Brute force protection is a set of measures used to stop attackers from repeatedly guessing passwords or access codes in an attempt to break into an account or system. It works by detecting and limiting repeated failed login attempts, often by locking accounts or introducing delays after several wrong tries. These methods help keep information…
A supply chain attack is when a cybercriminal targets a business by exploiting weaknesses in its suppliers or service providers. Instead of attacking the business directly, the attacker compromises software, hardware, or services that the business relies on. This type of attack can have wide-reaching effects, as it may impact many organisations using the same…
An exploit chain is a sequence of vulnerabilities or security weaknesses that an attacker uses together to achieve a specific goal, such as gaining unauthorised access or installing malicious software. Instead of relying on a single flaw, the attacker combines several smaller issues, where each step leads to the next. This approach allows attackers to…
Rootkit detection is the process of finding hidden software known as rootkits on a computer or network. Rootkits are designed to hide their presence and allow attackers to control a system without being noticed. Detecting them often involves scanning for unusual changes in files, processes, or system behaviour that may indicate something is being concealed.
DNS spoofing is a cyber attack where a hacker tricks a computer into thinking it is connecting to a legitimate website when it is actually being directed to a fake one. This is done by corrupting the Domain Name System (DNS) data used to match website names with the correct servers. As a result, users…
Deep Packet Inspection (DPI) is a method used by network devices to examine the data part and header of packets as they pass through a checkpoint. Unlike basic packet filtering, which only looks at simple information like addresses or port numbers, DPI analyses the actual content within the data packets. This allows systems to identify,…
Token hijacking is when someone gains access to a digital token that is meant to prove your identity in an online system. These tokens are often used to keep you logged in or to confirm your access rights. If an attacker steals your token, they can pretend to be you without needing your password. This…
A hash collision occurs when two different pieces of data are processed by a hash function and produce the same output value, known as a hash. Hash functions are designed to turn data of any size into a fixed-size value, but because there are more possible inputs than outputs, collisions are unavoidable. Hash collisions can…
Red Team and Blue Team exercises are structured cybersecurity activities where one group (the Red Team) acts as attackers, attempting to breach systems and find weaknesses, while another group (the Blue Team) defends against these attacks. The goal is to test and improve the security measures of an organisation by simulating real-world cyber threats in…
A Security Operations Centre (SOC) is a dedicated team or facility that monitors and manages an organisation’s security systems. Its main job is to detect, analyse, and respond to cyber security incidents using both technology and skilled staff. The SOC works around the clock to protect sensitive data and systems from threats, ensuring quick action…