Explain the functions and capabilities of internal teams that emulate threat activities to benefit the organization.
1 Answer


  • Cyber security teams play both defense and offense roles. In most cases, their defense roles are more visible and important.

  • Software defense team may not only spend their time testing for assets vulnerabilities and make sure to eliminate them, but they also act as their adversary offensive teams to see if they can exploit friends’ systems and assets.

  • From knowledge and skills’ perspectives, most of the tools used in ethical hacking, white hacking, and penetration testing are also candidate tools for hacking and offense.

  • The major different between black and white hacking is the intention from using the different tools to test for vulnerabilities and exploit them or patch them.

  • To use their abilities for good, ethical, and legal purposes rather than for bad, unethical, and criminal purposes.

  • Defense teams may exploit vulnerabilities and bring some services down, part of partially or fully disclosed exercises; however, the intention again is not to expose and utilize those exploits but rather to bring more attention to security risks.

  • White hackers can be internal company employees or they can be sub-contracted to do this occasionally.

  • There are several levels of penetrating testing, vulnerability, and exploit activities. The two teams (i.e., organization and security testing team) should agree on all details before the initiation of the process.

Bug Bounty Programs

  • In the large national-level scale, large teams of cyber warriors and white or ethical hackers can test for or emulate threat activities.

  • In a contest in 2017 that is called “Hack the Air Force,” US military invited hackers through a contest to hack some of its websites.

  • Hackers are requested first to create an account and be vetted through the website (hackerone.com).

  • This is the third in a series of similar contests: “Hack the Pentagon” and “Hack the Army contests,” (Greene 2017).

  • White-hat hackers sometimes work as freelancers. One of the popular examples is the case of Sandeep Singh known as “Geekboy.”

  • He finds vulnerabilities in companies and reports them, and companies on return paid him for such services (CBS News 2017).

  • In the private sector, Bug bounty programs have been implemented by several large organizations, including Mozilla, Facebook, Yahoo!, Google, Reddit, Square, [8] and Microsoft.

  • For black-hat hackers, they share and exchange exploit information through the dark web and other cyberarms industry outlets.

Please log in to add an answer.