# Introduction - Practical foundations in ethical hacking ## Chapter 6: Practical foundations in ethical hacking Ethical hacking is the cornerstone of security verification within organizations. This chapter helps students develop a practical and professional understanding of who are ethical hackers and what they do. This chapter frames penetration testing as professional ethical hacking, a process involving authorized/contractual vulnerability discovery, exploitation, and mitigation. **This chapter will help students:** * Contrast professional ethical hacking (authorized/contract-based) with grey hat hacking (unauthorized, but essentially apolitical) and hacktivism (politically motivated). * Become familiar with the professional ethics of ethical hackers. * Understand potential benefits and possible risks of ethical hacking. * Appreciate ethical and legal consequences (e.g., CFAA violations) of unethical hacking. * Become familiar with defensive security and offensive security approaches, including SIRT/CSIRT (Security Incident Response Team/Computer Security Incident Response Team), SOC (Security Operations Center), red teaming, and ethical hacking. * Describe common defensive cybersecurity technologies such as packet analyzers (e.g., Wireshark and tcpdump), IDS/IPS (e.g., Suricata and Snort), network security monitoring/SIEM (e.g., Wazuh), and host/network firewalls (e.g., OPNsense, pfilter, and nftables). * Describe the phases of the penetration testing process (planning, reconnaissance, scanning and enumeration, exploitation, post-exploitation, and reporting). * Describe types of penetration testing (network, wireless, web application, physical, social engineering, and cloud). * Compare black box penetration testing and white box penetration testing methods. * Become familiar with key penetration testing methodologies (e.g., OSSTMM, NIST SP 800-115, ISSAF, and PTES), frameworks (e.g., OWASP Testing Guide and MITRE ATT\&CK), and technologies (e.g., Nmap, OpenVAS, Metasploit, and Burp Suite). * Identify common attack targets, including OS vulnerabilities, misconfigurations and default credentials, and OWASP Top 10 vulnerabilities such as cross-site scripting (XSS) and SQL injection (SQLi). ## Topics covered in this chapter [What is professional ethical hacking](/practical-foundations-in-cybersecurity/6.-practical-foundations-in-ethical-hacking/what-is-professional-ethical-hacking-1.md) [The perils of unethical hacking](/practical-foundations-in-cybersecurity/6.-practical-foundations-in-ethical-hacking/the-perils-of-unethical-hacking.md) [What do ethical hackers do?](/practical-foundations-in-cybersecurity/6.-practical-foundations-in-ethical-hacking/what-do-ethical-hackers-do.md) [Network security testing](/practical-foundations-in-cybersecurity/6.-practical-foundations-in-ethical-hacking/network-security-testing.md) [Defensive security vs offensive security](/practical-foundations-in-cybersecurity/6.-practical-foundations-in-ethical-hacking/defensive-security-vs-offensive-security.md) [Defensive cybersecurity technologies](/practical-foundations-in-cybersecurity/6.-practical-foundations-in-ethical-hacking/defensive-cybersecurity-technologies.md) [Phases of the penetration testing process](/practical-foundations-in-cybersecurity/6.-practical-foundations-in-ethical-hacking/phases-of-the-penetration-testing-process.md) [Types of penetration testing](/practical-foundations-in-cybersecurity/6.-practical-foundations-in-ethical-hacking/types-of-penetration-testing.md) [Penetration testing methodologies and frameworks](/practical-foundations-in-cybersecurity/6.-practical-foundations-in-ethical-hacking/penetration-testing-methodologies-and-frameworks.md) [Penetration testing technologies](/practical-foundations-in-cybersecurity/6.-practical-foundations-in-ethical-hacking/penetration-testing-technologies.md) [Common attack targets](/practical-foundations-in-cybersecurity/6.-practical-foundations-in-ethical-hacking/common-attack-targets.md) [Setting up a cybersecurity lab](/practical-foundations-in-cybersecurity/6.-practical-foundations-in-ethical-hacking/setting-up-a-cybersecurity-lab.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://dti-techs.gitbook.io/practical-foundations-in-cybersecurity/6.-practical-foundations-in-ethical-hacking/introduction-practical-foundations-in-ethical-hacking.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.