Authorization_&_Responsible_Use
This document governs the rules of engagement between Anon's Lab. and its clients. No testing is performed without explicit written consent.
Quick_Index
- 01. AUTHORIZATION
- 02. RESPONSIBLE_EXECUTION
- 03. SCOPE_&_BOUNDARIES
- 04. PROHIBITED_ACTIONS
- 05. EVIDENCE_HANDLING
02. Responsible_Execution
During all offensive operations, Anon's Lab. commits to:
- [✓] Minimizing operational downtime for the client's production environment.
- [✓] Immediate notification of critical findings posing active risk.
- [✓] Using non-destructive exploitation techniques unless explicitly approved.
03. Scope_&_Boundaries
The client must provide accurate and authorized "In-Scope" assets. Anon's Lab. shall not be held responsible for testing activities conducted on third-party systems if such assets were incorrectly identified as client-owned.
04. Prohibited_Actions
Unless explicitly authorized in writing, the following actions are strictly prohibited:
- • Denial-of-Service (DoS / DDoS) testing
- • Social engineering or physical intrusion
- • Data destruction, persistence, or backdoor deployment
- • Testing of assets not listed in the approved scope
05. Evidence_Handling_&_Reporting
All collected evidence, including logs, screenshots, packet captures, and reports, is handled securely and shared exclusively with authorized client representatives.
Evidence retention and secure destruction are governed by engagement agreements or client-specific requirements.