A Quick Glossary of Attack Types
| Category | Attack Type | Description |
|---|---|---|
| Social Engineering & Identity | Business Email Compromise (BEC) | Impersonating executives/suppliers via email to divert payments or steal sensitive data. |
| Social Engineering & Identity | Phishing | Deceptive emails or sites trick users into entering credentials or downloading malware. |
| Social Engineering & Identity | Smishing | Phishing via SMS messages. |
| Social Engineering & Identity | Vishing | Phishing via voice calls or phone menus. |
| Social Engineering & Identity | Callback Phishing | Email or SMS lures victims to call a fake support number to install tools or pay fees. |
| Social Engineering & Identity | Quishing (QR Phishing) | Malicious QR codes lead users to credential theft or malware. |
| Social Engineering & Identity | MFA Fatigue / Push Bombing | Attackers spam login approvals until a user taps ‘Approve’. |
| Social Engineering & Identity | OAuth Consent Phishing | Users are lured to grant a rogue cloud app access to mail/files via OAuth. |
| Social Engineering & Identity | Email Spoofing | Forged sender addresses to appear as trusted parties (often abusing weak DMARC/SPF/DKIM). |
| Social Engineering & Identity | Email Forwarding Rule Abuse | Covert auto-forward rules exfiltrate mail or hide attacker messages. |
| Social Engineering & Identity | Credential Stuffing | Using leaked username/password pairs to log into other services. |
| Social Engineering & Identity | Password Spraying | Trying common passwords across many accounts to avoid lockouts. |
| Social Engineering & Identity | Brute Force | Trying many passwords against one account. |
| Social Engineering & Identity | SIM Swap | Hijacking a phone number to intercept SMS codes and reset accounts. |
| Social Engineering & Identity | Account Pre-Hijacking | Creating or linking accounts ahead of a target to take control when they register or SSO. |
| Social Engineering & Identity | Deepfake Impersonation | AI-generated voice/video used to mimic leaders and approve payments or access. |
| Social Engineering & Identity | Session Hijacking | Stealing session tokens/cookies to take over accounts. |
| Social Engineering & Identity | Golden SAML | Forging SAML tokens using stolen signing keys to access cloud services. |
| Social Engineering & Identity | OAuth Token Theft/Replay | Stealing and reusing bearer tokens to impersonate users. |
| Web & Application | SQL Injection | Malicious input forces a database to reveal or alter data. |
| Web & Application | Cross-Site Scripting (XSS) | Injected script runs in a victims browser via a trusted site. |
| Web & Application | Cross-Site Request Forgery (CSRF) | Tricking a logged-in users browser to perform unintended actions. |
| Web & Application | Server-Side Request Forgery (SSRF) | Forcing a server to fetch attacker-chosen URLs, often internal metadata. |
| Web & Application | Insecure Deserialization | Abusing object parsing to run code on the server. |
| Web & Application | IDOR / BOLA | Insecure direct object access manipulating IDs to view others data. |
| Web & Application | Path Traversal | Manipulating file paths to access files outside intended folders. |
| Web & Application | Clickjacking | Invisible overlays trick users into clicking hidden UI elements. |
| Web & Application | API Abuse / Broken Authentication | Flaws in APIs enable bypassing authentication or enumerating data. |
| Web & Application | Watering-Hole | Booby-trapping a site employees frequent to infect visitors. |
| Web & Application | Drive-By Download | A malicious page silently drops malware on visit. |
| Web & Application | Malvertising | Malicious ads on legitimate sites deliver exploits or redirects. |
| Web & Application | Domain Impersonation / Typosquatting | Look-alike domains mimic brands to capture traffic or credentials. |
| Web & Application | Subdomain Takeover | Claiming an unconfigured/abandoned subdomain to host malicious content. |
| Web & Application | HTTP Request Smuggling | Desynchronizing front-end/back-end parsing to bypass security controls. |
| Web & Application | Prototype Pollution | Poisoning object prototypes in JS apps to change application behavior. |
| Web & Application | Web Cache Poisoning | Manipulating cached responses so many users get malicious content. |
| Web & Application | Magecart / Web Skimming / Formjacking | Injecting code to capture payment/PII from checkout forms. |
| Endpoint & Malware | Malware (umbrella) | Malicious software: viruses, worms, Trojans, spyware, keyloggers, RATs. |
| Endpoint & Malware | Ransomware (Double/Triple Extortion) | Encrypting data; also threatening leaks and/or DDoS for pressure. |
| Endpoint & Malware | Data-Extortion-Only | Stealing and threatening to leak data without encrypting systems. |
| Endpoint & Malware | Wiper / Sabotage | Malware that destroys data or devices to disrupt operations. |
| Endpoint & Malware | Cryptojacking | Hijacking systems to mine cryptocurrency. |
| Endpoint & Malware | Web Shells | Backdoor scripts on servers for remote control. |
| Endpoint & Malware | Living-off-the-Land (LotL) | Using built-in tools (e.g., PowerShell) to evade detection. |
| Endpoint & Malware | UEFI / Bootkits | Malware that loads before the OS for deep persistence. |
| Endpoint & Malware | BYOVD | Using a vulnerable driver to disable defenses and escalate privileges. |
| Endpoint & Malware | DLL Sideloading / Hijacking | Planting a fake library a trusted app loads. |
| Endpoint & Malware | Process/Thread Injection | Running malicious code inside legitimate processes. |
| Endpoint & Malware | Keylogging / Screen Capturing | Recording keystrokes or screens to steal secrets. |
| Endpoint & Malware | PoS / Card Skimming Malware | Stealing card data from point-of-sale systems. |
| Network & Infrastructure | DDoS (Distributed Denial-of-Service) | Overwhelming services with traffic to knock them offline. |
| Network & Infrastructure | Man-in-the-Middle (MitM) | Intercepting or altering network traffic between parties. |
| Network & Infrastructure | Rogue AP / Evil Twin (Wi-Fi) | Fake Wi-Fi hotspots that capture logins and inspect traffic. |
| Network & Infrastructure | DNS Tunneling | Smuggling data/commands through DNS queries/responses. |
| Network & Infrastructure | BGP Hijacking | Mis-routing internet traffic by abusing routing announcements. |
| Network & Infrastructure | Command-and-Control (C2) / Beaconing | Infected hosts reach out to attacker servers for commands. |
| Network & Infrastructure | Data Exfiltration | Unauthorized transfer of data out of the organization. |
| Network & Infrastructure | Lateral Movement | Hopping from one system to others inside the network. |
| Network & Infrastructure | Privilege Escalation | Gaining higher permissions than intended. |
| Network & Infrastructure | Fast Flux / Domain Shadowing | Rapidly changing DNS/infra to evade takedowns. |
| Network & Infrastructure | Bulletproof Hosting | Crime-friendly hosting that resists abuse complaints. |
| Cloud, SaaS & DevOps | Supply Chain Attack | Compromising a trusted vendor, update, library, or CI/CD to reach you. |
| Cloud, SaaS & DevOps | Dependency Confusion / Typosquatted Packages | Poisoning builds with malicious packages named like internal ones. |
| Cloud, SaaS & DevOps | Cloud Misconfiguration Exploitation | Public buckets, open admin consoles, weak IAM policies. |
| Cloud, SaaS & DevOps | Leaked Secrets / Keys | API keys/tokens exposed in code, repos, tickets, or logs. |
| Cloud, SaaS & DevOps | CI/CD Pipeline Compromise | Hijacking build/deploy systems to insert backdoors. |
| Cloud, SaaS & DevOps | Container Escape | Breaking from a container into the host or other containers. |
| Cloud, SaaS & DevOps | Kubernetes Abuse | Abusing kubelet/API permissions, secrets, or exposed dashboards. |
| Cloud, SaaS & DevOps | Code Signing Certificate Theft | Stealing certs to sign malware as if it were legitimate. |
| Cloud, SaaS & DevOps | Shadow IT SaaS Takeover | Compromising unsanctioned apps linked to corporate identities. |
| Enterprise Identity (AD/Entra) | Credential Theft (Pass-the-Hash/Ticket) | Reusing captured hashes or Kerberos tickets to impersonate users. |
| Enterprise Identity (AD/Entra) | Kerberoasting / AS-REP Roasting | Extracting crackable material from AD to recover service or user keys. |
| Enterprise Identity (AD/Entra) | Ticket Forgery (Golden/Silver) | Creating valid-looking Kerberos tickets with stolen keys. |
| Enterprise Identity (AD/Entra) | DCSync / DCShadow | Emulating a domain controller to read or set credentials. |
| Enterprise Identity (AD/Entra) | Delegation Abuse (RBCD) | Misusing AD delegation to impersonate accounts. |
| Enterprise Identity (AD/Entra) | AD CS Abuse | Exploiting certificate services to mint sign-in certificates. |
| Enterprise Identity (AD/Entra) | RDP Compromise | Breaking into Remote Desktop to access servers directly. |
| Fraud & Process | Business Process Compromise (BPC) | Abusing legitimate workflows (e.g., invoice rules) to siphon funds. |
| Fraud & Process | Invoice / Payment Redirection Fraud | Altering beneficiary details to reroute payments. |
| OT/IoT | ICS/SCADA Intrusions | Targeting industrial control systems to manipulate physical processes. |
| OT/IoT | IoT Device Takeover | Exploiting weakly secured smart devices for access or botnets. |
| Emerging / Specialized | Adversarial ML (Model Evasion/Poisoning) | Manipulating ML inputs or training data to degrade or subvert models. |
| Emerging / Specialized | Data Integrity Attacks | Quietly altering data to change decisions or reports without detection. |
| Emerging / Specialized | Insider Threat (Malicious/Negligent) | Employees or partners abusing access or mishandling data. |
Blue-Lab 
Leave a comment