Category: InfoSec

Vulnerability Assessment

A vulnerability assessment is a process that identifies and evaluates weaknesses in computer systems, networks, or applications that could be exploited by threats. This assessment helps organisations find security gaps before attackers do, so they can fix them and reduce risk. The process often includes scanning for known flaws, misconfigurations, and outdated software that could…

Penetration Testing

Penetration testing is a security practice where experts try to find and exploit weaknesses in a computer system, network, or application. The goal is to uncover vulnerabilities before malicious hackers do, helping organisations fix them. This is often done by simulating real cyberattacks in a controlled and authorised way.

Security Information and Event Management (SIEM)

Security Information and Event Management (SIEM) is a technology that helps organisations monitor and analyse security events across their IT systems. It gathers data from various sources like servers, applications, and network devices, then looks for patterns that might indicate a security problem. SIEM solutions help security teams detect, investigate, and respond to threats more…

Man-in-the-Middle Attack

A Man-in-the-Middle Attack is a type of cyber attack where someone secretly intercepts and possibly alters the communication between two parties who believe they are directly communicating with each other. The attacker can read, modify, or inject messages without either party knowing. This can lead to stolen information, such as passwords or credit card numbers,…

Insider Threat

An insider threat refers to a risk to an organisation that comes from people within the company, such as employees, contractors or business partners. These individuals have inside information or access to systems and may misuse it, either intentionally or accidentally, causing harm to the organisation. Insider threats can involve theft of data, sabotage, fraud…

Data Exfiltration

Data exfiltration is the unauthorised transfer of data from a computer or network. It often happens when someone gains access to sensitive information and moves it outside the organisation without permission. This can be done through various means, such as email, cloud storage, or portable devices, and is a major concern for businesses and individuals…

Attack Surface

An attack surface is the total number of ways an attacker can try to gain unauthorised access to a computer system, network, or application. It includes all the points where someone could try to enter or extract data, such as websites, software interfaces, hardware devices, and even employees. Reducing the attack surface means closing or…

Lateral Movement

Lateral movement is a technique where an attacker, after gaining initial access to a computer or network, moves sideways within the environment to access additional systems or data. This often involves using stolen credentials or exploiting weak security on other devices. The goal is to find valuable information or gain higher privileges without being detected.