indicate a potential intrusion.
OSINT
Threat IntelOpen-Source Intelligence — intelligence gathered from publicly available sources such as websites, social media, and public records.
PCAP
NetworkPacket Capture — a file format and technique for recording network traffic for later forensic analysis.
Privilege Escalation
ThreatsThe act of gaining higher-level permissions than originally granted, often to fully compromise a system.
SIEM
ToolsSecurity Information and Event Management — a platform that aggregates and correlates log data to surface security events and alerts.
SOC
OperationsSecurity Operations Center — a centralized team that monitors, detects, analyzes, and responds to cybersecurity incidents.
SQL Injection
Web SecurityA vulnerability that lets attackers manipulate database queries by injecting malicious SQL through application inputs.
SSRF
Web SecurityServer-Side Request Forgery — a web vulnerability where an attacker coerces a server into making requests to unintended destinations.
Threat Hunting
OperationsThe proactive, hypothesis-driven search for threats that have evaded existing security controls.
TTP
Threat IntelTactics, Techniques, and Procedures — the behavior patterns used by threat actors, commonly mapped to the MITRE ATT&CK framework.
Volatility
ToolsAn open-source memory forensics framework used to extract artifacts from RAM captures.
XSS
Web SecurityCross-Site Scripting — a web vulnerability that lets attackers inject malicious scripts into pages viewed by other users.