Blue Team Reference

The SOC Analyst
Glossary

500+ cybersecurity terms explained for practitioners — DFIR, SOC, Threat Hunting, Malware Analysis, and beyond.

A–Z
451-466 of 466 terms
V
6 terms
Virtual Private Network (VPN)
Cybersecurity EducationSOC Analyst trainingSOC Analyst Career
Definition A Virtual Private Network (VPN) is a security technology that creates a secure, encrypted connection between a user’s device and a private network over the public internet. It ensures that data transmitted between endpoints remains confidential, protected from interception, and accessible only to authorized users. VPNs are widely used in both enterprise and personal contexts to protect sensitive data, enable secure remote access, and maintain privacy in increasingly distributed and cloud-based environments.
Vishing
Detection EngineeringThreat Intel
In 2024, a finance employee at the engineering firm Arup joined a routine video call with people who looked and sounded like the CFO and several colleagues. Every face on the call was a deepfake. The employee approved 15 transfers worth 25.6 million dollars before the fraud surfaced.
Vulnerability Assessment
Detection Engineering
A single mid-size network can surface thousands of vulnerabilities in a year. Most never get exploited. A handful will end your weekend.
Vulnerability Management
Detection Engineering
A scanner finishes its weekly run and reports 40,000 findings across the estate. The team has the capacity to patch a few hundred this cycle. Which ones?
Vulnerability Management Platform (VMP)
Detection EngineeringThreat Hunting
A mid-size enterprise scan returns 180,000 open findings. The team that has to fix them can close maybe a few hundred a month. Patch every critical and the backlog still grows faster than it shrinks, because severity alone flags tens of thousands of items as critical and almost none of them are reachable by an attacker.
Vulnerability Scanning
Detection Engineering
A vulnerability scanner takes an inventory of what runs on a host, compares each piece against a database of known flaws, and reports the matches. Point Nessus or OpenVAS at a subnet and within minutes you get a list: this server runs OpenSSL 3.0.0, that flaw maps to CVE-2022-3602, the fix is an upgrade to 3.0.7. No exploit fired.
W
5 terms
Web Application Firewall (WAF)
Detection EngineeringNetwork Forensics
A network firewall reads IP addresses and ports. It has no idea what is inside the HTTP request riding over port 443. A login form that takes ' OR 1=1-- as a username looks, to that firewall, exactly like a customer signing in.
Web Shell
Detection EngineeringThreat Hunting
In early 2021, a single 4 kilobyte file landed on roughly 30,000 organizations in the United States. It was called China Chopper, and HAFNIUM operators dropped it onto Microsoft Exchange servers after chaining the ProxyLogon vulnerabilities. That tiny file gave the attackers a command interface into each network without a single stolen password.
Whaling
Threat Intel
In early 2024, a finance employee at the engineering firm Arup sat on a video call with people who looked and sounded like the company's chief financial officer and several colleagues. Every face on that call was generated. The employee, following what felt like a direct instruction from leadership, made 15 transfers totaling about 25.6 million US dollars before the fraud surfaced through a routine follow-up with headquarters.
White Hat Hacker
Threat Intel
Two people run the same Nmap scan against the same server, find the same unpatched service, and write the same exploit. One emails the finding to the company that owns the box. The other sells access on a forum.
Wireless Security
Detection EngineeringNetwork Forensics
In October 2017, a researcher at KU Leuven named Mathy Vanhoef published an attack he called KRACK. It did not break a password or guess a key. It abused a flaw in the WPA2 four-way handshake, the exchange every Wi-Fi client and access point run to agree on an encryption key, by replaying one of the handshake messages and forcing the client to reinstall a key it was already using.