The Differences Between Black-Box, White-Box, and Grey-Box Attacks 

It's possible that, as an ethical hacker, you'll be invited to try your hand at various forms of hacking and penetration testing. After determining the scope of the assignment, the company may additionally request that you do one of three distinct forms of hacking or penetration testing. 

Black box

Grey box 

White box
Black Box

Black box testing is also known as Zero-Knowledge penetration testing. In a black box test, you are only given an IP range and no other details about the network. You're probably not a part of the system and you're trying to get whatever you can out of it. The company anticipates that you will independently research the system, identify security holes, and exploit them. Because you are testing the actual product and not the network or its processes, a black box test is more time-consuming. In contrast, it is more efficient since it more precisely replicates a real-world assault and allows you to offer an accurate evaluation of the network's security. 

White Box 

When compared to black box testing, white box penetration testing is the polar opposite. Full-Knowledge Penetration Testing is another name for it. In order to conduct a successful penetration test, you now have access to all the necessary data. The following are examples of the kind of information that the organisation could disclose: 

Diagrams of networks 
List of systems with their IP address
IP ranges
User credentials to log on to the systems

When compared to black box testing, the time necessary to complete a white box penetration test is far less. However, it probably won't provide you reliable answers. 

Grey Box
Combining elements of both black box and white box testing, grey box testing has its own unique set of advantages. You have some basic data to work with, but you need access credentials and setup information. The company may provide just the name and IP address of a programme, but not the version or the services it supports. Thus, it is a little more precise than a white box test.

Consequences of Actual Attacks 

Ethical hackers benefit from knowing how malicious hackers think. One effective strategy for this is to analyse previous significant assaults. Some examples of such massive assaults are: 

Adobe 

A breach at Adobe was publicly disclosed in October of 2013. The assault was briefly described as follows: 

The hackers stole the login credentials, names, and payment card information (including expiry dates) of 2.9 million users, as well as their Customer IDs and encrypted passwords. 

The ColdFusion, Acrobat Reader, and Photoshop source codes were taken. 
Sony. Sony has been the target of two major assaults. 

Sony PlayStation, Sony Online Entertainment, and Qriocity were all shut down for a month after the initial incident in April 2011. 

In short, here's everything you need to know: 

User accounts totalling 77 million were hacked, and the financial information of thousands more was exposed. SQL Injection attacks were used to get access to unencrypted data on Sony's network. 

The Month of November, 2014 Sony Pictures Entertainment was the victim of the second major assault. 

In short, here's everything you need to know: 
Malicious software in the form of a worm was used in the attack. 
More than 100 gigabytes of data were stolen from Sony in an attack orchestrated by a hacking organisation called Guardians of Peace. 
Bad management and inappropriate setup of the infrastructure were the weak points that were exploited. 

Other major institutions that have fallen victim to hackers in recent years include: 
Facebook 
Google+ 
Research Firm Cambridge Analytica Acquires Family Tree Website MyHeritage 
Quora 
Timehop 
T-mobile Cathay Pacific Airways 
Iconic airline British Airways 
Yahoo 
Auction House Marriott International 
Uber 

The Federal Bureau of Investigation (FBI) has previously recruited former hackers to help in the pursuit of some of the world's most skilled cybercriminals.