Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
EASM mistakes waiting to happen
Search
JR0ch17
January 25, 2022
Technology
0
55
EASM mistakes waiting to happen
JR0ch17
January 25, 2022
Tweet
Share
More Decks by JR0ch17
See All by JR0ch17
Traversing my way in the internal network
jr0ch17
0
180
Getting Started in Bug Bounty
jr0ch17
0
160
Getting Blindly Lucky
jr0ch17
0
99
Qu'est-ce que le bug bounty?
jr0ch17
0
150
Finding 5 bugs in a single parameter
jr0ch17
0
110
Beyond the Borders of Scope
jr0ch17
1
92
Bad API, hAPI Hackers!
jr0ch17
0
1.6k
Other Decks in Technology
See All in Technology
Change Calendarで今はOK?を仕組みにする
tommy0124
1
120
「通るまでRe-run」から卒業!落ちないテストを書く勘所
asumikam
2
770
Amazon Qはアマコネで頑張っています〜 Amazon Q in Connectについて〜
yama3133
1
140
開発チームとQAエンジニアの新しい協業モデル -年末調整開発チームで実践する【QAリード施策】-
qa
0
350
Kubernetesの「隠れメモリ消費」によるNode共倒れと、Request適正化という処方箋
g0xu
0
140
GitHub Actions侵害 — 相次ぐ事例を振り返り、次なる脅威に備える
flatt_security
2
2.4k
OpenClawでPM業務を自動化
knishioka
1
230
Phase10_組織浸透_データ活用
overflowinc
0
1.8k
開発チームとQAエンジニアの新しい協業モデル -年末調整開発チームで実践する【QAリード施策】-
kaomi_wombat
0
250
やさしいとこから始めるGitHubリポジトリのセキュリティ
tsubakimoto_s
2
1.8k
私がよく使うMCPサーバー3選と社内で安全に活用する方法
kintotechdev
0
120
Sansanの認証基盤を支えるアーキテクチャとその振り返り
sansantech
PRO
1
100
Featured
See All Featured
Faster Mobile Websites
deanohume
310
31k
Automating Front-end Workflow
addyosmani
1370
200k
So, you think you're a good person
axbom
PRO
2
2k
Fireside Chat
paigeccino
42
3.8k
How to Get Subject Matter Experts Bought In and Actively Contributing to SEO & PR Initiatives.
livdayseo
0
91
Future Trends and Review - Lecture 12 - Web Technologies (1019888BNR)
signer
PRO
0
3.3k
Believing is Seeing
oripsolob
1
96
How STYLIGHT went responsive
nonsquared
100
6k
Raft: Consensus for Rubyists
vanstee
141
7.4k
Everyday Curiosity
cassininazir
0
180
The World Runs on Bad Software
bkeepers
PRO
72
12k
The Illustrated Children's Guide to Kubernetes
chrisshort
51
52k
Transcript
EASM mistakes waiting to happen
GET /whoami HTTP/2 Jasmin Landry JR0ch17 Lead, IT & Security
at Montreal Canadiens fan
GET /agenda HTTP/2 EASM Common mistakes Hacker perspective
GET /EASM HTTP/2 What exactly is EASM? What does it
cover? Why is it important?
GET /common_mistakes HTTP/2 Lack of Change Management Not respecting Least
Privilege Misconfigured WAFs Cloud misconfigs (S3 buckets)
GET /hacker_perspective HTTP/2 • Subdomains • IPs • TLS certificates
• Third-party apps Recon EVERYTHING • Monitor for new assets • Monitor any change Continuous Monitoring
GET /thanks HTTP/2 Thank you for listening Questions? More questions?
DMs are open on and
jr0ch17
tommy0124
asumikam
yama3133
qa
g0xu
flatt_security
knishioka
overflowinc
kaomi_wombat
tsubakimoto_s
kintotechdev
sansantech
deanohume
addyosmani
axbom
paigeccino
livdayseo
signer
oripsolob
nonsquared
vanstee
cassininazir
bkeepers
chrisshort
