Responsible Offensive Security

I cannot be too serious about how important it is that you only use the knowledge you gain in your security journey in ways that are 100% legal. It is extremely critical to remember that legal and well-intentioned are not the same thing.

Just because you are doing something to help out a friend, to secure someone's site, or just because you think it is a funny prank, does not make what you are doing okay. In the US it is very likely your good intentions or jokes are illegal under the Computer Fraud and Abuse Act or CFAA, and those activities could have a significant impact on you if you are ever caught in the act or compelled to tell the truth about your misuse of computer systems on job applications.

It's a significant problem for people who are just starting out, you have all this knowledge and the world is full of broken systems that you can do interesting things with. If you are too immature, you can really get yourself into dangerous territory very quickly.

Assignment:

Submit the following:

"I pledge to never use offensive security knowledge against systems I am not allowed to target under legal authorities. I will practice my offensive security knowledge against infrastructure explicitly designed for learning."

If you don't want to submit that, don't go any further on this site.