Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
EASM mistakes waiting to happen
Search
JR0ch17
January 25, 2022
Technology
0
37
EASM mistakes waiting to happen
JR0ch17
January 25, 2022
Tweet
Share
More Decks by JR0ch17
See All by JR0ch17
Traversing my way in the internal network
jr0ch17
0
140
Getting Started in Bug Bounty
jr0ch17
0
91
Getting Blindly Lucky
jr0ch17
0
69
Qu'est-ce que le bug bounty?
jr0ch17
0
110
Finding 5 bugs in a single parameter
jr0ch17
0
73
Beyond the Borders of Scope
jr0ch17
0
52
Bad API, hAPI Hackers!
jr0ch17
0
1.5k
Other Decks in Technology
See All in Technology
Oracle Cloud Infrastructure データベース・クラウド:各バージョンのサポート期間
oracle4engineer
PRO
48
33k
Drawing with LLMs
rist
0
240
データ戦略部門 紹介資料
sansan33
PRO
1
3.2k
AI Engineering Summit Pre Event LT #10
okaru
2
520
開発効率と信頼性を両立する Ubieのプラットフォームエンジニアリング
teru0x1
0
120
dbt Cloudの新機能を紹介!データエンジニアリングの民主化:GUIで操作、SQLで管理する新時代のdbt Cloud
sagara
0
160
Test Smarter, Not Harder: Achieving Confidence in Complex Distributed Systems
eliasnogueira
1
140
型システムを知りたい人のための型検査器作成入門
mame
14
3.3k
GitHub Copilot Use Cases at ZOZO
horie1024
1
510
MCPを利用して 自然言語で 3Dプリントしてみよう!
hamadakoji
0
1.3k
単一Gitリポジトリから独立しました
lycorptech_jp
PRO
0
400
おれのAI活用の現状とこれから
tsukasagr
0
130
Featured
See All Featured
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
14
1.5k
Git: the NoSQL Database
bkeepers
PRO
430
65k
jQuery: Nuts, Bolts and Bling
dougneiner
63
7.8k
Code Reviewing Like a Champion
maltzj
524
40k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
8
640
Building a Modern Day E-commerce SEO Strategy
aleyda
41
7.3k
Adopting Sorbet at Scale
ufuk
77
9.4k
Writing Fast Ruby
sferik
628
61k
What's in a price? How to price your products and services
michaelherold
245
12k
How to Ace a Technical Interview
jacobian
276
23k
Building a Scalable Design System with Sketch
lauravandoore
462
33k
GitHub's CSS Performance
jonrohan
1031
460k
Transcript
EASM mistakes waiting to happen
GET /whoami HTTP/2 Jasmin Landry JR0ch17 Lead, IT & Security
at Montreal Canadiens fan
GET /agenda HTTP/2 EASM Common mistakes Hacker perspective
GET /EASM HTTP/2 What exactly is EASM? What does it
cover? Why is it important?
GET /common_mistakes HTTP/2 Lack of Change Management Not respecting Least
Privilege Misconfigured WAFs Cloud misconfigs (S3 buckets)
GET /hacker_perspective HTTP/2 • Subdomains • IPs • TLS certificates
• Third-party apps Recon EVERYTHING • Monitor for new assets • Monitor any change Continuous Monitoring
GET /thanks HTTP/2 Thank you for listening Questions? More questions?
DMs are open on and
jr0ch17
oracle4engineer
rist
sansan33
okaru
teru0x1
sagara
eliasnogueira
mame
horie1024
hamadakoji
lycorptech_jp
tsukasagr
reverentgeek
bkeepers
dougneiner
maltzj
tammyeverts
aleyda
ufuk
sferik
michaelherold
jacobian
lauravandoore
jonrohan
