Preguntas de entrevista de Penetration tester

165

Preguntas de entrevista para Penetration Tester compartidas por los candidatos

Principales preguntas de entrevista

Ordenar: Relevancia|Popular|Fecha
Early Warning Services
A un Penetration Tester le preguntaron...21 de marzo de 2016

How do you start metasploit?

2 respuestas

Type msfconsole in terminal. To launch it with a resource script, mfsconsole -r nameofscript.rc Menos

Incorrectly.

Hewlett Packard Enterprise | HPE

Why HP?

2 respuestas

Because HP stands for Happy Place.

This looks so good: bit.ly/faang100

EY

What would you like to do in five years from now?

2 respuestas

After five years i am ceo of your company .

This was a tricky question. The manager wanted to see if my answer is in line with the career path offered by the advanced security group at E n Y Menos

EY

Technical question: networking security, application security, general penetration testing. Behavioural question: How to work in a group?, How it lead a team?, etc

2 respuestas

hey hello "> hey"> hey '> /> hey

hey

Early Warning Services

Is DNS TCP / UDP protocol?

1 respuestas

It's a trick questions. It is both

Deloitte

What vulnerabilities could you find in a website?

1 respuestas

Front end vulnerabilities that could be bypassed easily in some cases by eliminating javascript code or back end vulnerabilities such as unsanitized input. Menos

SafeBreach

What is the main difference between processes and threads?

1 respuestas

Threads share the same memory allocated

Smartsheet

Please explain your career and what you hope to gain at Smartsheet

1 respuestas

Explain my career: - Identify vulnerability as much as possible (in scope) - Recommend to other team how to fix the issue What I hope to gain at Smartsheet?: Ans: Well, all of my penetration tester experience I work at vendor company. I never work at customer company before. I want to challenge myself that all of experience that work with multiple type of customer organization could improve the security at Smartsheet. Menos

Axxum Technologies

Name some of the top 10 OWASP Web Application Vulnerabilities and describe them in layman's terms.

1 respuestas

I named the top one SQL Injection, the third, XXS and one of the lower ones CSRF. I could have done a better job describing them - I was told in a phone call afterwards. Menos

1. What ports are used for Active Directory?

1 respuestas

At the time, Offensive Security of pre-2019 did not teach us Active Directory, but I quickly learned that since AD is built on top of standard SMB (Server Message Block), you can use techniques like overpassing-the-hash and passing-the-ticket to get a TGT (Ticket Granting Ticket), then attempt to crack the hashes of a different user that may be domain-joined. By compromising the other domain-joined user, you can then begin enumerating other users of the domain and hopefully leak information from the domain controller. Furthermore, you can use malicious SMB shares to spread malware as hta macro payloads in Word documents to trick the client's employees into loading them. Outside of using tools like Responder to coordinate with SMB relays, or generating MOF files and adding them to the share, or using SMB named pipe exploits to compromise domain-joined users as a non-domain-joined user. Menos

Viendo 1 - 10 de 165 Preguntas de entrevista