Blue Team Reference
The SOC Analyst
Glossary
500+ cybersecurity terms explained for practitioners — DFIR, SOC, Threat Hunting, Malware Analysis, and beyond.
A–Z
451-466 of 466 terms
V6 terms
Virtual Private Network (VPN)
Cybersecurity EducationSOC Analyst trainingSOC Analyst Career
Definition A Virtual Private Network (VPN) is a security technology that creates a secure, encrypted connection between a user’s device and a private network over the public internet. It ensures that data transmitted between endpoints remains confidential, protected from interception, and accessible only to authorized users. VPNs are widely used in both enterprise and personal contexts to protect sensitive data, enable secure remote access, and maintain privacy in increasingly distributed and cloud-based environments.
Vishing
Detection EngineeringThreat Intel
In 2024, a finance employee at the engineering firm Arup joined a routine video call with people who looked and sounded like the CFO and several colleagues. Every face on the call was a deepfake. The employee approved 15 transfers worth 25.6 million dollars before the fraud surfaced.
Vulnerability Assessment
Detection Engineering
A single mid-size network can surface thousands of vulnerabilities in a year. Most never get exploited. A handful will end your weekend.
Vulnerability Management
Detection Engineering
A scanner finishes its weekly run and reports 40,000 findings across the estate. The team has the capacity to patch a few hundred this cycle. Which ones?
Vulnerability Management Platform (VMP)
Detection EngineeringThreat Hunting
A mid-size enterprise scan returns 180,000 open findings. The team that has to fix them can close maybe a few hundred a month. Patch every critical and the backlog still grows faster than it shrinks, because severity alone flags tens of thousands of items as critical and almost none of them are reachable by an attacker.
Vulnerability Scanning
Detection Engineering
A vulnerability scanner takes an inventory of what runs on a host, compares each piece against a database of known flaws, and reports the matches. Point Nessus or OpenVAS at a subnet and within minutes you get a list: this server runs OpenSSL 3.0.0, that flaw maps to CVE-2022-3602, the fix is an upgrade to 3.0.7. No exploit fired.
W5 terms
Web Application Firewall (WAF)
Detection EngineeringNetwork Forensics
A network firewall reads IP addresses and ports. It has no idea what is inside the HTTP request riding over port 443. A login form that takes ' OR 1=1-- as a username looks, to that firewall, exactly like a customer signing in.
Web Shell
Detection EngineeringThreat Hunting
In early 2021, a single 4 kilobyte file landed on roughly 30,000 organizations in the United States. It was called China Chopper, and HAFNIUM operators dropped it onto Microsoft Exchange servers after chaining the ProxyLogon vulnerabilities. That tiny file gave the attackers a command interface into each network without a single stolen password.
Whaling
Threat Intel
In early 2024, a finance employee at the engineering firm Arup sat on a video call with people who looked and sounded like the company's chief financial officer and several colleagues. Every face on that call was generated. The employee, following what felt like a direct instruction from leadership, made 15 transfers totaling about 25.6 million US dollars before the fraud surfaced through a routine follow-up with headquarters.
White Hat Hacker
Threat Intel
Two people run the same Nmap scan against the same server, find the same unpatched service, and write the same exploit. One emails the finding to the company that owns the box. The other sells access on a forum.
Wireless Security
Detection EngineeringNetwork Forensics
In October 2017, a researcher at KU Leuven named Mathy Vanhoef published an attack he called KRACK. It did not break a password or guess a key. It abused a flaw in the WPA2 four-way handshake, the exchange every Wi-Fi client and access point run to agree on an encryption key, by replaying one of the handshake messages and forcing the client to reinstall a key it was already using.
Z3 terms
Zero Day Exploits
Detection EngineeringThreat Intel
On May 27, 2023, the Cl0p ransomware crew started pulling data out of corporate file-transfer servers running Progress MOVEit Transfer. They were abusing CVE-2023-34362, a SQL injection flaw nobody outside the attackers knew existed. Progress did not publish an advisory until May 31.
Zero Trust Architecture
Detection Engineering
A request arrives: a user on a laptop wants to open an internal application. Before any packet reaches that application, a component evaluates the request against policy, identity, and device state, decides allow or deny, and then a separate component configures the gateway in front of the application to open or refuse the connection. The user never touches the application directly.
Zero Trust Security
Detection Engineering
A user logs in from the corporate office, on a managed laptop, inside the firewall. Under the old model, that login earned broad access to file shares, internal apps, and adjacent systems. Under zero trust, none of that location context grants anything.