Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
EASM mistakes waiting to happen
Search
JR0ch17
January 25, 2022
Technology
0
32
EASM mistakes waiting to happen
JR0ch17
January 25, 2022
Tweet
Share
More Decks by JR0ch17
See All by JR0ch17
Traversing my way in the internal network
jr0ch17
0
130
Getting Started in Bug Bounty
jr0ch17
0
77
Getting Blindly Lucky
jr0ch17
0
59
Qu'est-ce que le bug bounty?
jr0ch17
0
85
Finding 5 bugs in a single parameter
jr0ch17
0
61
Beyond the Borders of Scope
jr0ch17
0
43
Bad API, hAPI Hackers!
jr0ch17
0
1.5k
Other Decks in Technology
See All in Technology
ブラックフライデーで購入したPixel9で、Gemini Nanoを動かしてみた
marchin1989
1
540
PHP ユーザのための OpenTelemetry 入門 / phpcon2024-opentelemetry
shin1x1
1
290
継続的にアウトカムを生み出し ビジネスにつなげる、 戦略と運営に対するタイミーのQUEST(探求)
zigorou
0
600
20241214_WACATE2024冬_テスト設計技法をチョット俯瞰してみよう
kzsuzuki
3
540
Amazon SageMaker Unified Studio(Preview)、Lakehouse と Amazon S3 Tables
ishikawa_satoru
0
160
レンジャーシステムズ | 会社紹介(採用ピッチ)
rssytems
0
160
サービスでLLMを採用したばっかりに振り回され続けたこの一年のあれやこれや
segavvy
2
490
Microsoft Azure全冠になってみた ~アレを使い倒した者が試験を制す!?~/Obtained all Microsoft Azure certifications Those who use "that" to the full will win the exam! ?
yuj1osm
2
110
alecthomas/kong はいいぞ / kamakura.go#7
fujiwara3
1
300
Snykで始めるセキュリティ担当者とSREと開発者が楽になる脆弱性対応 / Getting started with Snyk Vulnerability Response
yamaguchitk333
2
190
ゼロから創る横断SREチーム 挑戦と進化の軌跡
rvirus0817
2
270
大幅アップデートされたRagas v0.2をキャッチアップ
os1ma
2
540
Featured
See All Featured
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
33
2k
Build your cross-platform service in a week with App Engine
jlugia
229
18k
Why You Should Never Use an ORM
jnunemaker
PRO
54
9.1k
Embracing the Ebb and Flow
colly
84
4.5k
YesSQL, Process and Tooling at Scale
rocio
169
14k
Done Done
chrislema
181
16k
Six Lessons from altMBA
skipperchong
27
3.5k
Put a Button on it: Removing Barriers to Going Fast.
kastner
59
3.6k
The Invisible Side of Design
smashingmag
298
50k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
229
52k
Gamification - CAS2011
davidbonilla
80
5.1k
No one is an island. Learnings from fostering a developers community.
thoeni
19
3k
Transcript
EASM mistakes waiting to happen
GET /whoami HTTP/2 Jasmin Landry JR0ch17 Lead, IT & Security
at Montreal Canadiens fan
GET /agenda HTTP/2 EASM Common mistakes Hacker perspective
GET /EASM HTTP/2 What exactly is EASM? What does it
cover? Why is it important?
GET /common_mistakes HTTP/2 Lack of Change Management Not respecting Least
Privilege Misconfigured WAFs Cloud misconfigs (S3 buckets)
GET /hacker_perspective HTTP/2 • Subdomains • IPs • TLS certificates
• Third-party apps Recon EVERYTHING • Monitor for new assets • Monitor any change Continuous Monitoring
GET /thanks HTTP/2 Thank you for listening Questions? More questions?
DMs are open on and