Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
EASM mistakes waiting to happen
Search
JR0ch17
January 25, 2022
Technology
0
43
EASM mistakes waiting to happen
JR0ch17
January 25, 2022
Tweet
Share
More Decks by JR0ch17
See All by JR0ch17
Traversing my way in the internal network
jr0ch17
0
140
Getting Started in Bug Bounty
jr0ch17
0
120
Getting Blindly Lucky
jr0ch17
0
77
Qu'est-ce que le bug bounty?
jr0ch17
0
110
Finding 5 bugs in a single parameter
jr0ch17
0
82
Beyond the Borders of Scope
jr0ch17
0
68
Bad API, hAPI Hackers!
jr0ch17
0
1.6k
Other Decks in Technology
See All in Technology
生成AI時代に必要な価値ある意思決定を育てる「開発プロセス定義」を用いた中期戦略
kakehashi
PRO
1
250
2025年になってもまだMySQLが好き
yoku0825
8
3.4k
新規案件の立ち上げ専門チームから見たAI駆動開発の始め方
shuyakinjo
0
650
データアナリストからアナリティクスエンジニアになった話
hiyokko_data
2
330
おやつは300円まで!の最適化を模索してみた
techtekt
PRO
0
260
Obsidian応用活用術
onikun94
0
130
Grafana Meetup Japan Vol. 6
kaedemalu
1
200
DDD集約とサービスコンテキスト境界との関係性
pandayumi
2
240
【初心者向け】ローカルLLMの色々な動かし方まとめ
aratako
7
2.7k
なぜスクラムはこうなったのか?歴史が教えてくれたこと/Shall we explore the roots of Scrum
sanogemaru
1
410
大「個人開発サービス」時代に僕たちはどう生きるか
sotarok
15
7.4k
ここ一年のCCoEとしてのAWSコスト最適化を振り返る / CCoE AWS Cost Optimization devio2025
masahirokawahara
1
1.3k
Featured
See All Featured
It's Worth the Effort
3n
187
28k
KATA
mclloyd
32
14k
BBQ
matthewcrist
89
9.8k
The Art of Programming - Codeland 2020
erikaheidi
55
13k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.8k
A Tale of Four Properties
chriscoyier
160
23k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
126
53k
Being A Developer After 40
akosma
90
590k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
48
9.7k
How to train your dragon (web standard)
notwaldorf
96
6.2k
Fashionably flexible responsive web design (full day workshop)
malarkey
407
66k
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
Transcript
EASM mistakes waiting to happen
GET /whoami HTTP/2 Jasmin Landry JR0ch17 Lead, IT & Security
at Montreal Canadiens fan
GET /agenda HTTP/2 EASM Common mistakes Hacker perspective
GET /EASM HTTP/2 What exactly is EASM? What does it
cover? Why is it important?
GET /common_mistakes HTTP/2 Lack of Change Management Not respecting Least
Privilege Misconfigured WAFs Cloud misconfigs (S3 buckets)
GET /hacker_perspective HTTP/2 • Subdomains • IPs • TLS certificates
• Third-party apps Recon EVERYTHING • Monitor for new assets • Monitor any change Continuous Monitoring
GET /thanks HTTP/2 Thank you for listening Questions? More questions?
DMs are open on and
jr0ch17
kakehashi
yoku0825
shuyakinjo
hiyokko_data
techtekt
onikun94
kaedemalu
pandayumi
.jpg){kind=avatar}
aratako
sanogemaru
sotarok
masahirokawahara
3n
mclloyd
matthewcrist
erikaheidi
danielanewman
chriscoyier
aki_iinuma
akosma
mongodb
notwaldorf
malarkey
keithpitt
