Ethical Hacker / Penetration Tester
Legally simulate cyberattacks to find vulnerabilities in systems, networks, and applications before real criminals do — then report findings so organisations can fix them before they are exploited.
An Ethical Hacker (also called a Penetration Tester or "pen tester") is a cybersecurity professional who is paid to attack systems — legally and with explicit written authorisation — in order to discover vulnerabilities before malicious hackers do. The work is a form of authorised adversarial simulation: the penetration tester thinks and acts like a criminal hacker, but operates within a defined scope, timeline, and rules of engagement, and produces a professional report of findings with remediation recommendations. Penetration testing covers multiple domains: web application testing (finding SQL injection, XSS, IDOR, authentication bypass vulnerabilities in web apps), network testing (finding open ports, unpatched services, misconfigured firewalls, weak credentials), Active Directory/Windows environment testing (exploiting domain trust relationships, Kerberoasting, Pass-the-Hash attacks), mobile app testing (reverse engineering Android and iOS apps for security vulnerabilities), and social engineering (testing whether employees can be manipulated via phishing or physical access). The field also encompasses more advanced work: Red Team operations simulate sophisticated, persistent, multi-stage attacks against an entire organisation over weeks or months; Bug Bounty hunting involves independently finding vulnerabilities in companies' systems via public programmes (HackerOne, Bugcrowd) and receiving rewards for valid reports. In Sri Lanka, dedicated penetration testing roles exist primarily at security consultancies, banks' internal security teams, and outsourcing companies with security practices (99x, Zone24x7). The most realistic career entry path for a Sri Lankan ethical hacker is: SOC analyst first, then penetration testing internally, then freelance bug bounty / consulting work or an international role. The international demand for penetration testers is very strong — OSCP-certified testers with a strong portfolio can work remotely for UK/US/EU security firms or pursue immigration pathways where cybersecurity is on shortage lists.
What a Ethical Hacker / Penetration Tester does daily
- Conduct web application penetration tests — systematically testing web applications for OWASP Top 10 vulnerabilities and beyond; using Burp Suite to intercept, modify, and replay HTTP requests
- Perform network penetration testing — scanning networks with Nmap, identifying open services, testing for known vulnerabilities, attempting exploitation with Metasploit or manual techniques
- Test Active Directory environments — simulating attacks against Windows domain environments; Kerberoasting, AS-REP Roasting, Pass-the-Hash, DCSync, BloodHound path analysis
- Conduct social engineering assessments — phishing email campaigns, vishing (voice phishing) calls, physical access testing to evaluate human security controls
- Perform mobile application testing — reverse engineering Android APKs and iOS IPAs; testing API security, insecure data storage, improper authentication
- Conduct Red Team operations — extended, sophisticated, multi-stage attack simulations against an entire organisation; simulating nation-state or APT (Advanced Persistent Threat) attack patterns
- Hunt bug bounties — independently finding and responsibly disclosing vulnerabilities in companies' bug bounty programmes on HackerOne or Bugcrowd
- Write penetration test reports — documenting findings with CVSS severity scores, proof-of-concept screenshots, attack chains, and actionable remediation recommendations
- Debrief clients — presenting findings to technical and executive audiences; explaining what was found, what the real-world impact would be, and what to fix first
- Stay current with new vulnerabilities and techniques — reading CVE disclosures, security research papers, and conference talks (DEF CON, Black Hat) to maintain an up-to-date attack knowledge base
Step-by-Step Career Roadmap
- Start TryHackMe — create a free account; complete "Pre-Security" then "Introduction to Cybersecurity" learning paths; both are beginner-friendly and gamified
- Learn how the web works — HTTP requests and responses, HTML/JavaScript basics, how forms submit data, what a cookie is; PortSwigger Web Security Academy has free beginner modules
- Learn Linux command line — install WSL (Windows Subsystem for Linux); practice navigation, file operations, permissions, processes; all penetration testing tools run on Linux
- Learn basic Python — write simple scripts; understanding how to read and modify code is essential for penetration testing; freeCodeCamp Python intro (free)
- Read about real-world hacks — Krebs on Security, The Hacker News; understanding what attackers actually do contextualises the technical learning
- TryHackMe: Pre-Security path (free)
- TryHackMe: Introduction to Cybersecurity path (free)
- WSL setup + Linux basics tutorial
- PortSwigger Web Security Academy: Web fundamentals module (free)
- Python basics: freeCodeCamp (free)
- Any use of hacking techniques on systems or networks you do not own is a criminal offence in Sri Lanka under the Computer Crimes Act No. 24 of 2007 — this applies even if your intent is curiosity rather than harm; always use dedicated practice platforms like TryHackMe and never test on real targets without explicit written permission