We've all been there, we knocked a company offline while doing some well intended security testing. How many requests per second is considered ethical? How deep into a system can you go, dump the database or not? Reverse shell or touch /tmp/pwned? What are YOUR ethical boundaries?

What is ethical? and why? Is buying credentials of the dark web ethical? Is fuzzing a server in a broom closet with millions of requests ethical? Did you know it was a raspberry pie in a broom closet?