Practical Skills for Technical Interviews

If your job interview requires a practical component then you need to prepare in certain areas. Obviously due to time constraints it is not possible for a candidate to cover everything in his preparation and future employers doesn’t expect that as well. However candidates need to demonstrate that they know how to perform basic penetration testing activities up to level and are confident.

Employers usually they are looking for candidates that they know already how to perform the basics as it will take less working time to train them and they can be billable faster.

The following skills are required for almost any technical interview:

Infrastructure

  • Scan a Subnet Network to Identify Hosts
  • Nmap – TCP/UDP scan and Service and Version Detection
  • Metasploit – Search and Configure Modules
  • Meterpreter – Dump hashes and Privilege Escalation
  • Unix – NFS Export, Connect to a Share Folder, Telnet Authentication Bypass
  • Windows – Netapi vulnerability
  • Database – xp_cmdshell

Web Application

  • Authentication Bypass
  • Modify Cookie Values
  • Reflected and Stored Cross Site Scripting
  • SQL Injection
  • Command Execution
  • File Inclusion (RFI and LFI)

 

Top 10 Interview Questions for Junior Pentesting Roles

There are interview questions that will possibly come up more often than others. The majority of the companies will look for candidates that they can demonstrate knowledge regarding networking concepts, some common web application vulnerabilities, they know how to perform basic tasks. are familiar with console commands and they have the passion to learn.

The following questions have been identified as the most common for junior penetration testing roles, so candidates who are able to answer them correctly they have more chances of being successful.

  1. What are the differences between TCP and UDP?
  2. Describe the 3-way handshake?
  3. Describe the layers of OSI model and knowledge some of the protocols for each layer?
  4. What are the differences between a hub a switch and a router?
  5. What is a port?
  6. What is SSL?
  7. What are the differences between symmetric and asymmetric encryption?
  8. What is SQL injection?
  9. What is Cross-Site Scripting?
  10. How you could perform a TCP scan with Nmap?