EASM mistakes waiting to happen

January 25, 2022

57

EASM mistakes waiting to happen

JR0ch17

January 25, 2022

More Decks by JR0ch17

See All by JR0ch17

Traversing my way in the internal network

0

190

Getting Started in Bug Bounty

0

170

Getting Blindly Lucky

0

100

Qu'est-ce que le bug bounty?

0

150

Finding 5 bugs in a single parameter

0

120

Beyond the Borders of Scope

1

96

Bad API, hAPI Hackers!

0

1.6k

Other Decks in Technology

See All in Technology

試作とデモンストレーション / Prototyping and Demonstrations

PRO

0

200

（きっとたぶん）人材育成や教育のような何かの話

0

710

セキュリティ対策、何からはじめる？ CloudNative環境の脅威モデリングとリスク評価実践入門 #cloudnativekaigi

5

800

なぜ、私がCommunity Builderに?〜活動期間1か月半でも選出されたワケ〜

0

120

Oracle AI Database@Google Cloud：サービス概要のご紹介

oracle4engineer

PRO

6

1.4k

AI対話分析の夢と、汚いデータの現実 Looker / Dataplex / Dataform で実現する品質ファーストな基盤設計

0

420

「背中を見て育て」からの卒業〜専門技術としてのテスト設計を軸に、品質保証のバトンを繋ぐ〜 #genda_tech_talk

PRO

3

1.3k

Swift Sequence の便利 API 再発見

1

260

鹿野さんに聞く！CSSの最新トレンド Ver.2026

tonkotsuboy_com

6

2.9k

要件定義の精度を高めるための型と生成AIの活用 / Using Types and Generative AI to Improve the Accuracy of Requirements Definition

0

320

大学職員のための生成AI最前線：最前線を、AIガバナンスとして読み直すためのTips

2

4k

「QA＝テスト」「シフトレフト＝スクラムイベントの参加者の一員」の呪縛を解く。アジャイルな開発を止めないために、10Xで挑んだ「右側のしわ寄せ」解消記 #scrumniigata

PRO

5

1.1k

Featured

See All Featured

Introduction to Domain-Driven Design and Collaborative software design

1

780

What does AI have to do with Human Rights?

PRO

1

2.1k

Performance Is Good for Brains [We Love Speed 2024]

12

1.6k

Max Prin - Stacking Signals: How International SEO Comes Together (And Falls Apart)

PRO

0

160

Agile Leadership in an Agile Organization

PRO

0

150

The Director’s Chair: Orchestrating AI for Truly Effective Learning

1

160

エンジニアに許された特別な時間の終わり

106

240k

実際に使うSQLの書き方徹底解説 / pgcon21j-tutorial

PRO

199

73k

The Language of Interfaces

162

26k

How to Create Impact in a Changing Tech Landscape [PerfNow 2023]

55

3.3k

Applied NLP in the Age of Generative AI

PRO

4

2.2k

Building Applications with DynamoDB

96

7k

Transcript

EASM mistakes waiting to happen
GET /whoami HTTP/2 Jasmin Landry JR0ch17 Lead, IT & Security
at Montreal Canadiens fan
GET /agenda HTTP/2 EASM Common mistakes Hacker perspective
GET /EASM HTTP/2 What exactly is EASM? What does it
cover? Why is it important?
GET /common_mistakes HTTP/2 Lack of Change Management Not respecting Least
Privilege Misconfigured WAFs Cloud misconfigs (S3 buckets)
GET /hacker_perspective HTTP/2 • Subdomains • IPs • TLS certificates
• Third-party apps Recon EVERYTHING • Monitor for new assets • Monitor any change Continuous Monitoring
GET /thanks HTTP/2 Thank you for listening Questions? More questions?
DMs are open on and