Hi Everyone! I have a question. If a particular program has designated domains/subdomains (no wildcards), and explicitly puts a number of domains/subdomains out of scope - should I ignore other subdomains I find? Even if vulnerable? They aren’t explicitly out of scope, but also aren’t listed in scope.
I’ve heard people say a lot of different things on this topic. I’ve heard some people say report it anyway, others to only stay strictly within scope. Are we even allowed to enumerate targets that aren’t in scope? Any input would be greatly appreciated!