Namish namishelex01

## Security Engineer - Interview Questions.md

      
              1 file
            
          
              27 forks
            
          
              2 comments
            
          
              69 stars
            
          
                namishelex01
                / Security Engineer - Interview Questions.md
            
            
              Last active
              February 28, 2024 03:47
            
              
                Cyber security engineer, Security Engineer, Security Analyst, Information Security Analyst and many more names
              
          
    Core Information Security


What is information security and how is it achieved?


What are the core principles of information security?


What is the CIA triangle?


What is non-repudiation (as it applies to IT security)?


## cissp_notes.md

      
              1 file
            
          
              6 forks
            
          
              0 comments
            
          
              3 stars
            
          
                namishelex01
                / cissp_notes.md
            
            
              Created
              July 3, 2018 12:52
                — forked from penafieljlm/cissp_notes.md
            
              
                Personal CISSP Study Notes
              
          
    CISSP Notes

CIA Triad


Confidentiality

Resources should be protected from unauthorized access
Prioritized by governments
Concepts

Sensitivity

How harmful is disclosure


Discretion


## Mona Py Cheat sheet
Main Project Page -> github.com/corelan/mona

Download the file and save it to this typical location ->
C:\Program Files\Immunity Inc\Immunity Debugger\PyCommands

BASIC USAGE :
!mona in the input box and press enter
For more information = Open log window (ALT-L)

For Help options ->

## g2
import socket
import ipaddress
import json
import time

def save_results(results):
    with open("last_scan_results.json", "w") as file:
        json.dump(results, file)

def load_results():

## Scenario-based Interview Questions
What are the consequences if private keys of a Root CA gets compromised?
If you have rogue certificates of a well-known company, as an attacker, how can you use it for you own benefit?
As a security threat analyst, what will be your approach to respond to this incident? Securing Infra, servers and people!
> https://darknetdiaries.com/transcript/3/

How would you check the signature of a binary and restrict any unsigned binaries to run on a machine(Win/Linux/Mac)
> https://docs.microsoft.com/en-us/windows/win32/seccrypto/using-signtool-to-verify-a-file-signature
> (Rogue) https://blog.rapid7.com/2019/01/03/santas-elfs-running-linux-executables-without-execve/

How can I restrict the normal user to run only limited set of commands in Linux?

## xss-owasp-cheatsheet
#
# https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
# based on the RSnake original http://ha.ckers.org/xss.html
# Retrieved on 2013-11-20
# Much of this wildly obsolete
#

# XSS Locator 2
'';!--"<XSS>=&{()}

## Linux Abuse - I
Enumeration is the key.
(Linux) privilege escalation is all about:
Collect - Enumeration, more enumeration and some more enumeration.
Process - Sort through data, analyse and prioritisation.
Search - Know what to search for and where to find the exploit code.
Adapt - Customize the exploit, so it fits. Not every exploit work for every system "out of the box".
Try - Get ready for (lots of) trial and error.

 Operating System
What's the distribution type? What version?

## NMap
~~~~~Port Scanning~~~~~


| Discovery scans |
-sP   -   Ping           | -sW  -  Window Scan   |
-sL   -   List/DNS Scan  | -sA  -  ACK Scan      |
-sO   -   Protocol Scan  | -sR  -  RPC Scan      |
-sV   -   Verify***      | -sI  -  Idle Scan     |
-sU   -   UDP Scan***    | -sV  -  Version Scan  |

## Network-based Attacks
CAM table Poisoning
Content Addressable Memory table poisoning attack on network switches.
This attack intends to corrupt the entries in the switch's CAM table so that the network traffic will be directed, causing a DoS attack attack situation

ARP Cache Poisoning-Based MiM
Introducing a spurious IP address to MAC address mapping in another host's ARP cache.

Abnormal ARP Traffic Detection


## MITRE ATT&CK - Enterprise
-------------------------------------
INITIAL ACCESS
-------------------------------------

$ Drive-by Compromise
A drive-by compromise is when an adversary gains access to a system through a user visiting a website over the normal course of browsing.
Multiple ways of delivering exploit code to a browser exist, including:
    > A legitimate website injected with JavaScript, iFrames, XSS.
    > Malicious ads
    > Built-in web application interfaces (e.g. forum posts, comments, and other user controllable web content)
	Main Project Page -> github.com/corelan/mona

	Download the file and save it to this typical location ->
	C:\Program Files\Immunity Inc\Immunity Debugger\PyCommands

	BASIC USAGE :
	!mona in the input box and press enter
	For more information = Open log window (ALT-L)

	For Help options ->
	import socket
	import ipaddress
	import json
	import time

	def save_results(results):
	with open("last_scan_results.json", "w") as file:
	json.dump(results, file)

	def load_results():
	What are the consequences if private keys of a Root CA gets compromised?
	If you have rogue certificates of a well-known company, as an attacker, how can you use it for you own benefit?
	As a security threat analyst, what will be your approach to respond to this incident? Securing Infra, servers and people!
	> https://darknetdiaries.com/transcript/3/

	How would you check the signature of a binary and restrict any unsigned binaries to run on a machine(Win/Linux/Mac)
	> https://docs.microsoft.com/en-us/windows/win32/seccrypto/using-signtool-to-verify-a-file-signature
	> (Rogue) https://blog.rapid7.com/2019/01/03/santas-elfs-running-linux-executables-without-execve/

	How can I restrict the normal user to run only limited set of commands in Linux?
	#
	# https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
	# based on the RSnake original http://ha.ckers.org/xss.html
	# Retrieved on 2013-11-20
	# Much of this wildly obsolete
	#

	# XSS Locator 2
	'';!--"<XSS>=&{()}
	Enumeration is the key.
	(Linux) privilege escalation is all about:
	Collect - Enumeration, more enumeration and some more enumeration.
	Process - Sort through data, analyse and prioritisation.
	Search - Know what to search for and where to find the exploit code.
	Adapt - Customize the exploit, so it fits. Not every exploit work for every system "out of the box".
	Try - Get ready for (lots of) trial and error.

	Operating System
	What's the distribution type? What version?
	~~~~~Port Scanning~~~~~


	\| Discovery scans \|
	-sP - Ping \| -sW - Window Scan \|
	-sL - List/DNS Scan \| -sA - ACK Scan \|
	-sO - Protocol Scan \| -sR - RPC Scan \|
	-sV - Verify*** \| -sI - Idle Scan \|
	-sU - UDP Scan*** \| -sV - Version Scan \|
	CAM table Poisoning
	Content Addressable Memory table poisoning attack on network switches.
	This attack intends to corrupt the entries in the switch's CAM table so that the network traffic will be directed, causing a DoS attack attack situation

	ARP Cache Poisoning-Based MiM
	Introducing a spurious IP address to MAC address mapping in another host's ARP cache.

	Abnormal ARP Traffic Detection
	-------------------------------------
	INITIAL ACCESS
	-------------------------------------

	$ Drive-by Compromise
	A drive-by compromise is when an adversary gains access to a system through a user visiting a website over the normal course of browsing.
	Multiple ways of delivering exploit code to a browser exist, including:
	> A legitimate website injected with JavaScript, iFrames, XSS.
	> Malicious ads
	> Built-in web application interfaces (e.g. forum posts, comments, and other user controllable web content)