• Discovering the operating system and network weaknesses in an organization's technology infrastructure.
• Demonstrating how easy it is to launch cyberattacks on their company using penetration-testing methods.
• Executing security assessment simulations to show how easily they could be hacked by someone else.
• Reporting any security breaches and vulnerabilities discovered within the system or network directly to the owner or manager of that system.
• Keeping the discoveries confidential between them and the client or company.
• Wiping traces of the hack to ensure that malicious hackers cannot enter the system through the identified loopholes.