Initial-Access

Phishing is a social engineering technique used to obtain credentials, deliver malware, or establish initial access into enterprise environments. This SECMONS record explains phishing mechanics, campaign evolution, and defensive controls.

Brute Force and Password Spraying are credential-based attack techniques that attempt to gain unauthorized access by systematically guessing passwords. This SECMONS glossary entry explains how these attacks differ, how they are detected, and how organizations mitigate identity abuse.

Command Injection is a vulnerability that allows attackers to execute arbitrary operating system commands by manipulating application input. This SECMONS glossary entry explains how command injection works, its impact, how it differs from SQL injection, and how defenders can prevent it.

Credential stuffing is an automated attack technique where attackers use previously leaked username and password combinations to attempt login across multiple services. This SECMONS glossary entry explains how credential stuffing works, why password reuse fuels it, and how defenders can detect and mitigate it.

A drive-by compromise is an attack technique where a victim’s system is compromised simply by visiting a malicious or compromised website. This SECMONS glossary entry explains how drive-by attacks work, how they relate to browser vulnerabilities and zero-days, and what defenders should monitor.

An exploit kit is a toolkit hosted on attacker-controlled infrastructure that automatically scans visiting systems for vulnerabilities and delivers exploits without user interaction beyond visiting a page. This SECMONS glossary entry explains how exploit kits work, their role in drive-by compromise campaigns, and why patch velocity is critical.

Initial Access refers to the techniques attackers use to gain their first foothold inside a target environment. This SECMONS glossary entry explains common initial access vectors such as phishing, drive-by compromise, exploitation of public-facing applications, and credential abuse, and how defenders should assess and reduce exposure.

A Loader or Dropper is a malware component designed to install or execute additional malicious payloads on a compromised system. This SECMONS glossary entry explains how loaders and droppers function, how they differ, and why they are central to modern malware campaigns.

Mark of the Web (MOTW) is a Windows security mechanism that tags files downloaded from the internet to enforce additional protections such as warnings and restricted execution. This SECMONS glossary entry explains how MOTW works, why it matters in real-world exploitation, and how bypasses increase risk.

Phishing is a social engineering technique where attackers impersonate trusted entities to steal credentials, deliver malware, or gain initial access. This SECMONS glossary entry explains phishing variants, operational impact, and defensive controls.

Remote Code Execution (RCE) allows an attacker to execute arbitrary code on a target system from a remote location. This SECMONS glossary entry explains how RCE occurs, how it differs from other impacts, how it is typically exploited, and why RCE-class vulnerabilities demand immediate attention.

SQL Injection (SQLi) is a vulnerability that allows attackers to manipulate database queries by injecting malicious input into application fields. This SECMONS glossary entry explains how SQL injection works, common impact scenarios, and how defenders should mitigate and detect it.

A supply chain attack occurs when threat actors compromise a trusted vendor, software provider, or service to gain indirect access to downstream customers. This SECMONS glossary entry explains how supply chain attacks work, common techniques, and how defenders should reduce third-party risk.

A watering hole attack is a targeted strategy where attackers compromise a website frequently visited by a specific group and use it to deliver exploits or malware. This SECMONS glossary entry explains how watering hole attacks work, how they differ from mass exploit kits, and how defenders can detect and mitigate them.

A zero-day vulnerability is a software flaw that is exploited before a patch is available or before the vendor is aware of it. This SECMONS glossary entry explains what qualifies as a zero-day, how it differs from n-day vulnerabilities, how zero-days are weaponized, and how defenders should respond.