Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
EASM mistakes waiting to happen
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
JR0ch17
January 25, 2022
Technology
59
0
Share
EASM mistakes waiting to happen
JR0ch17
January 25, 2022
More Decks by JR0ch17
See All by JR0ch17
Traversing my way in the internal network
jr0ch17
0
190
Getting Started in Bug Bounty
jr0ch17
0
170
Getting Blindly Lucky
jr0ch17
0
100
Qu'est-ce que le bug bounty?
jr0ch17
0
160
Finding 5 bugs in a single parameter
jr0ch17
0
120
Beyond the Borders of Scope
jr0ch17
1
99
Bad API, hAPI Hackers!
jr0ch17
0
1.6k
Other Decks in Technology
See All in Technology
個人AIからチームAIへ:開発における品質と生産性の再設計
moongift
PRO
0
320
Sony_KMP_Journey_KotlinConf2026
sony
1
180
React、まだ楽しくて草
uhyo
7
1.4k
もりもり新機能を一挙紹介! AgentCoreに入門して、AWS上にAIエージェントを構築しよう
minorun365
PRO
5
350
さきさん文庫の書籍ができるまで
sakiengineer
0
320
AI Adaptable なテストを整える工夫 / Ways to Make Your Tests AI-Adaptable
bitkey
PRO
2
190
Spring AI × MCP 入門〜AIエージェントへのツール公開、境界設計から始める最小構成 〜
yuyamiyamoto
0
190
なぜハノーバーメッセに行くべきなのか 〜初参加だから語れること〜
tanakaseiya
0
190
Oracle AI Database@Google Cloud:サービス概要のご紹介
oracle4engineer
PRO
6
1.5k
大規模災害時でも高い信頼性を維持するアプリケーション基盤の実現/nikkei-tech-talk46
nikkei_engineer_recruiting
0
120
組織の中で自分を経営する技術
shoota
0
230
Unlocking the Apps
pimterry
0
130
Featured
See All Featured
Principles of Awesome APIs and How to Build Them.
keavy
128
17k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
17k
Applied NLP in the Age of Generative AI
inesmontani
PRO
4
2.3k
The Spectacular Lies of Maps
axbom
PRO
1
770
HDC tutorial
michielstock
2
680
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
128
55k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
10
1.2k
ラッコキーワード サービス紹介資料
rakko
1
3.5M
How GitHub (no longer) Works
holman
316
150k
Collaborative Software Design: How to facilitate domain modelling decisions
baasie
1
230
The Curious Case for Waylosing
cassininazir
1
360
Amusing Abliteration
ianozsvald
1
190
Transcript
EASM mistakes waiting to happen
GET /whoami HTTP/2 Jasmin Landry JR0ch17 Lead, IT & Security
at Montreal Canadiens fan
GET /agenda HTTP/2 EASM Common mistakes Hacker perspective
GET /EASM HTTP/2 What exactly is EASM? What does it
cover? Why is it important?
GET /common_mistakes HTTP/2 Lack of Change Management Not respecting Least
Privilege Misconfigured WAFs Cloud misconfigs (S3 buckets)
GET /hacker_perspective HTTP/2 • Subdomains • IPs • TLS certificates
• Third-party apps Recon EVERYTHING • Monitor for new assets • Monitor any change Continuous Monitoring
GET /thanks HTTP/2 Thank you for listening Questions? More questions?
DMs are open on and
jr0ch17
moongift
sony
uhyo
minorun365
sakiengineer
bitkey
yuyamiyamoto
tanakaseiya
oracle4engineer
nikkei_engineer_recruiting
shoota
pimterry
keavy
afnizarnur
inesmontani
axbom
michielstock
aki_iinuma
addyosmani
rakko
holman
baasie
cassininazir
ianozsvald
