# vulnerability disclosure
Contact: mailto:support@raidray.net
Expires: 2027-01-01T00:00:00.000Z
Acknowledgments: https://ctf.raidray.net/leaderboard
Preferred-Languages: en
Canonical: https://raidray.net/.well-known/security.txt

Policy and Best Practice's: 
   > Please refrain from running public automated tools, odds are our team are already using them.
   > No AI generated reports.
   > Do not attempt denial of service or social engineering attacks.
   > Do not exfiltrate/modify potentially sensitive/identifiable information. If you accidentally manage to, please stop what you're doing and place a report immediately.
   > Please provide a `proof of concept` (PoC) for the issue you are reporting.
   > Do not publicly disclose a vulnerability without our consent.
   > Do not leverage internal access to continue testing. (For example, if you get RCE on a server stop what your doing immediately.)
   > Do not upload rootkits, malware or otherwise go beyond what is necessary to prove that a vulnerability exists.
   > Do not discuss vulnerability details with anyone other than Raidray staff before the vulnerability is fixed.
   > Do not test in a way that can effect the preformance of our services.
   > Please refrain from testing forms used to communicate with the team.

SCOPE: 
   > raidray.net
   > raidray.com
   > ctf.raidray.net

NOT IN SCOPE:
   > ctf.raidray.net/play/*


# We would like to thank you for taking the time to help secure the internet.