Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
EASM mistakes waiting to happen
Search
JR0ch17
January 25, 2022
Technology
0
44
EASM mistakes waiting to happen
JR0ch17
January 25, 2022
Tweet
Share
More Decks by JR0ch17
See All by JR0ch17
Traversing my way in the internal network
jr0ch17
0
150
Getting Started in Bug Bounty
jr0ch17
0
130
Getting Blindly Lucky
jr0ch17
0
78
Qu'est-ce que le bug bounty?
jr0ch17
0
120
Finding 5 bugs in a single parameter
jr0ch17
0
88
Beyond the Borders of Scope
jr0ch17
0
73
Bad API, hAPI Hackers!
jr0ch17
0
1.6k
Other Decks in Technology
See All in Technology
日々のSlackアラート確認運用をCustom Chat Modesで楽にした話 / 日々のSlackアラート確認運用をCustom Chat Modesで楽にした話
imamotohikaru
0
450
今日から使える AWS Step Functions 小技集 / AWS Step Functions Tips
kinunori
7
650
なぜThrottleではなくDebounceだったのか? 700並列リクエストと戦うサーバーサイド実装のすべて
yoshiori
10
3.5k
AI時代におけるドメイン駆動設計 入門 / Introduction to Domain-Driven Design in the AI Era
fendo181
0
670
クレジットカードの不正を防止する技術
yutadayo
15
6.7k
仕様駆動 x Codex で 超効率開発
ismk
2
1.4k
QAセントラル組織が運営する自動テストプラットフォームの課題と現状
lycorptech_jp
PRO
0
370
【AWS reInvent 2025 関西組 事前勉強会】re:Inventの“感動と興奮”を思い出してモチベ爆上げしたいです
ttelltte
0
140
なぜインフラコードのモジュール化は難しいのか - アプリケーションコードとの本質的な違いから考える
mizzy
43
12k
プログラミング言語を書く前に日本語を書く── AI 時代に求められる「言葉で考える」力/登壇資料(井田 献一朗)
hacobu
PRO
0
150
JJUG CCC 2025 Fall バッチ性能!!劇的ビフォーアフター
hayashiyuu1
0
140
[JDDStudy #10] 社内Agent勉強会の取り組み紹介
yp_genzitsu
1
130
Featured
See All Featured
Building Better People: How to give real-time feedback that sticks.
wjessup
370
20k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
508
140k
Scaling GitHub
holman
463
140k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
140
34k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
34
2.3k
How To Stay Up To Date on Web Technology
chriscoyier
791
250k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
31
9.7k
Why Our Code Smells
bkeepers
PRO
340
57k
Typedesign – Prime Four
hannesfritz
42
2.9k
Producing Creativity
orderedlist
PRO
348
40k
Practical Orchestrator
shlominoach
190
11k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
33
1.8k
Transcript
EASM mistakes waiting to happen
GET /whoami HTTP/2 Jasmin Landry JR0ch17 Lead, IT & Security
at Montreal Canadiens fan
GET /agenda HTTP/2 EASM Common mistakes Hacker perspective
GET /EASM HTTP/2 What exactly is EASM? What does it
cover? Why is it important?
GET /common_mistakes HTTP/2 Lack of Change Management Not respecting Least
Privilege Misconfigured WAFs Cloud misconfigs (S3 buckets)
GET /hacker_perspective HTTP/2 • Subdomains • IPs • TLS certificates
• Third-party apps Recon EVERYTHING • Monitor for new assets • Monitor any change Continuous Monitoring
GET /thanks HTTP/2 Thank you for listening Questions? More questions?
DMs are open on and
jr0ch17
imamotohikaru
kinunori
yoshiori
fendo181
yutadayo
ismk
lycorptech_jp
ttelltte
mizzy
hacobu
hayashiyuu1
yp_genzitsu
wjessup
chriscoyier
holman
eileencodes
marcduiker
bkeepers
hannesfritz
orderedlist
shlominoach
garrettdimon
