Skip to content

Instantly share code, notes, and snippets.

@gsuberland

gsuberland/infosec-keywords-reference.md

Last active November 11, 2025 04:22
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save gsuberland/dc3656eb0146adfeebef7b02b0d70a0b to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save gsuberland/dc3656eb0146adfeebef7b02b0d70a0b to your computer and use it in GitHub Desktop.
Download ZIP
Infosec keyword reference
Raw
infosec-keywords-reference.md

Infosec keywords

This is just a big ol' list of keywords to search and learn about. No particular order. Search each of these and learn a bit about it, and try out all of the techniques you can manage.

Remember to focus on understanding the actual technology you're targeting. Security is fundamentally about learning what the computer actually does, so you can identify cases where the intent doesn't match the practical behaviour. Spend the time to understand the behaviours that you're exploiting, rather than just memorising the tricks - my old boss always used to say "we can teach computer people security, we can't teach security people computers", and it's very true.

  • Reflected and stored XSS
  • HttpOnly / Secure cookie flags
  • HTTP security headers
  • Content Security Policy
  • CSRF
  • IDOR / missing authorisation
  • Email dot blindness
  • SSRF
  • Path traversal
  • Insecure upload (e.g. ability to upload HTML instead of a JPEG)
  • Command injection
  • SQL injection
  • NoSQL injection
  • LDAP injection
  • Unsafe deserialisation
  • WS-Security
  • OAuth2
  • JWT
  • Insecure RNGs (LCG, LFSR, etc.)
  • CSPRNGs
  • Cryptographic hash functions
  • HMACs
  • Key derivation functions (KDFs)
  • Password storage functions (e.g. argon2id)
  • Hashcat
  • Constant-time comparisons
  • Duck typed hash comparison bugs (e.g. hash starting '0e...' being interpreted as scientific notation)
  • HMACs
  • Block cipher modes of operation
  • Stream cipher malleability attacks
  • CBC malleability attacks
  • AEADs
  • 3DES meet-in-the-middle
  • RSA + padding schemes
  • Diffie-Hellman key exchange
  • Padding oracles
  • FDE (BitLocker, LUKS, etc.)
  • nmap scanning
  • DNS spoofing / hijacking
  • ARP spoofing
  • DNSSEC
  • SNMP auth / encryption
  • MAC address filtering
  • TOCTOU
  • Race conditions
  • Symlink planting
  • Windows DACLs
  • Windows SACLs / integrity levels
  • Windows system objects (see: WinObj)
  • Unquoted service paths / binary planting
  • Insecure PATH environment variable
  • DLL planting / hijacking
  • windows-privesc-check
  • Windows network enumeration
  • RID cycling
  • mimikatz
  • SAM hive extraction
  • LSA dumping
  • ADSIEdit / BloodHound
  • NTLM relaying
  • Pass the hash
  • Token impersonation (e.g. metasploit impersonate_token)
  • AD enumeration
  • Kerberos and Kerberoasting
  • psexec
  • WMI remote commands
  • PowerShell remoting
  • LD_PRELOAD
  • unix-privesc-check
  • NFS root squashing & subtree checking
  • Linux permissions
  • setuid/setgid
  • Linux capabilities (e.g. cap_setuid)
  • chroot escapes
  • sudorule-find
  • AWS S3 bucket permissions
  • Ghidra
  • x64dbg / WinDbg
  • strace / Rohitab API Monitor
  • gdb + GEF
  • Integer overflows / casting bugs
  • Stack buffer overflow
  • Stack canaries
  • Return pointer overwrites
  • Heap buffer overflow
  • Heap spraying
  • Use-after-free
  • Type confusion
  • No-execute (NX / DEP)
  • ASLR / PIE
  • SafeSEH
  • ret2libc / ROP chains / JOP chains
  • Fuzzing (e.g. AFL) and ASAN/UBSAN
  • Control Flow Guard (CFG) / Control Flow Integrity (CFI)
  • PE structure / ELF structure
  • checksec
  • dnSpyEx / ILSpy
  • JD-GUI / jd-gui
  • CodeQL / semgrep
  • Secure boot / ARM TrustZone
  • Threat modelling
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment