Access Control  List (ACL) is a list of permissions associated with a system resource. An ACL  specifies which users or system processes are granted access to objects, as  well as what operations are allowed on given objects.

Advanced  Persistent Threat (APT) is a stealthy Threat Actor, typically a nation state  or state-sponsored group, which gains unauthorized access to a computer  network and remains undetected for an extended period.

Business Email  Compromise (BEC) is a specific type of phishing attack, a spear phishing  attack – with the objective being to trick employees into taking harmful  actions, typically sending money to the attacker.

Brute Force  attack consists of an attacker submitting many passwords or pass phrases with  the hope of eventually guessing correctly.

Complete  Command and Control/Command and Control (C2C). Technique that Threat Actors  use to control compromised devices.

The dark web  is the World Wide Web content that exists on darknets: overlay networks that  use the Internet but require specific software, configurations, or  authorization to access.

Hash is a  mathematical function that converts an input of arbitrary length into an  encrypted output of a fixed length.

Honeypot is a  computer security mechanism set to detect, deflect, or, in some manner,  counteract attempts at unauthorized use of information systems.

Indicator of  Compromise (IoC) is an artifact observed on a network or in an operating  system that, with high confidence, indicates a computer intrusion.

Local Security  Authority Server Service (LSASS) is a process in Microsoft Windows operating  systems that is responsible for enforcing the security policy on the system.  It verifies users logging on to a Windows computer or server, handles  password changes, and creates access tokens.

Master File  Table (MFT) on New Technology File System (NTFS) system  contains all information about a file, including its size, time and date  stamps, permissions, and data content, is stored either in MFT entries, or in  space outside the MFT that is described by MFT entries.

Man-In-The-Middle  (MITM) or person-in-the-middle (PITM) attack is a cyberattack where the  attacker secretly relays and possibly alters the communications between two  parties who believe that they are directly communicating with each other, as  the attacker has inserted themselves between the two parties.

MITRE  ATT&CK® is a globally accessible knowledge base of adversary tactics and  techniques based on real-world observations.

Network Access  Control List (NACL) is made up of rules that either allow access to a  computer environment or deny it.

National  Software Reference Library (NSRL), is a project of the National Institute of  Standards and Technology that maintains a repository of known software, file  profiles and file signatures for use by law enforcement and other  organizations involved with computer forensic investigations.

Open Threat  Exchange (OTX) is a crowd-sourced computer-security platform. OTX information  sharing covers a wide range of issues related to security, including viruses,  malware, intrusion detection and firewalls. Its automated tools cleanse,  aggregate, validate, and publish data shared by participants.

Open Web  Application Security Project (OWASP) is an online community that produces freely  available articles, methodologies, documentation, tools, and technologies in  the field of web application security.

Privilege  Escalation consists of techniques that adversaries use to gain higher-level  permissions on a system or network.

In computer  security, arbitrary code execution (ACE) is an attacker's ability to run any  commands or code of the attacker's choice on a target machine or in a target  process. An arbitrary code execution vulnerability is a security flaw in  software or hardware allowing arbitrary code execution. A program that is  designed to exploit such a vulnerability is called an arbitrary code  execution exploit. The ability to trigger arbitrary code execution over a  network (especially via a wide-area network such as the Internet) is often  referred to as remote code execution (RCE)).

Remote Desktop  Protocol (RDP) is a proprietary protocol developed by Microsoft that provides  a user with a graphical interface to connect to another computer over a  network connection.

General term  for a series of events that can be matched against and then create an alert  or log entry when matched.

Server Message  Block (SMB) is a communication protocol that Microsoft created for providing  shared access to files and printers across nodes on a network.

Spear phishing  is a technique typically used in targeted attack campaigns to gain access to  an individual's account or impersonate a specific individual, through sending  messages (emails most common channel) that look "real," however in  fact either contain malicious links or attachments that help to compromise  end user machine.

SQL injection  is a common attack vector that uses malicious SQL code for backend database  manipulation to access information that was not intended to be displayed

Threat Actor  (TA) or malicious actor is either a person or a group of people that take  part in an action that is intended to cause harm to the cyber realm  including: computers, devices, systems, or networks.

Transmission  Control Protocol (TCP) is one of the main protocols of the Internet protocol  suite. It originated in the initial network implementation in which it  complemented the Internet Protocol.

Telnet is an  application protocol used on the Internet or local area network to provide a  bidirectional interactive text-oriented communication facility using a  virtual terminal connection.

Tor is free  and open-source software for enabling anonymous communication. Commonly used  to access Dark web sites.

Tactics,  Techniques, and Procedures (TTPs) is an essential concept cyber security  studies. The role of TTPs in analysis is to identify individual patterns of  behavior of a particular activity, or a particular organization.

Web shell is a  shell-like interface that enables a web server to be remotely accessed.

WHOIS is a  query and response protocol that is widely used for querying databases that  store the registered users or assignees of an Internet resource, such as a  domain name, an IP address block, or an autonomous system, but is also used  for a wider range of other information.

YARA is the  name of a tool primarily used in malware research and detection. It is used  to detect pieces of malware; they are used to identify unique patterns and  strings within the malware.

Amazon Machine  Image (AMI) is a supported and maintained image provided by AWS that provides  the information required to launch an instance.

Amazon  Resource Names (ARNs) uniquely identify AWS resources.

Amazon Web  Services provides on-demand cloud computing platforms and APIs to individuals,  companies, and governments, on a metered pay-as-you-go basis. These cloud  computing web services provide distributed computing processing capacity and  software tools via AWS server farms.

AWS Lambda is  an event-driven, serverless computing platform provided by AWS.

Relational  Database Service (RDS) is a managed SQL database service. RDS supports an  array of database engines to store and organize data.

CloudFormation  is an AWS service that helps model and set up AWS resources with less time managing  those resources.

CloudTrail is  an AWS service that enables governance, compliance, and operational and risk  auditing of your AWS account. Actions taken by a user, role, or an AWS  service are recorded as events in CloudTrail.

CloudWatch is  a monitoring and observability service built for DevOps engineers,  developers, site reliability engineers (SREs) , and so on., in order to  provide data and actionable insights to monitor applications, respond to  system-wide performance changes, and optimize resource utilization.

Customer  Master Key (CMK) is a logical representation of a master key. The CMK  includes metadata, such as the key ID, creation date, description, and key  state.

Elastic Block  Store (EBS) provides raw block-level storage that can be attached to Amazon  EC2 instances and is used by Amazon Relational Database Service.

Elastic  Compute Cloud (EC2) is a part of AWS that allows users to rent virtual  computers on which to run their own computer applications.

Elastic  Kubernetes Service (EKS) is a managed container service to run and scale  Kubernetes applications in the cloud or on-premises.

GuardDuty is a  threat detection service that continuously monitors your AWS accounts and  workloads for malicious activity and delivers detailed security findings for  visibility and remediation.

Identity &  Access Management (IAM) provides fine-grained access control across all AWS  resources.

Key Management  Service (KMS). KMS presents a single control point to manage keys and define  policies consistently across integrated AWS services and your own  applications.

Route 53 is a  scalable and highly available Domain Name System (DNS) service.

Simple Storage  Service (S3) is an object storage service that offers industry-leading  scalability, data availability, security, and performance.

Simple  Notification Service (SNS) is a managed service that provides message  delivery from publishers to subscribers (also known as producers and  consumers).

Security Token  Service (STS) is a web service that enables the request of temporary security  credentials that can be used to access AWS resources.

Virtual  Private Cloud (VPC) is an on-demand configurable pool of shared resources  allocated within a public cloud environment, providing a certain level of  isolation between the different organizations (denoted as users hereafter)  using the resources.

Amazon Machine  Image (AMI) is a supported and maintained image provided by AWS that provides  the information required to launch an instance.

Google Cloud  Platform (GCP), offered by Google, is a suite of cloud computing services  that runs on the same infrastructure that Google uses internally for its  end-user products