Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
EASM mistakes waiting to happen
Search
JR0ch17
January 25, 2022
Technology
0
41
EASM mistakes waiting to happen
JR0ch17
January 25, 2022
Tweet
Share
More Decks by JR0ch17
See All by JR0ch17
Traversing my way in the internal network
jr0ch17
0
140
Getting Started in Bug Bounty
jr0ch17
0
110
Getting Blindly Lucky
jr0ch17
0
75
Qu'est-ce que le bug bounty?
jr0ch17
0
110
Finding 5 bugs in a single parameter
jr0ch17
0
80
Beyond the Borders of Scope
jr0ch17
0
66
Bad API, hAPI Hackers!
jr0ch17
0
1.6k
Other Decks in Technology
See All in Technology
形式手法特論:位相空間としての並行プログラミング #kernelvm / Kernel VM Study Tokyo 18th
ytaka23
3
520
마라톤 끝의 단거리 스퍼트: 2025년의 AI
inureyes
PRO
1
690
OPENLOGI Company Profile for engineer
hr01
1
37k
【CEDEC2025】ブランド力アップのためのコンテンツマーケティング~ゲーム会社における情報資産の活かし方~
cygames
PRO
0
240
Unson OS|48時間で「売れるか」を判定する AI 市場検証プラットフォーム
unson
0
170
【OptimizationNight】数理最適化のラストワンマイルとしてのUIUX
brainpadpr
1
350
AI によるドキュメント処理を加速するためのOCR 結果の永続化と再利用戦略
tomoaki25
0
430
【Λ(らむだ)】最近のアプデ情報 / RPALT20250729
lambda
0
230
「Roblox」の開発環境とその効率化 ~DAU9700万人超の巨大プラットフォームの開発 事始め~
keitatanji
0
110
Amazon Bedrock AgentCoreのフロントエンドを探す旅 (Next.js編)
kmiya84377
1
120
隙間時間で爆速開発! Claude Code × Vibe Coding で作るマニュアル自動生成サービス
akitomonam
3
250
VLMサービスを用いた請求書データ化検証 / SaaSxML_Session_1
sansan_randd
0
220
Featured
See All Featured
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
8
880
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
30
2.2k
Agile that works and the tools we love
rasmusluckow
329
21k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
34
3.1k
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
229
22k
Imperfection Machines: The Place of Print at Facebook
scottboms
267
13k
Adopting Sorbet at Scale
ufuk
77
9.5k
Fashionably flexible responsive web design (full day workshop)
malarkey
407
66k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
35
2.5k
Into the Great Unknown - MozCon
thekraken
40
2k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
234
17k
Transcript
EASM mistakes waiting to happen
GET /whoami HTTP/2 Jasmin Landry JR0ch17 Lead, IT & Security
at Montreal Canadiens fan
GET /agenda HTTP/2 EASM Common mistakes Hacker perspective
GET /EASM HTTP/2 What exactly is EASM? What does it
cover? Why is it important?
GET /common_mistakes HTTP/2 Lack of Change Management Not respecting Least
Privilege Misconfigured WAFs Cloud misconfigs (S3 buckets)
GET /hacker_perspective HTTP/2 • Subdomains • IPs • TLS certificates
• Third-party apps Recon EVERYTHING • Monitor for new assets • Monitor any change Continuous Monitoring
GET /thanks HTTP/2 Thank you for listening Questions? More questions?
DMs are open on and
jr0ch17
ytaka23
inureyes
hr01
cygames
unson
brainpadpr
tomoaki25
lambda
keitatanji
kmiya84377
akitomonam
sansan_randd
irinanazarova
marcduiker
rasmusluckow
rmw
chriscoyier
danielanewman
scottboms
ufuk
malarkey
eileencodes
thekraken
marcelosomers
