These questions have a right and wrong answer. They should have discrete answers.
- When running an nmap scan, what source port can you specify to scan from to commonly bypass firewall rules? @jstnkndy
- What kind of attack is ARP Spoofing considered and how could you leverage it on a penetration test? @jstnkndy
- Explain what NBNS poisoning is and how it can be leveraged on a penetration test. @jstnkndy
- Answer true or false and explain your answer: two-factor authentication protects against session hijacking. @jstnkndy
- Describe the basics of input and output of a stream cipher. @jstnkndy
- List a couple block ciphers and their characteristics and security concerns. @jstnkndy
- Describe when you would use a null byte during an application penetration test. @jstnkndy
- What is the problem with LM hashes? @jstnkndy [According to Justin, "When asking #23 you have to make sure to do it in a Jerry Seinfeld "What's the deal with airplane food?" voice"]
- What is the difference between netNTLM and NTLM hashes? @jstnkndy
- What is pass the hash? @jstnkndy
- What is token impersonation? @jstnkndy
- Describe what SQL Injection is and how you would test for it? @jstnkndy
- What about Blind SQL Injection and how is it different from other kinds? @jstnkndy
- How can SQL Injection lead to remote code execution? @morgoroth
- How can you execute OS command with mssql injection? @enddo
- Describe a webshell and how you would upload/use one. @enddo
- How would you bypass uploader protections? @enddo
- Describe Remote Command Execution (RCE). @enddo
- How would you perevent it in PHP? @enddo
- Describe Cross Site Request Forgery. @jstnkndy
- How would you prevent it?
- Describe the different types of Cross Site Scripting. @jstnkndy
- How would you exploit XSS?
- What is the purpose of the same origin policy with relation to the document object model? @jstnkndy
- Describe the basics of input and output of a block cipher. @jstnkndy
- How does the Heartbleed vulnerability work? @webbreacher
- How do you exploit the Shellshock vulnerability and what can an attacker do with it? @webbreacher
- Describe what Buffer overflow is and how you would test for it? @enddo
- Describe what SEH is and how you exploit it? @enddo
- Describe how debugger modules and plugins can speed up basic exploit development? @enddo
- How would you bypass DEP or ASLR in Windows 7? @enddo
- How would you bypass SafeSEH? @enddo
- Describe how you root an Android device or Jailbreak an iOS device. @webbreacher