Types of Hackers:

Not all of these types of hackers are pentesters , but it is good to know the different types and which ones are penetration testers versus malicious threat actors .

Black Hat: any hacker with malicious intent, such as cybercriminals.
White Hat: any hacker with non-malicious intent. Pentesters fall under this category.
Gray Hat: hackers that are neither black nor white hat hackers. They could be freelance hackers that take any type of work, or employed hackers that have their own motives during their free time.
Vigilante: Also known as red hat hackers, vigilantes are freelance hackers that hack based on their own moral agenda. They usually hack black hat hackers and attempt to stop their operations.
Blue Hat: hackers employed by an organization , usually refers to company pentesters.
Green Hat: inexperienced hackers, such as script kiddies (Course 3).
Hacktivists: hackers looking to spread their political agenda. Previous cases of hacktivists have been known to disturb new stations and be nuisances .
State-Employed: also known as state-sponsored (Course 3), hackers working for governments.

There are definitely more types of hackers than just these, but as you can imagine, the variety of motives that hackers have makes the difference between stereotypical hacking and pentesting clearer.

Different “Boxes” in Pentesting:

There are a variety of ways in which pentesting is carried out. These are referred to as black, white, and grey box hacking:

Black Box: the pentester begins hacking with no prior information given to them. This is the most realistic scenario when compared to the real world, so it can be more effective.
White Box: the pentester begins hacking with all information about the system given to them, this can include network structures and credentials .
Gray Box: the pentester begins with some information about the system given to them, not all or none.

Different “boxes” of hacking can be used to simulate different scenarios or just to provide the pentester with enough information that they need to be able to form an accurate report of the company’s security. Black box hacking is more realistic and more useful in finding unknown vulnerabilities, while white box hacking makes pentests faster and allows companies to simulate attacks and their responses.