Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
EASM mistakes waiting to happen
Search
JR0ch17
January 25, 2022
Technology
56
0
Share
EASM mistakes waiting to happen
JR0ch17
January 25, 2022
More Decks by JR0ch17
See All by JR0ch17
Traversing my way in the internal network
jr0ch17
0
190
Getting Started in Bug Bounty
jr0ch17
0
170
Getting Blindly Lucky
jr0ch17
0
100
Qu'est-ce que le bug bounty?
jr0ch17
0
150
Finding 5 bugs in a single parameter
jr0ch17
0
120
Beyond the Borders of Scope
jr0ch17
1
95
Bad API, hAPI Hackers!
jr0ch17
0
1.6k
Other Decks in Technology
See All in Technology
EBS暗号化に失敗してEC2が動かなくなった話
hamaguchimmm
2
200
Keeping Ruby Running on Cygwin
fd0
0
150
最新の脅威動向から考える、コンテナサプライチェーンのリスクと対策
kyohmizu
1
700
Sansan Engineering Unit 紹介資料
sansan33
PRO
1
4.3k
Do Ruby::Box dream of Modular Monolith?
joker1007
1
340
コードや知識を組み込む / Incorporate Code and Knowledge
ks91
PRO
0
150
Master Dataグループ紹介資料
sansan33
PRO
1
4.6k
AI時代 に増える データ活用先
takahal
0
220
QGISプラグイン CMChangeDetector
naokimuroki
1
390
エージェントスキルを作って自分のインプットに役立てよう
tsubakimoto_s
0
320
Oracle AI Database@AWS:サービス概要のご紹介
oracle4engineer
PRO
4
2.3k
Revisiting [CLS] and Patch Token Interaction in Vision Transformers
yu4u
0
360
Featured
See All Featured
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
128
55k
HDC tutorial
michielstock
2
630
Scaling GitHub
holman
464
140k
Building a Modern Day E-commerce SEO Strategy
aleyda
45
9k
Optimizing for Happiness
mojombo
378
71k
A better future with KSS
kneath
240
18k
Principles of Awesome APIs and How to Build Them.
keavy
128
17k
Reflections from 52 weeks, 52 projects
jeffersonlam
356
21k
Marketing to machines
jonoalderson
1
5.2k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
31
2.8k
Building an army of robots
kneath
306
46k
The browser strikes back
jonoalderson
0
970
Transcript
EASM mistakes waiting to happen
GET /whoami HTTP/2 Jasmin Landry JR0ch17 Lead, IT & Security
at Montreal Canadiens fan
GET /agenda HTTP/2 EASM Common mistakes Hacker perspective
GET /EASM HTTP/2 What exactly is EASM? What does it
cover? Why is it important?
GET /common_mistakes HTTP/2 Lack of Change Management Not respecting Least
Privilege Misconfigured WAFs Cloud misconfigs (S3 buckets)
GET /hacker_perspective HTTP/2 • Subdomains • IPs • TLS certificates
• Third-party apps Recon EVERYTHING • Monitor for new assets • Monitor any change Continuous Monitoring
GET /thanks HTTP/2 Thank you for listening Questions? More questions?
DMs are open on and
jr0ch17
hamaguchimmm
fd0
kyohmizu
sansan33
joker1007
ks91
takahal
naokimuroki
tsubakimoto_s
oracle4engineer
yu4u
aki_iinuma
michielstock
holman
aleyda
mojombo
kneath
keavy
jeffersonlam
jonoalderson
marktimemedia
