What is the difference between a white-hat, grey-hat, and black-hat hacker?

White-hat hackers (ethical hackers) use their hacking skills for defensive and authorized purposes — they work with organizations' permission to find and fix vulnerabilities before malicious actors do. They perform penetration testing, bug bounty research, and security assessments. Black-hat hackers are malicious actors who exploit vulnerabilities without authorization for personal gain (financial, espionage, destruction) — they are criminals. Grey-hat hackers fall between the two — they may hack without authorization but typically don't have malicious intent; they might notify the organization after finding a vulnerability (but this is still potentially illegal without prior authorization). Other categories: Script kiddies (unskilled attackers using existing tools), hacktivists (politically motivated), nation-state actors (government-sponsored advanced threats — APT groups like Lazarus, Cozy Bear). In professional contexts, always obtain written authorization before any security testing.