After this lesson, you will be able to: Understand ethical hacking, the engagement types, and the legal frame.
Pen testing is authorized attack, emulating a real adversary to find weaknesses *before* one does. Authorization is what separates this from a crime. This lesson covers the engagement types, the legal contracts, and the mindset shift.
Black box, tester knows nothing (most realistic, slow). White box, tester has source code, creds, architecture (efficient, less realistic). Gray box, somewhere between (most common in practice).
1. Reconnaissance, passive + active info gathering.
2. Scanning & Enumeration, find services, versions.
3. Exploitation, gain initial access.
4. Post-Exploitation, privilege escalation, lateral movement.
5. Reporting, what you found, how to fix it.
Pen tester: scoped technical assessment of one app/network. Red Teamer: full-spectrum simulation including social engineering, physical, prolonged. Different jobs.
Sign in and purchase access to unlock this lesson.