Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
EASM mistakes waiting to happen
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
JR0ch17
January 25, 2022
Technology
56
0
Share
EASM mistakes waiting to happen
JR0ch17
January 25, 2022
More Decks by JR0ch17
See All by JR0ch17
Traversing my way in the internal network
jr0ch17
0
180
Getting Started in Bug Bounty
jr0ch17
0
160
Getting Blindly Lucky
jr0ch17
0
100
Qu'est-ce que le bug bounty?
jr0ch17
0
150
Finding 5 bugs in a single parameter
jr0ch17
0
120
Beyond the Borders of Scope
jr0ch17
1
94
Bad API, hAPI Hackers!
jr0ch17
0
1.6k
Other Decks in Technology
See All in Technology
Contract One Engineering Unit 紹介資料
sansan33
PRO
0
16k
AIペネトレーションテスト・ セキュリティ検証「AgenticSec」ご紹介資料
laysakura
0
1.6k
プロンプトエンジニアリングを超えて:自由と統制のあいだでつくる Platform × Context Engineering
yuriemori
0
170
NOSTR, réseau social et espace de liberté décentralisé
rlifchitz
0
150
Master Dataグループ紹介資料
sansan33
PRO
1
4.6k
DIPS2.0データに基づく森林管理における無人航空機の利用状況
naokimuroki
0
190
2026年度新卒技術研修 サイバーエージェントのデータベース 活用事例とパフォーマンス調査入門
cyberagentdevelopers
PRO
6
7.4k
AI時代に新卒採用、はじめました/junior-engineer-never-die
dmnlk
0
240
あるアーキテクチャ決定と その結果/architecture-decision-and-its-result
hanhan1978
2
570
Strands Agents × Amazon Bedrock AgentCoreで パーソナルAIエージェントを作ろう
yokomachi
2
270
AIがコードを書く時代の ジェネレーティブプログラミング
polidog
PRO
3
670
新メンバーのために、シニアエンジニアが環境を作る時代
puku0x
0
650
Featured
See All Featured
Between Models and Reality
mayunak
3
260
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
52
5.9k
Impact Scores and Hybrid Strategies: The future of link building
tamaranovitovic
0
250
We Have a Design System, Now What?
morganepeng
55
8.1k
DevOps and Value Stream Thinking: Enabling flow, efficiency and business value
helenjbeal
1
160
Game over? The fight for quality and originality in the time of robots
wayneb77
1
160
Intergalactic Javascript Robots from Outer Space
tanoku
273
27k
jQuery: Nuts, Bolts and Bling
dougneiner
66
8.4k
YesSQL, Process and Tooling at Scale
rocio
174
15k
SEO for Brand Visibility & Recognition
aleyda
0
4.4k
A Guide to Academic Writing Using Generative AI - A Workshop
ks91
PRO
1
260
Design of three-dimensional binary manipulators for pick-and-place task avoiding obstacles (IECON2024)
konakalab
0
400
Transcript
EASM mistakes waiting to happen
GET /whoami HTTP/2 Jasmin Landry JR0ch17 Lead, IT & Security
at Montreal Canadiens fan
GET /agenda HTTP/2 EASM Common mistakes Hacker perspective
GET /EASM HTTP/2 What exactly is EASM? What does it
cover? Why is it important?
GET /common_mistakes HTTP/2 Lack of Change Management Not respecting Least
Privilege Misconfigured WAFs Cloud misconfigs (S3 buckets)
GET /hacker_perspective HTTP/2 • Subdomains • IPs • TLS certificates
• Third-party apps Recon EVERYTHING • Monitor for new assets • Monitor any change Continuous Monitoring
GET /thanks HTTP/2 Thank you for listening Questions? More questions?
DMs are open on and
SiteGround - Reliable hosting with speed, security, and support you can count on.
jr0ch17
sansan33
laysakura
yuriemori
rlifchitz
naokimuroki
cyberagentdevelopers
dmnlk
hanhan1978
yokomachi
polidog
puku0x
mayunak
reverentgeek
tamaranovitovic
morganepeng
.png){kind=avatar}
helenjbeal
wayneb77
tanoku
dougneiner
rocio
aleyda
ks91
konakalab
