CERTIFICATE OF APPROVAL AND CONFIDENTIALITY AGREEMENT

Updated: February 1st, 2023

In order to test our services, it is important that you carefully read, This certificate defines test approval, data protection and exoneration from liability for KIGGU, on the test execution applied to ASSETS determined by each company.

1.   APPROVAL CERTIFICATE

1.1 KIGGU’s platform: hackingcommancenter.com, authorize and certify their customers to execute the following tests or services:

Hackingcommancenter.com official services:

• WAS - WEB APPLICATION SCANNING
• VS - VULNERABILITY SCANNING
• VA - VULNERABILITY ASSESSMENT
• EH - ETHICAL HACKING (INTRUSION – PENTEST)
• VM - VULNERABILITY MANAGEMENT
• OS-SAST - APP SECURITY TESTING
• SP - SPEAR PHISHING

1.2 It is important clarify that you as a company commits itself to implement these services or test only and exclusively against its own infrastructure IT or any ASSET authorized by its final customer.

1.3 All implemented tests by hackingcommancenter.com platform must be implemented with no unlawful purpose but through the most ethical and legal way.

1.4 In the failure to comply with this authorization, which means, if tests are implemented against any not authorized infrastructure by a not authorized company, or in the event this company implement unlawful actions, KIGGU, will not take any responsibility for actions or test made against another company or organization.

1.5 In order to protect test transparency we will rely on a log or event monitoring, which will collect and store information and data from ASSETS been evaluated, IP or targeted URL, (Company which runs the test to X asset), such a way if competent authorities request such information, we as a company can provide it. Each company Test reports are totally confidential and only the company executing test will be allowed to get access to them.

1.6 The hackingcommancenter.com platform is configured to execute test, we take as a reference best Penetration Testing Methodologies practices, which are available on the “Hacking Database” menu, followed by “Hacking and Penetration Testing Methodologies, Guides and Best Practices”. Thus, every test executed by our enrolled companies, must be executed legally.

1.7 In case you do not agree with present certificate and all these terms, please do not execute any test or contracting our services through our hackingcommancenter.com platform. Contact us at the “Support” menu and your record will be deleted from our databases.

1.8 Before we proceed, we request you approve current certificate with the aim of working in the future under transparent rules among KIGGU and your company

Before purchasing or execute any service, please follow the next recommendations:

1.8.1 Read and agree the terms of the certification.

1.8.2 Make a backup from the ASSET evaluated.

1.8.3 Preset on your configuration menu your own notifications, to know when a scanning begins and begins and completes.

1.8.4 Optionally you can place in a list of allowed IP addresses, our public server’s address, which you will find on the “tracking” menu.

1.8.5 Take appropriate measures ensuring continuity of service in the event of ASSET intermittency or denial of service.

1.8.6 Verify objectives to be evaluated before you execute any service.

1.8.7 Assets availability requires a consistent monitoring.

1.8.8 Use software to track asset modifications or perimeter security solutions.

1.8.9 On the “tracking” menu, monitor constantly testing source IP address.

1.9 Executive Presentation: One (1) executive presentation will be done. Through joint virtual meeting, you can request (1) executive presentation about the report. If your company is outside of The United States, we will agree the time zone, and report presentation language could be either one English or Spanish.

1.10 The fact your company registers in our platform does not imply compromise in purchasing services from our hackingcommancenter.com platform.

1.11 Access to platform is not limited by time, however, after a year with no activity on the hackingcommancenter.com we can place your company on hold y activation could be requested any time in our technical support center.

1.12 Our services do not focus on the execution of tests that may compromise the "Availability" of the website. With this clarification, KIGGU, is not responsible for the denial of the service on the website. To avoid denial of service on your company's website, the execution of any type of "denial of service attacks" will be omitted. You can check more information about the denial of service here. https://www.uscert.gov/ncas/tips/ST04-015

1.13 We reserve the right to select the companies interested in becoming part of our hackingcommancenter.com platform, carefully we select and validate identity of people representing the company prior to entry

1.14 Our platform hackingcommancenter.com is one of the best platforms to execute offensive tests against ASSETS, we have the best exploits databases and public and private vulnerabilities.

1.15 Companies listed in our “Hacking Database”, can find Pentester resources, security investigators and security and cybersecurity experts.

1.16 We carefully follow essential U.S. legislation; however, we exercise our right to securely exchange information.

1.17 In the case of finding vulnerabilities, these will be sent to the product manufacturer and will be posted to protect their local environment.

1.18 INACTIVITY: Inactivity in our platform will be associated with the following set assumptions:

• Company has not sign in, in less than a year.
• Company has not executed it’s purchased services in less than a year.
• Company has not purchased new services, in less than a year.

Companies which meet with those three premises, will be previously knowledgeable by mail one month before current year ends and in addition will be deleted from our platform after one year of inactivity.

1.19 In regards to the type of technologies that KIGGU can assess, we have: Servers and web applications, Scada, Databases, perimeter security devices, mobile devices, Operating Systems and network devices. For any other type of technology we cannot guarantee total reliability of the results.

1.20 Limitations for white box services are as follows.

1.20.1 For web applications it is important that the client removes Captcha controls temporarily to allow the platform to log in to execute tests.

1.20.2 SSH, SMB (Server Message Block) and WMI (Windows Management Instrumentation) protocols are used to perform local security checks. It is important that credentials are valid for the login process.

1.20.3 The following systems are supported for local security testing: AIX, Alma Linux, Amazon Linux, CentOS, Debian, F5 Networks, Fedora, FreeBSD, Gentoo, HP-UX, Huawei, Junos, MacOS X, Mandriva, NewStart CGSL, Oracle Linux, Oracle VM, Palo Alto, Photon OS, Red Hat, Rocky Linux, Scientific Linux, Slackware, Solaris, SuSE, Ubuntu, VMware ESX, Virtuozzo and Windows. Local testing on other systems may not be reliable.

1.21 The following limitations apply specifically to the VM - Vulnerability Management service.

1.21.1 The remediation process must be carried out by the company, not by KIGGU.

2.   WARRANTY & LIMITED LIABILITY

2.1 KIGGU accepts no responsibility in case of loss or damage caused by any breach or bad configurations on company’s ASSETS evaluated. KIGGU, accepts no responsibility in the case of information loss, data leakage, damage caused to ASSETS, cyber-attacks and any other damage related to your information, any type of data, substrate, content or variables related directly or indirectly to ASSETS; neither we accept responsibility for subsequent intrusions not authorized, after identification of security breaches no served either remedied on your company’s ASSETS. In any event is your company’s responsibility identifying which are the greater impact breaches, as well execute recommendations and guidelines to their solution. All existing services will be limited to development of Penetration Test execution phases, or Ethical Hacking tests, based on legal and authorized testing.

2.2 Under no circumstances our aim will be to extract information or affect availability, integrity or confidentiality on ASSETS evaluated. KIGGU will not guarantee testing produce continuity loss on the service of evaluated ASSETS, your company must take preventive measures to meet and ensure such continuity before your company execute services to their ASSETS.

2.3 Companies will use the hackingcommancenter.com platform, under their own risk. KIGGU will not be responsible for any mischief on the ASSETS evaluated.

2.4 Official information about hackingcommandcenter.com and their team will be exclusively published on the hackingcommandcenter.com website. Our goal will not be in any case disfiguring systems or websites and we will never launch a non-authorized attack on evaluated ASSETS. The hackingcommandcenter.com team is exclusively specialized on provide services stablished at the hackingcommandcenter.com platform, at no time our services will be destinated for mischievous actions.

2.5 The hackingcommandcenter.com and its team are not responsible of illegal use of platform.

2.6 The hackingcommandcenter.com will help companies to identify security breachs before cybercriminals take advantage of them.

2.7 We do not allow illegal activities or solicitations. Such cases will be immediately eliminated on our platform.

2.8 The hackingcommandcenter.com brings real information and will not take responsibility for any harm done on evaluated ASSETS.

3.   CONFIDENTIALITY AGREEMENT

KIGGU, recognized at United States, to execute our services through our hackingcommandcenter.com, we committed to:

3.1 Maintain under strict reserve classified and confidential information along performance of the project, regardless its purpose is related directly or indirectly. In consequence, we declare, understand and agree:

3.1.1 We will not disclose, expose, reveal or share information from our customers in any form or way, to any person different to our representatives or authorized access people. KIGGU will compromise to extent this obligation to all their staff members, contractors, and advisors with access to information obtained from services provided.

3.1.2 We will not use this information for purposes other than those related with execution and compliance of obligations under the service.

3.2 We understand as “Confidential information” all information related to activities, matters or properties of our customers, produced under the Project either in written, verbal or visual form, and by any means whether already existing or developed, meaning, regardless the way it was received. All technical, financial, legal, commercial, administrative, or strategical information from our customers, information established under business secret based on applicable intellectual property laws including, but not limited to project plans, investment and development, financial forecast, business plans, product plans and services related to current and future business and operations. Analysis, compilations, studies, other documents or customer data, their holding companies, branches, or subsidiaries, generated from mentioned information above.

3.3 We compromised to confidentially maintain information related to personal data from our companies’ staff members, their holding companies, branches, or subsidiaries, including but not limited to names, address, position, or email addresses. This obligation extends to our staff members, contractors, and advisors to get to know the information derived from our services by any way or means.

3.4 Privacy obligations and non-disclosures of the information here mentioned will apply as well on formats, frameworks, procedures, and specifications about software programs, operation models, quality plans and business procedures development by our companies’ staff members, their holding companies, branches, or subsidiaries , to which they have access through our services.

3.5 Privacy obligations and non-disclosures of the information will not grant any right of any kind in relation to our companies’ information, their branches, or subsidiaries.

3.6 Privacy obligations will not be applied to information concerning to:

3.6.1 Public domain or classified as public.

3.6.2 Information received, after its elaboration, from a third party, which holds legitimate right of disclose such information.

3.6.3 Information which has been legally disclosed by a third party, who did not have obligation of maintain confidentiality, or;

3.6.4 Such information was separately developed by a third party without reference to confidential information from either party.

3.6.5 When classified information must be delivered as confidential, by order of a judicial or administrative authority.

3.7 Privacy obligations here mentioned must be valid for ten (10) years from the suscription date to the platform hackingcommandcenter.com.

4.   APPROVAL OF PRESENT CERTIFICATE

4.1 In case of disagreement with present certificate, please abstain of execute test or contracting our services through our platform hackingcommancenter.com. You may contact us on the “support” menu to delete your own record from our databases.

4.2 Any person registered on our platform hackingcommancenter.com, will have to accept terms and conditions, otherwise must leave the hackingcommandcenter.com platform immediately, if you disagree with present certificate, you must leave the hackingcommandcenter.com as well.

4.3 If you agree about all that is established in the present document, the hackingcommandcenter.com team invites you to be part of our project, all you have to do is register and purchase the services required by your company.

4.4 Before starting any service, we will request you to read and agree the present certificate in order to work together based on clear and stable rules between your company and KIGGU, on the platform hackingcommandcenter.

We are looking forward any concern or question.

Kindly,

Phone: +1 305 330 1908 | Address: 848 Brickell Ave, STE 950, Miami, Florida 33131, US