Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
EASM mistakes waiting to happen
Search
JR0ch17
January 25, 2022
Technology
0
32
EASM mistakes waiting to happen
JR0ch17
January 25, 2022
Tweet
Share
More Decks by JR0ch17
See All by JR0ch17
Traversing my way in the internal network
jr0ch17
0
130
Getting Started in Bug Bounty
jr0ch17
0
77
Getting Blindly Lucky
jr0ch17
0
59
Qu'est-ce que le bug bounty?
jr0ch17
0
85
Finding 5 bugs in a single parameter
jr0ch17
0
57
Beyond the Borders of Scope
jr0ch17
0
41
Bad API, hAPI Hackers!
jr0ch17
0
1.5k
Other Decks in Technology
See All in Technology
EventHub Startup CTO of the year 2024 ピッチ資料
eventhub
0
120
アジャイルチームがらしさを発揮するための目標づくり / Making the goal and enabling the team
kakehashi
3
140
Lexical Analysis
shigashiyama
1
150
適材適所の技術選定 〜GraphQL・REST API・tRPC〜 / Optimal Technology Selection
kakehashi
1
690
Introduction to Works of ML Engineer in LY Corporation
lycorp_recruit_jp
0
140
安心してください、日本語使えますよ―Ubuntu日本語Remix提供休止に寄せて― 2024-11-17
nobutomurata
1
1k
Engineer Career Talk
lycorp_recruit_jp
0
190
Platform Engineering for Software Developers and Architects
syntasso
1
520
マルチモーダル / AI Agent / LLMOps 3つの技術トレンドで理解するLLMの今後の展望
hirosatogamo
37
12k
IBC 2024 動画技術関連レポート / IBC 2024 Report
cyberagentdevelopers
PRO
1
110
20241120_JAWS_東京_ランチタイムLT#17_AWS認定全冠の先へ
tsumita
2
300
AGIについてChatGPTに聞いてみた
blueb
0
130
Featured
See All Featured
5 minutes of I Can Smell Your CMS
philhawksworth
202
19k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
250
21k
Optimizing for Happiness
mojombo
376
70k
Bash Introduction
62gerente
608
210k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
38
1.8k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
31
2.7k
Product Roadmaps are Hard
iamctodd
PRO
49
11k
What's in a price? How to price your products and services
michaelherold
243
12k
Fontdeck: Realign not Redesign
paulrobertlloyd
82
5.2k
How to train your dragon (web standard)
notwaldorf
88
5.7k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.3k
The World Runs on Bad Software
bkeepers
PRO
65
11k
Transcript
EASM mistakes waiting to happen
GET /whoami HTTP/2 Jasmin Landry JR0ch17 Lead, IT & Security
at Montreal Canadiens fan
GET /agenda HTTP/2 EASM Common mistakes Hacker perspective
GET /EASM HTTP/2 What exactly is EASM? What does it
cover? Why is it important?
GET /common_mistakes HTTP/2 Lack of Change Management Not respecting Least
Privilege Misconfigured WAFs Cloud misconfigs (S3 buckets)
GET /hacker_perspective HTTP/2 • Subdomains • IPs • TLS certificates
• Third-party apps Recon EVERYTHING • Monitor for new assets • Monitor any change Continuous Monitoring
GET /thanks HTTP/2 Thank you for listening Questions? More questions?
DMs are open on and