Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
EASM mistakes waiting to happen
Search
JR0ch17
January 25, 2022
Technology
0
44
EASM mistakes waiting to happen
JR0ch17
January 25, 2022
Tweet
Share
More Decks by JR0ch17
See All by JR0ch17
Traversing my way in the internal network
jr0ch17
0
140
Getting Started in Bug Bounty
jr0ch17
0
120
Getting Blindly Lucky
jr0ch17
0
78
Qu'est-ce que le bug bounty?
jr0ch17
0
120
Finding 5 bugs in a single parameter
jr0ch17
0
84
Beyond the Borders of Scope
jr0ch17
0
70
Bad API, hAPI Hackers!
jr0ch17
0
1.6k
Other Decks in Technology
See All in Technology
ソースを読む時の思考プロセスの例-MkDocs
sat
PRO
1
130
コンパウンド組織のCRE #cre_meetup
layerx
PRO
1
240
「魔法少女まどか☆マギカ Magia Exedra」の多様なバトルの開発を柔軟かつ効率的に実現するためのPure C#とUnityの分離について
gree_tech
PRO
0
290
Zephyr(RTOS)にEdge AIを組み込んでみた話
iotengineer22
1
300
難しいセキュリティ用語をわかりやすくしてみた
yuta3110
0
380
HonoとJSXを使って管理画面をサクッと型安全に作ろう
diggymo
0
170
Contract One Engineering Unit 紹介資料
sansan33
PRO
0
9k
OpenTelemetry が拡げる Gemini CLI の可観測性
phaya72
2
2.1k
ViteとTypeScriptのProject Referencesで 大規模モノレポのUIカタログのリリースサイクルを高速化する
shuta13
3
170
QA業務を変える(!?)AIを併用した不具合分析の実践
ma2ri
0
120
データ戦略部門 紹介資料
sansan33
PRO
1
3.8k
What's new in OpenShift 4.20
redhatlivestreaming
0
120
Featured
See All Featured
Automating Front-end Workflow
addyosmani
1371
200k
The Art of Programming - Codeland 2020
erikaheidi
56
14k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
253
22k
Being A Developer After 40
akosma
91
590k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
55
3k
VelocityConf: Rendering Performance Case Studies
addyosmani
332
24k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
12
1.2k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
36
6.1k
Designing for Performance
lara
610
69k
The Illustrated Children's Guide to Kubernetes
chrisshort
49
51k
Context Engineering - Making Every Token Count
addyosmani
8
300
The Cost Of JavaScript in 2023
addyosmani
55
9.1k
Transcript
EASM mistakes waiting to happen
GET /whoami HTTP/2 Jasmin Landry JR0ch17 Lead, IT & Security
at Montreal Canadiens fan
GET /agenda HTTP/2 EASM Common mistakes Hacker perspective
GET /EASM HTTP/2 What exactly is EASM? What does it
cover? Why is it important?
GET /common_mistakes HTTP/2 Lack of Change Management Not respecting Least
Privilege Misconfigured WAFs Cloud misconfigs (S3 buckets)
GET /hacker_perspective HTTP/2 • Subdomains • IPs • TLS certificates
• Third-party apps Recon EVERYTHING • Monitor for new assets • Monitor any change Continuous Monitoring
GET /thanks HTTP/2 Thank you for listening Questions? More questions?
DMs are open on and
jr0ch17
sat
layerx
gree_tech
iotengineer22
yuta3110
diggymo
sansan33
phaya72
shuta13
ma2ri
redhatlivestreaming
addyosmani
erikaheidi
smashingmag
akosma
tammyeverts
kevinliebholz
lara
chrisshort
