Ethical hacking, good intentions and questionable outcomes

Joakim Tauren

Playlists: 'camp2023' videos starting here / audio

We've all been there, we knocked a company offline while doing some well intended security testing. How many requests per second is considered ethical? How deep into a system can you go, dump the database or not? Reverse shell or touch /tmp/pwned? What are YOUR ethical boundaries?

What is ethical? and why? Is buying credentials of the dark web ethical? Is fuzzing a server in a broom closet with millions of requests ethical? Did you know it was a raspberry pie in a broom closet?

This talk discusses ethical boundaries, the existence and lack of them, but also the grey areas in between. The spark for this talk has been initiated from the need to ensure that all forms of security testing would be beneficial to all parties concerned and within some ethical boundaries. From secret hacking techniques to open blog posts and CVE's. Hopefully this talk will spark some discussions within the community so we can all go home with a clear conscience and preserve moral high ground.