Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
EASM mistakes waiting to happen
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
JR0ch17
January 25, 2022
Technology
0
48
EASM mistakes waiting to happen
JR0ch17
January 25, 2022
Tweet
Share
More Decks by JR0ch17
See All by JR0ch17
Traversing my way in the internal network
jr0ch17
0
170
Getting Started in Bug Bounty
jr0ch17
0
150
Getting Blindly Lucky
jr0ch17
0
92
Qu'est-ce que le bug bounty?
jr0ch17
0
140
Finding 5 bugs in a single parameter
jr0ch17
0
110
Beyond the Borders of Scope
jr0ch17
1
88
Bad API, hAPI Hackers!
jr0ch17
0
1.6k
Other Decks in Technology
See All in Technology
Red Hat OpenStack Services on OpenShift
tamemiya
0
130
We Built for Predictability; The Workloads Didn’t Care
stahnma
0
140
GitHub Issue Templates + Coding Agentで簡単みんなでIaC/Easy IaC for Everyone with GitHub Issue Templates + Coding Agent
aeonpeople
1
250
ファインディの横断SREがTakumi byGMOと取り組む、セキュリティと開発スピードの両立
rvirus0817
1
1.6k
22nd ACRi Webinar - NTT Kawahara-san's slide
nao_sumikawa
0
100
AzureでのIaC - Bicep? Terraform? それ早く言ってよ会議
torumakabe
1
590
ClickHouseはどのように大規模データを活用したAIエージェントを全社展開しているのか
mikimatsumoto
0
260
制約が導く迷わない設計 〜 信頼性と運用性を両立するマイナンバー管理システムの実践 〜
bwkw
3
1k
AIと新時代を切り拓く。これからのSREとメルカリIBISの挑戦
0gm
2
3k
Contract One Engineering Unit 紹介資料
sansan33
PRO
0
13k
OpenShiftでllm-dを動かそう!
jpishikawa
0
130
予期せぬコストの急増を障害のように扱う――「コスト版ポストモーテム」の導入とその後の改善
muziyoshiz
1
2k
Featured
See All Featured
Paper Plane
katiecoart
PRO
0
46k
Ten Tips & Tricks for a 🌱 transition
stuffmc
0
71
Claude Code のすすめ
schroneko
67
210k
Jamie Indigo - Trashchat’s Guide to Black Boxes: Technical SEO Tactics for LLMs
techseoconnect
PRO
0
63
Organizational Design Perspectives: An Ontology of Organizational Design Elements
kimpetersen
PRO
1
400
Done Done
chrislema
186
16k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
55
3.2k
Odyssey Design
rkendrick25
PRO
1
500
The #1 spot is gone: here's how to win anyway
tamaranovitovic
2
940
Digital Projects Gone Horribly Wrong (And the UX Pros Who Still Save the Day) - Dean Schuster
uxyall
0
380
Building AI with AI
inesmontani
PRO
1
700
How To Stay Up To Date on Web Technology
chriscoyier
791
250k
Transcript
EASM mistakes waiting to happen
GET /whoami HTTP/2 Jasmin Landry JR0ch17 Lead, IT & Security
at Montreal Canadiens fan
GET /agenda HTTP/2 EASM Common mistakes Hacker perspective
GET /EASM HTTP/2 What exactly is EASM? What does it
cover? Why is it important?
GET /common_mistakes HTTP/2 Lack of Change Management Not respecting Least
Privilege Misconfigured WAFs Cloud misconfigs (S3 buckets)
GET /hacker_perspective HTTP/2 • Subdomains • IPs • TLS certificates
• Third-party apps Recon EVERYTHING • Monitor for new assets • Monitor any change Continuous Monitoring
GET /thanks HTTP/2 Thank you for listening Questions? More questions?
DMs are open on and
jr0ch17
tamemiya
stahnma
aeonpeople
rvirus0817
nao_sumikawa
torumakabe
mikimatsumoto
bwkw
0gm
sansan33
jpishikawa
muziyoshiz
katiecoart
stuffmc
schroneko
techseoconnect
kimpetersen
chrislema
tammyeverts
rkendrick25
tamaranovitovic
uxyall
inesmontani
chriscoyier
