Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
EASM mistakes waiting to happen
Search
JR0ch17
January 25, 2022
Technology
0
34
EASM mistakes waiting to happen
JR0ch17
January 25, 2022
Tweet
Share
More Decks by JR0ch17
See All by JR0ch17
Traversing my way in the internal network
jr0ch17
0
130
Getting Started in Bug Bounty
jr0ch17
0
80
Getting Blindly Lucky
jr0ch17
0
61
Qu'est-ce que le bug bounty?
jr0ch17
0
92
Finding 5 bugs in a single parameter
jr0ch17
0
62
Beyond the Borders of Scope
jr0ch17
0
46
Bad API, hAPI Hackers!
jr0ch17
0
1.5k
Other Decks in Technology
See All in Technology
目標と時間軸 〜ベイビーステップでケイパビリティを高めよう〜
kakehashi
PRO
8
1k
アジャイルな開発チームでテスト戦略の話は誰がする? / Who Talks About Test Strategy?
ak1210
1
830
Amazon Athenaから利用時のGlueのIcebergテーブルのメンテナンスについて
nayuts
0
110
AI Agent時代なのでAWSのLLMs.txtが欲しい!
watany
3
370
AWSではじめる Web APIテスト実践ガイド / A practical guide to testing Web APIs on AWS
yokawasa
8
780
事業モメンタムを生み出すプロダクト開発
macchiitaka
0
110
職位にかかわらず全員がリーダーシップを発揮するチーム作り / Building a team where everyone can demonstrate leadership, regardless of position
madoxten
6
4.5k
Platform Engineeringで クラウドの「楽しくない」を解消しよう
jacopen
4
210
OCI Success Journey OCIの何が評価されてる?疑問に答える事例セミナー(2025年2月実施)
oracle4engineer
PRO
2
220
EMConf JP 2025 懇親会LT / EMConf JP 2025 social gathering
sugamasao
2
210
ディスプレイ広告(Yahoo!広告・LINE広告)におけるバックエンド開発
lycorptech_jp
PRO
0
590
Introduction to OpenSearch Project - Search Engineering Tech Talk 2025 Winter
tkykenmt
2
220
Featured
See All Featured
Gamification - CAS2011
davidbonilla
80
5.2k
Faster Mobile Websites
deanohume
306
31k
Building Adaptive Systems
keathley
40
2.4k
Unsuck your backbone
ammeep
669
57k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
30
4.6k
Adopting Sorbet at Scale
ufuk
75
9.2k
Rails Girls Zürich Keynote
gr2m
94
13k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
6
580
A designer walks into a library…
pauljervisheath
205
24k
YesSQL, Process and Tooling at Scale
rocio
172
14k
Bootstrapping a Software Product
garrettdimon
PRO
307
110k
Practical Orchestrator
shlominoach
186
10k
Transcript
EASM mistakes waiting to happen
GET /whoami HTTP/2 Jasmin Landry JR0ch17 Lead, IT & Security
at Montreal Canadiens fan
GET /agenda HTTP/2 EASM Common mistakes Hacker perspective
GET /EASM HTTP/2 What exactly is EASM? What does it
cover? Why is it important?
GET /common_mistakes HTTP/2 Lack of Change Management Not respecting Least
Privilege Misconfigured WAFs Cloud misconfigs (S3 buckets)
GET /hacker_perspective HTTP/2 • Subdomains • IPs • TLS certificates
• Third-party apps Recon EVERYTHING • Monitor for new assets • Monitor any change Continuous Monitoring
GET /thanks HTTP/2 Thank you for listening Questions? More questions?
DMs are open on and
jr0ch17
kakehashi
ak1210
nayuts
watany
yokawasa
macchiitaka
madoxten
jacopen
oracle4engineer
sugamasao
lycorptech_jp
tkykenmt
davidbonilla
deanohume
keathley
ammeep
kevinliebholz
ufuk
gr2m
irinanazarova
pauljervisheath
rocio
garrettdimon
shlominoach
