The following are the interview questions involved in various directions of information security/network security. The higher the number of stars, the greater the probability of problems appearing. I wish you all can find a satisfactory job~
Note: The goal of making this list is not very comprehensive, because it is impossible to cover all the interview questions anyway, and more people still hope to reach the surface from the point of view, check for omissions and fill in the gaps.
TODO LIST
-
penetration testing
-
web security
-
PHP security
-
java security
-
Linux-related
-
Windows-related
-
Intranet penetration
-
Security R&D
-
Party A's safe operation
penetration testing
How to bypass the CDN to find the real IP, please list five methods (★★★)
How to use redis unauthorized access, what are the prerequisites for using it? (★★★)
What are the methods of mysql privilege escalation? What are the conditions for use? (★)
windows+mysql, there is sql injection, but the machine has no external network permissions, can it be exploited? (★)
What are the commonly used methods of information collection? Apart from common methods such as path scanning and sub-domain name blasting, are there any wretched ways to collect enterprise information? (★★)
What is the difference between SRC mining and penetration testing? For these two different goals, what will be the difference in the implementation process (★★)
How to store xss in a pure intranet environment? (★★)
In mssql, assuming sa authority, how to execute system commands without xp_cmdshell (★★)
Assuming that a website has waf, how to bypass it without considering the positive bypass (discuss cloud waf/physical waf according to the situation) (★)
web security
Tell me about the digging experience (or CTF experience) that you think is interesting (★★★)
Causes and defense measures of CSRF (how to solve it without token) (★)
Causes and defense measures of SSRF (★★)
How SSRF detects non-HTTP protocols (★)
Briefly describe the bypass method of SSRF (★★)
Briefly describe the bypassing principle and repair method of DNSRebind in SSRF (★)
Introduce the causes of SQL injection vulnerabilities and how to prevent them? What are the injection methods? In addition to dragging and pulling database data, what are the other ways to use it? (★★)
How to write a shell through sql injection, what are the prerequisites for writing a shell? (★★)
Introduce the types of XSS vulnerabilities, what is the difference between dom type XSS and reflected XSS? (★★)
How to prevent XSS vulnerabilities, how to do it on the front end, how to do it on the back end, where is better, why? (★★)
Tell me about the logical loopholes that may be involved in retrieving the password (★)
Assuming that you are a security engineer of Party A, how should you reduce the occurrence rate of logic vulnerabilities? (★★)
What problems may occur during the oauth authentication process, and what kind of loopholes may result? (★)
How to use and configure CSP, and what are the ways to bypass CSP (★★)
It is known that there is LFI (Local File Inclusion) on a website, but no files can be uploaded, what are the ways to use it for this situation? (★★)
Briefly describe the principle of XXE vulnerability, what malicious use can XXE make against PHP and JAVA? (★★)
PHP security
How to use the phar:// pseudo-protocol to trigger deserialization in PHP, what are the usage scenarios and prerequisites? (★★)
How to bypass the limitation of disable_function in php.ini, what methods are there, which method has the highest success rate, and why? (★★★)
What is the principle of %00 truncation in file upload, and how did the official design the repair solution? (★★)
Implement a one-sentence webshell, what are the ways to bypass RASP, what are the ways to bypass machine learning detection, and what are the ways to bypass AST-Tree (★★)
What are the attack scenarios of the PHP pseudo-protocol? (★★)
What are the attack surfaces of the mail function? (★)
How to construct a webshell without numbers and characters, what is the principle, and what security problems will such features cause? (★)
JAVA security
What is ClassLoader? What is the prerequisite for loading a custom ClassLoader? (★)
Let me briefly talk about the utilization chain of CommonCollections1. What are the restrictions of the utilization chain? (★★)
What is the difference between fastjson deserialization and ordinary deserialization vulnerabilities? (★★)
What are the ways to realize the memory horse in tomcat? Is there a way to realize the memory horse that will not disappear after restarting? (★)
How does the one-way code execution chain realize the execution of multiple statements, such as CommonCollections1 (★)
Please briefly describe the principle of the Shiro deserialization vulnerability. What is the reason why the common-collections exploit chain in ysoerial cannot be used? (★)
Security research and development related
Briefly introduce your commonly used scanners and their implementation features (★★)
If you are asked to design a HIDS, how should you design it(★)
Introduce iterators, generators, decorators in Python (★)
Introduce your commonly used python library (★)
Talk about the characteristics and principles of celery (★)
A brief introduction to GIL locks in Python and how to break the restrictions of GIL locks (★★)
masscan claims to be the fastest scanner in the world, what is the reason for it being so fast, and how to implement a masscan of your own? (★★)
Briefly describe the difference between coroutines, threads, and processes (★★)
Linux-related
Briefly describe the concept of a daemon process, how to generate a daemon process? (★)
What are the security operation and maintenance operations of Linux servers? How to secure SSH? (★★)
What logs do I need to clear after hacking a Linux server? (★★)
Common commands for reverse shell? Which kind of shell usually rebounds? Why? (★★★)
From the host level, how to monitor the rebound shell (★★★)
What are the types of Rootkits, and how to protect and detect different types of Rootkits (★★)
Account A has created a folder adir with a permission of 766. In this folder is the file password.txt of account B, and the permission is 700 of account B. Can account B read the content of the adir/password.txt file (★ )
What is the principle of the ssh soft link backdoor, and can other backdoors be constructed through this principle? (★)
What is the principle of fork in Linux? Will the child process copy the resource status of the parent process? (★★)
What are the ways to implement HOOK at the R3 layer, and what are the HOOK at the R0 layer? (★)
How to accurately implement application identification under Linux, such as identifying nginx mysql, etc. (★)
Assuming that a Linux machine has command auditing (the method is unknown), what are the possible bypass methods? (★★)
What are the common ways to escalate privileges in Linux? (★★)
Intranet penetration
What is the underlying implementation principle of psexec? (★)
Which module has been repaired in the SSP interface to prevent the malicious use of mimikatz, and how is it repaired? (★★)
Which port is the intranet KDC server open on, and what are the attacks against kerbores? (★★★)
In win10 or winserver2012, if you need to use mimikatz, how to use it, how to get NTLM without restarting the machine after modifying the registry? (★★)
How to query the machine corresponding to the employee in the domain? (★)
How to query the trust relationship between domains? (★)
What are the common ports opened by the domain controller? (★)
The ntlm protocol authentication process in the windows intranet (★★★)
What are the online methods in cobalt strike, what are the principles of each, and how to bypass the monitoring if necessary? (★★)
In lateral penetration, how does wmic construct command execution with echo? (★★)
In Windows emergency response, which security log IDs need to be checked and which attack and defense scenarios correspond to them? If the Windows host is a domain controller, which event logs should be checked? (★★★)
What is the difference between a golden ticket and a sliver ticket? (★★★)
In the case of non-domain hosts, how to quickly discover domain hosts? (★★)
The principle of mimikatz, which patch makes mimikatz unusable, and how to bypass it? (★★)
What are the attack scenarios of NTLM relay, and what are the restrictions on using NTLM relay? (★)
other security related
RSA encryption and decryption process (★)
How HTTPS is implemented (★★)
How to protect the carrier's DNS hijacking/link hijacking(★★)
How to prevent wool party? (★)
A 0day with a wide range of influence has been exposed. As a security engineer of Party A, how should we deal with it (★★)
In addition, in order to better help you get a high-paying job, today I have sorted out three network security engineer interview questions for you. There are a total of 260 real interview questions. offer! Those who need it can click to get it
91 Cyber Security Interview Questions
-
What is SQL injection attack
-
What is an XSS attack
-
What is a CSRF attack
-
What is a file upload vulnerability
-
DDos attack
-
Distribution map of important agreements
-
How the arp protocol works
-
What is RARP? How it works
-
What is dns? How dns works
-
What is the rip protocol? How does rip work
-
Disadvantages of RIPs
-
OSPF protocol? How does OSPF work?
-
Summary of the difference between TCP and UDP?
-
What is three-way handshake and four-way handshake? Why does tcp need three-way handshake?
-
The difference between GET and POST
-
The difference between cookies and sessions
-
How does session work? 1
-
A complete HTTP request process
-
The difference between HTTPS and HTTP
-
What are the seven layers of the OSI model?
-
The difference between http long connection and short connection
-
How does TCP ensure reliable transmission?
-
What are the common status codes?
-
What is SSL? How does https ensure the security of data transmission (how does SSL work to ensure security)
-
How to ensure that the public key is not tampered with?
-
PHP burst absolute path method?
-
What are your commonly used penetration tools, and which one is the most commonly used?
-
The use of xss blind typing to the intranet server
-
Spear Attacks and Watering Hole Attacks
-
What is virtual machine escape?
-
Man in the middle attack?
-
TCP three-way handshake process?
-
Seven-story model?
-
Understanding of cloud security
-
Know about websockets?
-
What is DDOS? What are they? What is CC attack? What is the difference?
-
What is land attack?
-
How will you conduct information collection?
-
What is CRLF injection attack?
-
To prevent XSS, two angles at the front end and back end?
-
How to protect the security of a port?
-
Webshell detection ideas?
-
What is GPC? How to bypass it?
-
What are the commonly used encryption algorithms for the web?
-
What else can XSS do besides get cookies?
-
Carrier (or other) network hijacking
-
What is DNS spoofing
-
Emergency response to network security incidents
-
Internal Security
-
Before the business goes online, how to test and from which angles to test
-
The application has a vulnerability, but it cannot be repaired and disabled, what should you do?
-
How to protect against CSRF?
-
File upload bypass method?
-
Verification code related utilization points
-
cookie you test what content
-
Name a few types of business logic vulnerabilities?
-
Profile file contains vulnerability
-
What are the examples of business logic loopholes and arbitrary password resets by users, and what factors cause them?
-
During the penetration test, I found a function that can only upload zip files. What are the possible ideas?
-
Why is the aspx Trojan horse authority greater than asp?
-
What are some ideas for having only one login page?
-
Which of the request headers are harmful?
-
Talk about the difference between horizontal/vertical/unauthorized unauthorized access?
-
What is xss? The harm and principle of executing stored xss
-
The host is suspected of being compromised, where to check the logs
-
Python commonly used standard library
-
What might go wrong during the oauth authentication process, leading to what kind of loopholes?
-
How to obtain real IP for a website with CDN
-
How to achieve cross-domain?
-
What is the difference between jsonp cross-domain and CORS cross-domain?
-
Algorithms? Know what sorting?
-
SSRF exploit?
-
Common backdoor methods?
-
Open basedir access directory restriction bypass method?
-
Problem-prone points in PHP code audit?
-
The scene and posture of the red and blue against the middle and blue team against the red team?
-
Linux scheduled tasks, what would hackers do to hide their scheduled tasks?
-
How many common getshell methods are Redis unauthorized?
-
Attack method of JWT? (header, payload, signature)
-
Vulnerabilities in JAVA middleware, give a few examples?
-
What vulnerabilities can DNS takeout be used for?
-
Summary of middleware vulnerabilities?
-
Talk about the ideas of Windows system and Linux system to escalate rights?
-
What frameworks does python have, and what vulnerabilities have appeared in them
-
Differences between Mini Program Penetration and Common Penetration
-
The four major components of the vulnerability test of the app itself
-
IDS/IPS protection principle and bypass ideas
-
The use of json's csrf
-
What vulnerabilities can be detected by data packets in json format
-
Intranet server, how to collect information?
-
If a certain machine in the boundary layer of the intranet is taken down, how to detect others on the intranet?
83 Tianrongxin network security interview questions and answers
-
Protect against common web attacks
-
Important protocol distribution layer
-
How the arp protocol works
-
What is the rip protocol? How rips work
-
What are RARPs? working principle
-
OSPF protocol? How OSPF works
-
Summary of differences between TCP and UDP
-
What is a three-way handshake and four-way wave?
-
Why does tcp need a three-way handshake?
-
A complete HTTP request process
-
The difference between cookies and sessions
-
The difference between GET and POST
-
The difference between HTTPS and HTTP
-
How does session work?
-
The difference between http long connection and short connection
-
What are the seven layers of the OSI model?
-
How does session work? What is TCP sticky packet/unpacket? cause? solution
-
How does TCP guarantee reliable transmission?
-
Difference between URI and URL
-
What is SSL?
-
How does https ensure the security of data transmission (
-
How SSL works for security)
-
Application layer protocol corresponding to TCP, application layer protocol corresponding to UDP
-
What are the common status codes?
-
Get a station to be tested, what do you think should be done first
-
Mysql website injection, what is the difference between 5.0 and below 5.0
-
During the infiltration process, what is the value to us of collecting the email address of the target station registrant?
-
Judging the significance of the website's CMS for penetration
-
Which versions of containers are currently known to have parsing vulnerabilities, specific examples
-
Found demo.jsp?uid=110 injection point, what kind of ideas do you have to get webshell, which one is the best
-
What are the types of sql injection? What is the difference between these types when injecting
-
How many types of XSS are there? Brief description of cookie and session
-
What are your commonly used penetration tools, and which one is the most commonly used?
-
Windows permission control, what are the ways to plant backdoors
-
What functions does the php file contain
-
What functions does the php command execute
-
How phpmyadmin infiltrates
-
What are the current database parameters in sqlmap query
-
How to judge whether the web server is linux or windows
-
What are CSRF, XSS, XXE, and Ssrf? and how to fix
-
Common different web server parsing vulnerabilities? How to use IIS apache nginx etc.
-
What items are in the http return header? Can you name a few different ones?
-
How to use redis unauthorized in penetration
-
Penetration Testing Execution Process
-
Briefly introduce the nmap tool and its use
-
How nmap circumvents security devices during scanning
-
A brief introduction to the metasploit tool
-
What modules are in metasploit
-
Have you contacted cs? Let me introduce the function of cs
-
What is Xray? what function? how to use
-
Introduce the burpsuite tool and its commonly used modules
-
What are the webshell management tools? what's the difference
-
What are the OWASP TOP 10? What are the vulnerabilities in OWASP top10
-
database type? common ports? What is SQL injection
-
What is stack injection? What are the methods of mysql privilege escalation
-
Can commands be executed after mysql privilege escalation?
-
How to break out of characters being escaped when injecting? How to defend against SQL injection
-
What is XSS? What are the types of XSS? What are the dangers of XSS vulnerabilities
-
What is dos, ddos attack? how to defend
-
Which packet capture tools have you used? how to use
-
What command do you use to modify file permissions? what is the format
-
Which command is used to copy the file, if it needs to be copied together with the folder
-
Which command to use to move files? Which command to use for renaming
-
What order is used to terminate the process? With what parameters
-
Which command to use to move files? Which command to use for renaming
-
Windows intrusion troubleshooting ideas
-
Linux Intrusion Troubleshooting Ideas
-
Introduce Linux Security Hardening
-
Introduce windows security hardening
-
What security devices have you been exposed to? Let me introduce the functions
-
How to troubleshoot device false positives
-
How to deal with how to trace the source attack after using the shell
-
How to deal with .exe files
-
How to check the current process
-
Introduce common web application component ports (such as mysql, tomcat)
-
How to view the local port connection status in windwos
-
Where to Put the Log Files for Windows and Linux
-
How to deal with the existence of webshell on the server
-
What is SSL? How does https ensure the security of data transmission (how does SSL work to ensure security)
-
How to ensure that the public key is not tampered with?
-
What are the common status codes?
-
How does TCP ensure reliable transmission?
-
The difference between http long connection and short connection
69 Cyber Security Interview Questions
-
PHP burst absolute path method?
-
What are your commonly used penetration tools, and which one is the most commonly used?
-
The use of xss blind typing to the intranet server
-
Spear attacks and watering hole attacks?
-
What is a virtual machine escape?
-
Man-in-the-middle attack?
-
TCP three-way handshake process?
-
Seven-story model?
-
Understanding of cloud security
-
Know about websockets?
-
What is DDOS? What? What is a CC attack? What is the difference?
-
what is land attack
-
How will you conduct information gathering?
-
What is a CRLF injection attack?
-
To prevent XSS, two angles at the front end and back end?
-
How to protect the security of a port?
-
Webshell detection idea?
-
How to test its loopholes when I found an IIS website? (depending on version)
-
What are GPCs? open how to bypass
-
What are the commonly used encryption algorithms for the web?
-
What else can XSS do besides get cookies?
-
Carrier (or other) network hijacking
-
What is DNS spoofing
-
Buffer Overflow Principles and Defenses
-
Emergency response to network security incidents
-
Internal Security
-
Before the business goes online, how to test and from which angles to test
-
The application has a vulnerability, but it cannot be repaired and disabled, what should you do?
-
How to protect against CSRF?
-
File upload bypass method?
-
Verification code related utilization points
-
cookie you test what content
-
Name a few types of business logic vulnerabilities?
-
Profile file contains vulnerability
-
During the penetration test, I found a function that can only upload zip files. What are the possible ideas?
-
Why is the aspx Trojan horse authority greater than asp?
-
What are some ideas for having only one login page?
-
Which of the request headers are harmful?
-
Talk about the difference between horizontal/vertical/unauthorized unauthorized access?
-
What is xss? The hazards and principles of executing stored xss
-
The host is suspected of being compromised, where to check the logs
-
Python commonly used standard library
-
The difference between reverse_tcp and bind_tcp?
-
What might go wrong during the oauth authentication process, leading to what kind of loopholes?
-
How to obtain real IP for a website with CDN
-
How to achieve cross-domain?
-
What is the difference between jsonp cross-domain and CORS cross-domain?
-
algorithm? Know what sort?
-
SSRF exploit?
-
Common backdoor methods?
-
How to bypass open_basedir access directory restrictions?
-
Problem-prone points in PHP code audit?
-
The scene and posture of the red and blue against the middle and blue team against the red team?
-
How many common getshell methods are Redis unauthorized?
-
Attack method of JWT? (header, payload, signature)
-
Vulnerabilities in JAVA middleware, give a few examples?
-
What vulnerabilities can DNS takeout be used for?
-
HTTP-Only prohibits JS from reading cookie information, how to bypass this to get cookie
-
Summary of middleware vulnerabilities?
-
Talk about the idea of escalating the rights of Windows system and Linux system?
-
What frameworks does python have, and what vulnerabilities have appeared in them
-
Differences between Mini Program Penetration and Common Penetration
-
The four major components of the vulnerability test of the app itself
-
IDS/IPS protection principle and bypass ideas
-
The use of json's csrf
-
What vulnerabilities can be detected by data packets in json format
-
Briefly describe the principle and utilization of xxe vulnerabilities
-
Intranet server, how to collect information?
-
If a certain machine in the boundary layer of the intranet is taken down, how to detect others on the intranet?
I hope they can help you avoid some detours and get offers faster in the gold, silver and gold interviews! Friends who need it can leave a message in the comment area