foreword
With the support of national policies, the network security industry is becoming more and more well-known to the public, and more and more people want to enter the network security industry.
In order to get the offer you want, in addition to learning the knowledge of network security, you must also deal with the interview of the company.
As a security veteran, I have worked for so many years, interviewed many people and asked many interview questions, and collected various interview questions about penetration on the Internet, which contains my views on some issues, and I hope it can be helpful to everyone. Get your favorite offer in the 2023 autumn recruitment!
Note: Some of them are summarized based on memory, and some problems may be described. The security system is huge, and these are just the tip of the iceberg.
Interested students can click on my address, and the interview questions and answers have been summarized in the online disk.
Address: 2023 Network Security Interview Questions & Answer Analysis
The following are the interview questions involved in various aspects of network security. The more stars, the greater the probability of problems appearing. I wish you all can find a satisfactory job.
1. Penetration testing
How to bypass the CDN to find the real IP, please list five methods (★★★)
How to use redis unauthorized access, what are the prerequisites for using it? (★★★)
What are the methods of mysql privilege escalation? What are the conditions for use? (★)
Windows+mysql, there is SQL injection, but the machine has no external network permissions, can it be exploited? (★)
What are the commonly used methods of information collection? Apart from common methods such as path scanning and sub-domain name blasting, are there any wretched ways to collect enterprise information? (★★)
What is the difference between SRC mining and penetration testing? For these two different goals, what will be the difference in the implementation process (★★)
How to store xss in a pure intranet environment? (★★)
In mssql, assuming sa authority, how to execute system commands without xp_cmdshell (★★)
Assuming that a website has waf, how to bypass it without considering the positive bypass (discuss cloud waf/physical waf according to the situation) (★)
2. Web security related
Tell me about the digging experience (or CTF experience) that you think is interesting (★★★)
Causes and defense measures of CSRF (how to solve it without token) (★)
Causes and defense measures of SSRF (★★)
How SSRF detects non-HTTP protocols (★)
Briefly describe the bypass method of SSRF (★★)
Briefly describe the bypassing principle and repair method of DNSRebind in SSRF (★)
Introduce the causes of SQL injection vulnerabilities and how to prevent them? What are the injection methods? In addition to dragging and pulling database data, what are the other ways to use it? (★★)
How to write a shell through sql injection, what are the prerequisites for writing a shell? (★★)
Introduce the types of XSS vulnerabilities, what is the difference between dom type XSS and reflected XSS? (★★)
How to prevent XSS vulnerabilities, how to do it on the front end, how to do it on the back end, where is better, why? (★★)
Tell me about the logical loopholes that may be involved in retrieving the password (★)
Assuming that you are a security engineer of Party A, how should you reduce the occurrence rate of logic vulnerabilities? (★★)
What problems may occur during the oauth authentication process, and what kind of loopholes may result? (★)
How to use and configure CSP, and what are the ways to bypass CSP (★★)
It is known that there is LFI (Local File Inclusion) on a website, but no files can be uploaded, what are the ways to use it for this situation? (★★)
Briefly describe the principle of XXE vulnerability, what malicious use can XXE make against PHP and JAVA? (★★)
3. PHP security
How to use the phar:// pseudo-protocol to trigger deserialization in PHP, what are the usage scenarios and prerequisites? (★★)
How to bypass the limitation of disable_function in php.ini, what methods are there, which method has the highest success rate, and why? (★★★)
What is the principle of %00 truncation in file upload, and how did the official design the repair solution? (★★)
Implement a one-sentence webshell, what are the ways to bypass RASP, what are the ways to bypass machine learning detection, and what are the ways to bypass AST-Tree (★★)
What are the attack scenarios of the PHP pseudo-protocol? (★★)
What are the attack surfaces of the mail function? (★)
How to construct a webshell without numbers and characters, what is the principle, and what security problems will such features cause? (★)
4. JAVA Security
What is ClassLoader? What is the prerequisite for loading a custom ClassLoader? (★)
Let me briefly talk about the utilization chain of CommonCollections1. What are the restrictions of the utilization chain? (★★)
What is the difference between fastjson deserialization and ordinary deserialization vulnerabilities? (★★)
What are the ways to realize the memory horse in tomcat ? Is there a way to realize the memory horse that will not disappear after restarting? (★)
How does the one-way code execution chain realize the execution of multiple statements, such as CommonCollections1 (★)
Please briefly describe the principle of the Shiro deserialization vulnerability. What is the reason why the common-collections exploit chain in ysoerial cannot be used? (★)
5. Safety research and development related
Briefly introduce your commonly used scanners and their implementation features (★★)
If you are asked to design a HIDS, how should you design it(★)
Introduce iterators, generators, decorators in Python (★)
Introduce your commonly used python library (★)
Talk about the characteristics and principles of celery (★)
A brief introduction to GIL locks in Python and how to break the restrictions of GIL locks (★★)
masscan claims to be the fastest scanner in the world, what is the reason for it being so fast, and how to implement a masscan of your own? (★★)
Briefly describe the difference between coroutines, threads, and processes (★★)
Six, Linux related
Briefly describe the concept of a daemon process, how to generate a daemon process? (★)
What are the security operation and maintenance operations of Linux servers? How to secure SSH? (★★)
What logs do I need to clear after hacking a Linux server? (★★)
Common commands for reverse shell? Which kind of shell usually rebounds? Why? (★★★)
From the host level, how to monitor the rebound shell (★★★)
What are the types of Rootkits, and how to protect and detect different types of Rootkits (★★)
Account A has created a folder adir with a permission of 766. In this folder is the file password.txt of account B, and the permission is 700 of account B. Can account B read the content of the adir/password.txt file (★ )
What is the principle of the ssh soft link backdoor, and can other backdoors be constructed through this principle? (★)
What is the principle of fork in Linux? Will the child process copy the resource status of the parent process? (★★)
What are the ways to implement HOOK at the R3 layer, and what are the HOOK at the R0 layer? (★)
How to accurately implement application identification under Linux, such as identifying nginx mysql, etc. (★)
Assuming that a Linux machine has command auditing (the method is unknown), what are the possible bypass methods? (★★)
What are the common ways to escalate privileges in Linux? (★★)
7. Intranet penetration
What is the underlying implementation principle of psexec? (★)
Which module has been repaired in the SSP interface to prevent the malicious use of mimikatz, and how is it repaired? (★★)
Which port is the intranet KDC server open on, and what are the attacks against kerbores? (★★★)
In win10 or winserver2012, if you need to use mimikatz, how to use it, how to get NTLM without restarting the machine after modifying the registry? (★★)
How to query the machine corresponding to the employee in the domain? (★)
How to query the trust relationship between domains? (★)
What are the common ports opened by the domain controller? (★)
The ntlm protocol authentication process in the windows intranet (★★★)
What are the online methods in cobalt strike, what are the principles of each, and how to bypass the monitoring if necessary? (★★)
In lateral penetration, how does wmic construct command execution with echo? (★★)
In Windows emergency response, which security log IDs need to be checked and which attack and defense scenarios correspond to them? If the Windows host is a domain controller, which event logs should be checked? (★★★)
What is the difference between a golden ticket and a sliver ticket? (★★★)
In the case of non-domain hosts, how to quickly discover domain hosts? (★★)
The principle of mimikatz, which patch makes mimikatz unusable, and how to bypass it? (★★)
What are the attack scenarios of NTLM relay, and what are the restrictions on using NTLM relay? (★)
8. Other safety-related issues
RSA encryption and decryption process (★)
How HTTPS is implemented (★★)
How to protect the carrier's DNS hijacking/link hijacking(★★)
How to prevent wool party? (★)
A 0day with a wide range of influence has been exposed. As a security engineer of Party A, how should we deal with it (★★)
Summary of Cyber Security Job Interview Questions
Considering the length of the content, it is not convenient to display all the content. I will show you the remaining interview questions in the form of screenshots:
This complete version of the interview question package has been uploaded. If you need it, you can scan the QR code of the CSDN official certification below on WeChat to get it for free [guaranteed 100% free]
