I have been interviews in almost all the top security companies and startup.During my interview process i have faced various questions.Here are some of the interview questions which i faced.i will try to post the answers on the next post, meanwhile you should try to find the answer at your own(or if you already know them then its good for you)
1)What is a Buffer Overflow?
2)How will you overwrite EIP?
3)Suppoes there is a buffer[100],how many bytes of input you will need to overwrite EIP?
4)How many bytes will cause a buffer overflow in the above example?
5)What is a heap overflow?
6)What is the procedure for penetration testing?
7)How will you confirm the services running on a particuler port?
8)What is Sql Injection?explain.
9)What is Cross Site Scripting?
10)What is the difference between XSS and CSRF?
11)Explain ICMP,TCP/IP,UDP Protocol and their working.
12)What is SYN flood attack?What is SYN Cookie?will SYN flood still works with the latest O.S.?
13)How will you determine if a file is packed or not?
14)How will you manually unpack a file?
15)If i give you two dlls of different versions,One has the Vulnerability and another is patched for that vulenerablity then how will you find the vulnerability?
16)Are you familier with function point,if yes then please explain.
17)What is an CSRF attack,how it is different from the XSS(Cross Site Scripting?)
18)Have you hacked any system?(always say NO as many companies has hire-no-hacker policy.)
19)Have you released any worm/trojan/malicious code in the wild?(always say NO as many companies has hire-no-hacker policy.)
20)What is SEH?how will you overwrite an SEH handler?
21)does heap overflows are predictable?
22)how will you bypass the stack protection?
23)how will you analyze/decode a protocol using ethreal?
24)what is IDA and olly,what are there common plugins?
Please feel free to post your interview questions and answers here in comments.
HTH,
SecGeek
first thank you for the site I would like to move into security soon so here are my answers I'd like to know what you think
-codepupil
1)What is a Buffer Overflow? A) a programming error which allows data to be copied paste the limits of the given buffer.
2)How will you overwrite EIP? A) you don't ?? (overflow return )
3)Suppose there is a buffer[100],how many bytes of input you will need to overwrite EIP? A) again you don't overwrite EIP but if the question is how do do control EIP then it depends on the stack layout,calling conventions , and other issues (IE stack canary, randomized address space etc...)
skipping 4 not enough information
5)What is a heap overflow? A) a programming error which allows data to be copied beyond the given chunk of data on the heap.
6)What is the procedure for penetration testing? A) depends. what does the company allow ? are all systems in play? is this a test against the company's security as a whole or against an outsider threats with no physical access?
7)How will you confirm the services running on a particular port? A) connect with the client for that service.. (also could scan the port or just connect with netcat.)
8)What is Sql Injection?explain. A) a programming error caused by not sanitizing input which allows the the input given to be run as a SQL command.
9)What is Cross Site Scripting? A) XSS allows supplied data to be ran as a script on the users workstation.
10)What is the difference between XSS and CSRF? A) CRSF sends commands to a to a third party site on behave of the user by using established state of the user.
skipping 11...
12)What is SYN flood attack?What is SYN Cookie? will SYN flood still works with the latest O.S.? A) syn flood or half open flood send syn packets with out sending a ack to response this would cause the victim's syn queue to fill and may cause a DOS on the victim. syn cookies remove the need for the syn queue by allowing the syn to be ref by sequence number. syn floods do not work against modern OSes.
13)How will you determine if a file is packed or not? A) check the import table, run peid against it.
14)How will you manually unpack a file? depends on the packer. one way could be to run the exe and the attach a debugger break and find oem. or another way could be to single step from the beginning and find the packer loop then set bp at the end then dump.
15)If i give you two dlls of different versions,One has the Vulnerability and another is patched for that vulnerability then how will you find the vulnerability? a) depends on the tools do I have bindiff do I have the patch or just the patched version ?
16)Are you familiar with function point,if yes then please explain. no
it is good but it would have been much better if the answers were in bit detail.
correct agree with you.
-SecGeek
yeah,
some of those were the right answers,but u should explain them in details.like what is a buffer overflow then u should explain with a example.
-SecGeek