System Hacking, Scripting, and Other Contronyms in Cybersecurity

The cybersecurity field continuously generates new terms and concepts as it evolves with time. It also repurposes words to describe new concepts. There’s a never-ending flow of jargon that some refer to as an alphabet soup of complexity. From  NGAV to XDR, it appears unlikely for cybersecurity to run out of new acronyms and terminologies.

Meanwhile, some popular terms used in cybersecurity can have contradicting meanings. These are the so-called contronyms, which may add some spice to the insipidity of tech terms. Here’s a list of some famous cybersecurity words or phrases many would probably think they are already familiar with but are likely to be surprised to learn about their other meanings. 


Most people tend to equate hacking to cybercrime, an attempt to illegally access, damage, or take over a computer system. This is not surprising given that most news articles that mention hacking use the term in its negative connotation, referring to cyber attacks aimed at bypassing access controls or security measures to prevent the unauthorized use of IT resources.

However, hacking can mean something positive or useful. In cybersecurity, system hacking can refer to an authorized effort to break existing security measures to test their effectiveness and spot weaknesses. The term often used for this action is “ethical hacking,” but hacking by itself is neither good nor bad. It’s how it is used that spells the difference.

Hacking in both its malicious and ethical instances follows the same stages. Also, they use similar techniques, from password cracking to phishing, the deployment of rootkits and trojans, exploitation of buffer overflows, privilege escalation, and the use of keyloggers. These steps and techniques are observed in attempts to exploit vulnerabilities and detect security weaknesses so that they can be plugged or resolved.


In contrast to hacking, patching is often perceived as a positive term. It is mostly known as the application of a software patch to address a vulnerability or add new functions. Software publishers regularly release patches for their software in response to developments in the cyber threat landscape and to provide improvements in their software products.

Negatively, patching refers to the unauthorized modification of a software or system by taking advantage of system vulnerabilities. Cybercriminals can infiltrate or corrupt software pipelines, allowing them to send out malicious software patches to unsuspecting users. This works because many tend to excessively trust their automated software pipelines or they carelessly obtain their software updates from unofficial sources.


Among those involved in network administration, sniffing is a legitimate process that entails the tracking and analysis of network traffic. This is done to undertake a troubleshooting task, monitor network performance, or facilitate network security-related actions. It is one of the vital actions in Intrusion Detection Systems (IDS).

However, sniffing can also refer to malicious packet sniffing, wherein an attacker intercepts the packets transmitted through a network. Sniffing allows bad actors to steal login credentials and other sensitive information. It can help them gain access to online accounts or steal crucial data. Sniffing is often used as a form of cyber attack on devices that connect to the internet through public WiFi networks. 

Sniffing in the negative context is not new. It has been used as an attack for decades. Cybersecurity advocates pointed out the threat of sniffing more than a decade ago amid the proliferation of businesses that offer free public WiFi connection without strong security. 


Scripting refers to the writing and deployment of scripts for the automation of repetitive tasks. It is used to automate routine actions, which enables the efficient management of systems. Scripting is also employed in penetration testing to simulate cyber attacks on a system. Similarly, it is used in log analysis and monitoring, day-to-day security operations, forensics and incident response, and cross-platform compatibility testing.

However, scripting can also be malicious, as used by threat actors. Cybercriminals can turn to malicious scripting to automate the execution of files that have been successfully introduced into a system. Successfully deceiving a computer user into downloading a file is not enough for the malicious file to inflict damage. Scripts are necessary to unleash the effects of malicious files and detect security vulnerabilities.


The term backdoor is usually known for its negative implication. Most news and articles refer to backdoors in an unfavorable context. This should not come as a surprise since backdoors are often used by cybercriminals. They serve as a way to bypass normal authentication for any computer-related system, facilitating unauthorized access or the introduction of malicious files to a computer or network.

However, backdoors can be a feature intentionally added to the software. They can be deliberately put in an app to provide an optional means of access in cases when conventional access methods are unavailable. This “necessary” version of a backdoor was in the spotlight some years ago when the US FBI asked Apple to purposely build a backdoor on their iPhones. 

Kill chain

The cyber kill chain is a framework developed by Lockheed Martin as part of its patented Intelligence Driven Defense model for cyber attack identification and prevention. It consists of a series of steps that represent the different stages of a cyber attack, from early reconnaissance to command and control and “actions on objectives.” This model helps organizations visualize and comprehend the different stages of an attack, focusing on critical points in the attack, developing strategies to mitigate threats, and boosting incident response capabilities.

Essentially, the kill chain is a process that is supposed to help organizations prepare for cyber attacks, successfully fend off an assault, and mitigate problems that emerge in the wake of a cyber attack. However, the phrase kill chain, in colloquial use, may refer to a successful cyber attack.

An exercise in cybersecurity jargon complexity

It may sound confusing, but contronyms exist everywhere. Interestingly, these words still make sense despite the auto-contradiction. In cybersecurity, contronyms reflect the complexity and flexibility of language, showing how words can change in meaning depending on their context and usage.

Isn’t it counterintuitive for cybersecurity terms to bear contradicting meanings? Possibly. However, what is ultimately important is the understanding that cybersecurity terms are far from straightforward. It is a must to properly get acquainted with them to understand what they really mean, especially with the rise of a plethora of acronyms and jargon introduced by security solution providers. Many of which tend to be marketing-speak or misnomers.