Cybersecurity Glossary

Category: Concepts & Methodology

Attack Surface - The total set of points where an attacker could enter or extract data. In Malanta, this means all internet-facing assets: domains, subdomains, IPs, and certificates.

Subdomain Takeover - A vulnerability where a subdomain points to a service that is no longer active. An attacker can claim that service and serve malicious content under your domain.

Dangling DNS Record - A DNS record (typically CNAME) pointing to a resource that no longer exists, creating a takeover vulnerability.

CNAME Record - A DNS record that maps one domain name to another. When it points to an abandoned resource, it creates a subdomain takeover vulnerability.

Indicator of Compromise (IOC) - Forensic data (domain, IP, file hash) indicating a potential security breach. Search for IOCs in the IoPA tool.

Indicator of Pre-Attack (IoPA) - High-confidence signals that attackers are actively building infrastructure to target you, detected before any attack occurs.

Attack Infrastructure - The collection of domains, IPs, SSL certificates, and emails that attackers set up for their campaigns.

Cluster - A group of related attack infrastructure elements used together by the same threat actor.

Threat Intelligence - Information about current and potential security threats used for informed defense decisions.

Remediation - Fixing or mitigating a security vulnerability.

Pivot - A node in an attack graph that connects multiple clusters, helping analysts understand campaign links.

Scope - A logical grouping of domains monitored together in Malanta.

MTTP (Mean Time to Preempt) - How fast you shut down a threat before launch.

Updated on: 26/02/2026