You may have heard the term black-hat to refer to a hacker or white-hat to refer to a security consultant, such as a Pentester/Red Teamer. The differences really only vary in intent and outcome.

Hackers:

  • Their intent is usually for financial gain at your expense.
  • Their outcome is to gain unauthorized access to your network, use it for their benefit, and leave no trace.
  • The breach and all data accessed is covert, and you often do not know they are in your network until it is too late.
  • They have no concern for your data, privacy, availability, or integrity.
  • They have their own interests in mind.

Pentesters/Red Teamer:

  • Their intent is to uncover the same vulnerabilities and test the same exploits/attack vectors as a hacker, documenting every step taken along the way.
  • Their purpose is to provide you with ample guidance to protect yourself against discovered attack vectors.
  • They go to great lengths to ensure your network/systems remain available and data stays secure and confidential.
  • They provide you with detailed steps to mitigate and/or detect the attack vectors discovered during testing.
  • They set up an out-briefing to go over mitigation steps in person.
  • If Red Teaming, they will test your IR/SOC staff and then hold a debrief with the goal of helping your staff improve.
  • They have your best interest in mind.

Categories:


© PEN Consultants, LLC 2013 -