You may have heard the term black-hat to refer to a hacker or white-hat to refer to a security consultant, such as a Pentester/Red Teamer. The differences really only vary in intent and outcome.
- Their intent is usually for financial gain at your expense.
- Their outcome is to gain unauthorized access to your network, use it for their benefit, and leave no trace.
- The breach and all data accessed is covert, and you often do not know they are in your network until it is too late.
- They have no concern for your data, privacy, availability, or integrity.
- They have their own interests in mind.
- Their intent is to uncover the same vulnerabilities and test the same exploits/attack vectors as a hacker, documenting every step taken along the way.
- Their purpose is to provide you with ample guidance to protect yourself against discovered attack vectors.
- They go to great lengths to ensure your network/systems remain available and data stays secure and confidential.
- They provide you with detailed steps to mitigate and/or detect the attack vectors discovered during testing.
- They set up an out-briefing to go over mitigation steps in person.
- If Red Teaming, they will test your IR/SOC staff and then hold a debrief with the goal of helping your staff improve.
- They have your best interest in mind.