Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
EASM mistakes waiting to happen
Search
JR0ch17
January 25, 2022
Technology
0
32
EASM mistakes waiting to happen
JR0ch17
January 25, 2022
Tweet
Share
More Decks by JR0ch17
See All by JR0ch17
Traversing my way in the internal network
jr0ch17
0
130
Getting Started in Bug Bounty
jr0ch17
0
73
Getting Blindly Lucky
jr0ch17
0
59
Qu'est-ce que le bug bounty?
jr0ch17
0
84
Finding 5 bugs in a single parameter
jr0ch17
0
57
Beyond the Borders of Scope
jr0ch17
0
41
Bad API, hAPI Hackers!
jr0ch17
0
1.5k
Other Decks in Technology
See All in Technology
とあるユーザー企業におけるリスクベースで考えるセキュリティ業務のお話し
4su_para
3
330
現地でMeet Upをやる場合の注意点〜反省点を添えて〜
shotashiratori
0
530
コンテンツを支える 若手ゲームクリエイターの アートディレクションの事例紹介 / cagamefi-game
cyberagentdevelopers
PRO
1
130
一休.comレストランにおけるRustの活用
kymmt90
3
580
独自ツール開発でスタジオ撮影をDX!「VLS(Virtual LED Studio)」 / dx-studio-vls
cyberagentdevelopers
PRO
1
180
サイバーエージェントにおける生成AIのリスキリング施策の取り組み / cyber-ai-reskilling
cyberagentdevelopers
PRO
2
200
来年もre:Invent2024 に行きたいあなたへ - “集中”と“つながり”で楽しむ -
ny7760
0
470
「最高のチューニング」をしないために / hack@delta 24.10
fujiwara3
21
3.5k
新卒1年目が向き合う生成AI事業の開発を加速させる技術選定 / ai-web-launcher
cyberagentdevelopers
PRO
7
1.5k
Autify Company Deck
autifyhq
1
39k
大規模データ基盤チームのオンプレTiDB運用への挑戦 / dpu-tidb
cyberagentdevelopers
PRO
1
110
AWS re:Inventを徹底的に楽しむためのTips / Tips for thoroughly enjoying AWS re:Invent
yuj1osm
1
570
Featured
See All Featured
Writing Fast Ruby
sferik
626
61k
Producing Creativity
orderedlist
PRO
341
39k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
92
16k
Building an army of robots
kneath
302
42k
A Modern Web Designer's Workflow
chriscoyier
692
190k
Measuring & Analyzing Core Web Vitals
bluesmoon
1
40
10 Git Anti Patterns You Should be Aware of
lemiorhan
654
59k
The Invisible Side of Design
smashingmag
297
50k
No one is an island. Learnings from fostering a developers community.
thoeni
19
3k
Done Done
chrislema
181
16k
Unsuck your backbone
ammeep
668
57k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
4
290
Transcript
EASM mistakes waiting to happen
GET /whoami HTTP/2 Jasmin Landry JR0ch17 Lead, IT & Security
at Montreal Canadiens fan
GET /agenda HTTP/2 EASM Common mistakes Hacker perspective
GET /EASM HTTP/2 What exactly is EASM? What does it
cover? Why is it important?
GET /common_mistakes HTTP/2 Lack of Change Management Not respecting Least
Privilege Misconfigured WAFs Cloud misconfigs (S3 buckets)
GET /hacker_perspective HTTP/2 • Subdomains • IPs • TLS certificates
• Third-party apps Recon EVERYTHING • Monitor for new assets • Monitor any change Continuous Monitoring
GET /thanks HTTP/2 Thank you for listening Questions? More questions?
DMs are open on and