Ethical Hacking Lesson 1 – What is Ethical Hacking | Dataplexa

Ethical Hacking

I. Foundations & Hacking Mindset
1. What is Ethical Hacking 2. Hacker Types & Motivations 3. Legal & Ethical Considerations 4. Hacking Methodologies 5. Cyber Kill Chain 6. Footprinting & Reconnaissance 7. Passive vs Active Recon 8. Information Gathering Tools 9. Hacking Lab Setup 10. Kali Linux Overview
II. Reconnaissance & Scanning
11. DNS Enumeration 12. Whois & Network Enumeration 13. Google Dorking 14. Nmap Scanning 15. Port Scanning 16. Service Enumeration 17. Vulnerability Scanning 18. Nessus & OpenVAS 19. Banner Grabbing 20. Recon Best Practices
III. System & Network Attacks
21. Password Cracking 22. Brute Force Attacks 23. Credential Harvesting 24. Exploiting Misconfigurations 25. Linux System Attacks 26. Windows System Attacks 27. Privilege Escalation 28. Malware Concepts 29. Backdoors & Trojans 30. Network Sniffing 31. MITM Attacks 32. DoS Attacks 33. Wireless Attacks 34. Covering Tracks 35. Attack Mitigation
IV. Web Hacking & Real World
36. Web Architecture 37. OWASP Top 10 38. SQL Injection 39. Cross-Site Scripting (XSS) 40. Authentication Attacks 41. Session Hijacking 42. File Upload Vulnerabilities 43. API Security 44. Tools Summary 45. Mini Project – Ethical Hacking Lab
Foundations & Hacking Mindset · Lesson 1

What is Ethical Hacking

Most people think hacking is something criminals do in dark rooms. The reality is far more interesting — and there's an entire profession built around doing the same thing, legally, to help organisations stay safe.

So What Exactly Is Ethical Hacking

Picture a bank that wants to know how safe their vault really is. So they hire a team of security experts, hand them the keys to the building after hours, and say — try to break in. Find every weakness before a real criminal does. The team tries everything, documents what worked, and gives the bank a full report. The bank fixes the problems. Everyone wins.

Ethical hacking is exactly that — but for digital systems. Companies hire security professionals to attack their own websites, internal networks, and applications using the same techniques real attackers would use. The findings go into a report. The team fixes what's broken. The company becomes harder to attack.

The only thing that separates this from actual criminal hacking is a signed document giving the tester permission to be there. Same tools. Same techniques. One piece of paper that makes all the difference.

You might also hear it called:

Penetration Testing  —  the most common professional term
Red Teaming  —  a deeper, longer form of testing that simulates a real attack campaign
Offensive Security  —  the broader field that includes both of the above

Every System Has Weaknesses

Here is something the tech industry doesn't say loudly enough: every piece of software has bugs. Every network has misconfigured settings somewhere. Every company has at least one system that got forgotten and never updated. There is no such thing as a perfectly secure organisation — only organisations where the weaknesses haven't been found yet.

The question isn't whether a problem exists. It's who finds it first — your hired security team, or someone with bad intentions.

Found by a Real Attacker

Customer data gets stolen. The company finds out through news coverage or a ransom demand. Millions spent on emergency response, legal fees, and losing customers who no longer trust the brand.

Found by an Ethical Hacker

A report arrives on the security team's desk. Weaknesses get fixed quietly. Customers never know there was a risk. The company meets compliance requirements and sleeps better.

The Three Rules That Make It Legal

Ethical hacking and criminal hacking look identical from the outside. What makes one a profession and the other a crime comes down to three things. Miss any one of them and the legal protection is gone.

Written Permission

A signed document from the system owner that says you are allowed to test their system. Not a verbal "go ahead." Not an assumption they won't mind. An actual signed contract.

A Clear Scope

A boundary that defines exactly what you can and cannot test. If the contract says a specific part of the network, you stay inside it — even if you discover something interesting outside those boundaries.

Reporting Everything Back

Every vulnerability you find goes into a report for the client. You don't use the access for personal gain. You don't share findings with anyone outside the engagement. The client gets the full picture.

How a Real Engagement Actually Works

A penetration test isn't one frantic hacking session. It's a structured process that runs in phases, usually over one to three weeks. Here's how a real engagement typically breaks down from start to finish.

Phase Activity Time
Planning Sign contracts, define what is in scope, agree on the rules ~10%
Reconnaissance Research the target using publicly available information ~20%
Scanning Map the target — open ports, running services, software versions ~20%
Exploitation Attempt to exploit the vulnerabilities that were found ~20%
Post-Exploitation Show what an attacker could actually do with that access ~10%
Reporting Write clear findings that both technical teams and executives can act on ~20%

Notice that reporting takes as much time as the actual attack phases. Most beginners don't expect that. Finding a vulnerability is one thing — writing it up clearly enough that a developer can fix it, and simply enough that a CEO understands why it matters, is a skill on its own. The best ethical hackers are just as good at communicating as they are at breaking things.

This Is What a Real Finding Looks Like

After an engagement, the client receives a report with every vulnerability documented. Here is what a single finding card looks like inside a professional penetration test report — the kind a security team actually receives and acts on.

PENETRATION TEST REPORT — Finding #001 CRITICAL
Vulnerability SQL Injection on Login Page
Affected URL https://targetcompany.com/login
Risk Level
5 / 5 — Critical
Business Impact An attacker can extract the entire customer database — including names, email addresses, and password hashes — without needing any login credentials at all.
Remediation Replace string concatenation in the login query with parameterised statements. Patch within 48 hours. Verify fix with a retest.
Status Open — Awaiting Patch

That card is what the client pays for. Not a raw dump of tool output — a clear, structured explanation of what was found, how serious it is, what an attacker could do with it, and exactly how to fix it. Writing this well is half the job.

Ethical Hacking as a Career

This is one of the fastest-growing areas in technology right now. Demand for penetration testers, security analysts, and red team operators has outpaced the number of qualified professionals for years. Companies of every size — banks, hospitals, government agencies, startups — need people who can think like an attacker and communicate like a professional.

What makes the field genuinely interesting is the problem-solving nature of it. No two engagements are the same. Every target has a different setup, different weaknesses, different people making different mistakes. It rewards curiosity more than memorisation.

$110k+

Average salary for a mid-level pen tester in the US

3.5M

Unfilled cybersecurity jobs globally as of 2024

0%

Unemployment rate in cybersecurity for the past decade

Teacher's Note: This entire course is built around authorised, legal testing. Every technique you learn here is taught so you can use it professionally — with written permission, within a defined scope, with findings that go back to the client. That framing never changes, no matter how advanced the techniques get.

Practice Questions

Scenario:

A hospital is preparing for a cybersecurity audit next month. Their IT manager hires a security firm to legally attack their patient record system using real attacker tools — with a signed contract defining exactly what can and cannot be tested. The firm finds three critical vulnerabilities, documents them all, and delivers a full report. What is the formal name for this type of engagement?


Scenario:

You are three days into a penetration test for a retail company. Your signed contract covers their internal network only. While working, you notice their public website has a serious vulnerability that would be easy to exploit. The website is not mentioned anywhere in your contract. What is the term for the agreed boundary in a pen test that determines what you are and are not allowed to test?


Scenario:

A pen tester finishes an engagement and finds a critical vulnerability in the client's system. Their contract is complete. They could post the finding publicly to gain recognition — but instead they write a detailed report, send it only to the client's security team, and give the client 90 days to fix it before mentioning anything publicly. What ethical principle is the tester following here?


Quiz

Scenario:

You are on your first paid engagement. A colleague turns to you and says: "We are using the exact same tools and techniques that real criminals use. How is this actually legal?" What is the correct answer?

Scenario:

You are testing an e-commerce company under a signed contract. While working, you find an unprotected admin panel on a subdomain that clearly belongs to the same company but was not listed in your contract. What should you do?

Scenario:

A junior pen tester completes their first solo engagement and finds three serious vulnerabilities. But every finding in their report just says: "SQL injection found. Severity: High." A senior tester reviews it and says the report is incomplete and the client cannot act on it. Which phase of the engagement has gone wrong, and what does it actually require?

Up Next · Lesson 2

Hacker Types & Motivations

Not everyone attacking your systems wants money — knowing who is coming changes everything about how you defend.

Course Index Next →