Plain-English definitions of the terms that recur in CEH study. Concepts are for authorised, defensive learning only; EC-Council’s material is authoritative.
| Term | Definition |
|---|---|
| Ethical hacking | Authorised, scoped testing of systems to find weaknesses before attackers do. |
| White / black / grey hat | Authorised / malicious / unauthorised-but-non-malicious hackers. |
| Footprinting | Gathering information about a target. |
| Reconnaissance | The information-gathering phase, passive or active. |
| Scanning | Probing for live hosts, open ports and services. |
| Enumeration | Extracting detailed information such as users and shares. |
| Vulnerability | A weakness that can be exploited. |
| Exploit | Code or technique that takes advantage of a vulnerability. |
| Payload | The action an exploit performs after success. |
| Privilege escalation | Gaining higher access rights than intended. |
| Social engineering | Manipulating people to bypass security. |
| Sniffing | Capturing network traffic. |
| On-path attack | Intercepting communication between two parties. |
| SQL injection | Abusing unvalidated input to manipulate a database. |
| DoS / DDoS | Denial of Service — overwhelming a system or service. |
| Session hijacking | Taking over a valid user session. |
| IDS / IPS | Intrusion Detection / Prevention System. |
| Honeypot | A decoy system to attract and study attackers. |
| Cyber kill chain | A model of the stages of an attack. |
| Pivoting | Using a compromised host to reach others. |
| Hardening | Reducing a system’s attack surface. |
| Cryptography | Securing information through encryption and hashing. |