Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
EASM mistakes waiting to happen
Search
JR0ch17
January 25, 2022
Technology
0
29
EASM mistakes waiting to happen
JR0ch17
January 25, 2022
Tweet
Share
More Decks by JR0ch17
See All by JR0ch17
Traversing my way in the internal network
jr0ch17
0
120
Getting Started in Bug Bounty
jr0ch17
0
68
Getting Blindly Lucky
jr0ch17
0
49
Qu'est-ce que le bug bounty?
jr0ch17
0
68
Finding 5 bugs in a single parameter
jr0ch17
0
48
Beyond the Borders of Scope
jr0ch17
0
30
Bad API, hAPI Hackers!
jr0ch17
0
1.4k
Other Decks in Technology
See All in Technology
FrontDoorとWebAppsを組み合わせた際のリダイレクト処理の注意点
kenichirokimura
1
490
ChatworkのSRE部って実は 半分くらいPlatform Engineering部かもしれない
saramune
0
150
Delivering Millions of Messages within seconds @ Duolingo
pelelgrino
0
340
テストプロセスで大事にしていること #jasstnano
makky_tyuyan
0
160
2024/4/26 コンピュータ歴史博物館解説告知
toshi_atsumi
0
220
NgRx Signal Store
rainerhahnekamp
0
140
本当のAWS基礎
toru_kubota
0
490
開発生産性向上サービスを作るFindyが自分たちで開発生産性を爆上げした組織づくりの歩み / Findy's path to boosting its own development productivity 2024-04-17
ma3tk
3
610
20240418_Google ColabにLLMが搭載されたようなのでPython x データ分析の勉強方法を考えてみる
doradora09
0
120
チームでロジカルシンキングに改めて向き合っている話 〜学習環境と実践⽅法〜
sansantech
PRO
2
1.5k
Postman v10リリース後を振り返る / Looking back at Postman v10 after release
yokawasa
1
150
Cracking the KubeCon CfP
inductor
2
220
Featured
See All Featured
GraphQLとの向き合い方2022年版
quramy
32
12k
Writing Fast Ruby
sferik
621
60k
Practical Orchestrator
shlominoach
182
9.7k
The Illustrated Children's Guide to Kubernetes
chrisshort
31
46k
What’s in a name? Adding method to the madness
productmarketing
PRO
16
2.6k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
357
22k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
244
20k
Infographics Made Easy
chrislema
238
18k
Imperfection Machines: The Place of Print at Facebook
scottboms
260
12k
The World Runs on Bad Software
bkeepers
PRO
61
6.7k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
9
8.3k
Building a Modern Day E-commerce SEO Strategy
aleyda
17
6.4k
Transcript
EASM mistakes waiting to happen
GET /whoami HTTP/2 Jasmin Landry JR0ch17 Lead, IT & Security
at Montreal Canadiens fan
GET /agenda HTTP/2 EASM Common mistakes Hacker perspective
GET /EASM HTTP/2 What exactly is EASM? What does it
cover? Why is it important?
GET /common_mistakes HTTP/2 Lack of Change Management Not respecting Least
Privilege Misconfigured WAFs Cloud misconfigs (S3 buckets)
GET /hacker_perspective HTTP/2 • Subdomains • IPs • TLS certificates
• Third-party apps Recon EVERYTHING • Monitor for new assets • Monitor any change Continuous Monitoring
GET /thanks HTTP/2 Thank you for listening Questions? More questions?
DMs are open on and