Scirge Glossary Index

What Is Account Takeover? Account takeover happens when a fraudster gains unauthorized access or control over a legitimate customer’s account. Account takeover (account compromise) attacks mainly target SaaS web applications.

What Is Brute Force? Brute Force is a type of cryptographic attack which involves exhaustive search. Brute force employs techniques in which a password is guessed based on possible combinations of the required password until the correct password is discovered.

What Is Combo List? A combo list is a text file that contains a list of leaked usernames and passwords in a specific format. The passwords are usually obtained from different breaches and collectively stored within a file.

What Is Credential Stuffing? Credential-related threats and attacks are one of the most widely-used vectors by attackers. Credential stuffing is one of these techniques: stolen or otherwise compromised account credentials—typically in a database or list format—are used to gain unauthorized access to resources using highly-scalable automation processes.

What Is Data Breach? Data Breach is a security incident where critical information or data is exposed or stolen without the knowledge and consent of the system owner. Almost any individual or organization may it be small or large can suffer from a data breach.

What Is Dictionary Attack? A form of brute-force technique where adversaries try to bypass an authentication mechanism by trying dictionary words as passwords until the correct password is found. Dictionary attacks require fewer resources and time as a list of selected dictionary words are used as compared to trying every possible combination until the correct password is identified.

What Is Domain Reputation? Domain reputation allows us to know the overall health of our domain. Domain reputation works on a scoring system, a higher score obtained from data, engagements, and email practices will place your domain at a greater rank.

What Is Hashing? Hashing involves taking a variable-length block of data as an input and producing a fixed-length output. The process produces a new value provided input to the hash function.

What Is K-anonymity? K-anonymity was introduced to solve the problem: "Given person-specific field-structured data, produce a release of the data with scientific guarantees that the individuals who are the subjects of the data cannot be re-identified while the data remain practically useful”.

What Is Least Privilege? Least Privilege is also known as the Principle of Least Privilege (POLP) is a concept of restricting a user, program, or process to access only those resources which are necessary to perform routine and legitimate activities. Applying the principle on people, minimum access rights and clearance level is granted so that the user can perform his/her role.

What Is OSINT (Open-source Intelligence)? Open-source intelligence is a wide set of tools and methods to collect publicly available information. For hackers and attack groups, OSINT based information is commonly used to guess passwords or create targeted phishing attacks.

What Is Offline Password Cracking? Offline password cracking technique involves recovering passwords from an already obtained password hash file. This happens after a hacker has already gained local access to an infected endpoint and starts to collect locally stored hashes or conducts other methods to attack the network, such as LLNMNR poisoning.

What Is Passwod Guessing? Password guessing is a form of gaining access via using previously gathered intelligence from the account holder. This may result in OSINT-based information or also previously breached passwords of the same individual.

What Is Password Masking? Password Masking is a very common practice that is being utilized by web applications, websites, and user account password fields. When a password is entered into a password field of a web application or a user account the characters entered are not shown instead “asterisks” or “bulleted points” are shown.

What Is Password Reuse? Password reuse is a serious password hygiene issue. People tend to use a single password across different platforms such as third-party software, web or cloud applications, etc.

What Is Password Space? Password space is the total amount of passwords that can be potentially created from a given alphabet, or set of characters for a given maximum password length. This is a measure of how many random guesses one needs to perform during a brute force attack to find any password within, and thus is a measure of security and vulnerability of passwords.

What Is Password Spraying? Password spraying is an adversarial password attack technique in which a few commonly used passwords are utilized on multiple accounts. Rather than applying multiple passwords on the same account as done in a brute force attack, multiple accounts are targeted.

What Is Rainbow Table Attack? A rainbow table is a large database of pre-computed hash values for plain text passwords. The database corresponds to hash values for a large set of passwords.

What Is Salting? Salting is a process of adding random data to a password before applying a hash function to it, this technique adds an extra layer of security. In this way, no similar hashes are produced when a string is hashed.

What Is Segregation of Duties? The Segregation of Duties concept states that no task, process, or duty should be assigned to a single resource/person. The responsibilities are divided among different people in an organization to prevent the danger of critical mistakes, errors, fraud, embezzlement, etc.

Shadow AI is the unsanctioned adoption of AI tools by employees, leading to security risks and compliance issues within organizations.

What Is Shadow IT? Shadow IT refers to resources utilized without the knowledge of the company's IT department. This can include hardware and software, though it mainly refers to cloud-based SaaS applications.

Shadow SSO involves the unauthorized use of personal or unmanaged SSO accounts to access work-related applications, leading to visibility gaps and security risks.

What Is Software as a Service? Software as a Service (SaaS) is a software hosting, delivery, and licensing model. SaaS products are typically licensed on a subscription basis.

What Is Zero Trust? Zero Trust is a security initiative/concept that enforces that every user outside or inside an organization gets authenticated, authorized, and comply with various security configurations and the organisation’s security posture. The principle followed by the Zero trust model is “never trust, always verify”.