Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
EASM mistakes waiting to happen
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
JR0ch17
January 25, 2022
Technology
60
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
EASM mistakes waiting to happen
JR0ch17
January 25, 2022
More Decks by JR0ch17
See All by JR0ch17
Traversing my way in the internal network
jr0ch17
0
190
Getting Started in Bug Bounty
jr0ch17
0
170
Getting Blindly Lucky
jr0ch17
0
110
Qu'est-ce que le bug bounty?
jr0ch17
0
160
Finding 5 bugs in a single parameter
jr0ch17
0
120
Beyond the Borders of Scope
jr0ch17
1
110
Bad API, hAPI Hackers!
jr0ch17
0
1.6k
Other Decks in Technology
See All in Technology
SONiC Scale-Up Working Group から探る Scale-UpやUltraEthernet機能の実装方法
ebiken
PRO
2
410
LayerX コーポレートエンジニアリング室におけるサプライチェーンセキュリティへの取り組み / Supply Chain Security at LayerX Corporate Engineering
yuyatakeyama
2
680
脱SaaS!FDEを支えるプロビジョニングと分離設計
knih
0
240
AWS Security Agent といっしょに脅威モデリングをやってみよう
amarelo_n24
1
180
AIはどのように 組織のアジリティを変えるのか?
junki
4
1k
AI-DLCを “そのまま導入しなかった”話 ~組織に合わせてアジャストした 私たちの実践共有~
hiroramos4
PRO
0
210
IaC コードを資産へ:AWS CDK 社内ライブラリと横断展開 / aws-summit-japan-2026
gotok365
5
1.1k
Agent Skills設計で柔軟性と硬さのバランスが難しい話
nassy20
0
140
入門!AWS Blocks
ysuzuki
1
160
2026 TECHFRESH 畢業分享會 - 開發日常大解密!從領域驅動到企業級上線
line_developers_tw
PRO
0
1.3k
アジャイルな経理と Claude Code と 経営の未来
kawaguti
PRO
3
160
日本 Fintech 未来予測レポート 2027〜2028年(手動編集版)
8maki
1
2.5k
Featured
See All Featured
Practical Orchestrator
shlominoach
191
11k
How to train your dragon (web standard)
notwaldorf
97
6.7k
Code Review Best Practice
trishagee
74
20k
Jamie Indigo - Trashchat’s Guide to Black Boxes: Technical SEO Tactics for LLMs
techseoconnect
PRO
0
170
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
46
2.9k
Believing is Seeing
oripsolob
1
150
The Director’s Chair: Orchestrating AI for Truly Effective Learning
tmiket
1
200
Money Talks: Using Revenue to Get Sh*t Done
nikkihalliwell
0
250
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
4.3k
How To Speak Unicorn (iThemes Webinar)
marktimemedia
1
490
Being A Developer After 40
akosma
91
590k
Bioeconomy Workshop: Dr. Julius Ecuru, Opportunities for a Bioeconomy in West Africa
akademiya2063
PRO
1
150
Transcript
EASM mistakes waiting to happen
GET /whoami HTTP/2 Jasmin Landry JR0ch17 Lead, IT & Security
at Montreal Canadiens fan
GET /agenda HTTP/2 EASM Common mistakes Hacker perspective
GET /EASM HTTP/2 What exactly is EASM? What does it
cover? Why is it important?
GET /common_mistakes HTTP/2 Lack of Change Management Not respecting Least
Privilege Misconfigured WAFs Cloud misconfigs (S3 buckets)
GET /hacker_perspective HTTP/2 • Subdomains • IPs • TLS certificates
• Third-party apps Recon EVERYTHING • Monitor for new assets • Monitor any change Continuous Monitoring
GET /thanks HTTP/2 Thank you for listening Questions? More questions?
DMs are open on and
SiteGround - Reliable hosting with speed, security, and support you can count on.
jr0ch17
ebiken
yuyatakeyama
knih
amarelo_n24
junki
hiroramos4
gotok365
nassy20
ysuzuki
line_developers_tw
kawaguti
8maki
shlominoach
notwaldorf
trishagee
techseoconnect
bcantrill
oripsolob
tmiket
nikkihalliwell
kastner
marktimemedia
akosma
akademiya2063
