Lesson 1: Ethical Hacking — Thinking like an attacker within the law
Ethical hacking is one of the most exciting disciplines in cybersecurity: you learn to think like an attacker — in order to defend better. But the line between legal and illegal is crystal clear: written authorization. In this lesson we explore what separates an authorized penetration tester from a
An ethical hacker is like a detective who uses a burglar's tricks to protect a house — but only after the owner asked them to do it.
- Ethical Hacking
- Testing computer systems with explicit permission to find vulnerabilities before malicious attackers exploit them
- Written Authorization
- A formal document permitting a researcher to test someone else's system. Without it, any testing is a criminal offense
- CTF — Capture the Flag
- A cybersecurity competition where you find 'flags' (hidden text strings) in systems designed for the purpose — in a safe, legal environment
- Bug Bounty
- A program where a company pays external researchers for every security vulnerability found and responsibly reported
- Penetration Test
- A professional, structured security assessment where a full system is tested under a contractual agreement with the client
- Responsible Disclosure
- The practice where a researcher who finds a vulnerability reports it directly to the company and gives them time to fix it before publishing