She sat back. The evidence was clear. But now, ethics came into play. She couldn’t just drop a bomb in the report. She needed context . What other doors were open? She reviewed the scan logs again. Port 445 (SMB) was also exposed, missing the EternalBlue patch. Two wormable vulnerabilities on the same server.
Here’s a short story inspired by the ethical hacking process of vulnerability analysis, with a nod to the instructional style of Lisa Bock’s videos. The Silent Scan ethical hacking: vulnerability analysis lisa bock videos
But here came the hardest part: validation . Scanners produce false positives. Lisa had stressed this in her LinkedIn Learning course: “Trust, but verify. Never hand a client a raw scan report. You are a translator, not an alarm bell.” She sat back
She was a junior penetration tester at SecuraLogic, and tonight was her first unsupervised vulnerability assessment for a small regional bank. The client, worried about an upcoming audit, had given her a week to probe their external-facing systems. She couldn’t just drop a bomb in the report
She closed her laptop and looked out the window. The sky was turning gray. She hadn’t hacked anything. She hadn’t stolen data or crashed a system. She had simply held up a mirror to the bank’s security posture.