Reference · Glossary

Glossary & key

Every acronym, tool, and standard cited in the guide. Definitions are deliberately short — enough to keep a reader oriented, not enough to replace the source documents they point to.

A

Agent mode Copilot Chat capability: The mode of GitHub Copilot Chat that allows the assistant to propose tool calls against an attached MCP server, observe their output, and reason about next steps. Without agent mode, Copilot can discuss commands but not run them. Section 06 covers enabling it.
ATLAS MITRE Adversarial Threat Landscape for AI Systems: MITRE's threat catalogue for machine-learning systems, analogous to ATT&CK for traditional IT. Cited in Section 08 for mappings to AML.T0051 (prompt injection), T0053 (data leakage), T0054 (plugin compromise).
Authorisation: Written permission from someone with the authority to grant it, scoping the activity, the target, the time window, and the contacts. Section 02 treats the absence of authorisation as the dividing line between professional work and a Computer Misuse Act offence.

B

Basic authentication HTTP/RTSP scheme: An HTTP authentication scheme that transmits the username and password as base64-encoded text in the Authorization header. Trivially decoded; safe only over TLS.
Bridge networking Docker network mode: Default Docker network mode where the container gets its own network namespace and the host routes traffic to it via port maps (-p 5000:5000). The fallback on Windows and macOS where --network host is not supported.

C

cgroups Linux kernel feature: Control groups — the Linux kernel mechanism for limiting and accounting for resource usage by process groups. systemd uses cgroups to manage services, which is why Method 1 mounts /sys/fs/cgroup into the container on Linux.
CMA 1990 Computer Misuse Act 1990: The UK statute that criminalises unauthorised access to computer material (s1), unauthorised access with intent (s2), unauthorised acts impairing operation (s3), and making or supplying tools for those offences (s3A). The basis for Section 02.
Copilot Chat GitHub product: The conversational interface to GitHub Copilot, integrated into VS Code. Used in agent mode in this guide; Ask mode does not enable tool calls.
cURL command-line tool: The standard command-line HTTP and protocol client. Useful in this workflow for service probing and CVE verification — often as the "direct payload" leg of the triangulation pattern in Section 07.
CVE Common Vulnerabilities and Exposures: A catalogue of publicly known security vulnerabilities, each with a unique identifier (CVE-YYYY-NNNNN). Section 07's verification stage shows how to triangulate a candidate CVE against an actual device.
CVSS Common Vulnerability Scoring System: A numeric severity score (0.0–10.0) for vulnerabilities, currently at version 3.1. Section 07's reporting prompt insists severity ratings be CVSS-justifiable.

D

Digest authentication HTTP/RTSP scheme: An authentication scheme that exchanges a hashed challenge/response rather than the password itself. Stronger than Basic, but the hash is still capturable on a plaintext connection and can be brute-forced offline.
Docker: The container runtime used throughout the guide to package the Kali toolset and the MCP server in a disposable, reproducible environment. Section 04 covers manual setup; Section 05 covers Compose.
Docker Compose: The declarative configuration format for multi-container Docker applications. Method 2's docker-compose.yml bundles the whole lab into one file.
Docker Desktop: Docker's GUI client for Windows and macOS (and now Linux). After Method 2's first-time setup, the lab can be started and stopped from Docker Desktop with one click.

E

Excessive agency OWASP LLM06: The risk that an agentic system takes actions beyond what the operator intended, often because the model fills gaps in a loose prompt. The defence is tight prompts plus the approval gate.

G

GitHub Copilot: GitHub's AI coding assistant, available as a VS Code extension. Provides Copilot Chat, which in agent mode drives the workflow described in this guide.

H

Hydra command-line tool: A parallel network login cracker. In an authorised audit, commonly used for username enumeration and credential testing against services like RTSP and HTTP.
Host networking Docker network mode: Docker network mode (Linux only) where the container shares the host's network stack and NIC directly. Used in Method 1 and Method 2 on Linux to give the Kali container direct LAN access.

I

IDE Integrated Development Environment: The class of tool VS Code belongs to. In this guide, VS Code is the workspace where the engagement files, the assistant, and the MCP configuration all live.

K

Kali Linux: A Debian-derived Linux distribution maintained by Offensive Security, packaged with a curated set of security testing tools. Runs as a Docker container in this guide.
kali-linux-default: The Kali metapackage that installs the standard toolset (Nmap, Hydra, Nikto, Metasploit, etc.). Two alternatives exist: kali-linux-headless for a lighter install, kali-linux-everything for the full suite.

L

LF / CRLF line endings: Line-ending conventions. Linux and macOS use LF (\n); Windows historically uses CRLF (\r\n). The Method 2 setup.sh must be saved with LF endings or it fails inside the Linux container.
Loopback 127.0.0.1 / ::1: The local-only network interface that only the host itself can reach. The MCP server binds to loopback inside the container, which is the first trust boundary in Section 03.

M

MCP Model Context Protocol: An open JSON-RPC protocol for giving language models structured access to tools. The seam between Copilot Chat and the Kali toolset in this guide.
mcp-kali-server: The official MCP server for Kali Linux, packaged in the Kali repos. Exposes the standard Kali tools as MCP tools agent-mode clients can call.
Metasploit: The penetration-testing framework. Its check mode is the kind of mature third-party module Section 07 cites as a good third leg of the triangulation pattern.

N

NCSC UK National Cyber Security Centre: The UK government's technical authority for cyber security. Publishes the Vulnerability Disclosure Toolkit referenced in Section 02 and the Guidelines for Secure AI System Development referenced in Section 08.
NIS 2 EU directive: Directive 2022/2555 — the EU's revised Network and Information Security framework. Cited in Section 02 as an international counterpart to the CMA.
Nikto command-line tool: A web-server scanner that checks for outdated software, dangerous files, and configuration issues. Part of the Kali default toolset.
Nmap command-line tool: The standard network scanner. The default tool for the recon stage of a session — service-version discovery against an authorised target.

O

OpenSSL command-line tool: The standard TLS toolkit. openssl s_client -connect ... is the conventional way to inspect the certificate and handshake on a TLS endpoint.
OWASP LLM Top 10: OWASP's catalogue of the top ten security risks specific to LLM-based applications, currently at version 1.1 (2024). Mapped against in Section 08 — LLM01 (prompt injection), LLM02 (sensitive information disclosure), LLM05 (supply chain), LLM06 (excessive agency), LLM07 (insecure plugin design).

P

POE Power over Ethernet: A method of delivering electrical power to devices over the same Ethernet cable that carries their network connection. Common for IP cameras, access points, and other always-on infrastructure.
Privileged container Docker flag: --privileged (or privileged: true in Compose) grants the container elevated access to host resources. Required for systemd to manage cgroups inside the container; means the container should be run only on a single-purpose audit workstation.
Prompt injection OWASP LLM01: The class of attack where instructions embedded in data the assistant reads (a banner, a header, a file) are followed as if they came from the operator. Section 08 covers the workflow's defences.

R

Recon / reconnaissance: The opening stage of any security audit: establishing what is on the target. The second of the five stages in Section 07.
RTSP Real-Time Streaming Protocol: The application-layer protocol IP cameras use to publish video streams to clients. Plaintext by default; RTSPS (RTSP-over-TLS) is the encrypted variant, rarely supported by consumer-grade hardware.
RTSPS: RTSP-over-TLS. Conventionally bound to port 322. Not available on the worked-example device.

S

Scope drift: The pattern where authorised work incrementally extends into unauthorised territory — one small reasonable-seeming step at a time. Section 02 describes the common shapes.
security.txt: A conventionally-placed file at /.well-known/security.txt that publishes a vendor's vulnerability-disclosure contact. Section 02 names it as the starting point for responsible disclosure.
SME Small-to-Medium Enterprise: The audience this guide is written for — organisations with in-house IT but without a dedicated penetration-testing team.
systemd: The Linux init system used by Kali (and most modern distributions). In this guide it is what runs mcp-kali-server as a managed service inside the container — which is why the container boots /sbin/init as PID 1.

T

Tool call: The unit of action in agent mode. The assistant proposes a tool call (tool name + arguments); the operator approves it; the MCP server runs the underlying command. The approval gate is per-call.
Triangulation pattern: The discipline introduced in Section 07 of confirming every finding with at least three independent tests before recording it. The defence against the assistant being confidently wrong.
tmpfs Linux filesystem: An in-memory filesystem. systemd needs /run and /run/lock as writable tmpfs mounts inside the container.

V

VS Code Visual Studio Code: The cross-platform code editor from Microsoft. The workspace for this guide's workflow; reads .vscode/mcp.json to discover attached MCP servers.
VPN Virtual Private Network: A recommended alternative to direct port-forwarding for remote access to internal devices — the encrypted tunnel does the work that exposed plaintext ports otherwise would not.

W

WSL2 Windows Subsystem for Linux v2: The Linux-compatibility layer Docker Desktop uses on Windows. Provides the cgroups and tmpfs support that the Method 2 compose file relies on without the operator needing to think about it.