June 11, 2026

Getting Started with Offensive Security: How Ethical Hackers Find Hidden Flaws #001

When most people hear the word “Hacker,” they picture a shadowy figure in a hoodie typing furiously in a dark room, trying to steal…

Mr. Rajak

2 min read

When most people hear the word "Hacker," they picture a shadowy figure in a hoodie typing furiously in a dark room, trying to steal passwords. But in the world of cybersecurity, hacking isn't always a crime. In fact, it is one of the most effective ways to keep our digital world safe.

This is the core of Offensive Security.

If you are just starting your journey into IT or cybersecurity, understanding how to think like an attacker is your first major milestone. Let's break down what offensive security is, what ethical hackers actually do, and look at a practical example of how vulnerabilities are discovered.

What is Offensive Security?

Think of offensive security like hiring a professional lockpicker to test the security of your own house. Instead of waiting for a burglar to show up, you proactively find the weak spots in your doors and windows so you can fix them. Security professionals use offensive techniques to test systems, applications, and networks by mimicking the tactics of real cybercriminals. The goal is simple: find the vulnerabilities before the bad guys do.

The Role of an Ethical Hacker

An Ethical Hacker (often called a "White Hat" hacker) is a professional who breaks into computer systems legally. Unlike malicious attackers, ethical hackers operate under a strict code of conduct:

  • They always have permission. They never test a system without written authorization from the owner.
  • They stay within the rules. They follow a predefined scope of work.
  • They report everything. Every vulnerability they find is documented and responsibly shared with the organization.
  • They help build defenses. Their findings are used to patch holes and improve overall security.

The First Step of a Hack: Enumeration

Before an attacker can exploit a system, they need to understand it. This information-gathering phase is called Enumeration. In web security, enumeration is like mapping out the blueprint of a building. You aren't just looking at the front door; you are looking for hidden back alleys, secret basement entrances, and unlocked windows. Hackers look for hidden directories, forgotten administrative login pages, and exposed services.

Tool Spotlight: Gobuster

To automate this mapping process, ethical hackers use command-line tools. One of the most popular is Gobuster.

Gobuster is designed to find hidden files and directories on a website. Because many hidden pages don't have public links pointing to them, Gobuster rapidly guesses thousands of possible page names using a predefined list of words (a "wordlist") to see if they exist.

A standard Gobuster command looks like this:

gobuster -u http://fakebank.thm -w wordlist.txt dir
  • -u: The target website URL.
  • -w: The wordlist it will use to guess the names.
  • dir: Tells the tool to look for directories.

A Practical Example: The "FakeBank" Lab

To understand how this works in practice, let's look at a simulated, safe learning environment called FakeBank. The goal of this lab was to see if the bank's website had any hidden pages that were accidentally left accessible to the public. By running Gobuster against the FakeBank website, two hidden directories were discovered:

  • /images
  • /bank-transfer

While an images folder is normal, a hidden /bank-transfer page is a massive red flag. (for practical go on Offensive Security Intro)

The Vulnerability: Broken Access Control

When visiting the hidden /bank-transfer page, we discovered that it wasn't locked. It didn't ask for an admin password. It simply allowed anyone who knew the secret URL to transfer money between accounts. This highlights a critical vulnerability known as Broken Access Control. Just because a page is "hidden" doesn't mean it is secure. If an attacker finds an unprotected administrative page, the results can be catastrophic, leading to data breaches, financial loss, and severe damage to a company's reputation.

Key Takeaways for Beginners

If you are just diving into cybersecurity, keep these core concepts in mind:

  • Vulnerability: A weakness or flaw in a system that can be exploited.
  • Attack Surface: Every possible entry point an attacker could try to use to get into a network or application.
  • Access Control: The security mechanism that checks if you actually have the right permissions to view a specific page or file.
  • Offensive Security is Proactive: Testing systems offensively is the best way to uncover misconfigurations before they turn into headline-making data breaches.

Cybersecurity is a massive field, and learning how attackers operate is the first step to becoming a great defender.

Are you currently studying cybersecurity or practicing on platforms like TryHackMe? Let me know what concepts you are tackling next in the comments below!

Follow Me on GitHub Account: https://github.com/mr-rajak-10 TryHackMe Account: https://tryhackme.com/p/Mr.Rajak