The Hacker Dictionary | An A To C Of Hacker Terminology Part 1

So, there is a lot of terminology used within the hacking community. I’m not necessarily referring to technical terminology (although, that too!) but primarily slang terms used by hackers which may be confusing, especially to those new to the community.


  • Access / Axx / Axs: “Gaining Access” – referring to hacking into a server, for example spawning a shell or obtaining the login credentials.
  • ACL: “Access Control List” - A configuration file which lists permissions determining which objects can be accessed by users or machines.
  • ACK: “Acknowledged” - a play on words regarding the SYN-ACK packet handshake within networking.
  • Adware: A relatively harmless form of malware which results in the victim’s machine receiving unwanted and often intrusive advertisements, generally in the form of pop-ups. In some cases, adware is packaged alongside legitimate programs.
  • Airgap: an “airgap” is a device or network that is physically isolated/separated from everything else on the network or system.
  • APT: “Advanced Persistent Threat” - A highly sophisticated and well-organized group of attackers (often governemnt-funded) with financial backing
  • Arg: “Argument” - Abbreviation for an “argument” which is a value passed to a function within programming.
  • ASM: “Assembly” - Abbreviation for Assembly Language.
  • Asset: An “asset” in terms of hacking is used to refer to something of value to an attacker, used semi-synonymously with “target”. An attacker would identify “assets” in an application, and then target those assets in order to attempt to gain access. An asset can also be used to simply describe something of use to a system in general.
  • Attack Surface: An “attack surface” refers to the infrastructure of a target which can potentially be exploited by an attacker.
  • Attack Vector: An “attack vector” is a reference to a specific class of vulnerability. A particular vuln category used to gain access to something is known as an “attack vector”.
  • Attribution: “Threat Attribution” - The act of determining or attempting to determine who is behind a particular hack, e.g. “attributing” a cyber-crime to a specific group or individual.
  • Auth: “Authentication” or “Authorization” - referencing to whether a user is authenticated e.g. logged in, and/or authorized to perform a specific action


  • B&W: “Bells and Whistles” - unnecessary or non-essential features or functionality within a program or script.
  • Backdoor: A secret route into a computer system.
  • Bar: Used as a placeholder value in programming (generally in pseudo-code), along with “foo” - e.g. "string foo = ‘bar’.
  • BARF To ouput an error message.
  • Box: A Machine. Could refer to anything from your own computer to a remote server. Example: “I hacked your box.”
  • Bit(s) or Byte(s): Units of data.
  • Bitflip: To flip a bit (in terms of endianess).
  • Bitbucket Stores excess run-off from the machine’s shift registers.
  • Bitsquat/Bitsquatting: Used to refer to bit-exploitation errors regarding DNS resolution. Often used as an advanced form of phishing.
  • Bot: A program that performs automated actions. This could be non-malicious e.g. an AI or a chatbot, or it could refer to a compromised machine that is part of a botnet.
  • Botnet: A network of machines. Generally this is used to refer to an illegal network of compromised (infected) computers, although it could be legal too; for example in the sense of a server cluster used for distributed computational processes.
  • Botherder: A “bot herder” is someone who spreads for a botnet
  • Botmaster: A “botmaster” is the common name for a Botnet Operator.
  • Blackbox: “Blackbox Testing” - a form of vulnerability testing where you do not have access to the source code.
  • Blackhat: A malicious hacker. A cyber-criminal who breaks the law for their own malicious or financial gains.
  • BLT: Shifting large amounts of data (Based on the PDP-10 block transfer instruction).
  • Blue Team: The security team responsible for defending a system’s infrastructure.
  • BNC: Short for “bouncer”, used to “bounce” your connection.
  • Break: (programming) To terminate case/switch flow once a condition is met.
  • Breakpoint: A point within a program that it set to pause the execution flow of the code (used for debugging purposes).
  • Bruteforce: An attack that attempts to guess a password or key by attempting every possible combination.
  • Bug: An issue with some code (sometimes benign, other times referring to a security flaw).
  • Bum: (programming) Minor modification of an algorithm to drastically increase efficiency.


  • Coder: Synonymous with “programmer”.
  • Chip-off: A physical attack which involves removing memory chips from a machine to retrieve info from them.
  • Crack: To break encryption.
  • Crypto: Short for “cryptography”.
  • Crypter/Crypting: A method to make malware harder to detect by anti-virus software.
  • Crunch: A long computational process, often referring to an algorithm that is mathematical in nature.
  • CRLF: Abbreviation for “Carriage Return, Line Feed”.
  • cURL: A method of making a request / grabbing a resource from a remote URL.
  • CUSP: Abbreviation for “Commonly Used System Program”.

Credit to S3lf an outsider, for this share!