Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
EASM mistakes waiting to happen
Search
JR0ch17
January 25, 2022
Technology
0
44
EASM mistakes waiting to happen
JR0ch17
January 25, 2022
Tweet
Share
More Decks by JR0ch17
See All by JR0ch17
Traversing my way in the internal network
jr0ch17
0
140
Getting Started in Bug Bounty
jr0ch17
0
120
Getting Blindly Lucky
jr0ch17
0
78
Qu'est-ce que le bug bounty?
jr0ch17
0
120
Finding 5 bugs in a single parameter
jr0ch17
0
84
Beyond the Borders of Scope
jr0ch17
0
70
Bad API, hAPI Hackers!
jr0ch17
0
1.6k
Other Decks in Technology
See All in Technology
Windows で省エネ
murachiakira
0
150
Escaping_the_Kraken_-_October_2025.pdf
mdalmijn
0
110
後進育成のしくじり〜任せるスキルとリーダーシップの両立〜
matsu0228
4
1.2k
PythonとLLMで挑む、 4コマ漫画の構造化データ化
esuji5
1
130
ACA でMAGI システムを社内で展開しようとした話
mappie_kochi
0
160
Findy Team+のSOC2取得までの道のり
rvirus0817
0
290
Modern_Data_Stack最新動向クイズ_買収_AI_激動の2025年_.pdf
sagara
0
180
Oracle Base Database Service 技術詳細
oracle4engineer
PRO
11
77k
いまさら聞けない ABテスト入門
skmr2348
1
180
実装で解き明かす並行処理の歴史
zozotech
PRO
1
270
フルカイテン株式会社 エンジニア向け採用資料
fullkaiten
0
9k
KAGのLT会 #8 - 東京リージョンでGAしたAmazon Q in QuickSightを使って、報告用の資料を作ってみた
0air
0
190
Featured
See All Featured
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
30
9.7k
Building Better People: How to give real-time feedback that sticks.
wjessup
368
20k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
9
950
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
30
2.9k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
140
34k
Designing for Performance
lara
610
69k
Docker and Python
trallard
46
3.6k
Typedesign – Prime Four
hannesfritz
42
2.8k
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
19
1.2k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
12
1.1k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
32
2.2k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
45
2.5k
Transcript
EASM mistakes waiting to happen
GET /whoami HTTP/2 Jasmin Landry JR0ch17 Lead, IT & Security
at Montreal Canadiens fan
GET /agenda HTTP/2 EASM Common mistakes Hacker perspective
GET /EASM HTTP/2 What exactly is EASM? What does it
cover? Why is it important?
GET /common_mistakes HTTP/2 Lack of Change Management Not respecting Least
Privilege Misconfigured WAFs Cloud misconfigs (S3 buckets)
GET /hacker_perspective HTTP/2 • Subdomains • IPs • TLS certificates
• Third-party apps Recon EVERYTHING • Monitor for new assets • Monitor any change Continuous Monitoring
GET /thanks HTTP/2 Thank you for listening Questions? More questions?
DMs are open on and