Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
EASM mistakes waiting to happen
Search
JR0ch17
January 25, 2022
Technology
0
34
EASM mistakes waiting to happen
JR0ch17
January 25, 2022
Tweet
Share
More Decks by JR0ch17
See All by JR0ch17
Traversing my way in the internal network
jr0ch17
0
130
Getting Started in Bug Bounty
jr0ch17
0
80
Getting Blindly Lucky
jr0ch17
0
61
Qu'est-ce que le bug bounty?
jr0ch17
0
92
Finding 5 bugs in a single parameter
jr0ch17
0
62
Beyond the Borders of Scope
jr0ch17
0
46
Bad API, hAPI Hackers!
jr0ch17
0
1.5k
Other Decks in Technology
See All in Technology
OPENLOGI Company Profile for engineer
hr01
1
20k
事業モメンタムを生み出すプロダクト開発
macchiitaka
0
110
20250309 無冠のわたし これからどう先生きのこれる?
akiko_pusu
9
700
[OpsJAWS Meetup33 AIOps] Amazon Bedrockガードレールで守る安全なAI運用
akiratameto
1
140
EMConf JP 2025 懇親会LT / EMConf JP 2025 social gathering
sugamasao
2
210
どちらかだけじゃもったいないかも? ECSとEKSを適材適所で併用するメリット、運用課題とそれらの対応について
tk3fftk
2
310
いまからでも遅くない!コンテナでWebアプリを動かしてみよう!コンテナハンズオン編
nomu
0
180
事業を差別化する技術を生み出す技術
pyama86
2
550
AI自体のOps 〜LLMアプリの運用、AWSサービスとOSSの使い分け〜
minorun365
PRO
9
1.2k
ABWG2024採択者が語るエンジニアとしての自分自身の見つけ方〜発信して、つながって、世界を広げていく〜
maimyyym
1
230
目標と時間軸 〜ベイビーステップでケイパビリティを高めよう〜
kakehashi
PRO
8
1.1k
貧民的プログラミングのすすめ
kakehashi
PRO
2
190
Featured
See All Featured
Dealing with People You Can't Stand - Big Design 2015
cassininazir
366
25k
Measuring & Analyzing Core Web Vitals
bluesmoon
6
260
A Philosophy of Restraint
colly
203
16k
Done Done
chrislema
182
16k
Making Projects Easy
brettharned
116
6k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
7
660
A Modern Web Designer's Workflow
chriscoyier
693
190k
A better future with KSS
kneath
238
17k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
29
1.1k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
11
1.3k
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
Documentation Writing (for coders)
carmenintech
69
4.6k
Transcript
EASM mistakes waiting to happen
GET /whoami HTTP/2 Jasmin Landry JR0ch17 Lead, IT & Security
at Montreal Canadiens fan
GET /agenda HTTP/2 EASM Common mistakes Hacker perspective
GET /EASM HTTP/2 What exactly is EASM? What does it
cover? Why is it important?
GET /common_mistakes HTTP/2 Lack of Change Management Not respecting Least
Privilege Misconfigured WAFs Cloud misconfigs (S3 buckets)
GET /hacker_perspective HTTP/2 • Subdomains • IPs • TLS certificates
• Third-party apps Recon EVERYTHING • Monitor for new assets • Monitor any change Continuous Monitoring
GET /thanks HTTP/2 Thank you for listening Questions? More questions?
DMs are open on and
jr0ch17
hr01
macchiitaka
akiko_pusu
akiratameto
sugamasao
tk3fftk
nomu
pyama86
minorun365
maimyyym
kakehashi
cassininazir
bluesmoon
colly
chrislema
brettharned
tammyeverts
chriscoyier
kneath
garrettdimon
reverentgeek
keithpitt
carmenintech
