Tactics
While penetration testing concentrates on attacking software and computer systems from the start – scanning ports, examining known defects and patch installations, for example – ethical hacking, which will likely include such things, is under no such limitations. A full blown ethical hack might include emailing staff to ask for password details, rummaging through executive’s dustbins or even breaking and entering – all, of course, with the knowledge and consent of the targets. To try to replicate some of the destructive techniques a real attack might employ, ethical hackers arrange for cloned test systems, or organize a hack late at night while systems are less critical.
Some other methods of carrying out these include:
- DoS attacks
- Social engineering tactics
- Security scanners such as:
- W3af
- Nessus
- Frameworks such as:
- Metasploit
Such methods identify and exploit known vulnerabilities, and attempt to evade security to gain entry into secured areas.
Read more about this topic: White Hat (computer Security)