Glossary

The defender's dictionary

Essential cybersecurity terms every SOC analyst should know, explained plainly.

18 terms

APT

Threats

Advanced Persistent Threat — a stealthy threat actor, often state-sponsored, that gains unauthorized access and remains undetected for an extended period.

Blue Team

Operations

The defensive security team responsible for protecting an organization, detecting attacks, and responding to incidents.

C2

Threats

Command and Control — infrastructure attackers use to communicate with and control compromised systems.

DFIR

Operations

Digital Forensics and Incident Response — the discipline of investigating and responding to security incidents using forensic evidence.

IDOR

Web Security

Insecure Direct Object Reference — an access-control flaw where user-supplied input directly references objects without authorization checks.

IDS

Tools

Intrusion Detection System — a device or software that monitors network or system activity for malicious behavior and policy violations.

IOC

Threat Intel

Indicator of Compromise — forensic artifacts such as file hashes, IP addresses, or domains that indicate a potential intrusion.

OSINT

Threat Intel

Open-Source Intelligence — intelligence gathered from publicly available sources such as websites, social media, and public records.

PCAP

Network

Packet Capture — a file format and technique for recording network traffic for later forensic analysis.

Privilege Escalation

Threats

The act of gaining higher-level permissions than originally granted, often to fully compromise a system.

SIEM

Tools

Security Information and Event Management — a platform that aggregates and correlates log data to surface security events and alerts.

SOC

Operations

Security Operations Center — a centralized team that monitors, detects, analyzes, and responds to cybersecurity incidents.

SQL Injection

Web Security

A vulnerability that lets attackers manipulate database queries by injecting malicious SQL through application inputs.

SSRF

Web Security

Server-Side Request Forgery — a web vulnerability where an attacker coerces a server into making requests to unintended destinations.

Threat Hunting

Operations

The proactive, hypothesis-driven search for threats that have evaded existing security controls.

TTP

Threat Intel

Tactics, Techniques, and Procedures — the behavior patterns used by threat actors, commonly mapped to the MITRE ATT&CK framework.

Volatility

Tools

An open-source memory forensics framework used to extract artifacts from RAM captures.

XSS

Web Security

Cross-Site Scripting — a web vulnerability that lets attackers inject malicious scripts into pages viewed by other users.