# 3. The Ethical Hacker Methodology

![Phases of Ethical Hacking - InfosecTrain](https://1178537843-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F2KUxfxUFmy000PDT7MtM%2Fuploads%2Fgit-blob-32e4fda894f23710d9cd657d4c04f34d5d5194bb%2FPhases-of-Ethical-Hacking.png?alt=media)

➡️ **Ethical hacking**, or **penetration testing**, identifies and addresses vulnerabilities in computer systems and networks through a structured process.

The five stages are:

1. **Reconnaissance**: Gathering information about the target using passive techniques like public searches, website browsing and DNS examination to understand the target and find potential entry points.
2. **Scanning**: Actively probing the target to discover open ports, services and vulnerabilities using tools like port scanners, network mappers and vulnerability scanners to identify exploitable weaknesses.
3. **Gaining Access**: Exploiting discovered vulnerabilities to gain unauthorized access using methods like password cracking, social engineering and software exploits.
4. **Maintaining Access**: Ensuring continued access by bypassing security, setting up backdoors and establishing persistent access to mimic a real attacker and assess potential impact.
5. **Covering Tracks**: Removing traces of activity by deleting logs, modifying files and restoring the system to its original state to remain undetected and to leave no evidence.

> Ethical hacking must always be **authorized**, legal and conducted with strict adherence to **ethical guidelines**, **confidentiality** and necessary **permissions** from system owners.
>
> ❗ **Use these techniques responsibly, ethically and with proper authorization for security testing!**

***

## Sections

1. [Information Gathering](https://blog.syselement.com/tcm/courses/peh/3-eth-hack/recon)
2. [Scanning & Enumeration](https://blog.syselement.com/tcm/courses/peh/3-eth-hack/enum)
3. [Vulnerability Scanning with Nessus](https://blog.syselement.com/tcm/courses/peh/3-eth-hack/va)
4. [Exploitation Basics](https://blog.syselement.com/tcm/courses/peh/3-eth-hack/exploit)
5. [Capstone Practical Labs](https://blog.syselement.com/tcm/courses/peh/3-eth-hack/capstone)

***