OwlTail

Cover image of Shawn Moyer

Shawn Moyer

6 Podcast Episodes

Latest 6 Nov 2021 | Updated Daily

Weekly hand curated podcast episodes for learning

Episode artwork

Shawn Moyer: Owning the C-suite: Corporate Warfare as a Social Engineering Problem

Black Hat Briefings, Las Vegas 2005 [Audio] Presentations from the security conference

Let's face it, you ROCK at building InfoSec tech, but you SUCK at corporate warfare. Sooner or later, you WILL have to sit in a boardroom with the suits and justify your existence. If you approach your own survival and that of your security team's as a Social Engineering problem, it can not only work for you, but it can be FUN. Don't let them own you, own THEM. Shawn Moyer is a Lead Security Product Manager for InfoSec for one of the US's largest finance companies. He has lots of three and four letter acronyms after his name, and has led InfoSec teams at startups and smaller companies in the past. He has spent much of his career getting people who hate security to love it, and finding ways to get non-geeky people to see why they need geeks. He has been attending BH and DC for quite a few years, but has managed to keep his mouth shut until now.

18mins

4 Jun 2006

Episode artwork

Shawn Moyer: Owning the C-suite: Corporate Warfare as a Social Engineering Problem

Black Hat Briefings, Las Vegas 2005 [Video] Presentations from the security conference

Let's face it, you ROCK at building InfoSec tech, but you SUCK at corporate warfare. Sooner or later, you WILL have to sit in a boardroom with the suits and justify your existence. If you approach your own survival and that of your security team's as a Social Engineering problem, it can not only work for you, but it can be FUN. Don't let them own you, own THEM. Shawn Moyer is a Lead Security Product Manager for InfoSec for one of the US's largest finance companies. He has lots of three and four letter acronyms after his name, and has led InfoSec teams at startups and smaller companies in the past. He has spent much of his career getting people who hate security to love it, and finding ways to get non-geeky people to see why they need geeks. He has been attending BH and DC for quite a few years, but has managed to keep his mouth shut until now.

18mins

4 Jun 2006

Similar People

Episode artwork

Shawn Moyer: Defending Black Box Web Applications: Building an Open Source Web Security Gateway

Black Hat Briefings, Las Vegas 2006 [Audio] Presentations from the security conference

"Web apps continue to be the soft, white underbelly of most corporate IT environments. While the optimal path is to fix your code, it's not always an option, especially for closed-source, black-box web apps or apps hosted on servers that you can't harden directly. If you have an app in your data center that your CIO thinks is the greatest thing since Microsoft Golf, but is really the HTTP equivalent of a big flashing "own me" sign, this talk is for you. We'll walk through the process of configuring a caching, content filtering / scanning (POST/GET/header/HTML/XHTML/XML) and traffic sanitizing / rewriting front end HTTP gateway that also tries to frustrate web scans and HTTP fingerprinting. I'm releasing some build scripts to do most of the heavy lifting as well."

24mins

4 Jun 2006

Episode artwork

Shawn Moyer: Defending Black Box Web Applications: Building an Open Source Web Security Gateway

Black Hat Briefings, Las Vegas 2006 [Video] Presentations from the security conference

Web apps continue to be the soft, white underbelly of most corporate IT environments. While the optimal path is to fix your code, it's not always an option, especially for closed-source, black-box web apps or apps hosted on servers that you can't harden directly. If you have an app in your data center that your CIO thinks is the greatest thing since Microsoft Golf, but is really the HTTP equivalent of a big flashing "own me" sign, this talk is for you. We'll walk through the process of configuring a caching, content filtering / scanning (POST/GET/header/HTML/XHTML/XML) and traffic sanitizing / rewriting front end HTTP gateway that also tries to frustrate web scans and HTTP fingerprinting. I'm releasing some build scripts to do most of the heavy lifting as well."

24mins

4 Jun 2006

Most Popular

Episode artwork

Shawn Moyer: (un)Smashing the Stack: Overflows, Countermeasures, and the Real World

Black Hat Briefings, USA 2007 [Audio] Presentations from the security conference.

As of today, Vista, XP, 2K03, OS X, every major Linux distro, and each of the BSD's either contain some facet of (stack|buffer|heap) protection, or have one available that's relatively trivial to implement/enable. So, this should mean the end of memory corruption-based attacks as we know it, right? Sorry, thanks for playing. The fact remains that many (though not all) implementations are incomplete at best, and at worst are simply bullet points in marketing documents that provide a false sense of safety. This talk will cover the current state of software and hardware based memory corruption mitigation techniques today, and demystify the myriad of approaches available, with a history of how they've been proven, or disproved. Our focus will be on building defense-in-depth, with some real-world examples of what works, what doesn't, and why. As an attendee, you should come away with a better understanding of how to protect yourself and your boxes, with some tools to (hopefully) widen the gap between what's vulnerable and what's exploitable.

59mins

9 Jan 2006

Episode artwork

Shawn Moyer: (un)Smashing the Stack: Overflows, Countermeasures, and the Real World

Black Hat Briefings, USA 2007 [Video] Presentations from the security conference.

As of today, Vista, XP, 2K03, OS X, every major Linux distro, and each of the BSD's either contain some facet of (stack|buffer|heap) protection, or have one available that's relatively trivial to implement/enable. So, this should mean the end of memory corruption-based attacks as we know it, right? Sorry, thanks for playing. The fact remains that many (though not all) implementations are incomplete at best, and at worst are simply bullet points in marketing documents that provide a false sense of safety. This talk will cover the current state of software and hardware based memory corruption mitigation techniques today, and demystify the myriad of approaches available, with a history of how they've been proven, or disproved. Our focus will be on building defense-in-depth, with some real-world examples of what works, what doesn't, and why. As an attendee, you should come away with a better understanding of how to protect yourself and your boxes, with some tools to (hopefully) widen the gap between what's vulnerable and what's exploitable.

59mins

9 Jan 2006