Skip to content

Latest commit

 

History

History
executable file
·
46 lines (41 loc) · 2.78 KB

knowledge.md

File metadata and controls

executable file
·
46 lines (41 loc) · 2.78 KB
Raw

Knowledge-Based Questions

These questions have a right and wrong answer. They should have discrete answers.

Tech Questions

General Pentest

  1. When running an nmap scan, what source port can you specify to scan from to commonly bypass firewall rules? @jstnkndy
  2. What kind of attack is ARP Spoofing considered and how could you leverage it on a penetration test? @jstnkndy
  3. Explain what NBNS poisoning is and how it can be leveraged on a penetration test. @jstnkndy
  4. Answer true or false and explain your answer: two-factor authentication protects against session hijacking. @jstnkndy

Crypto / Hashes / Passwords

  1. Describe the basics of input and output of a stream cipher. @jstnkndy
  2. List a couple block ciphers and their characteristics and security concerns. @jstnkndy
  3. Describe when you would use a null byte during an application penetration test. @jstnkndy
  4. What is the problem with LM hashes? @jstnkndy [According to Justin, "When asking #23 you have to make sure to do it in a Jerry Seinfeld "What's the deal with airplane food?" voice"]
  5. What is the difference between netNTLM and NTLM hashes? @jstnkndy
  6. What is pass the hash? @jstnkndy
  7. What is token impersonation? @jstnkndy

Web Application

  1. Describe what SQL Injection is and how you would test for it? @jstnkndy
  2. What about Blind SQL Injection and how is it different from other kinds? @jstnkndy
  3. How can SQL Injection lead to remote code execution? @morgoroth
  4. How can you execute OS command with mssql injection? @enddo
  5. Describe a webshell and how you would upload/use one. @enddo
    1. How would you bypass uploader protections? @enddo
  6. Describe Remote Command Execution (RCE). @enddo
    1. How would you perevent it in PHP? @enddo
  7. Describe Cross Site Request Forgery. @jstnkndy
    1. How would you prevent it?
  8. Describe the different types of Cross Site Scripting. @jstnkndy
    1. How would you exploit XSS?
  9. What is the purpose of the same origin policy with relation to the document object model? @jstnkndy
  10. Describe the basics of input and output of a block cipher. @jstnkndy
  11. How does the Heartbleed vulnerability work? @webbreacher
  12. How do you exploit the Shellshock vulnerability and what can an attacker do with it? @webbreacher

Exploit Development

  1. Describe what Buffer overflow is and how you would test for it? @enddo
  2. Describe what SEH is and how you exploit it? @enddo
  3. Describe how debugger modules and plugins can speed up basic exploit development? @enddo
  4. How would you bypass DEP or ASLR in Windows 7? @enddo
  5. How would you bypass SafeSEH? @enddo

Mobile

  1. Describe how you root an Android device or Jailbreak an iOS device. @webbreacher