Upgrade to Pro — share decks privately, control downloads, hide ads and more …

EASM mistakes waiting to happen

Avatar for JR0ch17 JR0ch17
January 25, 2022
Technology
0
50

EASM mistakes waiting to happen

Avatar for JR0ch17

JR0ch17

January 25, 2022
Tweet

More Decks by JR0ch17

See All by JR0ch17
Traversing my way in the internal network
Avatar for JR0ch17 jr0ch17
0
180
Getting Started in Bug Bounty
Avatar for JR0ch17 jr0ch17
0
160
Getting Blindly Lucky
Avatar for JR0ch17 jr0ch17
0
94
Qu'est-ce que le bug bounty?
Avatar for JR0ch17 jr0ch17
0
150
Finding 5 bugs in a single parameter
Avatar for JR0ch17 jr0ch17
0
110
Beyond the Borders of Scope
Avatar for JR0ch17 jr0ch17
1
92
Bad API, hAPI Hackers!
Avatar for JR0ch17 jr0ch17
0
1.6k

Other Decks in Technology

See All in Technology
マルチロールEMが実践する「組織のレジリエンス」を高めるための組織構造と人材配置戦略
Avatar for coconala_engineer coconala_engineer
3
630
SaaSからAIへの過渡期の中で現在、組織内で起こっている変化 / SaaS to AI Paradigm Shift
Avatar for AEON aeonpeople
0
110
AIファーストを前提とした開発スタイルの変化
Avatar for SoftBank Tech Night sbtechnight
0
180
事例に見るスマートファクトリーへの道筋〜工場データをAI Readyにする実践ステップ〜
Avatar for 濱田孝治 hamadakoji
0
230
マネージャー版 "提案のレベル" を上げる
Avatar for konifar konifar
21
14k
マルチプレーンGPUネットワークを実現するシャッフルアーキテクチャの整理と考察
Avatar for Masayuki Kobayashi markunet
2
170
元エンジニアPdM、IDEが恋しすぎてCursorに全業務を集約したら、スライド作成まで爆速になった話
Avatar for "doiko" chiaki_yamaguchi doiko123
1
480
チームメンバー迷わないIaC設計
Avatar for hayama hayama17
5
4k
メタデータ同期に潜んでいた問題 〜 Cache Stampede 時の Cycle Wait を⾒つけた話
Avatar for LINEヤフーTech (LY Corporation Tech) lycorptech_jp
PRO
0
150
「ストレッチゾーンに挑戦し続ける」ことって難しくないですか? メンバーの持続的成長を支えるEMの環境設計
Avatar for SansanTech sansantech
PRO
3
400
OpenClawで回す組織運営
Avatar for Kazuto Kusama jacopen
3
640
ナレッジワークのご紹介(第88回情報処理学会 )
Avatar for KNOWLEDGE WORK / 株式会社ナレッジワーク kworkdev
PRO
0
110

Featured

See All Featured
Organizational Design Perspectives: An Ontology of Organizational Design Elements
Avatar for Dr. Kim W Petersen kimpetersen
PRO
1
630
Java REST API Framework Comparison - PWX 2021
Avatar for Matt Raible mraible
34
9.2k
Exploring the relationship between traditional SERPs and Gen AI search
Avatar for Ray Grieselhuber raygrieselhuber
PRO
2
3.7k
Marketing to machines
Avatar for Jono Alderson jonoalderson
1
5k
Docker and Python
Avatar for Tania Allard trallard
47
3.8k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
Avatar for panda_program panda_program
122
21k
Why You Should Never Use an ORM
Avatar for John Nunemaker jnunemaker
PRO
61
9.8k
Raft: Consensus for Rubyists
Avatar for Patrick Van Stee vanstee
141
7.3k
The Illustrated Guide to Node.js - THAT Conference 2024
Avatar for David Neal reverentgeek
1
290
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
Avatar for Sam Stephenson sstephenson
162
16k
A designer walks into a library…
Avatar for Paul Jervis Heath pauljervisheath
210
24k
The Straight Up "How To Draw Better" Workshop
Avatar for Dennis Kardys denniskardys
239
140k

Transcript

  1. EASM mistakes waiting to happen

  2. GET /whoami HTTP/2 Jasmin Landry JR0ch17 Lead, IT & Security

    at Montreal Canadiens fan

  3. GET /agenda HTTP/2 EASM Common mistakes Hacker perspective

  4. GET /EASM HTTP/2 What exactly is EASM? What does it

    cover? Why is it important?

  5. GET /common_mistakes HTTP/2 Lack of Change Management Not respecting Least

    Privilege Misconfigured WAFs Cloud misconfigs (S3 buckets)

  6. GET /hacker_perspective HTTP/2 • Subdomains • IPs • TLS certificates

    • Third-party apps Recon EVERYTHING • Monitor for new assets • Monitor any change Continuous Monitoring

  7. GET /thanks HTTP/2 Thank you for listening Questions? More questions?

    DMs are open on and