Ethical Hacking Interview Questions
My friend, and primary organizer of the GSO InfoSec meetup is currently trying to break into a Cyber Security career as a penetration tester. I’ve asked him to let me know what kind of questions they ask during interviews. I’ll be posting those here…
Q: How would you use nmap (or an equivalent tool) to scan a class A, class B, and/or class C network?
LinuxHint.com – nmap scan ip ranges
Q: Say you are assessing an AWS environment and notice several unecnrypted EBS volumes. When is it okay, and not okay, for these volumes to be unencrypted?
Q: A client has not permitted the use of any tools to be used against their network. They are only allowing you to use standard Windows signed executables and PowerShell. What can you access against the environment?
Varconis.com – PowerShell for Pen Testers
Packet Sniffing with PowerShell
Senior Consultant Expectations
Becoming a senior consultant means having years of experience and advanced, deep knowledge in the below.
Programming Languages
- Perl
- Python
- Ruby
- bash
- C/C++
Penetration Testing Suites
- Nessus
- Metasploit
- Burp Suite Pro
- Cobalt Strike
- Empire
Best Practicies and Methodologies
- OWASP
- Cyber Kill Chain
- MITRE ATT&CK Framework
Expert Knowledge
- Networking
- Software
- Web Development
- Server Configuration
- Windows / Linux / MacOS / Mobile
Certifications
- OSCP
- GPEN
- OSCE
- GCIH
- GXPN