If your job interview requires a practical component then you need to prepare in certain areas. Obviously due to time constraints it is not possible for a candidate to cover everything in his preparation and future employers doesn’t expect that as well. However candidates need to demonstrate that they know how to perform basic penetration testing activities up to level and are confident.
Employers usually they are looking for candidates that they know already how to perform the basics as it will take less working time to train them and they can be billable faster.
The following skills are required for almost any technical interview:
- Scan a Subnet Network to Identify Hosts
- Nmap – TCP/UDP scan and Service and Version Detection
- Metasploit – Search and Configure Modules
- Meterpreter – Dump hashes and Privilege Escalation
- Unix – NFS Export, Connect to a Share Folder, Telnet Authentication Bypass
- Windows – Netapi vulnerability
- Database – xp_cmdshell
- Authentication Bypass
- Modify Cookie Values
- Reflected and Stored Cross Site Scripting
- SQL Injection
- Command Execution
- File Inclusion (RFI and LFI)