0xNULL // FIELD GLOSSARY // v1.1
SYS:ONLINE
NULL

0xNULL
Jargon Index

Terms that come up in our discussions explained without the condescension.

>_
entries 13
categories 7
press / to search
RAT Remote Access Trojan
Hidden malware giving an attacker silent control of your device Security

Remote Access Trojan. Malware that silently gives an attacker full control of your device — files, camera, keystrokes, clipboard — without you ever knowing.

Analogy Like a spare key to your house that you never gave out — someone's inside, watching, and they never move anything so you don't notice.
CVE Common Vulnerabilities and Exposures
Standardized ID for a publicly known security flaw Security

Common Vulnerabilities and Exposures. A global registry that assigns a unique ID to every publicly known security flaw so researchers, vendors, and engineers can all talk about it precisely.

Analogy Like a crime report number — the incident happened, it's documented, and everyone can look it up and reference it without confusion.
IDOR Insecure Direct Object Reference
Accessing someone else's data by tweaking a number in the URL Security

Insecure Direct Object Reference. A web vulnerability where changing a number in the URL gives you access to someone else's data because the server never checks if you're supposed to be there.

Analogy Hotel room 204 is yours. You try 205 — the door opens. The hotel handed out keys without checking which room you booked.
XSS Cross-Site Scripting
Injecting malicious scripts into a site that run in other users' browsers Security

Cross-Site Scripting. Planting malicious code in a website that then runs inside every other visitor's browser — stealing sessions, redirecting, or silently sending data out.

Analogy Leaving a note in a library book that, when the next person opens it, pickpockets them automatically.
Denuvo Anti-Tamper DRM
Anti-piracy tech embedded in games — recently cracked via hypervisor Gaming

Denuvo Anti-Tamper. A DRM layer embedded in PC games that continuously checks the game hasn't been modified, crashing it if tampering is detected.

Analogy A security guard who patrols the building every few seconds checking nothing's been moved — until someone figured out how to make him hallucinate that everything's fine.
Hypervisor Virtual Machine Monitor
Software layer beneath the OS that controls everything above it OS / System

Hypervisor. Software running below the OS that manages virtual machines — because it sits deeper than the OS itself, it controls what the OS sees and can intercept anything passing through.

Analogy The OS is a city. The hypervisor is the ground it's built on — it can make roads appear, disappear, or lead somewhere else entirely.
Clipboard System Clipboard Vulnerability
Windows clipboard is readable by any app — including malicious ones OS / System

System Clipboard — Unprotected. On Windows, anything you copy (Ctrl+C) sits in a shared buffer that any app with basic permissions can silently read at any time — no warning, no prompt.

Analogy Writing a secret note and leaving it on a table in a room where anyone can walk in — you think you're passing it privately, but it's just sitting there.
Seed Phrase Mnemonic Recovery Phrase
12–24 words that are the master key to your entire crypto wallet Crypto

Seed Phrase. A sequence of 12–24 words that fully reconstruct your crypto wallet on any device — whoever has these words owns everything in the wallet, permanently.

Analogy The master key to a vault, except there's no locksmith to call, no bank to dispute with, and making a copy for someone gives them the vault forever.
Ransomware Extortionware / Crypto-Locker
Malware that encrypts your files and demands payment to unlock them Security

Ransomware. Malware that encrypts all your files — making them completely unreadable — then demands payment for the decryption key, with no guarantee you ever get it.

Analogy Someone breaks into your house, puts all your belongings in a locked safe, and slides a note under the door: "pay me and I'll tell you the combination. Maybe."
Hardcoded Key Hardcoded API Key / Secret
A secret credential left exposed inside the app's own code Security

Hardcoded API Key. A secret credential baked directly into an app's code — anyone who disassembles the app can read it and use it to impersonate the service it belongs to.

Analogy Printing the key to your office's server room on the back of every employee ID badge — it's "inside" the card, but anyone with a scanner can get it out.
BCI Brain-Computer Interface
Device implanted in the brain to read or send neural signals directly Hardware

Brain-Computer Interface. A device that reads electrical signals directly from neurons and translates them into digital commands — or sends signals back — bypassing all physical movement.

Analogy Like a translator sitting between your thoughts and a computer, except the translator is surgically attached and works in milliseconds.
Vulnerability Security Vulnerability
A weakness in software that can be exploited to cause unintended behavior Security

Vulnerability. A flaw in code, configuration, or design that allows someone to make a system do something it wasn't supposed to — read private data, crash, or hand over control.

Analogy A crack in a wall that looks cosmetic but runs all the way through — harmless until someone knows exactly where to push.
Low Level Low-Level Programming
Writing code that talks directly to hardware, with no abstraction in between OS / System

Low-Level. Code written close to the hardware — dealing with memory addresses, CPU registers, and raw bytes directly instead of letting a language or framework handle it for you. More control, more responsibility, fewer safety nets.

Analogy Driving a car with no power steering, no ABS, manual everything — harder, but you feel exactly what the machine is doing.
Reverse Eng. Reverse Engineering
Taking a finished program apart to understand how it works without the source code Security

Reverse Engineering. Analyzing a compiled program — one you only have the final binary of — to reconstruct its logic, find vulnerabilities, or understand its behavior. Done using disassemblers and debuggers that translate machine code back into something human-readable.

Analogy Receiving a finished cake and figuring out the exact recipe from taste, texture, and smell alone — no cookbook, no chef to ask.
Cracking Software Cracking
Bypassing copy protection or license checks in software Security

Cracking. Modifying or patching a program to remove or bypass its copy protection, license validation, or DRM — making it run without the authentication it was designed to require.

Analogy A turnstile that checks your ticket — cracking is rewiring it so the arm spins freely regardless of whether a valid ticket was scanned.
Torrent BitTorrent Protocol
A peer-to-peer file sharing protocol where everyone downloading also uploads Network

Torrent / BitTorrent. A file transfer protocol where instead of downloading from one central server, you pull pieces from dozens of other users simultaneously — and share pieces back as you receive them. No single point of failure, scales the more people use it.

Analogy Instead of one person photocopying a book for everyone, the whole room shares pages with each other at once — faster, and the copy doesn't degrade with scale.
Stack Call Stack / Stack Memory
A region of memory that tracks function calls and local variables in order OS / System

Stack. A structured region of memory where the program keeps track of what function is running, what called it, and what local variables exist — automatically grows and shrinks as functions are called and returned.

Analogy A stack of plates — you always add and remove from the top. The bottom plate was the first one placed; you can't reach it until everything above is gone.
Buffer Memory Buffer
A fixed-size chunk of memory reserved to hold data temporarily OS / System

Buffer. A finite block of memory pre-allocated to hold incoming data — a username field, a packet, a file chunk. The size is fixed at creation; what happens when you put more in than it can hold is up to the programmer. Often, nothing good.

Analogy A cup — it holds liquid fine until you pour past the rim. What it spills onto depends on what's sitting next to it.
Registers CPU Registers
Tiny ultra-fast memory slots built directly into the CPU OS / System

Registers. The smallest and fastest storage a computer has — a handful of named slots (like rax, rsp, rip) that live inside the CPU itself. Every calculation, memory read, and function call flows through them. The instruction pointer register (rip) is the one attackers most want to control — it determines what executes next.

Analogy RAM is your desk, the hard drive is a filing cabinet across the room — registers are what's literally in your hand right now.
Buffer Overflow Stack / Heap Buffer Overflow
Writing more data into a buffer than it can hold, corrupting adjacent memory Security

Buffer Overflow. When a program writes more data into a buffer than it was sized for, the excess spills into adjacent memory — overwriting other variables, return addresses, or control data. If an attacker controls what spills over, they can redirect what the program does next.

Analogy Filling out a paper form and your answer overflows its box — except the box next to it says "authorized: yes/no" and your pen just wrote "yes" into it.
Shellcode Exploit Payload / Shellcode
Raw machine code injected into a vulnerable program to execute attacker commands Security

Shellcode. A small, self-contained blob of machine code — no operating system, no libraries, just raw CPU instructions — crafted to be injected into a vulnerable process and executed. Historically named for its goal of spawning a shell, giving the attacker a command prompt inside the target.

Analogy A lockpick set disguised as a key — small, purpose-built, and designed to work inside a lock it was never meant to open.
ROP Chain Return-Oriented Programming
Hijacking a program's own code snippets to execute attacker logic without injecting anything Security

ROP Chain. An advanced exploit technique where instead of injecting shellcode, the attacker strings together tiny existing snippets of the program's own code (called gadgets) — each ending in a ret instruction — to perform arbitrary actions. Bypasses defenses that prevent injected code from running, because nothing foreign is ever executed.

Analogy You can't bring your own tools into a secure facility — so instead you memorize where every tool already inside is stored and leave a note telling the workers to use them in the exact sequence you need.
Credential Stuffing Automated Login Attack via Leaked Credentials
Using leaked username/password pairs from one breach to break into accounts elsewhere Security

Credential Stuffing. An attack where an adversary takes username/password combinations leaked from one data breach and automatically tries them against other services — exploiting the fact that people reuse passwords across sites. Unlike brute-force, every attempt uses a real, previously valid credential, making it far harder to detect.

Analogy Someone finds a master key ring that opened one building. They don't pick any locks — they just walk up to every door in the city and try each key until something opens.
Account Cracking Unauthorized Account Takeover
Systematically breaking into online accounts using leaked credentials or brute-force methods Security

Account Cracking. The practice of gaining unauthorized access to online accounts — typically using automated tools, combolists, and checkers. Distinct from software cracking, which targets copy protection. Methods range from credential stuffing with leaked data to password spraying. Cracked accounts are sold, used for fraud, or mined for personal data.

Analogy A thief doesn't break down doors — they have a huge ring of keys copied from old locks, and a helper who quietly tests each one on every door in the building until something clicks.
Combolist Credential Combination List
A text file of leaked email:password pairs, the fuel for credential stuffing attacks Security

Combolist. A compiled file — often millions of lines — containing email:password or username:password pairs harvested from data breaches, phishing campaigns, or malware logs. Combolists are traded on dark web forums and form the raw input for automated credential stuffing and account cracking operations.

Example format john.doe@email.com:hunter2 — millions of these lines, aggregated from dozens of separate breaches, packaged and distributed as a single file.
Checker Credential Validation Tool
An automated tool that tests combolist entries against a target site at scale Security

Checker. A tool used in account cracking that takes a combolist and fires login requests at a target service in bulk, sorting results into "hits" (valid credentials) and "fails." Checkers use configs — small scripts describing how a site's login flow works — to mimic legitimate traffic. Often paired with proxy pools to evade IP-based rate limiting.

Analogy A robotic arm that tries every key on your ring against a lock — thousands of times a minute — and drops any key that works into a separate "hits" pile, automatically.
Pwned Compromised / Owned
Slang for being fully compromised — your credentials, account, or system fell into someone else's hands Security

Pwned. Originally a typo of "owned" from early gaming culture — meaning to decisively defeat someone. In security contexts it means your credentials or system have been compromised, typically through a data breach. Popularized as a technical term by Troy Hunt's Have I Been Pwned (HIBP), a service that lets users check whether their email appears in known breach databases.

In the wild "Your email was pwned in the RockYou2024 breach" — meaning that email/password combo is now floating in public combolists and should be treated as fully compromised.
// no entries matched your query