Secretus logoSecretus

Dex — the security & hacking glossary

Plain-language definitions of the cybersecurity, cryptography, and hacking terms you keep running into — the acronym soup decoded, and a reference of well-known APT groups with their common aliases. Written by the team building Secretus.

Core concepts

The foundational ideas the rest of security builds on.

Attack surface
The total set of points where an attacker could try to enter or extract data from a system. Reducing it — fewer servers, less stored data, shorter retention — is one of the most reliable defenses.
Defense in depth
Layering multiple independent controls so that no single failure is catastrophic. If one layer is bypassed, another still stands.
End-to-end encryptionE2EE
Encryption where only the communicating endpoints hold the keys, so no server, network provider, or platform in between can read the content. Data is encrypted before it leaves the sender's device and decrypted only after it reaches the recipient's.In Secretus: Every Secretus secret is encrypted in the sender's browser and decrypted in the recipient's; our servers never receive plaintext or decryption keys.
Ephemeral
Existing only briefly, then gone. An ephemeral message or key is designed to disappear after use rather than persist — the opposite of email and chat, which retain everything by default.
Forward secrecyPFS — perfect forward secrecy
A property where compromising a long-term key does not expose past sessions, because each session uses fresh, ephemeral keys that are discarded afterward. Recording today's traffic and stealing the key tomorrow still doesn't decrypt it.
Key exchangekey agreement
The process by which two parties who have never met establish a shared secret key over an untrusted channel, without ever transmitting the key itself. The security of an encrypted channel usually hinges here.
Metadata
Data about data: who talked to whom, when, how often, and how big the message was — even when the content itself is encrypted. Metadata frequently reveals more than people expect.
Plaintext / Ciphertext
Plaintext is the readable original data; ciphertext is its encrypted, scrambled form. Encryption turns plaintext into ciphertext with a key; decryption reverses it with the matching key.
Threat model
An explicit statement of who you're defending against, what they can do, and what you're protecting. Good security starts here — 'encrypted' is meaningless until you say against whom.
Zero-knowledge architecture
A system design in which the service provider cannot read the data it stores or transmits, because it never holds the keys. Often used loosely; the meaningful version is a precise statement of what the servers do and don't see.In Secretus: For Secretus this means one thing specifically: servers do not receive plaintext secrets or decryption keys.

Cryptography

The maths that turns readable data into protected data.

AESAdvanced Encryption Standard
The dominant symmetric cipher, standardized by NIST in 2001. AES-256 (256-bit key) is the common high-security choice; the GCM mode adds authentication so tampering is detected. Considered secure against classical and, for the key sizes used, quantum brute force.In Secretus: Async secrets are protected with browser-side AES-256-GCM.
Asymmetric encryptionpublic-key cryptography
A scheme with a keypair: a public key that anyone can use to encrypt (or verify), and a private key that only the owner uses to decrypt (or sign). Solves the key-distribution problem symmetric crypto has.
Diffie-HellmanDH / ECDH
The original public key-exchange method (1976): two parties derive a shared secret over a public channel. ECDH is the elliptic-curve variant — faster and smaller. Its security rests on the discrete-logarithm problem, which Shor's algorithm would break.
Double Ratchet
An algorithm (popularized by Signal) that combines a symmetric-key ratchet with a Diffie-Hellman ratchet, giving forward secrecy and post-compromise recovery across an ongoing conversation.
Hash function
A one-way function that maps any input to a fixed-size fingerprint (digest). Good hashes (e.g. SHA-256) make it infeasible to reverse the input or find two inputs with the same digest. Used for integrity, signatures, and password storage.
HKDFHMAC-based key derivation
A standard function that turns raw shared-secret material into one or more cryptographically strong keys of the right size and separation. Common as the final step after a key exchange.
HMAC
A keyed hash used to prove a message is authentic and untampered: only someone with the shared key can produce a valid tag. Distinct from encryption — it protects integrity, not confidentiality.
Hybrid key agreement
Combining a classical key exchange (like ECDH) with a post-quantum one (like ML-KEM), feeding both into a key-derivation function. An attacker must break both to recover the session key — hedging against either scheme being weakened.
ML-KEMKyber, FIPS 203
Module-Lattice Key-Encapsulation Mechanism — a post-quantum key-exchange scheme standardized by NIST in 2024 (formerly CRYSTALS-Kyber). Its security rests on lattice problems for which no efficient quantum algorithm is known. ML-KEM-768 is the mid-strength parameter set.In Secretus: Maximum Security mode adds ML-KEM-768 hybrid post-quantum key agreement to protect against harvest-now-decrypt-later risk.
Nonce / IVinitialization vector
A number used once per encryption to ensure that encrypting the same plaintext twice yields different ciphertext. Reusing a nonce with the same key can catastrophically break modes like AES-GCM.
Post-compromise securityPCS, self-healing
The property that a conversation can recover secrecy after a key compromise, once fresh key material is exchanged. A general goal of ratcheting protocols; strong claims about it require careful analysis or audit.
Ratchetsymmetric ratchet
A construction that derives a fresh key for every message and then discards the material needed to recompute past keys, so a later compromise can't decrypt earlier messages. A core idea behind modern secure messaging.In Secretus: Maximum Security uses a per-direction symmetric ratchet so each message gets its own key.
RSA
A classic public-key algorithm (1977) based on the difficulty of factoring large numbers. Still widely deployed, but vulnerable to a large enough quantum computer running Shor's algorithm — which is why the industry is migrating key exchange to post-quantum schemes.
Salt
Random data added to a password before hashing so that identical passwords produce different hashes, defeating precomputed 'rainbow table' attacks. Stored alongside the hash.
Shamir's Secret SharingSSS, k-of-n
A 1979 scheme (by Adi Shamir) that splits a secret into n shares so that any k reconstruct it, while k−1 shares reveal mathematically nothing. Used to remove single points of failure for high-value keys.In Secretus: Team Split runs Shamir's Secret Sharing k-of-n, creating and reconstructing shares client-side, with share material living in URL fragments rather than server storage.
Signal Protocol
The widely respected messaging-security protocol used by Signal, WhatsApp and others, combining X3DH key agreement with the Double Ratchet algorithm. Often referenced as the benchmark for end-to-end encrypted messaging.
Symmetric encryption
Encryption that uses the same key to encrypt and decrypt. Fast and used for bulk data, but both sides must somehow share the key securely first.
X3DHExtended Triple Diffie-Hellman
A key-agreement protocol that lets two parties establish a shared secret and authenticate each other using published prekey bundles — even if one party is offline when the other initiates.

Attacks & threats

How adversaries actually get in — and get your secrets.

Brute force
Systematically trying every possible key or password until one works. Made infeasible by sufficient key length and slow, salted password hashing.
Credential stuffing
Automatically trying username/password pairs leaked from one breach against many other sites, exploiting password reuse. Cheap, scalable, and defeated mainly by unique passwords plus MFA.
Harvest now, decrypt laterHNDL, store-now-decrypt-later
Recording encrypted traffic today to decrypt it in the future once quantum computers can break the key exchange. No decryption is needed now — only storage and patience. A live threat for anything with a long secrecy lifetime.In Secretus: Maximum Security adds ML-KEM-768 hybrid post-quantum protection specifically against harvest-now-decrypt-later risk.
Man-in-the-middleMITM, on-path attack
An attacker secretly positioned between two parties, relaying and possibly altering traffic while each side believes it's talking directly to the other. End-to-end encryption with authentication is the defense.
Phishing
Tricking a person into revealing credentials or running malware, usually via a fake email, message, or login page that impersonates a trusted party. Still the single most common initial-access technique.
Privilege escalationPrivEsc, LPE
Turning limited access into higher access — from a normal user to administrator/root, or from one account into another's. Often the step between initial foothold and full compromise.
Ransomware
Malware that encrypts a victim's files (and increasingly exfiltrates them first) then demands payment for the key. 'Double extortion' adds the threat of leaking the stolen data publicly.
Replay attack
Capturing a valid message or token and re-sending it later to impersonate the original sender or repeat an action. Defended with nonces, timestamps, and sequence numbers.
Side-channel attack
Extracting secrets from a system's physical behavior — timing, power draw, electromagnetic emissions, cache effects — rather than breaking the algorithm itself.
Social engineering
Manipulating people rather than technology — pretexting, urgency, authority, help-desk impersonation — to obtain access or secrets. The human layer is often the softest target.
Spear phishing
Targeted phishing tailored to a specific person or organization using researched details (names, projects, vendors) to appear legitimate. Whaling is spear phishing aimed at executives.
Supply chain attack
Compromising a trusted upstream dependency — a software library, build system, or vendor — to reach that supplier's many downstream customers at once. SolarWinds and XZ Utils are canonical examples.
Watering hole
Compromising a website the intended victims are known to visit, so the malware is delivered to them indirectly through a site they already trust.
Zero-day0-day
A vulnerability unknown to the vendor (and thus unpatched) at the time it's exploited — defenders have had 'zero days' to fix it. Highly valuable to attackers precisely because no patch exists.

Abbreviations

The acronym soup, decoded.

APTAdvanced Persistent Threat
A well-resourced, stealthy adversary — usually state-linked — that gains long-term access to a target and pursues strategic goals (espionage, sabotage) over months or years rather than a quick smash-and-grab.
C2C&C, command and control
The infrastructure an attacker uses to communicate with and control compromised machines — issuing commands and receiving stolen data. Detecting C2 traffic is a core defensive goal.
CVECommon Vulnerabilities and Exposures
A public catalog assigning each disclosed vulnerability a unique identifier (e.g. CVE-2024-3094), so everyone refers to the same flaw unambiguously.
CVSSCommon Vulnerability Scoring System
A standard 0–10 severity score for vulnerabilities, factoring in how easily and how severely a flaw can be exploited. Helps teams prioritize patching.
DDoSDistributed Denial of Service
Overwhelming a service with traffic from many sources so legitimate users can't reach it. About availability, not data theft — though sometimes used as a smokescreen.
EDREndpoint Detection and Response
Software on endpoints (laptops, servers) that monitors behavior to detect, investigate, and respond to threats that slip past prevention. XDR extends this across more data sources.
IAMIdentity and Access Management
The discipline and tooling for controlling who can access what — identities, roles, permissions, and their lifecycle. SSO and MFA live here.
IOCIndicator of Compromise
A forensic artifact suggesting a breach — a malicious file hash, IP address, domain, or registry key — shared so others can detect the same intrusion.
MFA / 2FAmulti-factor / two-factor authentication
Requiring more than just a password — something you have (a code, security key) or are (biometric) — so a stolen password alone isn't enough. TOTP apps and hardware keys are common second factors.In Secretus: Secretus accounts support TOTP-based multi-factor authentication.
OSINTOpen-Source Intelligence
Intelligence gathered from publicly available sources — social media, public records, leaked databases, code repos. The reconnaissance backbone of both attackers and defenders.
PIIPersonally Identifiable Information
Data that identifies a specific person — name, email, ID number, address. Its handling is governed by laws like GDPR, and it's a prime target in breaches.
RATRemote Access Trojan
Malware giving an attacker covert remote control of an infected machine — keystrokes, files, camera, microphone — typically communicating back to C2 infrastructure.
RCERemote Code Execution
A vulnerability that lets an attacker run arbitrary code on a target over the network — one of the most severe classes, since it typically means full control.
SIEMSecurity Information and Event Management
A platform that aggregates and correlates logs and events across an organization to detect, alert on, and investigate security incidents.
SOCSecurity Operations Center
The team (and facility) that monitors, detects, and responds to security events around the clock. Not to be confused with SOC 2, an auditing standard for service organizations.
SQLiSQL Injection
Injecting malicious SQL through unsanitized input to read, alter, or destroy a database. A decades-old class still causing breaches; parameterized queries are the fix.
TTPTactics, Techniques and Procedures
The characteristic behavior of a threat actor — how they operate at each stage — catalogued in frameworks like MITRE ATT&CK. Harder for attackers to change than a mere IP or hash.
WAFWeb Application Firewall
A filter in front of a web app that inspects HTTP traffic to block common attacks like SQLi and XSS before they reach the application.
XSSCross-Site Scripting
A web flaw where an attacker injects malicious script into a page other users view, running in their browser session to steal data or tokens. Mitigated by output encoding and Content-Security-Policy.

APT groups

Well-known state-linked and organised threat actors, with their common aliases.

APT1Comment Crew, PLA Unit 61398
A Chinese group whose large-scale intellectual-property theft was detailed in a landmark 2013 Mandiant report that publicly tied the activity to a specific military unit — a turning point in threat attribution.
APT10Stone Panda, MenuPass
A Chinese espionage group known for 'Cloud Hopper' — compromising managed service providers to reach their clients downstream, a supply-chain approach to mass espionage.
APT28Fancy Bear, Sofacy, Sednit
A long-running espionage group widely attributed by Western governments to Russian military intelligence (GRU). Known for targeting governments, militaries, and political organizations, including high-profile election-related intrusions.
APT29Cozy Bear, Midnight Blizzard, The Dukes
A stealthy espionage group widely attributed to Russia's SVR foreign-intelligence service. Associated with the SolarWinds supply-chain compromise and sustained, patient intrusions into government and tech targets.
Charming KittenAPT35, Mint Sandstorm, Phosphorus
A group attributed to Iran, focused on espionage against journalists, academics, activists, and government targets, frequently using elaborate social-engineering and fake personas.
Equation Group
A highly sophisticated actor widely linked in public reporting to the U.S. NSA, known for advanced implants and firmware-level persistence. Some of its tools later leaked publicly, fueling other attacks.
KimsukyVelvet Chollima, APT43
A North Korea-attributed group specializing in intelligence collection against think tanks, foreign-policy experts, and researchers, largely through spear phishing and credential theft.
Lazarus GroupAPT38, Hidden Cobra
A group attributed to North Korea, notable for blending espionage with financially motivated operations — bank heists, cryptocurrency theft, and the 2017 WannaCry ransomware outbreak.
OceanLotusAPT32
A group attributed to Vietnamese interests, targeting foreign companies, dissidents, and governments across Southeast Asia, often via tailored phishing and watering-hole attacks.
SandwormVoodoo Bear, APT44
A destructive group attributed to Russian military intelligence, linked to attacks on Ukraine's power grid and the NotPetya wiper (2017), one of the costliest cyberattacks in history.
TurlaSnake, Venomous Bear
A technically advanced espionage group attributed to Russia, known for novel techniques including satellite-based command-and-control and long-term intrusions into government and diplomatic targets.
Wizard Spider
A financially motivated cybercrime group behind the TrickBot malware and Ryuk/Conti ransomware operations, responsible for widespread extortion against enterprises and healthcare providers.

Put the theory to work

Share a password or file with end-to-end encrypted, one-time links — free, no account needed.