|
|
|
|
|
|
by dsacco
4123 days ago
|
|
|
If I were you, I would ask Amazon directly. In my experience companies are willing to speak candidly about what they do and do not allow with regards to penetration testing on their platforms. For example, DigitalOcean has given me explicit permission to use their VPS's for authorized penetration testing and security auditing for clients. Amazon in particular has a policy that requires written permission when testing AWS for both peripheral and direct auditing. This means that even if you're attacking a company hosted on AWS, you need Amazon's permission (as well as that company's), not just if you're attacking Amazon's AWS infrastructure directly. Now, you could say this means you've given yourself permission for attacking the honeypot, but you still need Amazon's permission for attacking AWS hosting the honeypot. I am not a lawyer, but I am a security engineer, and I'd say this is likely fine in this particular scenario. However, I urge you to contact them directly or find an explicitly written public policy on the matter. Hacker News is not a good place to find a definitive answer on this. |
|
|