📰 Originally published on SecurityElites — the canonical, fully-updated version of this article.
DAY 1 OF 100
100-Day Ethical Hacking Course
🔴 Day 1 — You are here
Day 100 — Professional Penetration Tester
01
“I remember sitting in front of my laptop at 2 AM, reading that a 19-year-old had just earned $50,000 from Google for finding a single security bug. I was 26, stuck in a boring IT support job, making $38,000 a year. That night changed everything for me.”
— The conversation that started SecurityElites. Today, I’m starting the same conversation with you. I am 100% sure every other person will start with ‘What is Ethical hacking?’ But we are built different..
Welcome to Day 1 of 100. No fluff. No padding. No theoretical lectures that put you to sleep. This is a hands-on, step-by-step journey from “I know nothing about hacking” to “I’m ready to get paid to hack legally.” And today, we build the foundation everything else will sit on.
Before I teach you a single command or technique, I need you to understand what ethical hacking actually is — not the movie version, not the scary news headline version, but the real, professional, legally-grounded discipline that companies pay billions of dollars for every year.
This lesson covers everything a beginner needs to know before Day 2. I want you to take your time with it. Re-read it. There are no shortcuts in security — but there is a clear, navigable path. You’re walking it right now.
📋 What You’ll Learn in Day 1
- What Ethical Hacking Actually Is
- The Three Types of Hackers Explained
- How Hackers Actually Think
- Is It Legal? The Law Explained Simply
- Careers & Real Salaries in 2026
- What You Actually Need to Start
- Your 100-Day Roadmap Overview
- Day 1 Practical Task
What Ethical Hacking Actually Is (And What It Isn’t)
Let’s get one thing clear immediately, because the internet has made this unnecessarily confusing: ethical hacking is not about wearing a hoodie in a dark room and “hacking the planet.” It’s a professional discipline — as structured and legitimate as accounting or engineering.
Here is the most accurate definition I’ve been able to put together after 15 years in this field:
DEFINITION
“Ethical hacking is the authorised, legal practice of probing computer systems, networks, and applications for security vulnerabilities — using the exact same methods as malicious attackers — but with the explicit permission of the owner and for the purpose of making those systems more secure.”
— SecurityElites Definition, used in our courses globally
The key word in that definition is authorised. That’s the one word that separates an ethical hacker from a criminal. Same skills. Same tools. Same knowledge. Different permission slip.
Think of it this way. A locksmith can pick any lock — that’s their professional skill. A burglar can also pick locks — same physical technique. The difference isn’t the skill. It’s whether the homeowner said “yes, please check if my locks are secure.”
🔓
Criminal Hacker
Uses hacking skills without permission. Intent: theft, disruption, extortion. Result: prison sentence.
🛡️
Ethical Hacker
Uses identical skills with written authorisation. Intent: find & fix weaknesses. Result: paid contract.
🏢
The Organisation
Pays for ethical hackers to attack their systems before criminal hackers do it for free — and for far worse.
Organisations pay for this because the alternative is far more expensive. The average cost of a data breach in 2025 was $4.88 million according to IBM’s annual report. Paying a pentester $5,000–$50,000 to find the holes first? Obvious business decision.
The Three Types of Hackers — White, Grey, and Black Hat
You’ll hear these terms constantly in this field. I want you to understand them clearly, because how you position yourself — legally and professionally — matters from day one.
Hat Colour
Who They Are
Permission?
Legal?
Examples
🤍 White Hat
Professional ethical hackers hired to find vulnerabilities
✓ Always
✓ Yes
Pentesters, Bug bounty hunters, Red teamers
🩶 Grey Hat
Hack without permission but usually disclose findings without causing damage
✗ Often Not
✗ Illegal
Researchers who report bugs they found uninvited
🖤 Black Hat
Malicious hackers — steal data, deploy ransomware, sell access
✗ Never
✗ Criminal
APT groups, ransomware operators, cybercriminals
⚠️ The Grey Hat Myth: I meet students who think grey hat hacking is fine because “they mean well.” Let me be direct: grey hat hacking is illegal. Good intentions don’t override computer misuse law. If you hack a system without permission — even to report the vulnerability — you are committing a crime. Everything in this course is white hat, always.
For the next 100 days, and for your entire career: we are white hat hackers. We work with permission. We document everything. We help, not harm. Burn that into your professional identity from Day 1.
How Hackers Actually Think — The Mindset That Changes Everything
This is the part of Day 1 that most courses skip entirely. Technical skills are teachable — I’ll teach you all of them over the next 99 days. But before any technique makes sense, you need to understand the thinking pattern behind hacking. It’s completely different from how most people approach systems.
📖 Read the complete guide on SecurityElites
This article continues with deeper technical detail, screenshots, code samples, and an interactive lab walk-through. Read the full article on SecurityElites →
This article was originally written and published by the SecurityElites team. For more cybersecurity tutorials, ethical hacking guides, and CTF walk-throughs, visit SecurityElites.
Top comments (0)