What Do Ethical Hackers Do?
Ethical hackers are motivated by different reasons, but their purpose is usually the same as
that of crackers: they’re trying to determine what an intruder can see on a targeted network
or system, and what the hacker can do with that information. This process of testing the
security of a system or network is known as a penetration test, or pen test.
Hackers break into computer systems. Contrary to widespread myth, doing this doesn’t
usually involve a mysterious leap of hackerly brilliance, but rather persistence and the dogged
repetition of a handful of fairly well-known tricks that exploit common weaknesses in the
security of target systems. A pen test is no more than just performing those same steps with
the same tools used by a malicious hacker to see what data could be exposed using hacking
tools and techniques.
Many ethical hackers detect malicious hacker activity as part of the security team of an
organization tasked with defending against malicious hacking activity. When hired, an ethical
hacker asks the organization what is to be protected, from whom, and what resources
the company is willing to expend in order to gain protection. A penetration test plan can
then be built around the data that needs to be protected and potential risks.
Documenting the results of various tests is critical in producing the end product of the
pen test: the pen test report. Taking screenshots of potentially valuable information or saving
log files is critical to presenting the findings to a client in a pen test report. The pen test
report is a compilation of all the potential risks in a computer or system.