If you have a technical interview coming up, make sure to review the topics below. This list is expansive but not inclusive of everything you need to know. For those who don’t know, technical interviews are usually organized in a way that there are two rounds – one has direct questions and the other has scenario(s).
OWASP: OWASP (Open Web Application Security Project) is an organization that provides unbiased and practical, cost-effective information about computer and Internet applications.
TCP handshake and TCP tear down. In addition, the TCP teardown is like logging off an application. The sender sends a FIN packet and waits for a reply and the recipient sends an ACK and then sends a FIN. The sender responds with an ACK. Done. But, you can also do an abrupt termination by just sending a RST packet from either sender or transmitter and the session ends abruptly. For example if you are using telnet CTRL-D will send a RST to close the session.
Hashing, encoding and encryption
MITM attack and methods of MITM attack
Process of malware analysis
SYN flood attack
Process of getting webpage in the browser in detail
Cross Site Scripting and Cross Site Forgery
Public Key Cryptography
ARP and RARP
TCP and UDP protocols
Windows system processes — svchost.exe, explorer.exe, lsass.exe, winlogon.exe, services.exe etc.
Run-levels and Rings and concept of different modes i.e. user mode and kernel mode
Breakdown of topics
Well known services and their ports (SMTP-25, Telnet-23, FTP-20/21, SSH-22, POP3-110, IMAP-143, HTTP-80, HTTPS-443, LDAP-389, RDP-3389, DNS-53, DHCP-67, NetBios-137-139, SNMP-161/162, SMB-445, Kerberos-88, NTP-123, IRC-6667)
Protocols – Transport layer, Network layer
IP Addressing, Subnetting
Private IP range
DNS — Zone file, Source records
File Systems – NTFS (MFT, System Files, Attributes, ADS), FAT(Directory Entry, FAT Table), EXT(Inodes, Super Blocks, Group Descriptor Table, Groups)
Imaging tools, Imaging method of Mac OSX
Memory Capture – What can we find in memory
Windows Event Files
Encryption Algorithms –
Dual homed/ three homed
Comments from a real-life InfoSec Job Hiring Manager:
Real-life tests are THE best thing to send job candidates. It scales well (you don’t have to spend personal hours on them) and you get real information. This applies even to sysadmins. We have a favourite: set up a VM with a slightly-broken application in a slightly-broken Apache and Tomcat, and get them to ssh in and document the process of fixing it. Even people who aren’t a full bottle on Tomcat will give useful information, because we get an insight into their thought processes. I recommend this to all.
(I note we’ve just done a round of interviews where we get a nice-looking CV and conduct a technical grilling. Hideous waste of time for everyone involved. All CVs should be regarded, on the balance of probabilities, as works of fiction. Do a remote self-paced test like this. You won’t regret it.)