Hacker slang explained

Let’s define some common terms used by hackers and online communities.


It can’t be exhaustive.

Some terms for the People

Black vs. white vs. gray vs. green vs. red hats

Terminology inspired by Western movies to distinguish cybercriminals (black hats) from ethical hackers (white hats) and security experts that sometimes abide by the law and sometimes break it (gray hats).

“Green hats” often refers to wannabe hackers. It’s usually pejorative (e.g., “noobs”), regardless of the definition…

“Red hat” is a less frequent term that is used to describe “hacking justice warriors” who want to take down cybercriminals by all means. They often take illegal routes to achieve their goals.

Script kiddies

Pejorative term used by hackers to describe people who call themselves hackers but rely on other’s tools to perform their attacks.

In other words, hackers write scripts, and script kiddies use them.


Politically-driven hackers that use their knowledge to break into government or corporate systems to denounce gross injustices or financial frauds, for example.

ANONymous was probably the most popular hacktivist group in the world.

Blue teams vs. red teams

These terms come from the military. The red team is attacking while the blue team is on defense.

This strategy allows organizations to test their defenses and capabilities. It’s very effective, as it can spot specific weaknesses and mitigate global risks as well.

L33tspeak - 1337

Very popular style of typing in hacking communities and Internet subcultures. English letters get replaced by similar-looking numbers or symbols:

Th1s 1s b4s1c l33t

The idea is not to hide anything, as even people that are unfamiliar with this style can still understand what is written.

“1337” means “leet.”

Some terms for the attacks

Pwn, pwn3d, own, owned

“Pwn” can be described as taking control of a targeted system or computer. In other words, it means hacking someone or something successfully (e.g., getting administrator or root privileges).

’;–have i been pwned? is a famous website that allows you to check if your email or phone is in a data breach.

According to Internet, the term “pwn” could come from the gaming world (Warcraft). Someone made a typo some day and wrote “pwn” instead of “own,” because “o” and “p” keys are adjacent on qwerty keyboards.

Some sources refer to digital computing in the ’60s. Computer students used to call themselves “kings” and other “pawns” when their code outperformed everyone.

There are many legends about the origins of the term, but it has been used and popularized by the early hacking communities.

Exploit vs. payloads vs. vulnerability

Exploit is the actual exploitation of one or several vulnerabilities.

More concretely, it’s the program that delivers the payloads to the targeted system. The payload is the piece of code that will execute.


Penetration testing or pentesting consists of emulating real attacks to spot and fix vulnerabilities.

Rooting a machine

The “root” user is the most privileged user. Getting root access is like the ultimate hack, even if many attacks don’t even need to reach that level to perform malicious actions.

Once the machine is rooted, it’s game over. The attackers can do whatever they want while remaining undetected.


Open source intelligence (OSINT) is the practice of collecting information from publicly available sources.

Operations security (OPSEC) aims to reduce or eliminate adversary exploitation by identifying information that can be exploited by a potential attacker.

Social engineering

Social engineering is human manipulation. No need for computer vulnerabilities, as it targets the human factor.

It’s extremely powerful and massively used by cybercriminals to gain initial access and deploy malware. It can also bypass advanced security measures.

Using social networks or basic OSINT, attackers can grab critical information that will make them very credible.

“Phishing” is a set of specific social engineering techniques.


Phishers often disguise as trustworthy entities to trick their victims into revealing confidential information like credentials or deploying malware.

Most phishing attacks use malicious emails, but it can be achieved with SMS and phone calls too.

A very common phishing technique consists of sending spams to millions of users. While the success rate is usually low, 0.005% of 1 million equals to 50, for example, and 50 victims is a lot of money.

Although, attackers may choose a different approach known as “Spear Phishing.” In this case, they strike significantly less people but the attack is way more targeted and personalized.


Fraudulent business that aims to steal money, cryptocurrency, or other goods. Scammers are cyberthieves who mostly use Internet services to take advantage of their victims in various ways.

Common usages can be:

  • romance scam (fake online relationship)
  • phishing scam (fraudulent emails)

There are many other types, but the idea is often to trick the victims into sending money.


Disguising something to make it legit or pretending to be someone or something to gain the victim’s trust.

Common usages are:

  • IP spoofing
  • Email spoofing
  • website spoofing
  • SMS spoofing
  • DNS spoofing

Zero Day

Undocumented and unpatched vulnerability that is usually unknown to the software maintainers themselves.

Such flaw is highly valuable and extremely dangerous for the victims, as there is no mitigation. It can be very effective against “secured” systems, allowing cybercriminals to bypass robust security layers.

The term “zero day” refers to the number of days the software vendor has known about the flaw.

Zero-click attacks

Zero-click attacks can compromise a targeted device despite a victim’s good security hygiene and practices.

No need for social engineering, as the program can inject malware directly without any forced consent.

Some terms for the programs


Piece of software or program designed to infect the targeted system. Viruses, spywares, keyloggers, or ransomware can be considered as specific types of malware.


Malicious and standalone program that can spread from one machine to another easily, for example, using the transport layer of a legitimate program.

A worm aims to self-replicate indefinitely. Unlike viruses, it does not require human or host intervention to spread.


Ransomware is a specific type of malware that encrypts the victim’s data to ask money (a ransom) in exchange of the decryption key.

Ransomware attacks are skyrocketing these days. It happens to big corporations but small businesses too.


Network of bots controlled by a cybercriminal. “Bots” are"robots" that run automated scripts using Internet services.

A bot is not necessarily evil. Many legitimate businesses use it to perform various tasks like crawling entire websites (e.g., search engines), but it’s also used by malicious actors.


CAPTCHA stands for “Completely Automated Public Turing test to tell Computers and Humans Apart.” This challenge–response test is used to determine whether the user is human.

CAPTCHA are mostly used to fight against bots.

Wrap up

Hopefully, you have now a better understanding of common terms and expressions used in hacking.

See Also