Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
EASM mistakes waiting to happen
Search
JR0ch17
January 25, 2022
Technology
0
48
EASM mistakes waiting to happen
JR0ch17
January 25, 2022
Tweet
Share
More Decks by JR0ch17
See All by JR0ch17
Traversing my way in the internal network
jr0ch17
0
170
Getting Started in Bug Bounty
jr0ch17
0
150
Getting Blindly Lucky
jr0ch17
0
92
Qu'est-ce que le bug bounty?
jr0ch17
0
140
Finding 5 bugs in a single parameter
jr0ch17
0
110
Beyond the Borders of Scope
jr0ch17
1
88
Bad API, hAPI Hackers!
jr0ch17
0
1.6k
Other Decks in Technology
See All in Technology
茨城の思い出を振り返る ~CDKのセキュリティを添えて~ / 20260201 Mitsutoshi Matsuo
shift_evolve
PRO
1
360
We Built for Predictability; The Workloads Didn’t Care
stahnma
0
140
【Oracle Cloud ウェビナー】[Oracle AI Database + AWS] Oracle Database@AWSで広がるクラウドの新たな選択肢とAI時代のデータ戦略
oracle4engineer
PRO
2
180
Cosmos World Foundation Model Platform for Physical AI
takmin
0
960
Oracle AI Database 移行・アップグレード勉強会 - RAT活用編
oracle4engineer
PRO
0
100
Amazon Bedrock Knowledge Basesチャンキング解説!
aoinoguchi
0
160
2026年、サーバーレスの現在地 -「制約と戦う技術」から「当たり前の実行基盤」へ- /serverless2026
slsops
2
260
制約が導く迷わない設計 〜 信頼性と運用性を両立するマイナンバー管理システムの実践 〜
bwkw
3
1k
10Xにおける品質保証活動の全体像と改善 #no_more_wait_for_test
nihonbuson
PRO
2
320
Why Organizations Fail: ノーベル経済学賞「国家はなぜ衰退するのか」から考えるアジャイル組織論
kawaguti
PRO
1
150
ClickHouseはどのように大規模データを活用したAIエージェントを全社展開しているのか
mikimatsumoto
0
260
Oracle Cloud Observability and Management Platform - OCI 運用監視サービス概要 -
oracle4engineer
PRO
2
14k
Featured
See All Featured
Testing 201, or: Great Expectations
jmmastey
46
8k
Test your architecture with Archunit
thirion
1
2.2k
Neural Spatial Audio Processing for Sound Field Analysis and Control
skoyamalab
0
170
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
254
22k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
46
2.7k
Producing Creativity
orderedlist
PRO
348
40k
Building a Scalable Design System with Sketch
lauravandoore
463
34k
Public Speaking Without Barfing On Your Shoes - THAT 2023
reverentgeek
1
310
brightonSEO & MeasureFest 2025 - Christian Goodrich - Winning strategies for Black Friday CRO & PPC
cargoodrich
3
100
New Earth Scene 8
popppiees
1
1.5k
Accessibility Awareness
sabderemane
0
56
Principles of Awesome APIs and How to Build Them.
keavy
128
17k
Transcript
EASM mistakes waiting to happen
GET /whoami HTTP/2 Jasmin Landry JR0ch17 Lead, IT & Security
at Montreal Canadiens fan
GET /agenda HTTP/2 EASM Common mistakes Hacker perspective
GET /EASM HTTP/2 What exactly is EASM? What does it
cover? Why is it important?
GET /common_mistakes HTTP/2 Lack of Change Management Not respecting Least
Privilege Misconfigured WAFs Cloud misconfigs (S3 buckets)
GET /hacker_perspective HTTP/2 • Subdomains • IPs • TLS certificates
• Third-party apps Recon EVERYTHING • Monitor for new assets • Monitor any change Continuous Monitoring
GET /thanks HTTP/2 Thank you for listening Questions? More questions?
DMs are open on and
jr0ch17
shift_evolve
stahnma
oracle4engineer
takmin
aoinoguchi
slsops
bwkw
nihonbuson
kawaguti
mikimatsumoto
jmmastey
thirion
skoyamalab
smashingmag
bcantrill
orderedlist
lauravandoore
reverentgeek
cargoodrich
popppiees
sabderemane
keavy
