HOME
ABOUT
CONTACT
HOME
ABOUT
CONTACT
Search
Article Categories
#infosec
(1)
What is Information Security?
Attacks
(14)
What is fuzzing?
What are Attack Vectors?
Ransomware
Browser Hijacking Scenario
Brute Force SSH Attack Scenario
Audio
(1)
Audio OSINT Analysis
Audio OSINT
(1)
Audio OSINT Analysis
Authentication
(3)
What is 802.1X?
What is Two-factor Authentication?
What is the three-way handshake?
Best Practices
(11)
Security Consultant Advice
Side effects of automated testing
How to write a disaster recovery plan
What is a disaster recovery plan?
How would you make your Linux server more secure?
Bitcoin
(1)
Is Bitcoin traceable?
Bootkit
(1)
What is a bootkit?
Botnets
(1)
What is a Botnet?
Browsers
(2)
Tools that pair their services with browsers
Tools That Should Be In Your Infosec Toolbox
Cheat Sheets
(7)
SQL Injection Links, Cheat Sheets and Tools
Cheat Sheet for Metasploit
SQL Injection Links and Cheat Sheets
What is Wireshark?
What is tcpdump?
CIA
(1)
What is the CIA Triad?
Command Line
(20)
How exactly does traceroute/tracert work at the protocol level?
NetCat Security by Mati Aharoni
What is ps?
What is dhclient?
What is ifup / ifdown?
Common Vulnerabilities and Exploits
(1)
What are some examples of common security vulnerabilities?
Compliance
(5)
How to test firewalls for PCI-DSS compliance
What is ISO 25000?
What is Sarbanes-Oxley Act (SOX) ?
What is Protected Health Information (PHI)?
What is the HIPAA (Health Insurance Portability and Accountability Act) ?
Cryptography
(9)
What is Salting?
What is Diffie Hellman?
What is a Digital Certificate?
What is PKI?
Using Cryptographic Protocols
Data Link Layer
(2)
What is the OSI Layer for a Switch?
What is the Data Link Layer?
Databases
(1)
What is AJAX?
DDoS
(1)
How to respond to a network distributed denial‐of‐service (DDoS) incident
Definitions
(3)
What is a Threat?
What is a vulnerability ?
What is the difference between a risk, a threat and a vulnerability?
DHCP
(1)
What is DHCP?
DNS
(2)
Why is DNS monitoring important?
How do you change your DNS settings in Linux/Windows?
Encoding
(1)
What is Encoding?
Encryption
(17)
What is IPSec?
How do you provide confidentiality with encryption?
What is Salting?
What is Encryption?
What is Diffie Hellman?
Endpoint Security
(1)
What is Endpoint Security?
Featured
(0)
Firewalls
(4)
How to test firewalls for PCI-DSS compliance
What is a Network-Based Firewall?
What is a host-based firewall?
What is a firewall?
Forensics
(4)
How do you identify abnormal or malicious behavior?
What is Helix3?
What is a Chain of Custody Form?
What is eDiscovery?
Frameworks
(5)
What is the NIST Cybersecurity Framework?
What is the NIST Cyber Security Framework?
What are Some Various Compliance and Regulatory Frameworks?
What is HITRUST?
Tools That Should Be In Your Infosec Toolbox
Governance
(12)
How to test firewalls for PCI-DSS compliance
What is ISO 25000?
What is the NIST Cybersecurity Framework?
What are Some Various Compliance and Regulatory Frameworks?
What are some standards, frameworks and guidelines that auditors use in security audits?
GRC
(1)
How to test firewalls for PCI-DSS compliance
Hacking
(1)
The interviewer leaves you alone in a room with a computer. Your job is to hack their test network. What do you do next?
Hardening
(0)
Hash
(1)
What is a Hash?
Hashing algorithms
(2)
What is SHA, SHA-1, and SHA-2?
What is MD5?
HTTP Methods
(4)
HTTP Request Response Basics
What is the difference between a GET and a POST?
HTTP Headers
What’s the difference between a POST and a GET?
ICMP
(1)
What is ICMP?
Identity theft
(1)
Scenario: In order to activate an email subscription, a magazine asks for month of birth…
IDS
(1)
What are the similarities and differences between an Intrusion Detection System (IDS) and an Intrusion Prevention System (IPS)?
Incident Management and Response
(9)
What is order of volatility?
What is the Cyber Kill Chain® ?
Sample Incident Handling Forms
Incident Response Methodology: The OODA Loop
What skills are needed for Incident Response?
Information Security
(1)
What is Information Security?
InfoSec Interview Topics
(5)
What is Information Security?
What is the difference between DNS and DHCP?
InfoSec Questions Asked on Recent Phone Interview
An example of an organization’s hiring process that I personally experienced
Topics Covered in InfoSec Technical Interviews
Inteliigence
(0)
Intelligence
(3)
How is intelligence gathered?
What is Intelligence (information gathering)?
What is OSINT?
Intrusion Detection
(3)
What are the similarities and differences between an Intrusion Detection System (IDS) and an Intrusion Prevention System (IPS)?
What is an Intrusion Detection System?
What does an intrusion detection system do? How does it do it?
Intrusion Prevention
(1)
What are the similarities and differences between an Intrusion Detection System (IDS) and an Intrusion Prevention System (IPS)?
IP Address Classes
(3)
What is the range for IP Address Class C?
What is the range for IP Address Class B?
What is the range for IP Address Class A?
IP Addresses
(1)
What is the difference between IPV4 and IPV6?
IPS
(2)
What are the similarities and differences between an Intrusion Detection System (IDS) and an Intrusion Prevention System (IPS)?
What is an Intrusion Prevention System (IPS)?
Job descriptions
(1)
My ideal job
Kali
(1)
What is Kali Linux?
Kali Linux
(2)
What is Kali Linux?
The 2016 Concise Top Ten Hacker Tools List
Layer 2
(2)
What is the OSI Layer for a Switch?
What is the Data Link Layer?
Layer 3
(1)
What is the OSI Layer for a Router?
Linux
(12)
Creating an inventory with nmap network scanning
How would you make your Linux server more secure?
What is ps?
What is dhclient?
What is ifup / ifdown?
Log management
(3)
System Logs in Linux
What is Syslog?
What is Log Management?
MAC OS X
(1)
What is Mac OS X?
Machine Learning
(1)
What is Machine Learning?
Malicious files
(1)
Analyzing Malicious Document Files
Malware
(3)
How do you identify abnormal or malicious behavior?
What is Ransomware?
What is the difference between a Virus, a Worm, and a Trojan?
man-in-the-middle
(1)
What is a man-in-the-middle attack?
Metasploit
(3)
Cheat Sheet for Metasploit
Understanding Payloads in Metasploit
Metasploit
Miscellaneous
(1)
What do some obscure Linux commands stand for?
Monitoring
(3)
What is PRTG?
Why is DNS monitoring important?
Tools That Should Be In Your Infosec Toolbox
Nessus
(3)
How to Install and Configure Nessus
A Nessus Example
My NYU Presentation on Nessus
netcat
(2)
Netcat examples
NetCat Security by Mati Aharoni
Network Administration
(1)
Network Administration – 50 Administrator Interview Questions
Network Intrusion
(1)
What is Network Intrusion?
Networks
(16)
What is NAT vs. Bridged vs. Host-Only?
What is a Packet?
What is a Demilitarized Zone (DMZ)?
What is the difference between IPV4 and IPV6?
What is the OSI Layer for a Router?
nikto
(2)
How to use a Proxy with Nikto
How to Find Vulnerabilities for Any Website Using Nikto
NIST
(1)
What is a SCAP security benchmark?
Nmap
(3)
Topology Discovery
Creating an inventory with nmap network scanning
What is Nmap?
Notification Law
(1)
Security Breach Notification Laws
Online training
(1)
Online IT Infosec Training
OSI Layers
(4)
Explain the OSI Model
What is the Data Link Layer?
What is the OSI Layer of Operation for a Bridge?
What is the OSI Layer of Operation for a Hub?
OSI Model
(1)
Explain the OSI Model
OSINT
(5)
What are some questions an OSINT Analyst may be asked about their skills?
How can you perform competitive analysis using SOCMINT?
What is Competitive Analysis?
What is OSINT?
What is Open-source Intelligence?
OSINT Tools
(1)
Audio OSINT Analysis
Packet analyzers
(3)
What’s the difference between wireshark, tshark, dumpcap and tcpdump?
What is Wireshark?
What is tcpdump?
Password Recovery
(1)
What is Cain and Abel?
PCI-DSS
(2)
How to test firewalls for PCI-DSS compliance
What is PCI?
Penetration testing
(3)
Hacker Tools Top Ten – Our recommended pentesting tools for 2017
How Would You Proceed with a Pentest?
What is a penetration test?
Performance and Scenario Based Interview Questions
(30)
Who are the biggest direct competitors to Splunk?
What are the two phases of Web Application Security testing ?
What is Web Application Security Testing?
IPV4 Header
Scenario: An employee’s computer has been sending out spam …
PII
(0)
Ping
(1)
Using tcpdump and wireshark to view network scanning
PKI
(1)
What is a Public Key Infrastructure (PKI)?
Ports
(9)
Common Ports
What is RDP?
What is NTP?
What is HTTP?
What is NetBIOS?
Privacy
(4)
Scenario: In order to activate an email subscription, a magazine asks for month of birth…
What is Sarbanes-Oxley Act (SOX) ?
What is Protected Health Information (PHI)?
What is the HIPAA (Health Insurance Portability and Accountability Act) ?
Protocols
(14)
What is Border Gateway Protocol (BGP)?
What are some common networking protocols?
What is HTTPS?
What is Transmission Control Protocol (TCP)?
Common Ports
Python
(1)
What is Python?
QRadar
(1)
What is QRadar?
Qualys
(1)
What can you tell me about QualysGuard?
Rainbow tables
(1)
What is a Rainbow Table?
Ransomware
(2)
What is Ransomware?
Ransomware Bookmarks
Risks
(1)
What are some commonly identified risks?
Rootkit
(1)
What is a rootkit?
Routers
(1)
What is a Router?
Routing
(2)
What is Border Gateway Protocol (BGP)?
What is an Autonomous System (AS)?
Salary
(1)
How to respond if the employer offers a salary that is below your salary range
Scanners
(2)
What is Nikto2?
What is a vulnerability assessment?
Scans
(3)
What you need to know about performing authenticated network security scans
What is a TCP port scan?
What is a vulnerability scan?
Security Architecture
(1)
Can you give me a few examples of security architecture requirements?
Security Breaches
(0)
SIEM
(3)
What is a SOC?
How to detect and investigate attack methods with AlienVault USM
What is Security Information and Event Management (SIEM)?
SIEMs
(1)
What is QRadar?
Snort
(1)
What is SNORT?
SOC
(2)
What is Triage?
What is a SOC?
Social Engineering Toolkit
(1)
What is the Social-Engineering Toolkit (SET)?
Splunk
(6)
Splunk Education Pages
Who are the biggest direct competitors to Splunk?
What are components of Splunk/Splunk architecture?
Splunk interview questions and answers
Give a brief description of Splunk
SQL Injection
(5)
SQL Injection Links, Cheat Sheets and Tools
SQL Injection Links and Cheat Sheets
Tools used to test for SQL Injection
What is Blind SQL Injection?
SQL Injection
State and Federal Law
(3)
What is Sarbanes-Oxley Act (SOX) ?
What is Protected Health Information (PHI)?
What is the HIPAA (Health Insurance Portability and Accountability Act) ?
Syslog
(3)
What are SYSLOG Severity Levels?
System Logs in Linux
What is Syslog?
TCP
(2)
What is a TCP port scan?
What is a SYN Flood attack?
TCP/IP
(2)
What is TCP/IP (Transmission Control Protocol/Internet Protocol) ?
The TCP/IP Layered Model
tcpdump
(2)
Using tcpdump and wireshark to view network scanning
What is tcpdump?
Threat Intelligence
(3)
What is Intelligence (information gathering)?
What is STIX?
What is threat intelligence?
Threats
(12)
What is Social Media Intelligence (SOCMINT)?
What is an API?
What are the six basic intelligence sources, or collection disciplines?
What is Open-source Intelligence?
Google Group Trickery
Toolbox
(0)
Tools
(8)
Hacker Tools Top Ten – Our recommended pentesting tools for 2017
What is fuzzing?
Open Source Black Box Testing tools
Some ways to use free tools
What is sqlmap?
Top Ten
(2)
Hacker Tools Top Ten – Our recommended pentesting tools for 2017
The 2016 Concise Top Ten Hacker Tools List
Triage
(1)
What is Triage?
Tutorials
(3)
Georgia Weidman’s Advanced Penetration Testing Course
What are some tips for getting started in InfoSec?
NetCat Security by Mati Aharoni
Uncategorized
(2)
What is persistence?
What position are you applying for?
USM
(1)
What is Unified Security Management (USM)?
Virtual Machines
(2)
What is VM detection?
Virtual Machines
Virtualbox
(1)
Virtual Machines
Vulnerability assessment
(2)
What are some web application vulnerability assessment tools and frameworks?
What is a vulnerability assessment?
Vulnerability scanning
(5)
What is fuzzing?
What are some web application vulnerability assessment tools and frameworks?
What is Nikto2?
What can you tell me about QualysGuard?
What is vulnerability scanning, and what service does it provide to an organization? What does a vulnerability scan look for?
Web application firewall
(1)
What is modsecurity?
Web application security
(8)
What is fuzzing?
Side effects of automated testing
What are some web application vulnerability assessment tools and frameworks?
What is Nikto2?
What is OpenVAS?
Web vulnerability assessments
(3)
What are some web application vulnerability assessment tools and frameworks?
How to Install and Configure Nessus
What is OpenVAS?
Windows
(6)
What are Windows logs?
What is ping?
What is netstat?
Windows Command Line – nbtstat
What is ipconfig / ifconfig?
Wireless
(2)
What is a Wireless LAN?
What is airmon-ng?
Wireshark
(2)
What is Wireshark?
Using tcpdump and wireshark to view network scanning
XSS
(1)
Can you give me an example of cross-site scripting?
error:
Content is protected !!