Here is the code of ethics of our offensive research and survey.
Objectives
- For all research projects and surveys, our target is to show a proof of concept of an attack/malware. We do not launch real attacks against any specific target(s).
- We do not use any exhaustive scan/attack to test any target(s).
Vulnerability Discovery and Reporting
- If we capture any private data, we will not use it for commercial or illegal purpose.
- If we find any data breach and potential vulnerabilities, we will report it to relevant authorities or/and the affected parties for remediation and rectification.
- Members of the project should keep relevant personal data and vulnerabilities confidential. Even it is for case studies, personal information should be masked.
- If we discover any vulnerabilities, and no parties respond to the notification, for the best interest of public and victims, we will resort to report it to authorities and/or media.
- Once the data required by authorities are submitted and/or their cases are closed, we will delete the data as soon as possible.
Malware Testing
- We test malware samples within a controlled environment.
- We should properly manage samples and exchange samples within the group in encrypted format.
