| SPONSORS |
|---|
What security techniques are you familiar with? (or what security techniques have you used in the past?)
What the "Zero Trust" concept means? How Organizations deal with it?
Codefresh definition: "Zero trust is a security concept that is centered around the idea that organizations should never trust anyone or anything that does not originate from their domains. Organizations seeking zero trust automatically assume that any external services it commissions have security breaches and may leak sensitive information"
Explain Authentication and Authorization
Authentication is the process of identifying whether a service or a person is who they claim to be. Authorization is the process of identifying what level of access the service or the person have (after authentication was done)
How do you manage sensitive information (like passwords) in different tools and platforms?
Explain what is Single Sign-On
SSO (Single Sign-on), is a method of access control that enables a user to log in once and gain access to the resources of multiple software systems without being prompted to log in again.
Explain MFA (Multi-Factor Authentication)
Multi-Factor Authentication (Also known as 2FA). Allows the user to present two pieces of evidence, credentials, when logging into an account.
- The credentials fall into any of these three categories: something you know (like a password or PIN), something you have (like a smart card), or something you are (like your fingerprint). Credentials must come from two different categories to enhance security.
Explain RBAC (Role-based Access Control)
Access control based on user roles (i.e., a collection of access authorizations a user receives based on an explicit or implicit assumption of a given role). Role permissions may be inherited through a role hierarchy and typically reflect the permissions needed to perform defined functions within an organization. A given role may apply to a single individual or to several individuals.
- RBAC mapped to job function, assumes that a person will take on different roles, overtime, within an organization and different responsibilities in relation to IT systems.
What is Nonce?
What is SSH how does it work?
Wikipedia Definition: "SSH or Secure Shell is a cryptographic network protocol for operating network services securely over an unsecured network."
Hostinger.com Definition: "SSH, or Secure Shell, is a remote administration protocol that allows users to control and modify their remote servers over the Internet."
This site explains it in a good way.
What is the role of an SSH key?
What is a three-way handshake?
How do cookies work?
How do sessions work?
Explain how OAuth works.
What is a public key infrastructure flow and how would I diagram it?
Describe the difference between synchronous and asynchronous encryption.
Describe SSL handshake.
How does HMAC work?
Why HMAC is designed in that way?
What is the difference between authentication vs authorization name spaces?
What’s the difference between Diffie-Hellman and RSA?
How does Kerberos work?
If you're going to compress and encrypt a file, which do you do first and why?
How do I authenticate you and know you sent the message?
Should you encrypt all data at rest?
What is Perfect Forward Secrecy?
What are common ports involving security, what are the risks and mitigations?
Which one for DNS?
Describe HTTPs and how it is used.
What is the difference between HTTPS and SSL?
How does threat modeling work?
What is a subnet and how is it useful in security?
What is subnet mask?
Explain what traceroute is.
Draw a network, then expect them to raise an issue and have to figure out where it happened.
Write out a Cisco ASA firewall configuration on the white board to allow three networks unfiltered access, 12 networks limited access to different resources on different networks, and 8 networks to be blocked altogether.
Explain TCP/IP concepts.
What is OSI model?
How does a router differ from a switch?
Describe the Risk Management Framework process and a project where you successfully implemented compliance with RMF.
How does a packet travel between two hosts connected in same network?
Explain the difference between TCP and UDP.
Which is more secure and why?
What is the TCP three way handshake?
What is the difference between IPSEC Phase 1 and Phase 2?
What are biggest AWS security vulnerabilities?
How do web certificates for HTTPS work?
What is the purpose of TLS?
Is ARP UDP or TCP?
Explain what information is added to a packet at each stop of the 7 layer OSI model.
Walk through a whiteboard scenario for your environment of choice (Win/Linux) in which compromising the network is the goal without use of social engineering techniques (phishing for credential harvesting, etc).
Explain how you would build a web site that could secure communications between a client and a server and allow an authorized user to read the communications securely. How does an active directory work?
Do you know how Single Sign-On works?
What is a firewall?
How does it work?
How does it work in cloud computing?
Difference between IPS and IDS?
How do you build a tool to protect the entire Apple infra?
How do you harden a system?
How to you elevate permissions?
Describe the hardening measures you've put on your home network.
What is traceroute? Explain it in details.
How does HTTPS work?
What would do if you discovered an infected host?
What is SYN/ACK and how does it work?
You got the memory dump of a potentially compromised system, how are you going to approach its analysis?
How would you detect a DDOS attack?
How does the kernel know which function to call for the user?
How would you go about reverse-engineering a custom protocol packet?
Differentiate XSS from CSRF.
What do you do if a user brings you a pc that is acting 'weird'? You suspect malware.
What is the difference between tcp dump and FWmonitor?
Do you know what XXE is?
Explain man-in-the-middle attacks.
What is a Server Side Request Forgery attack?
Describe what are egghunters and their use in exploit development.
How is pad lock icon in browser generated?
What is Same Origin Policy and CORS?
Can you explain SOC 2?
What are the five trust criteria?
How is ISO27001 different?
Can you list examples of controls these frameworks require?
What is the difference between Governance, Risk and Compliance?
What does Zero Trust mean?
What is role-based access control (RBAC) and why is it covered by compliance frameworks?
What is the NIST framework and why is it influential?
What is the OSI model?
Explain Symmetrical encryption
A symmetric encryption is any technique where a key is used to both encrypt and decrypt the data/entire communication.
Explain Asymmetrical encryption
A asymmetric encryption is any technique where the there is two different keys that are used for encryption and decryption, these keys are known as public key and private key.
What is "Key Exchange" (or "key establishment") in cryptography?
Wikipedia: "Key exchange (also key establishment) is a method in cryptography by which cryptographic keys are exchanged between two parties, allowing use of a cryptographic algorithm."
True or False? The symmetrical encryption is making use of public and private keys where the private key is used to decrypt the data encrypted with a public key
False. This description fits the asymmetrical encryption.
True or False? The private key can be mathematically computed from a public key
False.
True or False? In the case of SSH, asymmetrical encryption is not used to the entire SSH session
True. It is only used during the key exchange algorithm of symmetric encryption.
What is Hashing?
How hashes are part of SSH?
Hashes used in SSH to verify the authenticity of messages and to verify that nothing tampered with the data received.
Explain the following:
- Vulnerability
- Exploits
- Risk
- Threat
What is XSS?
Cross Site Scripting (XSS) is an type of a attack when the attacker inserts browser executable code within a HTTP response. Now the injected attack is not stored in the web application, it will only affact the users who open the maliciously crafted link or third-party web page. A successful attack allows the attacker to access any cookies, session tokens, or other sensitive information retained by the browser and used with that site
You can test by detecting user-defined variables and how to input them. This includes hidden or non-obvious inputs such as HTTP parameters, POST data, hidden form field values, and predefined radio or selection values. You then analyze each found vector to see if their are potential vulnerabilities, then when found you craft input data with each input vector. Then you test the crafted input and see if it works.
What is an SQL injection? How to manage it?
SQL injection is an attack consists of inserts either a partial or full SQL query through data input from the browser to the web application. When a successful SQL injection happens it will allow the attacker to read sensitive information stored on the database for the web application.
You can test by using a stored procedure, so the application must be sanitize the user input to get rid of the tisk of code injection. If not then the user could enter bad SQL, that will then be executed within the procedure
What is Certification Authority?
How do you identify and manage vulnerabilities?
Explain "Privilege Restriction"
How HTTPS is different from HTTP?
What types of firewalls are there?
What is DDoS attack? How do you deal with it?
What is port scanning? When is it used?
What is the difference between asynchronous and synchronous encryption?
Explain Man-in-the-middle attack
Explain CVE and CVSS
What is ARP Poisoning?
Describe how do you secure public repositories
How do cookies work?
What is DNS Spoofing? How to prevent it?
DNS spoofing occurs when a particular DNS server’s records of “spoofed” or altered maliciously to redirect traffic to the attacker. This redirection of traffic allows the attacker to spread malware, steal data, etc.
Prevention
- Use encrypted data transfer protocols - Using end-to-end encryption vian SSL/TLS will help decrease the chance that a website / its visitors are compromised by DNS spoofing.
- Use DNSSEC - DNSSEC, or Domain Name System Security Extensions, uses digitally signed DNS records to help determine data authenticity.
- Implement DNS spoofing detection mechanisms - it’s important to implement DNS spoofing detection software. Products such as XArp help product against ARP cache poisoning by inspecting the data that comes through before transmitting it.
What can you tell me about Stuxnet?
Stuxnet is a computer worm that was originally aimed at Iran’s nuclear facilities and has since mutated and spread to other industrial and energy-producing facilities. The original Stuxnet malware attack targeted the programmable logic controllers (PLCs) used to automate machine processes. It generated a flurry of media attention after it was discovered in 2010 because it was the first known virus to be capable of crippling hardware and because it appeared to have been created by the U.S. National Security Agency, the CIA, and Israeli intelligence.
What can you tell me about the BootHole vulnerability?
What can you tell me about Spectre?
Spectre is an attack method which allows a hacker to “read over the shoulder” of a program it does not have access to. Using code, the hacker forces the program to pull up its encryption key allowing full access to the program
Explain OAuth
Explain "Format String Vulnerability"
Explain DMZ
Explain TLS
What is CSRF? How to handle CSRF?
Cross-Site Request Forgery (CSRF) is an attack that makes the end user to initate a unwanted action on the web application in which the user has a authenticated session, the attacker may user an email and force the end user to click on the link and that then execute malicious actions. When an CSRF attack is successful it will compromise the end user data
You can use OWASP ZAP to analyze a "request", and if it appears that there no protection against cross-site request forgery when the Security Level is set to 0 (the value of csrf-token is SecurityIsDisabled.) One can use data from this request to prepare a CSRF attack by using OWASP ZAP
Explain HTTP Header Injection vulnerability
HTTP Header Injection vulnerabilities occur when user input is insecurely included within server responses headers. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.
What security sources are you using to keep updated on latest news?
What TCP and UDP vulnerabilities are you familiar with?
Do using VLANs contribute to network security?
What are some examples of security architecture requirements?
What is air-gapped network (or air-gapped environment)? What its advantages and disadvantages?
Explain what is Buffer Overflow
A buffer overflow (or buffer overrun) occurs when the volume of data exceeds the storage capacity of the memory buffer. As a result, the program attempting to write the data to the buffer overwrites adjacent memory locations.
What security measures are you taking when dealing with containers?
Explain what is Docker Bench
Explain MAC flooding attack
MAC address flooding attack (CAM table flooding attack) is a type of network attack where an attacker connected to a switch port floods the switch interface with very large number of Ethernet frames with different fake source MAC address.
What is port flooding?
What is "Diffie-Hellman key exchange" and how does it work?
Explain "Forward Secrecy"
What is Cache Poisoned Denial of Service?
CPDoS or Cache Poisoned Denial of Service. It poisons the CDN cache. By manipulating certain header requests, the attacker forces the origin server to return a Bad Request error which is stored in the CDN’s cache. Thus, every request that comes after the attack will get an error page.