Blog
Ethical Hacking Explained | The Scope, Goals, and How You Can Become One
- April 17, 2021
- Posted by: Muhammad Afaq Khan, CCIE #9070
- Category: Cybersecurity

So, what is Ethical Hacking? Well, it is hacking ethically. OK, that was not helpful. There are two types of hacking, white hat hacking, black hat hacking. They use similar tools and have similar goals, so then what is the difference. Well, there is one big difference and that has to do with consent or permission. White hat hackers are hired to hack so that implies they have the permission to hack the system or the network, I will explain why in a minute, whereas black hat hackers do not have the permission to hack. For this reason, white hat hackers are known as Ethical Hackers. I lied to you when I said there is only one difference, there is one more difference and that’s the end goal. When white hat hackers are done with their hacking activities, they generate a report and share their findings with the people who hired them as their end deliverable. Black hat hackers hack to steal or harm the target system so there is no report to share. So, why ethical hacking and why would a company hire and pay someone to break into their network. I know it sounds crazy, but it is done with the sole purpose of evaluating the safeguards in place by the people who built the system. For this reason, the white hat or ethical hackers are also known as pen testers or penetration testers.
In this article, I wanna talk about what is ethical hacking in detail and what does it take to be an ethical hacker and I will do so without trying to sell you any courses.
What is Ethical Hacking
So, Ethical hacking is legally breaking into computers and devices to test a company’s defenses. It is one of the most exciting IT jobs a professional can have, well you are getting paid to learn to hack and get to break into computers without any legal consequences. Companies hire ethical hackers to uncover vulnerabilities in their systems. From the ethical hacker’s point of view, there is no downside. Well, if you hack in past the current defenses in place, you’ve given your client a chance to close the security hole before an attacker finds it. On the flip side, if you don’t find anything, your client may be even happier because their defenses are secure enough that even qualified paid hackers couldn’t get past them. At the end of the day, it is a WIN-WIN.
What do Ethical Hackers Do
So, what do ethical hackers do? When working with the client, it is your job to help them define the scope and set some goals or objectives for your work as an ethical hacker. But before we talk about scope and objectives, let’s start with a list of activities that ethical hackers perform. This is your process if you will. So, the first up is to agree on the scope and objectives with your client. Second, kick off your pen-testing session and uncover potential vulnerabilities during your pen-testing session. Thirdly, and once your session is completed, then generate a report that includes your findings, your recommendations allowing the client to improve their security posture. And finally, work with software developers or other security professionals to coach them on security needs and maybe train the staff on the cyber traps that are out there. Logistically, when you are working as an ethical hacker, you are working as a consultant or a 1099 worker if you are in the US.
Ethical hacking Scope and Goals
Now, let’s go back to the scope and goals. So, here is how you set the scope of your ethical hacking job with your client. First, you need to identify what organizational assets are to be pen-tested. Second, find out more details about the assets such as the network, services, applications, or OS that are running. Thirdly, where is the line between automated vulnerability testing versus manual testing that is needed. You also need to list the hacking methods that are to be included in the test. And finally, what needs to be included in the test report, you must discuss with your client. Anyhow, in terms of goals, you need to talk about the following. Are data exfiltration and privilege escalation included? Is denial of service or DOS attack included? What should be included in the report and more importantly, what level of details should be included? Like if your client only needs a summary or every keystroke, every screenshot or every screencast needs to be included. Once you have settled on the scope and goals, it is time to initiate your work by following a simple process. Your process should include a discovery phase where you deep dive into your target. You want to know the IP addresses, OS platforms, applications used, versions, patch levels, open network ports, users, and anything else that can lead you to an exploit. The target discovery is crucial, and you will be surprised by the vulnerabilities that you already uncover even before kicking off your exploitation. Once you’re done with the Discovery, it is time to break into the target assets. This is what you are getting paid for, this is your break-in. If you have done your due diligence during the discovery part, you already have an exploit or two to get into the target system. If you don’t, be patient and continue to work through your process. Tools are your best friend and there are plenty of them out there. The two most commonly used by the top pen testers are Cobalt Strike and Metasploit. You can get your yearly license for as little as $3000. Sometimes you will gain access to a system, but that won’t be enough and further access will need privilege escalation, and that may need yet another exploit. You may have to laterally move from one host to another until you get to your final target.
The Perks of Ethical Hacking
Now, the final question, so how do you become an ethical hacker. Before we talk about that, let me share a few perks that you can enjoy today as an ethical hacker. You can make a ton of money. Besides the pen testing gigs, you can use a platform such as BugCrowd and HackerOne. They have tons of ethical hacking gigs listed that you can apply for today. Just for reference, BugCrowd shows about 228 gigs listed. If you have the budget, you can also consider bigger bug bounty programs. They are not easy, but the reward can be enormous. Like, finding one vulnerability in Tesla hardware and software can land you up to 15,000 dollars. Tesla has also priced each RCE at $10,000. Since the program began, 541 vulnerabilities have been successfully reported and rewarded. Tesla accepts or rejects validation pretty much within 24 hours. Likewise, Microsoft, Verizon, Apple, Google, and Facebook have their bug bounty programs. The best part? You can be located anywhere so check them out if you have not already. Another perk of being an ethical hacker is recognition. When you report a vulnerability, it will attract some fanfare on social media which can help you to build your resume. I think I have given you enough reasons to be excited.
Steps to Become an Ethical Hacker and Certifications
Now, let’s talk about the steps you can take to become an ethical hacker. There are two paths to becoming an ethical hacker and those are self-learning and instructor-led learning whether in-person or virtual. So, if you are a self-learner, you can create a curriculum and follow through with the resources already available online. In fact, for curriculum and relevant topics, you can simply follow the topics EC Council within their Certified Ethical Hacker certification. This way, if you decide to get certified, you have already covered the topics in advance. Now, if you want to be led or follow a more structured path, then consider taking the bull by the horn by getting certified. I already mentioned Certified Ethical Hacker or CEH from EC Council, then there is GPEN from GIAC or SANS. You can also take SEC560 network penetration testing and ethical hacking course from GIAC. You can do so either live or in person. There is also an Offensive Security Certified Professional or OSCP certification. In my opinion, they offer more rigorous exams with a real-world situation where you have to pen-test a network and thoroughly document your process. With certification, your goal is not to go from certification to certification until you have passed exam taker and become what I call a Professional Learner. What I suggest is to target one certification and then go get some hands-on on the job experience to back it all up.
Ethical Hacking Tools
No ethical hacking or pen testing discussion would be complete without a mention of ethical hacking tools. So, start with a Kali Linux distro since it is built from the ground up for penetration testing. When you are downloading a tool that’s made available by someone on the internet, be sure to it through the paces to ensure that it doesn’t contain a backdoor or malware. It is particularly common with free tools that are made available for pen testers. Anyhow, one day, perhaps you can create your tools. Now, finally, the world of ethical hacking is not the same today as it was 10 years ago. Now, you have access to out-of-box advanced toolkits such as Cobalt Strike and Metasploit. There are also open-source tools such as BloodHound, ZAP, Wfuzz, Wapiti, SQLMap, SonarQube, and so on.
Author:Muhammad Afaq Khan, CCIE #9070

Leave a Reply Cancel reply
0 (0) Today, we live in a world where there is nothing, and I mean nothing, off the limits for cyberattacks and particularly ransomware attacks. Our hospitals, our universities, oil pipelines, and now even our meat is under cyberattack. The cyberattack that flattened the IT operations at JBS Foods over the weekend turns out was […]
0 (0) Ransomware has been a growing menace for years, but there has been a marked increase, during the recent months, in sophistication and level of innovation in this portion of the cybercrime underbelly. If you didn’t know, cybercrime comes in many different types, such as email and internet fraud, identity theft, financial theft like […]
0 (0) It’s time to check your Pulse. I mean your Pulse Connect Secure VPN appliance. Hackers have been exploiting several previously known and one zero-day vulnerabilities affecting Pulse Connect Secure aka PCS VPN appliances. They are targeting defense, government, and financial organizations around the world. According to FireEye, several threat actors have been exploiting […]
5 (2) OK, we now have another supply chain attack that could become the next big hack. When April fools’ jokes were being published online, one company known as Codecov discovered something that was far from a joke. So, who is Codecov? Codecov is one of the many DevOps tools out there. It provides hosted […]
5 (2) So, what is Ethical Hacking? Well, it is hacking ethically. OK, that was not helpful. There are two types of hacking, white hat hacking, black hat hacking. They use similar tools and have similar goals, so then what is the difference. Well, there is one big difference and that has to do with […]
How useful was this post?