Watch a DEF CON 31 conference talk exploring Easy EASM, a zero-cost attack surface management tool designed for organizations to monitor their external-facing assets. Learn how to implement this straightforward solution that originated from bug bounty hunting techniques, requiring minimal setup of just ten lines of code and one-button deployment. Discover how Easy EASM combines multiple open-source tools including Amass, Subfinder, Chaos, Notify, r7 Sonar, eyewitness, and Cloud Certs to perform comprehensive reconnaissance on specified targets. Understand the daily scanning capabilities that alert users through Slack or Discord about newly discovered assets, while also generating Excel-based risk registers and asset databases. Explore both "fast" and "comprehensive" deployment options, with the latter offering additional features like brute force scanning, permutation discovery, screenshots, and technology profiling. Perfect for security professionals seeking an efficient, automated approach to external asset management without the complexity of commercial solutions.
Overview
Syllabus
DEF CON 31 Recon Village - Jason Haddix - Easy EASM The Zero-Dollar Attack Surface Management Tool
Taught by
Recon Village