DAY2 12.20 FRI 10:00 – 10:40

• 
  
  
  

  CyCraft

  Research, Cyber Security Researcher

  Hsieh, Chih-Yu氏

This presentation offers an in-depth analysis of the external attack surfaces of organizations in Taiwan and Japan, leveraging the External Attack Surface Management (EASM) framework.
The study covers various industries, such as technology, finance, and manufacturing, etc., and focuses on identifying and assessing vulnerabilities in critical digital assets like certificates, DNS, email, IP reputation, and network configurations.
By scanning and prioritizing risks, over 18,000 security issues were identified across industries, highlighting common vulnerabilities and inconsistencies in cybersecurity practices.

The study found that a significant percentage of organizations lacked proper SPF, DKIM, or DMARC settings, making them vulnerable to be spoofed.
Additionally, there were widespread issues with misconfigured SSL/TLS settings, further exposing companies to potential threats such as man-in-the-middle attack.
This session will present the key findings, discuss the implications for CSIRT professionals, and offer practical recommendations for improving external attack surface defenses.