Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
EASM mistakes waiting to happen
Search
JR0ch17
January 25, 2022
Technology
0
45
EASM mistakes waiting to happen
JR0ch17
January 25, 2022
Tweet
Share
More Decks by JR0ch17
See All by JR0ch17
Traversing my way in the internal network
jr0ch17
0
150
Getting Started in Bug Bounty
jr0ch17
0
130
Getting Blindly Lucky
jr0ch17
0
81
Qu'est-ce que le bug bounty?
jr0ch17
0
130
Finding 5 bugs in a single parameter
jr0ch17
0
92
Beyond the Borders of Scope
jr0ch17
0
76
Bad API, hAPI Hackers!
jr0ch17
0
1.6k
Other Decks in Technology
See All in Technology
MS Ignite 2025で発表されたFoundry IQをRecap
satodayo
3
230
Sansan Engineering Unit 紹介資料
sansan33
PRO
1
3.3k
セキュリティAIエージェントの現在と未来 / PSS #2 Takumi Session
flatt_security
3
1.4k
オープンデータの内製化から分かったGISデータを巡る行政の課題
naokim84
2
1.3k
Ryzen NPUにおけるAI Engineプログラミング
anjn
0
210
ページの可視領域を算出する方法について整理する
yamatai1212
0
160
How native lazy objects will change Doctrine and Symfony forever
beberlei
1
380
Docker, Infraestructuras seguras y Hardening
josejuansanchez
0
150
Master Dataグループ紹介資料
sansan33
PRO
1
4k
なぜフロントエンド技術を追うのか?なぜカンファレンスに参加するのか?
sakito
9
1.9k
Introduction to Sansan for Engineers / エンジニア向け会社紹介
sansan33
PRO
5
48k
freeeにおけるファンクションを超えた一気通貫でのAI活用
jaxx2104
3
600
Featured
See All Featured
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
tammyeverts
10
700
Writing Fast Ruby
sferik
630
62k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
140
34k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
31
3k
GraphQLとの向き合い方2022年版
quramy
50
14k
KATA
mclloyd
PRO
32
15k
The World Runs on Bad Software
bkeepers
PRO
72
12k
Code Review Best Practice
trishagee
73
19k
[RailsConf 2023] Rails as a piece of cake
palkan
58
6.1k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
9
1.1k
jQuery: Nuts, Bolts and Bling
dougneiner
65
8.1k
Speed Design
sergeychernyshev
33
1.4k
Transcript
EASM mistakes waiting to happen
GET /whoami HTTP/2 Jasmin Landry JR0ch17 Lead, IT & Security
at Montreal Canadiens fan
GET /agenda HTTP/2 EASM Common mistakes Hacker perspective
GET /EASM HTTP/2 What exactly is EASM? What does it
cover? Why is it important?
GET /common_mistakes HTTP/2 Lack of Change Management Not respecting Least
Privilege Misconfigured WAFs Cloud misconfigs (S3 buckets)
GET /hacker_perspective HTTP/2 • Subdomains • IPs • TLS certificates
• Third-party apps Recon EVERYTHING • Monitor for new assets • Monitor any change Continuous Monitoring
GET /thanks HTTP/2 Thank you for listening Questions? More questions?
DMs are open on and
jr0ch17
satodayo
sansan33
flatt_security
naokim84
anjn
yamatai1212
beberlei
josejuansanchez
sakito
jaxx2104
tammyeverts
sferik
eileencodes
danielanewman
quramy
mclloyd
bkeepers
trishagee
palkan
irinanazarova
dougneiner
sergeychernyshev
