Security terms explained without technical jargon.
- Penetration Test (Pentest)
- A simulated attack on your systems to discover vulnerabilities. Like a fire drill, but for security.
- Red Team
- A comprehensive attack simulation that tests people, processes, and technology. A pentest without scope limitations.
- Active Directory (AD)
- Microsoft's system for managing users and computers in organizations. The backbone of most corporate networks.
- NTLM Relay
- An attack where an attacker intercepts authentication and uses it to access other systems.
- Kerberos
- Authentication protocol in AD environments. Powerful, but often misconfigured.
- EDR (Endpoint Detection and Response)
- Security solution that monitors and responds to suspicious activities on computers.
- SIEM (Security Information and Event Management)
- System that collects and analyzes security logs from across the network.
- IAM (Identity and Access Management)
- Managing identities and access - who is who and what they're allowed to do.
- MFA (Multi-Factor Authentication)
- Authentication with multiple factors - password plus something else (phone, key, fingerprint).
- CVSS (Common Vulnerability Scoring System)
- Standardized system for scoring technical severity of vulnerabilities. Not the same as business risk.