What is an Ethical Hacker?
An ethical hacker is a skilled individual that helps organizations detect vulnerabilities in software, networks, infrastructure, and in the cloud. Unlike a malicious actor, they do not aim to capitalize on these findings, they provide the information with the best intent.
What Does an Ethical Hacker Do?
Ethical hackers find vulnerabilities by employing their skills, knowledge, and experience to the environments they encounter. They do this with both standard and custom tooling, automation, manual testing, as well as grit and determination. As they are not necessarily bound by a strict scope, or any rules of engagement, ethical hackers are able to utilize different techniques and look in places that may not be possible on a standard penetration test.
What Salary Does an Ethical Hacker Earn?
Ethical hackers can often be found working as part of red teams and as penetration testers. Earnings can range for each of these roles:
- A Red Team salary can range from: £35,000.00 - £66,000.00*
- A Penetration Tester salary can range from: £37,000.00 - £65,000.00*
*Based on GlassDoor base salaries for 2024
Is an Ethical Hacker the Same Thing as a Penetration Tester?
Not quite. Penetration testers and ethical hackers do have a lot of overlap in what they do, but penetration testers are focused on testing with a clear scope and clear guidelines, they will also report all findings, not just things that are considered critical. Ethical hackers are often not bound by a scope and can use techniques that would just not be used in a penetration test, as an example, social engineering would not normally form part of a penetration test but for an ethical hacker this is fair game.
Penetration testers are also required to write reports and interact with customer teams with regards to findings, they need to be able to converse with both technical and non-technical audiences.
Are There Other Legal Ways to Work as an Ethical Hacker?
Ethical hackers can often be found as independent researchers and bug bounty hunters on platforms such as BugCrowd, HackerOne, YesWeHack, and Synack Red Team.
Ethical hackers are paid for findings as opposed to a day rate, so the goal is often to find the most critical and difficult to exploit vulnerabilities to maximize payout. Payouts can sometimes reach the tens of thousands when very critical, but it’s the duty of the ethical hacker to prove the impact in most cases.
Can I Work from Home as an Ethical Hacker or Penetration Tester?
Very often there are opportunities to work remotely in red team roles. It's worth noting that penetration testing jobs may sometimes require client site visits and can sometimes be quite client-facing. Working as an independent researcher (as discussed above) also offers the freedom to work remotely. Overall, there is plenty of scope to work from home in these sorts of roles, so it's worth exploring if this appeals to you.
Scope and Ethical Hacking – Keeping Legal
When ethical hackers find vulnerabilities outside of vulnerability disclosure programs (VDPs) and Bug Bounty Programs (BBPs), and from organizations who do not have a clear disclosure policy set out in something like a security.txt file, there is often no scope to know what is considered “fair game”, and it relies on the judgement of the ethical hacker. The goal of ethical hacking is to not cause disruption or undue concern, but it should be realized that not all companies are as enthusiastic to receive reports from ethical hackers they’ve never worked with before when they’ve not been given authorization, particularly if it’s a serious vulnerability like disclosure of personally identifiable information which can have legal implications for the business.
There can be serious consequences for digital trespassing, so it's important that ethical hackers exercise common sense, minimize what they do to be the minimum required to prove a vulnerability, and always get authorization from the organizations before testing their assets to ensure they’d be happy to receive vulnerability reports if they don’t have a security.txt file outlining this.
A Cautionary Tale: In-Scope, But Without Due Diligence
Having been apart of vulnerability disclosure programs and bug bounty programs for a few years, I’ve on occasion gone out of scope unintentionally. Whilst working with a well-known platform, I worked on a program that gave IP addresses and these were considered in-scope by the business.
Upon testing I found multiple sites hosted on a given IP and found a serious vulnerability that I went ahead and reported. Upon further digging I realized that this was an IP for shared hosting, this meant that not all the websites were owned by the business on the IP.
After having my report closed for being out of scope, the program scope was updated, but I had to take the ethical step of notifying the unsuspecting business that I’d found a serious vulnerability, I’d exploited it, and this is how the situation had come about. At first, they were not very understanding to my email, and they thought I was trying to beg for a bounty. After a few back-and-forth emails and my offer to work with them to help upgrade the vulnerable software in the environment and assurances I wasn’t after any money, they were happy that I’d reported the vulnerability.
In that situation the business & provider could’ve done more to validate the IP address given, but as an ethical hacker I should’ve performed due diligence to understand the IP was shared and likely not in-scope to protect myself from any repercussions.
What is Physical Penetration Testing?
Physical penetration testing is the act of attempting to gain access to restricted areas and consequently the contents within these restricted areas. Physical penetration testing can include lockpicking, door latch attacks, RFID cloning, the use of bump keys, brute force attacks, and default credential attacks against pin pads on door entry systems.
Physical penetration testing is often done in conjunction with social engineering to gain initial access, for instance by deception as a worker, to gain credentials by cloning entry cards, or as simple as tailgating other employees.
What Other Skills are Useful for a Penetration Tester?
Report writing skills is an asset to penetration testers, as is the ability to talk with audiences of all technical levels to ensure the information conveyed is understood by all stakeholders. The role is a mix of client interactions, report writing, and testing for, and proving vulnerabilities.
Another very useful skill to have is scripting competency with a language such as Python. Automation of tasks and manipulation of data can help to improve efficiency during a penetration test, and it can help with the development of exploits.
Recommended Reading:
Salary: Penetration Tester in United Kingdom 2024
Salary: Red Team in United Kingdom 2024