█
LastWrite
  • > Curriculum
  • > Pricing
  • > For Educators
  • > About
  • > Contact
Log InGet Started

Questions, concerns, bug reports, or suggestions? We read every message, write to us at [email protected].

More ways to reach us →
LastWrite

Structured computer science lessons for aspiring developers and security professionals.

[email protected]

(201) 785-7951

Mon–Fri, 9 AM–5 PM EST

Learn

  • Curriculum
  • Pricing

Company

  • About
  • For Educators & Schools
  • Contact Us

Legal

  • Terms of Service
  • Privacy Policy
© 2026 LastWrite. All rights reserved.
Curriculum/Cybersecurity/Penetration Testing/What is Penetration Testing?
30 minBeginner

What is Penetration Testing?

After this lesson, you will be able to: Understand ethical hacking, the engagement types, and the legal frame.

Pen testing is authorized attack, emulating a real adversary to find weaknesses *before* one does. Authorization is what separates this from a crime. This lesson covers the engagement types, the legal contracts, and the mindset shift.

Black, white, gray box

Black box, tester knows nothing (most realistic, slow). White box, tester has source code, creds, architecture (efficient, less realistic). Gray box, somewhere between (most common in practice).

💡 The legal frame

Get a Statement of Work (SOW) and Rules of Engagement (RoE) signed BEFORE you scan a single port. 'Authorization' is the only legal difference between you and an attacker. CFAA in the US has put unauthorized 'researchers' in prison.

Pen test phases

  1. 1

    1. Reconnaissance, passive + active info gathering.

  2. 2

    2. Scanning & Enumeration, find services, versions.

  3. 3

    3. Exploitation, gain initial access.

  4. 4

    4. Post-Exploitation, privilege escalation, lateral movement.

  5. 5

    5. Reporting, what you found, how to fix it.

Pentester vs Red Teamer

Pen tester: scoped technical assessment of one app/network. Red Teamer: full-spectrum simulation including social engineering, physical, prolonged. Different jobs.

Sign in and purchase access to unlock this lesson.

Sign in to purchase
←Ethics and the Law (Mandatory First)
Back to Penetration Testing
Reconnaissance and Information Gathering→