- ACL - Access Control List
- AD - Active Directory
- AES - Advanced Encryption Standard
- AFP - Apple Filing Protocol
- ARIN - American Registry of Internet Numbers
- ASCII - American Standard Code for Information Interchange
- BGP - Border Gateway Protocol
- Black Box Testing - An engagement conducted with very little provided information; typically only the name of the target.
- Blue Team - Defensive security personnel. SOC workers, analysts, ...
- CD - Compact Disk
- CDN - Content Delivery Network
- CIFS - Common Internet File System
- CLI - Command Line Interface
- Clear Box Testing - See White Box Testing.
- Crystal Box Testing - See White Box Testing.
- DBIR - Data Breach Investigation Report
- DMA - Direct Memory Access
- DNS - Domain Name System
- Double Blind Testing - An engagement in which the attack is kept secret from most employees. TYpically used for assessing an organization's security posture including monitoring systems, IDS/IPS functionality, and incident response procedures.
- EL - Engagement Letter
- FC - Fiber Channel
- FDE - Full Disk Encryption
- FTP - File Transfer Protocol
- GHDB - Google Hacking Database
- GPU - Graphics Processing Unit
- Grey Box Testing - An engagement conducted with basic information initially provided by the client. Examples of information: operating system, hardware vendors/models, IP address ranges, ...
- GUI - Graphical User Interface
- HAL - Hardware Abstraction Layer
- HTTP - Hypertext Transfer Protocol
- IEEE - Institute of Electrical and Electronics Engineers
- ICS - Industrial Control System
- IDE (hardware) - Integrated Device Electronics
- IDE (software) - Interactive Development Environment
- IDS - Intrusion Detection System (Snort, Suricata, ...)
- IP - Internet Protocol
- IPS - Intrusion Prevention|Protection System (Suricata, OSSEC, ...)
- IRQ - Interrupt Request
- ISMI - International Mobile Subscriber Identity
- JSON - JavaScript Object Notation
- LAN - Local Area Network
- LLMNR - Local Link Multicast Name Request
- MBR - Master Boot Record (first sector of a disk)
- NAS - Network Attached Storage
- NB-NS - NetBIOS Name Service
- NetBIOS - Network Basic Input Output System
- NFS - Network File System
- NIST - National Institute of Standards and Technology
- NOP - No Operation
- NTLM - New Technology LAN Manager
- OO - Object-Oriented
- OOP - Object-Oriented Programming
- OS - Operating System
- OSINT - Open Source Intelligence
- OSSTMM - Open Source Security Testing Methodology Manual
- OWASP - Open Web Application Security Project
- PCI - Peripheral Component Interconnect
- PCI (compliance) - Payment Card Industry (MasterCard data security standard)
- PGP - Pretty Good Privacy
- PoC - Proof of Concept
- POST - Power-On Self Test
- PRNG - Pseudorandom Number Generator
- PSTN - Public Switched Telephone Network
- PtH - Pass the Hash
- PXE - Preboot Execution Environment
- QoS - Quality of Service
- Red Team - Offensive security personnel. Penetration testers.
- RFP - Request for Proposal
- ROP - Return-Oriented Programming
- SAN - Storage Area Network
- SCADA - Supervisory Control and Data Acquisition
- SDLC - System Development Life Cycle
- SID - Security Identifier
- SIEM - Security Information and Event Management.
- SIGINT - Signals Intelligence
- SMB - Server Message Block
- SOC - Security Operations Center
- SOW - Statement of Work. Typically applies to the scope of a penetration test engagement.
- SSH - Secure Shell
- SSL - Secure Sockets Layer
- TCP - Transmission Control Protocol
- TLS - Transport Layer Security
- UDP - User Datagram Protocol
- UEFI - Unified Extensible Firmware Interface
- USB - Universal Serial Bus
- VA - Vulnerability Assessment
- VM - Virtual Machine
- VMS - Vulnerability Management Solution (Nessus, OpenVAS, Qualys, ...)
- VOIP - Voice Over Internet Protocol
- White Box Testing - An engagement conducted from the point of view of an insider or well-informed attacker.
- WPAD - Web Proxy Auto Discovery
- XSS - Cross-site Scripting
- YAML - Yet Another Markup Language