Precontext: This is the part 4 of the series of cyber security interview questions. If you haven’t read the first part go here –
- Define Exfiltration? Do you know DNS Exfiltration?
Exfiltration: Unauthorised transfer of data from computer systems.
DNS data exfiltration is a way to exchange data between two computers without any direct connection. The data is exchanged via DNS protocol on intermediate DNS servers. The client makes a DNS resolution request to an external DNS server address. Instead of responding with an A record in response, the attacker’s name server will respond back with a CNAME, MX or TXT record, which allows a large amount of data to be sent between attacker and victim.
2. Explain SSL
SSL stands for Secure Sockets Layer. It is used for creating encrypted connections between a web server and a web browser. It is generally used to protect the information in online transactions and digital payments to maintain data privacy by securely encrypting the connection between both the parties.
3.Explain a buffer overflow attack
Buffer overflow attack is an attack that takes advantage of a process that attempts to write more data to a fixed-length memory block due to which in the binary there occurs a denial of service (DOS) hence leading to the application crash.
4.Name some tools used for packet sniffing? What is diff between Burp suite & Wireshark?
Here are some of the following are some tools used for packet sniffing.
Wireshark vs Burp suite :
Burp suite acts a proxy tool and captures only HTTP/HTTP’s Traffic
Wireshark Captures all the traffic from the system including — Telnet, Pop3,SMTP, FTP etc
5. Explain ARP Poisoning
ARP (Address Resolution Protocol) Poisoning is a type of attack which is used to convert IP address to physical addresses on a network device. The host sends an ARP broadcast on the network, and the recipient computer responds back with its physical address.
ARP poisoning is sending fake addresses to the switch so that it can associate the fake addresses with the IP address of a genuine computer on a network and hijack the traffic of the victim.
6. List out various methods of session hijacking, Diff between Session Hijacking and Session Fixation?
Session Hijacking attacks revolves around when any attacker is able to steal or the session of the user and get access to his/her account.
Various methods of session hijacking are:
Using packet Sniffers
Cross-Site Scripting (XSS Attack)
Session Hijacking vs Fixation :
In session fixation the attack starts before the user is logged in. The attacker sends the user a predefined session id/token and the victims uses the same session id/token to start his session by verifying username and password.
In Session Hijacking, the attack starts after the victim has logged in and attacker is able to steal the established session using various attacks like XSS for eg.
7.Explain WAF, List out any WAF’s you have heard about?
WAF stands for Web Application Firewall. WAF is used to protect the application by filtering and monitoring incoming and outgoing traffic between web application and the internet.
There are different WAF providers eg — cloudfront, sucuri, OWASP modsecurity etc..
8.Explain TCP Three-way handshake.
It is a process which is used to make a connection between a client and server. This method requires the client and server to negotiate synchronization and acknowledgment packets before starting communication.
Generally after the 3 way handshake is complete than only the connection established.
9. What is your favorite programming language?
You can say about the language you generally code in like Python,Go, Java etc.
If you have not yet picked up a language, I would suggest to pick one and start learning basics about it.
10. What is difference between IDS and IPS? Name any tool you have worked with?
IDS : Intrusion Detection System is a system which is installed on computer systems which is mainly used to detect and log attacks and alert the sysadmin about it.
IPS : Intrusion Prevention System is a system which not only detects and logs but also takes action on the intrusion based on predefined rules. Actions could be to block the ip address, drop packets etc.
I have worked with Snort, which is both combined known as IDPS which is open source tool and comes with easy to write ruleset tool.
Note: This is the fifth part of the article and there will be more upcoming parts with more questions.
🧑🏻🏫 💥Stay Tuned and follow us for more:💥🧑🏻🏫
🧑🏻💻 Cyber Security School : https://learn.hacktify.in
🔗 Udemy: https://www.udemy.com/user/rohit-gautam-38/
🧑🏻🏫 Join our Live Trainings: https://hacktify.in/#live_training-slider
📌 Youtube: https://www.youtube.com/channel/UCS82DNnKOhXHcGKxGzQvNSQ
💬 Linkedin: https://www.linkedin.com/company/hacktifycs