Table of Contents

The Black Hat

The black hat is the most well known and most sensationalized1. The most notable group of black hats is the organization known as Anonymous. Some people categorize the works of Anonymous2 as a form of activism3 but others see it as purely self serving.

Black hats are motivated by self-serving reasons, such as financial gain, revenge, or simply to spread havoc. Sometimes their motivation might be ideological, by targeting people they strongly disagree with.


A TV show called Mr. Robot4 is a good example of the black hat hacker. The main character, Elliot, is a black hat hacker who is trying to bring down a large corporation. The show is a good example of the black hat hacker as a hacktivist. Mr. Robot is not only popular, but in my opinion, is well done and realistic.

Everyone wants for hacking to be as cool as it is in the movies.5 The reality is that hacking is a lot more boring than that. The vast majority of hacking is done by people who are trying to steal money or information. And a lot of the people who are doing this are known as “script kiddies”.6

Script kiddies are people who use tools that are publicly available to perform attacks on systems. Do not let the name fool you, script kiddies are incredibly dangerous. Generally, script kiddies utilize automated tools to perform attacks such as Metasploit7 or Kali Linux8. These tools are meant for penetration testers9 and security researchers to use to test the security of systems. Script kiddies use these tools to attack systems without any knowledge of how they work.

The White Hat

White hats are generally considered to be “the good guys”. These security professionals work to protect systems, data, users and organizations from attackers. White hats are often referred to as ethical hackers10 or penetration testers9 and are often employed by large organizations to secure their systems.

In general white hats fall into several different teams within organizations.

Security Team Organization

Red Team

The red team is a team of security professionals who are tasked with testing the security of an organization. Tasked with finding ways to infiltrate the organization through the use of social engineering, phishing, and other techniques. The red team is often tasked with finding vulnerabilities in systems and applications through active testing.

One goal for red teams is also to test the effectiveness of the blue team and the security operations center (SOC). The red team will often perform attacks on the organization and then report the results to the blue team. The blue team will then attempt to detect and respond to the attacks. The red team will then report the effectiveness of the blue team to the organization.

Blue Team

The blue team is a team of security professionals who are tasked with identifying and responding to threats to an organization. The blue team is responsible for monitoring, detecting, and responding to threats. This includes building and maintaining security systems, monitoring logs, and responding to security incidents.

The may also include the creation of a security operations center (SOC), policies and procedures, and security awareness training.

Purple Team

Red teams can be internal or external to the organization. Internal red teams are often referred to as purple teams11. Purple teams are comprised of both red and blue team members. Purple teams are often used to test the effectiveness of the blue team and SOC.

The Grey Hat

Grey hat hackers are a bit of a gray area (hence the color). They are not as directly malicious as black hats, but they are not as ethical as white hats. Hacktivists can sometimes be considered grey hats.

Some types of security research can be considered grey hat. For example, a open source intelligence (OSINT) research12 can be considered grey hat depending on the intent of the research. Social engineering13 is another example of grey hat hacking.