Some Offensive Security terminologies
Ethical hacking, penetration testing, vulnerability assessment, red teaming and many more terms flying around in the field of offensive security. often those terms are used interchangeably and that create the confusion that they mean the same thing which is not the case. also people that start learning about ethical hacking and penetration testing focus only on the hacking part and forget that a job of penetration testers not only to hack stuff but to follow rules of engagments and offer bussiness value to client they do the testing for and that require them to know the diffrence between the previosly mentioned terms to be more accurate and effective. so let’s define some terms!
The term hacker is often associated with cyber criminals that is why the word ethical was added to make it friendly but in reality a hacker is person who can make a creation (software, hardware…etc) behave diffrently than the creator intended to do which is not always bad thing. so ethical hacking is using the same computer attacks techniques as bad guys do with the target permission to find security flaws with the intention of strengthening that target security.
Penetration testing is subset of ethical hacking, it is simulating techniques of a real world atacker to find:
- security flaw
- exploit those vulneribilities
all of that according to rules of engagement under predefined scope in a controlled environment to determine the business risks and the potential inpacts for tested target and a goal of penetration test always to increase security and uncover flaws that can be a danger to the company or the organization.
Vulnerability assessment is not a penetration test because of the no exploit part of the target so it is the finding of vulrebilities and reporting them, a pentester should be really careful with types of test he is asked to perform since this can lead to legal complications.
Red teaming is a type of penetration testing I can go further and say harder than a normal penetration test because the attacker need to be sneaky and use silent techniques to avoid being detected and countered by the blue team, this kind of testing is used to determine the effectivness of the target defences and technologies and protection put in place and it is good to mention that red teaming is not implmented to show how good the attackers are but to help the target figure ways to tighten their security and be ready for a real world threats.