Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
EASM mistakes waiting to happen
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
JR0ch17
January 25, 2022
Technology
0
55
EASM mistakes waiting to happen
JR0ch17
January 25, 2022
Tweet
Share
More Decks by JR0ch17
See All by JR0ch17
Traversing my way in the internal network
jr0ch17
0
180
Getting Started in Bug Bounty
jr0ch17
0
160
Getting Blindly Lucky
jr0ch17
0
99
Qu'est-ce que le bug bounty?
jr0ch17
0
150
Finding 5 bugs in a single parameter
jr0ch17
0
110
Beyond the Borders of Scope
jr0ch17
1
92
Bad API, hAPI Hackers!
jr0ch17
0
1.6k
Other Decks in Technology
See All in Technology
スピンアウト講座05_実践活用事例
overflowinc
0
1.3k
脳が溶けた話 / Melted Brain
keisuke69
1
1.1k
Navigation APIと見るSvelteKitのWeb標準志向
yamanoku
2
120
AI時代のIssue駆動開発のススメ
moongift
PRO
0
270
韓非子に学ぶAI活用術
tomfook
3
1k
OpenClawでPM業務を自動化
knishioka
1
230
BFCacheを活用して無限スクロールのUX を改善した話
apple_yagi
0
130
Change Calendarで今はOK?を仕組みにする
tommy0124
1
120
Amazon Qはアマコネで頑張っています〜 Amazon Q in Connectについて〜
yama3133
1
140
LLMに何を任せ、何を任せないか
cap120
10
5.8k
Kubernetesの「隠れメモリ消費」によるNode共倒れと、Request適正化という処方箋
g0xu
0
140
やさしいとこから始めるGitHubリポジトリのセキュリティ
tsubakimoto_s
2
1.8k
Featured
See All Featured
Applied NLP in the Age of Generative AI
inesmontani
PRO
4
2.2k
Designing Experiences People Love
moore
143
24k
Prompt Engineering for Job Search
mfonobong
0
230
Navigating the moral maze — ethical principles for Al-driven product design
skipperchong
2
310
A better future with KSS
kneath
240
18k
A Modern Web Designer's Workflow
chriscoyier
698
190k
GitHub's CSS Performance
jonrohan
1032
470k
How to Talk to Developers About Accessibility
jct
2
160
How to Get Subject Matter Experts Bought In and Actively Contributing to SEO & PR Initiatives.
livdayseo
0
91
Six Lessons from altMBA
skipperchong
29
4.2k
Code Review Best Practice
trishagee
74
20k
Scaling GitHub
holman
464
140k
Transcript
EASM mistakes waiting to happen
GET /whoami HTTP/2 Jasmin Landry JR0ch17 Lead, IT & Security
at Montreal Canadiens fan
GET /agenda HTTP/2 EASM Common mistakes Hacker perspective
GET /EASM HTTP/2 What exactly is EASM? What does it
cover? Why is it important?
GET /common_mistakes HTTP/2 Lack of Change Management Not respecting Least
Privilege Misconfigured WAFs Cloud misconfigs (S3 buckets)
GET /hacker_perspective HTTP/2 • Subdomains • IPs • TLS certificates
• Third-party apps Recon EVERYTHING • Monitor for new assets • Monitor any change Continuous Monitoring
GET /thanks HTTP/2 Thank you for listening Questions? More questions?
DMs are open on and
jr0ch17
overflowinc
keisuke69
yamanoku
moongift
tomfook
knishioka
apple_yagi
tommy0124
yama3133
cap120
g0xu
tsubakimoto_s
inesmontani
moore
mfonobong
skipperchong
kneath
chriscoyier
jonrohan
jct
livdayseo
trishagee
holman
