Gold three silver four, I guess you need this collection of interview questions for network security engineers [First release on the whole network]

The following are the interview questions involved in various directions of information security/network security. The higher the number of stars, the greater the probability of problems appearing. I wish you all can find a satisfactory job~

Note: The goal of making this list is not very comprehensive, because it is impossible to cover all the interview questions anyway, and more people still hope to reach the surface from the point of view, check for omissions and fill in the gaps.

TODO LIST

• penetration testing

• web security

• PHP security

• java security

• Linux-related

• Windows-related

• Intranet penetration

• Security R&D

• Party A's safe operation

penetration testing

How to bypass the CDN to find the real IP, please list five methods (★★★)

How to use redis unauthorized access, what are the prerequisites for using it? (★★★)

What are the methods of mysql privilege escalation? What are the conditions for use? (★)

windows+mysql, there is sql injection, but the machine has no external network permissions, can it be exploited? (★)

What are the commonly used methods of information collection? Apart from common methods such as path scanning and sub-domain name blasting, are there any wretched ways to collect enterprise information? (★★)

What is the difference between SRC mining and penetration testing? For these two different goals, what will be the difference in the implementation process (★★)

How to store xss in a pure intranet environment? (★★)

In mssql, assuming sa authority, how to execute system commands without xp_cmdshell (★★)

Assuming that a website has waf, how to bypass it without considering the positive bypass (discuss cloud waf/physical waf according to the situation) (★)

web security

Tell me about the digging experience (or CTF experience) that you think is interesting (★★★)

Causes and defense measures of CSRF (how to solve it without token) (★)

Causes and defense measures of SSRF (★★)

How SSRF detects non-HTTP protocols (★)

Briefly describe the bypass method of SSRF (★★)

Briefly describe the bypassing principle and repair method of DNSRebind in SSRF (★)

Introduce the causes of SQL injection vulnerabilities and how to prevent them? What are the injection methods? In addition to dragging and pulling database data, what are the other ways to use it? (★★)

How to write a shell through sql injection, what are the prerequisites for writing a shell? (★★)

Introduce the types of XSS vulnerabilities, what is the difference between dom type XSS and reflected XSS? (★★)

How to prevent XSS vulnerabilities, how to do it on the front end, how to do it on the back end, where is better, why? (★★)

Tell me about the logical loopholes that may be involved in retrieving the password (★)

Assuming that you are a security engineer of Party A, how should you reduce the occurrence rate of logic vulnerabilities? (★★)

What problems may occur during the oauth authentication process, and what kind of loopholes may result? (★)

How to use and configure CSP, and what are the ways to bypass CSP (★★)

It is known that there is LFI (Local File Inclusion) on a website, but no files can be uploaded, what are the ways to use it for this situation? (★★)

Briefly describe the principle of XXE vulnerability, what malicious use can XXE make against PHP and JAVA? (★★)

PHP security

How to use the phar:// pseudo-protocol to trigger deserialization in PHP, what are the usage scenarios and prerequisites? (★★)

How to bypass the limitation of disable_function in php.ini, what methods are there, which method has the highest success rate, and why? (★★★)

What is the principle of %00 truncation in file upload, and how did the official design the repair solution? (★★)

Implement a one-sentence webshell, what are the ways to bypass RASP, what are the ways to bypass machine learning detection, and what are the ways to bypass AST-Tree (★★)

What are the attack scenarios of the PHP pseudo-protocol? (★★)

What are the attack surfaces of the mail function? (★)

How to construct a webshell without numbers and characters, what is the principle, and what security problems will such features cause? (★)

JAVA security

What is ClassLoader? What is the prerequisite for loading a custom ClassLoader? (★)

Let me briefly talk about the utilization chain of CommonCollections1. What are the restrictions of the utilization chain? (★★)

What is the difference between fastjson deserialization and ordinary deserialization vulnerabilities? (★★)

What are the ways to realize the memory horse in tomcat? Is there a way to realize the memory horse that will not disappear after restarting? (★)

How does the one-way code execution chain realize the execution of multiple statements, such as CommonCollections1 (★)

Please briefly describe the principle of the Shiro deserialization vulnerability. What is the reason why the common-collections exploit chain in ysoerial cannot be used? (★)

Security research and development related

Briefly introduce your commonly used scanners and their implementation features (★★)

If you are asked to design a HIDS, how should you design it(★)

Introduce iterators, generators, decorators in Python (★)

Introduce your commonly used python library (★)

Talk about the characteristics and principles of celery (★)

A brief introduction to GIL locks in Python and how to break the restrictions of GIL locks (★★)

masscan claims to be the fastest scanner in the world, what is the reason for it being so fast, and how to implement a masscan of your own? (★★)

Briefly describe the difference between coroutines, threads, and processes (★★)

Linux-related

Briefly describe the concept of a daemon process, how to generate a daemon process? (★)

What are the security operation and maintenance operations of Linux servers? How to secure SSH? (★★)

What logs do I need to clear after hacking a Linux server? (★★)

Common commands for reverse shell? Which kind of shell usually rebounds? Why? (★★★)

From the host level, how to monitor the rebound shell (★★★)

What are the types of Rootkits, and how to protect and detect different types of Rootkits (★★)

Account A has created a folder adir with a permission of 766. In this folder is the file password.txt of account B, and the permission is 700 of account B. Can account B read the content of the adir/password.txt file (★ )

What is the principle of the ssh soft link backdoor, and can other backdoors be constructed through this principle? (★)

What is the principle of fork in Linux? Will the child process copy the resource status of the parent process? (★★)

What are the ways to implement HOOK at the R3 layer, and what are the HOOK at the R0 layer? (★)

How to accurately implement application identification under Linux, such as identifying nginx mysql, etc. (★)

Assuming that a Linux machine has command auditing (the method is unknown), what are the possible bypass methods? (★★)

What are the common ways to escalate privileges in Linux? (★★)

Intranet penetration

What is the underlying implementation principle of psexec? (★)

Which module has been repaired in the SSP interface to prevent the malicious use of mimikatz, and how is it repaired? (★★)

Which port is the intranet KDC server open on, and what are the attacks against kerbores? (★★★)

In win10 or winserver2012, if you need to use mimikatz, how to use it, how to get NTLM without restarting the machine after modifying the registry? (★★)

How to query the machine corresponding to the employee in the domain? (★)

How to query the trust relationship between domains? (★)

What are the common ports opened by the domain controller? (★)

The ntlm protocol authentication process in the windows intranet (★★★)

What are the online methods in cobalt strike, what are the principles of each, and how to bypass the monitoring if necessary? (★★)

In lateral penetration, how does wmic construct command execution with echo? (★★)

In Windows emergency response, which security log IDs need to be checked and which attack and defense scenarios correspond to them? If the Windows host is a domain controller, which event logs should be checked? (★★★)

What is the difference between a golden ticket and a sliver ticket? (★★★)

In the case of non-domain hosts, how to quickly discover domain hosts? (★★)

The principle of mimikatz, which patch makes mimikatz unusable, and how to bypass it? (★★)

What are the attack scenarios of NTLM relay, and what are the restrictions on using NTLM relay? (★)

other security related

RSA encryption and decryption process (★)

How HTTPS is implemented (★★)

How to protect the carrier's DNS hijacking/link hijacking(★★)

How to prevent wool party? (★)

A 0day with a wide range of influence has been exposed. As a security engineer of Party A, how should we deal with it (★★)

In addition, in order to better help you get a high-paying job, today I have sorted out three network security engineer interview questions for you. There are a total of 260 real interview questions. offer! Those who need it can click to get it

91 Cyber ​​Security Interview Questions

1. What is SQL injection attack

2. What is an XSS attack

3. What is a CSRF attack

4. What is a file upload vulnerability

5. DDos attack

6. Distribution map of important agreements

7. How the arp protocol works

8. What is RARP? How it works

9. What is dns? How dns works

10. What is the rip protocol? How does rip work

11. Disadvantages of RIPs

12. OSPF protocol? How does OSPF work?

13. Summary of the difference between TCP and UDP?

14. What is three-way handshake and four-way handshake? Why does tcp need three-way handshake?

15. The difference between GET and POST

16. The difference between cookies and sessions

17. How does session work? 1

18. A complete HTTP request process

19. The difference between HTTPS and HTTP

20. What are the seven layers of the OSI model?

21. The difference between http long connection and short connection

22. How does TCP ensure reliable transmission?

23. What are the common status codes?

24. What is SSL? How does https ensure the security of data transmission (how does SSL work to ensure security)

25. How to ensure that the public key is not tampered with?

26. PHP burst absolute path method?

27. What are your commonly used penetration tools, and which one is the most commonly used?

28. The use of xss blind typing to the intranet server

29. Spear Attacks and Watering Hole Attacks

30. What is virtual machine escape?

31. Man in the middle attack?

32. TCP three-way handshake process?

33. Seven-story model?

34. Understanding of cloud security

35. Know about websockets?

36. What is DDOS? What are they? What is CC attack? What is the difference?

37. What is land attack?

38. How will you conduct information collection?

39. What is CRLF injection attack?

40. To prevent XSS, two angles at the front end and back end?

41. How to protect the security of a port?

42. Webshell detection ideas?

43. What is GPC? How to bypass it?

44. What are the commonly used encryption algorithms for the web?

45. What else can XSS do besides get cookies?

46. Carrier (or other) network hijacking

47. What is DNS spoofing

48. Emergency response to network security incidents

49. Internal Security

50. Before the business goes online, how to test and from which angles to test

51. The application has a vulnerability, but it cannot be repaired and disabled, what should you do?

52. How to protect against CSRF?

53. File upload bypass method?

54. Verification code related utilization points

55. cookie you test what content

56. Name a few types of business logic vulnerabilities?

57. Profile file contains vulnerability

58. What are the examples of business logic loopholes and arbitrary password resets by users, and what factors cause them?

59. During the penetration test, I found a function that can only upload zip files. What are the possible ideas?

60. Why is the aspx Trojan horse authority greater than asp?

61. What are some ideas for having only one login page?

62. Which of the request headers are harmful?

63. Talk about the difference between horizontal/vertical/unauthorized unauthorized access?

64. What is xss? The harm and principle of executing stored xss

65. The host is suspected of being compromised, where to check the logs

66. Python commonly used standard library

67. What might go wrong during the oauth authentication process, leading to what kind of loopholes?

68. How to obtain real IP for a website with CDN

69. How to achieve cross-domain?

70. What is the difference between jsonp cross-domain and CORS cross-domain?

71. Algorithms? Know what sorting?

72. SSRF exploit?

73. Common backdoor methods?

74. Open basedir access directory restriction bypass method?

75. Problem-prone points in PHP code audit?

76. The scene and posture of the red and blue against the middle and blue team against the red team?

77. Linux scheduled tasks, what would hackers do to hide their scheduled tasks?

78. How many common getshell methods are Redis unauthorized?

79. Attack method of JWT? (header, payload, signature)

80. Vulnerabilities in JAVA middleware, give a few examples?

81. What vulnerabilities can DNS takeout be used for?

82. Summary of middleware vulnerabilities?

83. Talk about the ideas of Windows system and Linux system to escalate rights?

84. What frameworks does python have, and what vulnerabilities have appeared in them

85. Differences between Mini Program Penetration and Common Penetration

86. The four major components of the vulnerability test of the app itself

87. IDS/IPS protection principle and bypass ideas

88. The use of json's csrf

89. What vulnerabilities can be detected by data packets in json format

90. Intranet server, how to collect information?

91. If a certain machine in the boundary layer of the intranet is taken down, how to detect others on the intranet?

83 Tianrongxin network security interview questions and answers

1. Protect against common web attacks

2. Important protocol distribution layer

3. How the arp protocol works

4. What is the rip protocol? How rips work

5. What are RARPs? working principle

6. OSPF protocol? How OSPF works

7. Summary of differences between TCP and UDP

8. What is a three-way handshake and four-way wave?

9. Why does tcp need a three-way handshake?

10. A complete HTTP request process

11. The difference between cookies and sessions

12. The difference between GET and POST

13. The difference between HTTPS and HTTP

14. How does session work?

15. The difference between http long connection and short connection

16. What are the seven layers of the OSI model?

17. How does session work? What is TCP sticky packet/unpacket? cause? solution

18. How does TCP guarantee reliable transmission?

19. Difference between URI and URL

20. What is SSL?

21. How does https ensure the security of data transmission (

22. How SSL works for security)

23. Application layer protocol corresponding to TCP, application layer protocol corresponding to UDP

24. What are the common status codes?

25. Get a station to be tested, what do you think should be done first

26. Mysql website injection, what is the difference between 5.0 and below 5.0

27. During the infiltration process, what is the value to us of collecting the email address of the target station registrant?

28. Judging the significance of the website's CMS for penetration

29. Which versions of containers are currently known to have parsing vulnerabilities, specific examples

30. Found demo.jsp?uid=110 injection point, what kind of ideas do you have to get webshell, which one is the best

31. What are the types of sql injection? What is the difference between these types when injecting

32. How many types of XSS are there? Brief description of cookie and session

33. What are your commonly used penetration tools, and which one is the most commonly used?

34. Windows permission control, what are the ways to plant backdoors

35. What functions does the php file contain

36. What functions does the php command execute

37. How phpmyadmin infiltrates

38. What are the current database parameters in sqlmap query

39. How to judge whether the web server is linux or windows

40. What are CSRF, XSS, XXE, and Ssrf? and how to fix

41. Common different web server parsing vulnerabilities? How to use IIS apache nginx etc.

42. What items are in the http return header? Can you name a few different ones?

43. How to use redis unauthorized in penetration

44. Penetration Testing Execution Process

45. Briefly introduce the nmap tool and its use

46. How nmap circumvents security devices during scanning

47. A brief introduction to the metasploit tool

48. What modules are in metasploit

49. Have you contacted cs? Let me introduce the function of cs

50. What is Xray? what function? how to use

51. Introduce the burpsuite tool and its commonly used modules

52. What are the webshell management tools? what's the difference

53. What are the OWASP TOP 10? What are the vulnerabilities in OWASP top10

54. database type? common ports? What is SQL injection

55. What is stack injection? What are the methods of mysql privilege escalation

56. Can commands be executed after mysql privilege escalation?

57. How to break out of characters being escaped when injecting? How to defend against SQL injection

58. What is XSS? What are the types of XSS? What are the dangers of XSS vulnerabilities

59. What is dos, ddos ​​attack? how to defend

60. Which packet capture tools have you used? how to use

61. What command do you use to modify file permissions? what is the format

62. Which command is used to copy the file, if it needs to be copied together with the folder

63. Which command to use to move files? Which command to use for renaming

64. What order is used to terminate the process? With what parameters

65. Which command to use to move files? Which command to use for renaming

66. Windows intrusion troubleshooting ideas

67. Linux Intrusion Troubleshooting Ideas

68. Introduce Linux Security Hardening

69. Introduce windows security hardening

70. What security devices have you been exposed to? Let me introduce the functions

71. How to troubleshoot device false positives

72. How to deal with how to trace the source attack after using the shell

73. How to deal with .exe files

74. How to check the current process

75. Introduce common web application component ports (such as mysql, tomcat)

76. How to view the local port connection status in windwos

77. Where to Put the Log Files for Windows and Linux

78. How to deal with the existence of webshell on the server

79. What is SSL? How does https ensure the security of data transmission (how does SSL work to ensure security)

80. How to ensure that the public key is not tampered with?

81. What are the common status codes?

82. How does TCP ensure reliable transmission?

83. The difference between http long connection and short connection

​69 Cyber ​​Security Interview Questions

1. PHP burst absolute path method?

2. What are your commonly used penetration tools, and which one is the most commonly used?

3. The use of xss blind typing to the intranet server

4. Spear attacks and watering hole attacks?

5. What is a virtual machine escape?

6. Man-in-the-middle attack?

7. TCP three-way handshake process?

8. Seven-story model?

9. Understanding of cloud security

10. Know about websockets?

11. What is DDOS? What? What is a CC attack? What is the difference?

12. what is land attack

13. How will you conduct information gathering?

14. What is a CRLF injection attack?

15. To prevent XSS, two angles at the front end and back end?

16. How to protect the security of a port?

17. Webshell detection idea?

18. How to test its loopholes when I found an IIS website? (depending on version)

19. What are GPCs? open how to bypass

20. What are the commonly used encryption algorithms for the web?

21. What else can XSS do besides get cookies?

22. Carrier (or other) network hijacking

23. What is DNS spoofing

24. Buffer Overflow Principles and Defenses

25. Emergency response to network security incidents

26. Internal Security

27. Before the business goes online, how to test and from which angles to test

28. The application has a vulnerability, but it cannot be repaired and disabled, what should you do?

29. How to protect against CSRF?

30. File upload bypass method?

31. Verification code related utilization points

32. cookie you test what content

33. Name a few types of business logic vulnerabilities?

34. Profile file contains vulnerability

35. During the penetration test, I found a function that can only upload zip files. What are the possible ideas?

36. Why is the aspx Trojan horse authority greater than asp?

37. What are some ideas for having only one login page?

38. Which of the request headers are harmful?

39. Talk about the difference between horizontal/vertical/unauthorized unauthorized access?

40. What is xss? The hazards and principles of executing stored xss

41. The host is suspected of being compromised, where to check the logs

42. Python commonly used standard library

43. The difference between reverse_tcp and bind_tcp?

44. What might go wrong during the oauth authentication process, leading to what kind of loopholes?

45. How to obtain real IP for a website with CDN

46. How to achieve cross-domain?

47. What is the difference between jsonp cross-domain and CORS cross-domain?

48. algorithm? Know what sort?

49. SSRF exploit?

50. Common backdoor methods?

51. How to bypass open_basedir access directory restrictions?

52. Problem-prone points in PHP code audit?

53. The scene and posture of the red and blue against the middle and blue team against the red team?

54. How many common getshell methods are Redis unauthorized?

55. Attack method of JWT? (header, payload, signature)

56. Vulnerabilities in JAVA middleware, give a few examples?

57. What vulnerabilities can DNS takeout be used for?

58. HTTP-Only prohibits JS from reading cookie information, how to bypass this to get cookie

59. Summary of middleware vulnerabilities?

60. Talk about the idea of ​​escalating the rights of Windows system and Linux system?

61. What frameworks does python have, and what vulnerabilities have appeared in them

62. Differences between Mini Program Penetration and Common Penetration

63. The four major components of the vulnerability test of the app itself

64. IDS/IPS protection principle and bypass ideas

65. The use of json's csrf

66. What vulnerabilities can be detected by data packets in json format

67. Briefly describe the principle and utilization of xxe vulnerabilities

68. Intranet server, how to collect information?

69. If a certain machine in the boundary layer of the intranet is taken down, how to detect others on the intranet?

 

​I hope they can help you avoid some detours and get offers faster in the gold, silver and gold interviews! Friends who need it can leave a message in the comment area