Like any types of tools in both physical and cyber worlds, this can be used for legitimate or evil purposes. Examples are illustrated below.
Legitimate purpose
- Content masking: required to protect privacy information in meeting regulatory compliance or certain industry requirements.
- Penetration test tools: cybersecurity assessment to uncover weakness of the target of evaluation for strengthening
Evil purpose
- Identity masquerading: the usual trick for phishing or social attacks.
- Without the asset owner authorization, use of penetration test tools is considered as malicious purposes to launch cyber attack and subject to disciplinary action, civil or criminal litigation.
Who judges the proper use? It’s set out by
- Corporate policies (if internal matters)
- Laws & regulations (when externally involving different entities)