Thursday, May 19, 2011

Questions that are in a job interview

Questions You Should Be Prepared to Ask and Answer in an Interview 
Listed below are examples of questions that are frequently asked throughout the interviewing process. Before you arrive to an interview be sure to prepare brief answers to all of the following.

Prepare Your Answers to These Questions:
  • Tell me about yourself.
  • Why do you want to leave your current company?
  • What are your long-term and short-term career goals?
  • What do you look for in a job?
  • What do you know about the company?
  • Why should we hire you?
  • What is your biggest strength?
  • What is your biggest weakness?
  • How would your last boss and colleagues describe you?
  • What has been your most important accomplishment?
  • What is the hardest thing you've ever done?
  • If they should ask, be prepared to name a salary range.
Questions to Ask:
While you should always customize questions for a particular company or job, here are a few suggested questions for you to ask your interviewer
  • How long have you been in your position?
  • What do you like best about your position?
  • What are you expectations for this position?
  • Do you have any concerns about my job qualifications? (This gives you the opportunity to overcome those concerns with reasons why you are qualified).

Wednesday, May 11, 2011

Skill set for Penetration Tester

First, learn how to network your Windows machines to each other. Create some shares, store data there, move data from one to the other. Then move on to networking your Linux stuff with your Windows stuff. After you’ve got this all working, start reading up on how and why it works. After you’ve got some good theoretical knowledge on how it works, download wireshark, and tcpdump, for both Windows and Linux. Start studying the traffic between all the machines. First, study traffic of you transferring files and other activities. Then study the traffic that is generated even when the machines are not actually transferring data.
Once you’ve done all the above things, and understand most of what you’ve done, you should be feeling comfortable with networking in general/basics and have a working knowledge of the operating systems from at the very least a power user/desktop admin standpoint.
After this you’re ready to start delving into security a little bit. Start with Linux. Start learning how to use things like Nmap and other scanners. For example, if you set up a web server, scan it and prove it’s a web server. From Linux type the command man nmap. Read the ENTIRE man page. After reading, make yourself some notes of the things that really interest you. Now run nmap using EVERY option listed in the man page. Study it’s output, revisit man again to remind yourself of what a particular scan type is doing and what certain options are.
Next, start reading about vulnerabilities. Some of it won’t make sense yet, but that’s OK. After spending no less than 20 hours total reading about vulnerabilities (doesn’t matter how you stretch the 20 hours out), go back to Backtrack and learn how to exploit one of your unpatched Windows machines. Get a shell. Pat yourself on the back. Then ask yourself, “Now that I have a shell, what can I do with it?” Stop where you are and spend about 20 more hours learning how to do everything you’ve learned about Windows from the command line. Once you’ve done that, come back and exploit that target again. You should now be able to do some pretty decent stuff with that shell you’ve gained.
Your next move is find a rootkit and a trojan. Just one of each that you can spend some time mastering. Once you know how to use them, start planting them (via your exploited command shell only) on the compromised targets you’re practicing with.
At this point start playing with Perl, Python and Bash scripting to try and automate all the great stuff you’ve learned how to do via command line. This part will be painful at first, but it’ll get easier…trust me.
Start researching anti-virus/ids/firewall evasion techniques.
Apply everything else you’ve learned with these evasion techniques. Don’t worry about paying too much attention to “thinking like a hacker” because as you progress with the things I’m outlining, that will come naturally. You’ll find that part of thinking like a hacker is being able to think like the victim who’s system you just compromised (which means you’ll know their every move before they make it).
Then move to learning how to cover your tracks, getting rid of logs, skewing time stamps, modifying logs, etc. Then learn how to do it elegantly and non-destructively.
Eventually move to more advanced things like >learning some coding>discovering your own vulnerabilites>writing your own exploits.
Now let me say this. You can devote the next couple of years of a lot of your free time doing these things and you can pretty much Google “how to ‘whatever-i-said-learn-above’” and find it all.


We can teach most of it all to you. Here’s a class path recommendation.
1. A+ Class
2. Network+ class
3. Security+
4. Linux+
5. MCITP track for Server Admin
8. Ethical Hacking
9. Advanced Ethical Hacking
10. Computer Forensics (you need to know what they’ll look for and how they are going to look for it to truly understand covering your tracks)