Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
EASM mistakes waiting to happen
Search
JR0ch17
January 25, 2022
Technology
0
47
EASM mistakes waiting to happen
JR0ch17
January 25, 2022
Tweet
Share
More Decks by JR0ch17
See All by JR0ch17
Traversing my way in the internal network
jr0ch17
0
170
Getting Started in Bug Bounty
jr0ch17
0
150
Getting Blindly Lucky
jr0ch17
0
92
Qu'est-ce que le bug bounty?
jr0ch17
0
140
Finding 5 bugs in a single parameter
jr0ch17
0
110
Beyond the Borders of Scope
jr0ch17
1
88
Bad API, hAPI Hackers!
jr0ch17
0
1.6k
Other Decks in Technology
See All in Technology
【NGK2026S】日本株のシステムトレードに入門してみた
kazuhitotakahashi
0
280
Deno・Bunの標準機能やElysiaJSを使ったWebSocketサーバー実装 / ラーメン屋を貸し切ってLT会! IoTLT 2026新年会
you
PRO
0
210
コスト削減から「セキュリティと利便性」を担うプラットフォームへ
sansantech
PRO
1
710
AIとともに歩む情報セキュリティ / Information Security with AI
kanny
4
3k
DEVCON 14 Report at AAMSX RU65: V9968, MSX0tab5, MSXDIY etc
mcd500
0
240
What happened to RubyGems and what can we learn?
mikemcquaid
0
180
KubeCon + CloudNativeCon NA ‘25 Recap, Extensibility: Gateway API / NRI
ladicle
0
160
usermode linux without MMU - fosdem2026 kernel devroom
thehajime
0
160
セキュリティについて学ぶ会 / 2026 01 25 Takamatsu WordPress Meetup
rocketmartue
1
230
SREが向き合う大規模リアーキテクチャ 〜信頼性とアジリティの両立〜
zepprix
0
300
今日から始める Amazon Bedrock AgentCore
har1101
4
300
ファインディの横断SREがTakumi byGMOと取り組む、セキュリティと開発スピードの両立
rvirus0817
1
820
Featured
See All Featured
Code Review Best Practice
trishagee
74
20k
Reflections from 52 weeks, 52 projects
jeffersonlam
356
21k
Why Our Code Smells
bkeepers
PRO
340
58k
Designing for humans not robots
tammielis
254
26k
Everyday Curiosity
cassininazir
0
120
What Being in a Rock Band Can Teach Us About Real World SEO
427marketing
0
170
How to Ace a Technical Interview
jacobian
281
24k
Making the Leap to Tech Lead
cromwellryan
135
9.7k
The untapped power of vector embeddings
frankvandijk
1
1.6k
Heart Work Chapter 1 - Part 1
lfama
PRO
5
35k
Become a Pro
speakerdeck
PRO
31
5.8k
Joys of Absence: A Defence of Solitary Play
codingconduct
1
280
Transcript
EASM mistakes waiting to happen
GET /whoami HTTP/2 Jasmin Landry JR0ch17 Lead, IT & Security
at Montreal Canadiens fan
GET /agenda HTTP/2 EASM Common mistakes Hacker perspective
GET /EASM HTTP/2 What exactly is EASM? What does it
cover? Why is it important?
GET /common_mistakes HTTP/2 Lack of Change Management Not respecting Least
Privilege Misconfigured WAFs Cloud misconfigs (S3 buckets)
GET /hacker_perspective HTTP/2 • Subdomains • IPs • TLS certificates
• Third-party apps Recon EVERYTHING • Monitor for new assets • Monitor any change Continuous Monitoring
GET /thanks HTTP/2 Thank you for listening Questions? More questions?
DMs are open on and
jr0ch17
kazuhitotakahashi
you
sansantech
kanny
mcd500
mikemcquaid
ladicle
thehajime
rocketmartue
zepprix
har1101
rvirus0817
trishagee
jeffersonlam
bkeepers
tammielis
cassininazir
427marketing
jacobian
cromwellryan
frankvandijk
lfama
speakerdeck
codingconduct
