Last time, we saw very common hacking terms. This time, let’s explain more specific expressions.
Never trust user inputs
Developers must not take things for granted and process submitted forms and other interactions blindly.
Otherwise, the system will be prone to various injections (e.g., SQL, XSS), leading to stolen credentials and other very bad outcomes.
Hackers always look for unintended uses.
Whether it’s for a CTF (Catpure The Flag event) or a proper pen-testing session, attackers will look for the “low-hanging fruit” first.
It’s not a matter of preferences but a pragmatic approach that prioritizes easy exploits, a.k.a. the most “obvious” vulnerabilities.
The term “obvious” might be confusing here, though, as most unpatched vulnerabilities that are publicly disclosed could be considered as low-hanging fruits.
The good news is that such security issues can be easy and quick to fix.
However, it often puts the victims in a critical situation, as organizations rarely have the budget, the tools and the procedures to react properly.
The Rabbit hole
Rabbits holes are wrong tracks and dead-ends.
You might get similar bad experience in CTFs when the creators provide cryptic and useless hints to mislead eager players ^^.
It can be hard to stop the search and switch to another approach, but if you don’t, you might end up in the deep tunnels that lead to the Hall of doors (reference: Alice in Wonderland).
One shot, one kill
Many terms come from the military (like “blue” and “red” teams). The expression “one shot, one kill” has pretty much the same meaning in cybersecurity.
It means attackers will succeed the first time, like elite snipers eliminate their target in a single shot.
Such situation is pretty rare, though, as you often need several attempts before you can actually break into a targeted system.
Fuzzing consists of using scripts and software to generate seemingly random inputs that will put the targeted system to the test.
It automates the process of discovering vulnerabilities, as users (developers & attackers, not the end-users) can pass large sets of unexpected inputs (e.g., using wordlists) instead of trying every possible attacks manually.
The technique can be used by both attackers and developers for testing purposes.
The technique is quite popular among pen-testers and cybercriminals, but, unlike classic Brute Force or dictionary attacks, it remains quite unknown from the vast majority of people.
an attacker will brute force logins based on list of usernames with default passwords on the application. For example, an attacker will use one password (say, Secure@123) against many different accounts on the application to avoid account lockouts that would normally occur when brute forcing a single account with many passwords
Hash vs. Salt vs. Encryption
The purpose of hashing is to generate a short sequence of characters with a fixed size that will represent the data.
Such process is often used to check data integrity. Hashing is not inherently secure, though.
Hashing algorithms are subject to bad collisions, which happens when two different inputs generate the same output (e.g., flaws in the MD5 algorithm).
Fortunately, salts can improve the situation and defeat rainbow tables used by cybercriminals to crack known hashing algorithms.
Salting a hash adds an extra layer that makes it impossible to match with the entries of a rainbow table. For example, you can salt hashed passwords stored in a database to improve their security.
Encryption is a very different operation, mostly used to secure data in transit. Unlike hashes, the sequences are encrypted with a unique key, and only this key can restore the encrypted data in its original form (e.g., RSA, AES).
Solid encryption is called a “two-way” operation and should resist to any reverse-engineering analysis.
That’s it, for now.
I hope you enjoy this short list of advanced terms used by hackers and security specialists.