The latest collection of network security penetration testing interview questions in 2023! Must-see before autumn recruits! ! !

News 2023-07-12 03:58:19 views: null

 foreword

The following are the interview questions involved in various aspects of network security. The more stars, the greater the probability of problems appearing. I wish you all can find a satisfactory job.

Note: This set of interview questions has been compiled into a pdf document, but the content is still being updated, because it is impossible to cover all the interview questions anyway, and more people still hope to fill in the gaps by pointing to the surface.

[ One by one to help with security learning [click me] one by one ] ①Network security learning route ②20 penetration testing e-books ③Security attack and defense 357-page notes ④50 security attack and defense interview guides ⑤Security red team penetration toolkit ⑥Network security essential books ⑦100 An actual case of a vulnerability ⑧ internal tutorial of a major security factory 

1. Penetration testing direction:

  • How to bypass the CDN to find the real IP, please list five methods (★★★)
  • How to use redis unauthorized access, what are the prerequisites for using it? (★★★)
  • What are the methods of mysql privilege escalation? What are the conditions for use? (★)
  • windows+mysql, there is sql injection, but the machine has no external network permissions, can it be exploited? (★)
  • What are the commonly used methods of information collection? Apart from common methods such as path scanning and sub-domain name blasting, are there any wretched ways to collect enterprise information? (★★)
  • What is the difference between SRC mining and penetration testing? For these two different goals, what will be the difference in the implementation process (★★)
  • How to store xss in a pure intranet environment? (★★)
  • Assuming that a website has waf, how to bypass it without considering the positive bypass (discuss cloud waf/physical waf according to the situation) (★)

2. Web security direction:

  • Tell me about the digging experience (or CTF experience) that you think is interesting (★★★)
  • Causes and defense measures of CSRF (how to solve it without token) (★)
  • Causes and defense measures of SSRF (★★)
  • Briefly describe the bypass method of SSRF (★★)
  • Briefly describe the bypassing principle and repair method of DNSRebind in SSRF (★)
  • Introduce the causes of SQL injection vulnerabilities and how to prevent them? What are the injection methods? In addition to dragging and pulling database data, what are the other ways to use it? (★★)
  • How to write a shell through sql injection, what are the prerequisites for writing a shell? (★★)
  • Introduce the types of XSS vulnerabilities, what is the difference between dom type XSS and reflected XSS? (★★)
  • How to prevent XSS vulnerabilities, how to do it on the front end, how to do it on the back end, where is better, why? (★★)
  • Assuming that you are a security engineer of Party A, how should you reduce the occurrence rate of logic vulnerabilities? (★★)
  • What problems may occur during the oauth authentication process, and what kind of loopholes may result? (★)
  • How to use and configure CSP, and what are the ways to bypass CSP (★★)
  • It is known that there is LFI (Local File Inclusion) on a website, but no files can be uploaded, what are the ways to use it for this situation? (★★)

3. PHP security direction:

  • How to use the phar:// pseudo-protocol to trigger deserialization in PHP, what are the usage scenarios and prerequisites? (★★)
  • How to bypass the limitation of disable_function in php.ini, what methods are there, which method has the highest success rate, and why? (★★★)
  • What is the principle of %00 truncation in file upload, and how did the official design the repair solution? (★★)
  • Implement a one-sentence webshell, what are the ways to bypass RASP, what are the ways to bypass machine learning detection, and what are the ways to bypass AST-Tree (★★)
  • What are the attack scenarios of the PHP pseudo-protocol? (★★)
  • What are the attack surfaces of the mail function? (★)
  • How to construct a webshell without numbers and characters, what is the principle, and what security problems will such features cause? (★)

4. Security research and development direction :

  • Briefly introduce your commonly used scanners and their implementation features (★★)
  • If you are asked to design a HIDS, how should you design it(★)
  • Introduce iterators, generators, decorators in Python (★)
  • Introduce your commonly used python library (★)
  • Talk about the characteristics and principles of celery (★)
  • A brief introduction to GIL locks in Python and how to break the restrictions of GIL locks (★★)
  • masscan claims to be the fastest scanner in the world, what is the reason for it being so fast, and how to implement a masscan of your own? (★★)
  • Briefly describe the difference between coroutines, threads, and processes (★★)

5. Intranet penetration direction:

  • What is the underlying implementation principle of psexec? (★)
  • Which module has been repaired in the SSP interface to prevent the malicious use of mimikatz, and how is it repaired? (★★)
  • Which port is the intranet KDC server open on, and what are the attacks against kerbores? (★★★)
  • In win10 or winserver2012, if you need to use mimikatz, how to use *, how to get NTLM without restarting the machine after modifying the registry? (★★)
  • How to query the trust relationship between domains? (★)
  • What are the common ports opened by the domain controller? (★)
  • The ntlm protocol authentication process in the windows intranet (★★★)
  • What are the online methods in cobalt strike, what are the principles of each, and how to bypass the monitoring if necessary? (★★)
  • In lateral penetration, how does wmic construct command execution with echo? (★★)
  • What is the difference between a golden ticket and a sliver ticket? (★★★)
  • In the case of non-domain hosts, how to quickly discover domain hosts? (★★)
  • The principle of mimikatz, which patch makes mimikatz unusable, and how to bypass it? (★★)
  • What are the attack scenarios of NTLM relay, and what are the restrictions on using NTLM relay? (★)

Limited by the length of the article, I will display the remaining interview questions in the form of pictures. Those who need it can get it from the text.

 The PDF of the full version of the interview questions has been uploaded. If you need it, you can scan the QR code of the CSDN official certification below on WeChat to get it for free [guaranteed 100% free]

Guess you like

Origin blog.csdn.net/msb_114/article/details/131661441
Recommended
Ranking
vue project automated build tools 1.0, support for multi-page build
JDBC add, update, delete data
SpringCloud combat service in response to the decline tutorial series (Chapter IV)
A segmentation fault (core dumped) error occurs when C+11 compiles and calls the PCL library
Django achieve websocket
Go语言并发之道--笔记1
Three-tier structure and application
Zhejiang data structure after-school exercise practice two 7-2 Reversing Linked List (25 points)
Front-end interview brushing day9 (updated daily high-frequency inspection points for front-end interviews)
The difference between the shell of the single and double quote
Daily
More
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)

Code World

© 2018 codetd.com