1. Scoping and Target Boundaries
Scoping is the foundational pillar of any offensive security engagement. We establish strict boundaries for all target environments. Any activity outside the declared scope is immediately classified as unauthorized.
Permitted Activities
Testing active subdomains, exploiting business logic flaws, checking API integration exposures, and probing web services.
Prohibited Actions
Distributed Denial of Service (DDoS), social engineering, physical office intrusion, and executing database deletions.