Sec - dejanu/linux GitHub Wiki

Interview questions

  1. What is the difference between a session and a session token?

The web app creates a session for each user in order to process the series of request that originate from each unique user.
The session = set of data structures held on the server in order to track the state of the users interaction with the web app
The token = unique string that identifies a session
Session state could be passed in "set-cookie" header in the HTTP response, and the browser will return the same information in the "cookie" header

  1. Identification Authentification Authorization ?

Identification happens before atuhentification, and is the process of having user to indetify themself to the system (e.g username).
Authenticating a user involves establishing that the user is in fact who he claims to be (e.g the verification of the identity be the specification of a password).
Authorization represents what the user can access on the system.

Authentication, authorization, and accounting (AAA, or “triple A”) network security services provide the primary framework to set up access control on a network device. AAA is a way to control who is permitted to access a network (authenticate), what they can do while they are there (authorize), and what actions they perform while accessing the network (accounting).

Common threats:

  1. Viruses,worms and trojans = malicious software and arbitrary code running on user device
  2. Spyware and adware = software installed on a user device that secretly collects information about the user
  3. Zero days or zero hour = an attack that occurs on the first day that a vulnerability becomes known
  4. DoS = attack designed to slow or crash app and processes on a network device
  5. Data interception and theft = capture private information from an organization network
  6. Identity theft = steal login credential of a user in order to access private data

Firewall:

Types network firewall, host-based firewall;
Filtering techniques:

  • Packet filtering (allow access based on IP or MAC address)
  • URL filtering (based on specific URL or keywords)
  • Application filtering (based on specific application types based on port numbers)
  • Stateful packet inspection (SPI incoming packet must be legitimate response to request from internal hosts)

Address Resolution Protocol:

Process used to find a layer2 address (MAC) when a layer3 address (IP) is known == resolve IPv4 addresses to MAC addresses

  • Physical address (the MAC address) – Used for Ethernet NIC to Ethernet NIC communications on the same network.
  • Logical address (the IP address) – Used to send the packet from the original source to the final destination (could be another network).

Ethernet Frame = Destination MAC | Source MAC | Source IP | Destination IP

ARP messages are encapsulated directly within an Ethernet frame,ad includes target IP and MAC addresses.

If Destination IP is on remote network => Destination MAC will be the one of the Default Gateway (router which chooses the best path)

If Destination IP is on the same network => Device will search the arp table for the destination IP address

  1. Search the arp cache arp -a:
    1.1 If Destination MAC is not there => send an ARP request ( Destination MAC (FF-FF broadcast) | Source MAC | Target IP | Target MAC) and the target machine will send and ARP reply as a unicast (Destination MAC|Source MAC| Source IP | Destination IP)

ARP spoofing (poisoning)

Attacker replies to ARP requests , giving his own MAC address, so the victim will have his arp cache with the wrong MAC address . ARP does not provide a method to authenticate ARP replys. A mitigation technique is DYnamica ARP Inspection (DIA).

Directory Traversal (Path Traversal)

Aims to access files outside of the web root folder. owasp

Syntax: Operator_name:keyword e.g:

intitle:index of pdf intext:@yahoo.com filetype:xls filetype: xls inurl: "password.xls" (looking for username and password in ms excel format). This command can change with admin.xls) site:targe_site inurl:.php?id= (sql injection)

By using switches to dig deeper into a Web site: For example, if you want to find a certain word or file on your Web site, simply enter a line like one of the following into Google:

site:www.your_domain.com keyword site:www.your_domain.com filename site:*.example.org ext:php | ext:txt | ext:log | ext:pdf | ext:doc| ext:docx | ext:ppt | ext:pptx | ext:xls | ext:xlsx | ext:csv

Serch for sudbomains and exclude some of the from results (www.nba.com = subdomain.SecondLevelDomain.TopLevelDomain)

site:*.your_domain.org -www

https://www.facebook.com/LifeInTheComputer/posts/373630599496881 http://resources.infosecinstitute.com/google-hacking-for-fun-and-profit-i/#gref https://null-byte.wonderhowto.com/how-to/use-google-hack-googledorks-0163566/