Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
EASM mistakes waiting to happen
Search
JR0ch17
January 25, 2022
Technology
0
33
EASM mistakes waiting to happen
JR0ch17
January 25, 2022
Tweet
Share
More Decks by JR0ch17
See All by JR0ch17
Traversing my way in the internal network
jr0ch17
0
130
Getting Started in Bug Bounty
jr0ch17
0
79
Getting Blindly Lucky
jr0ch17
0
60
Qu'est-ce que le bug bounty?
jr0ch17
0
91
Finding 5 bugs in a single parameter
jr0ch17
0
61
Beyond the Borders of Scope
jr0ch17
0
45
Bad API, hAPI Hackers!
jr0ch17
0
1.5k
Other Decks in Technology
See All in Technology
エンジニアの育成を支える爆速フィードバック文化
sansantech
PRO
3
1.1k
30分でわかる『アジャイルデータモデリング』
hanon52_
9
2.7k
白金鉱業Meetup Vol.17_あるデータサイエンティストのデータマネジメントとの向き合い方
brainpadpr
6
770
現場で役立つAPIデザイン
nagix
34
12k
表現を育てる
kiyou77
1
220
プロダクトエンジニア構想を立ち上げ、プロダクト志向な組織への成長を続けている話 / grow into a product-oriented organization
hiro_torii
1
220
全文検索+セマンティックランカー+LLMの自然文検索サ−ビスで得られた知見
segavvy
2
110
Data-centric AI入門第6章:Data-centric AIの実践例
x_ttyszk
1
410
Larkご案内資料
customercloud
PRO
0
650
Oracle Base Database Service 技術詳細
oracle4engineer
PRO
6
57k
Goで作って学ぶWebSocket
ryuichi1208
3
1.5k
Tech Blogを書きやすい環境づくり
lycorptech_jp
PRO
1
240
Featured
See All Featured
Done Done
chrislema
182
16k
Why Our Code Smells
bkeepers
PRO
336
57k
Speed Design
sergeychernyshev
27
790
Building Your Own Lightsaber
phodgson
104
6.2k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
656
59k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
330
21k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
193
16k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
30
2.2k
4 Signs Your Business is Dying
shpigford
182
22k
Embracing the Ebb and Flow
colly
84
4.6k
Building Applications with DynamoDB
mza
93
6.2k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
507
140k
Transcript
EASM mistakes waiting to happen
GET /whoami HTTP/2 Jasmin Landry JR0ch17 Lead, IT & Security
at Montreal Canadiens fan
GET /agenda HTTP/2 EASM Common mistakes Hacker perspective
GET /EASM HTTP/2 What exactly is EASM? What does it
cover? Why is it important?
GET /common_mistakes HTTP/2 Lack of Change Management Not respecting Least
Privilege Misconfigured WAFs Cloud misconfigs (S3 buckets)
GET /hacker_perspective HTTP/2 • Subdomains • IPs • TLS certificates
• Third-party apps Recon EVERYTHING • Monitor for new assets • Monitor any change Continuous Monitoring
GET /thanks HTTP/2 Thank you for listening Questions? More questions?
DMs are open on and
jr0ch17
sansantech
hanon52_
brainpadpr
nagix
kiyou77
.jpg){kind=avatar}
hiro_torii
segavvy
x_ttyszk
.png){kind=avatar}
customercloud
oracle4engineer
ryuichi1208
lycorptech_jp
chrislema
bkeepers
sergeychernyshev
phodgson
lemiorhan
caitiem20
afnizarnur
marktimemedia
shpigford
colly
mza
chriscoyier
